From 7793611ee71b576dd9c66dee327349fa64e38740 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Mon, 19 Feb 2018 18:17:21 +0100 Subject: New upstream version 5.6.2 --- Android.common.mk | 2 +- NEWS | 61 +- README | 22 +- conf/Makefile.am | 1 + conf/Makefile.in | 1 + conf/options/charon.conf | 6 +- conf/options/charon.opt | 2 +- conf/plugins/ha.opt | 7 + conf/plugins/imc-os.opt | 4 + conf/plugins/kernel-netlink.conf | 3 + conf/plugins/kernel-netlink.opt | 9 +- conf/plugins/save-keys.conf | 16 + conf/plugins/save-keys.opt | 16 + conf/strongswan.conf.5.main | 47 +- configure | 180 +- configure.ac | 12 +- man/ipsec.conf.5.in | 5 +- src/Makefile.am | 4 + src/Makefile.in | 7 +- src/charon-cmd/cmd/cmd_options.h | 2 +- src/charon-nm/nm/nm_backend.c | 2 +- src/charon-nm/nm/nm_service.c | 124 +- src/charon-nm/nm/nm_service.h | 6 +- src/charon-tkm/src/ees/esa_event_service.adb | 7 +- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +- src/charon-tkm/src/tkm/tkm_keymat.c | 2 +- src/charon-tkm/src/tkm/tkm_listener.c | 2 +- src/charon-tkm/src/tkm/tkm_nonceg.c | 2 +- src/charon-tkm/tests/keymat_tests.c | 2 +- src/conftest/hooks/custom_proposal.c | 2 +- src/dumm/guest.h | 2 +- src/ipsec/_ipsec.8 | 2 +- src/libcharon/Android.mk | 1 - src/libcharon/Makefile.am | 8 +- src/libcharon/Makefile.in | 388 +-- src/libcharon/config/child_cfg.c | 8 +- src/libcharon/config/child_cfg.h | 2 +- src/libcharon/config/ike_cfg.h | 4 +- src/libcharon/config/peer_cfg.h | 2 +- src/libcharon/config/proposal.c | 1103 -------- src/libcharon/config/proposal.h | 237 -- src/libcharon/daemon.c | 6 - src/libcharon/encoding/generator.h | 4 +- src/libcharon/encoding/message.c | 4 + .../encoding/payloads/proposal_substructure.h | 2 +- .../encoding/payloads/transform_substructure.h | 2 +- src/libcharon/kernel/kernel_interface.c | 2 +- src/libcharon/plugins/certexpire/certexpire_cron.h | 2 +- .../plugins/eap_radius/eap_radius_provider.c | 2 +- .../plugins/eap_radius/eap_radius_xauth.c | 2 +- src/libcharon/plugins/ha/ha_ike.c | 2 +- src/libcharon/plugins/ha/ha_socket.c | 27 +- .../plugins/kernel_netlink/kernel_netlink_net.c | 75 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 12 +- .../plugins/kernel_wfp/kernel_wfp_ipsec.c | 2 +- src/libcharon/plugins/lookip/lookip_plugin.c | 2 +- src/libcharon/plugins/osx_attr/osx_attr_handler.c | 2 +- src/libcharon/plugins/save_keys/Makefile.am | 18 + src/libcharon/plugins/save_keys/Makefile.in | 803 ++++++ .../plugins/save_keys/save_keys_listener.c | 435 ++++ .../plugins/save_keys/save_keys_listener.h | 57 + src/libcharon/plugins/save_keys/save_keys_plugin.c | 107 + src/libcharon/plugins/save_keys/save_keys_plugin.h | 50 + src/libcharon/plugins/stroke/stroke_config.c | 2 +- src/libcharon/plugins/stroke/stroke_cred.c | 18 +- src/libcharon/plugins/stroke/stroke_list.c | 2 +- src/libcharon/plugins/uci/uci_parser.c | 2 +- src/libcharon/plugins/vici/README.md | 8 +- src/libcharon/plugins/vici/libvici.h | 2 +- src/libcharon/plugins/vici/ruby/Makefile.in | 2 +- src/libcharon/plugins/vici/vici_cred.c | 2 +- src/libcharon/plugins/vici/vici_query.c | 19 +- .../processing/jobs/delete_child_sa_job.h | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.h | 3 +- src/libcharon/processing/jobs/update_sa_job.h | 2 +- src/libcharon/sa/child_sa.c | 241 +- src/libcharon/sa/child_sa.h | 6 +- src/libcharon/sa/eap/eap_manager.h | 2 +- src/libcharon/sa/eap/eap_method.h | 2 +- src/libcharon/sa/ike_sa.c | 30 +- src/libcharon/sa/ike_sa.h | 18 +- src/libcharon/sa/ikev1/phase1.c | 44 +- src/libcharon/sa/ikev1/tasks/mode_config.c | 2 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 2 +- src/libcharon/sa/ikev2/task_manager_v2.c | 102 +- src/libcharon/sa/ikev2/tasks/child_create.c | 35 +- src/libcharon/sa/ikev2/tasks/child_create.h | 12 +- src/libcharon/sa/ikev2/tasks/child_rekey.c | 12 +- src/libcharon/sa/ikev2/tasks/ike_init.c | 71 +- src/libcharon/sa/ikev2/tasks/ike_mobike.c | 71 +- src/libcharon/sa/keymat.h | 2 +- src/libcharon/sa/task_manager.h | 2 +- src/libcharon/sa/xauth/xauth_manager.h | 2 +- src/libcharon/sa/xauth/xauth_method.h | 2 +- src/libcharon/tests/Makefile.am | 1 - src/libcharon/tests/Makefile.in | 19 - src/libcharon/tests/libcharon_tests.h | 1 - src/libcharon/tests/suites/test_child_rekey.c | 55 + src/libcharon/tests/suites/test_ike_rekey.c | 6 + src/libcharon/tests/suites/test_proposal.c | 171 -- src/libimcv/plugins/imc_os/imc_os.c | 31 +- .../strongswan.org__strongSwan-5-6-1.swidtag | 11 - .../strongswan.org__strongSwan-5-6-2.swidtag | 11 + .../strongswan.org__strongSwan-5-6-1.swidtag | 11 - .../strongswan.org__strongSwan-5-6-2.swidtag | 11 + src/libimcv/pts/pts_database.h | 2 +- src/libimcv/pts/pts_pcr.h | 2 +- src/libpttls/pt_tls.h | 2 +- src/libpttls/pt_tls_server.c | 2 +- src/libradius/radius_client.h | 2 +- src/libradius/radius_message.h | 2 +- src/libradius/radius_socket.c | 9 +- src/libsimaka/simaka_manager.h | 2 +- src/libsimaka/simaka_message.c | 2 +- src/libstrongswan/Android.mk | 2 +- src/libstrongswan/Makefile.am | 4 +- src/libstrongswan/Makefile.in | 13 +- src/libstrongswan/asn1/oid.c | 415 +-- src/libstrongswan/asn1/oid.h | 208 +- src/libstrongswan/asn1/oid.txt | 1 + src/libstrongswan/collections/linked_list.h | 2 +- src/libstrongswan/credentials/auth_cfg.c | 10 +- src/libstrongswan/credentials/cred_encoding.c | 2 +- .../credentials/keys/signature_params.c | 6 +- src/libstrongswan/credentials/sets/cert_cache.c | 2 +- src/libstrongswan/crypto/proposal/proposal.c | 1134 +++++++++ src/libstrongswan/crypto/proposal/proposal.h | 246 ++ .../crypto/proposal/proposal_keywords.h | 2 +- src/libstrongswan/eap/eap.c | 2 + src/libstrongswan/ipsec/ipsec_types.c | 7 +- src/libstrongswan/library.c | 3 + src/libstrongswan/plugins/blowfish/bf_enc.c | 4 +- src/libstrongswan/plugins/blowfish/bf_locl.h | 4 +- src/libstrongswan/plugins/blowfish/bf_pi.h | 4 +- src/libstrongswan/plugins/blowfish/bf_skey.c | 4 +- src/libstrongswan/plugins/blowfish/blowfish.h | 4 +- .../plugins/blowfish/blowfish_crypter.c | 4 +- src/libstrongswan/plugins/des/des_crypter.c | 6 +- .../plugins/gmp/gmp_rsa_private_key.c | 9 +- src/libstrongswan/plugins/newhope/newhope_ke.c | 2 +- src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c | 2 +- src/libstrongswan/plugins/plugin_loader.h | 2 +- .../plugins/revocation/revocation_validator.c | 5 +- src/libstrongswan/processing/scheduler.h | 6 +- src/libstrongswan/tests/Makefile.am | 1 + src/libstrongswan/tests/Makefile.in | 19 + src/libstrongswan/tests/suites/test_proposal.c | 220 ++ src/libstrongswan/tests/suites/test_utils.c | 19 +- src/libstrongswan/tests/tests.h | 1 + src/libstrongswan/threading/semaphore.h | 2 +- src/libstrongswan/utils/chunk.c | 4 +- src/libtls/tls_alert.c | 2 +- src/libtls/tls_crypto.c | 2 +- .../plugins/tnccs_11/messages/imc_imv_msg.h | 2 +- src/libtpmtss/Makefile.am | 2 - src/libtpmtss/plugins/tpm/Makefile.am | 1 + src/libtpmtss/plugins/tpm/Makefile.in | 6 +- src/libtpmtss/plugins/tpm/tpm_cert.c | 97 + src/libtpmtss/plugins/tpm/tpm_cert.h | 38 + src/libtpmtss/plugins/tpm/tpm_plugin.c | 11 +- src/libtpmtss/tpm_tss.h | 12 + src/libtpmtss/tpm_tss_trousers.c | 8 + src/libtpmtss/tpm_tss_tss2.c | 209 +- src/pki/commands/print.c | 21 +- src/pki/man/pki---print.1.in | 8 +- src/pt-tls-client/pt-tls-client.1.in | 9 +- src/pt-tls-client/pt-tls-client.c | 30 +- src/swanctl/commands/list_conns.c | 50 +- src/swanctl/commands/load_authorities.c | 16 +- src/swanctl/commands/load_creds.c | 12 +- src/swanctl/commands/load_pools.c | 14 +- src/swanctl/swanctl.conf.5.main | 5 +- src/swanctl/swanctl.opt | 5 +- src/tpm_extendpcr/Makefile.am | 14 + src/tpm_extendpcr/Makefile.in | 769 ++++++ src/tpm_extendpcr/tpm_extendpcr.c | 317 +++ testing/config/kernel/config-4.13 | 11 +- testing/config/kernel/config-4.14 | 2640 +++++++++++++++++++ testing/config/kernel/config-4.15 | 2685 ++++++++++++++++++++ testing/do-tests | 4 +- .../apache2/conf-enabled/testresults-as-text.conf | 5 +- .../etc/apache2/conf.d/testresults-as-text | 5 +- .../hosts/winnetou/etc/openssl/duck/openssl.cnf | 2 +- .../hosts/winnetou/etc/openssl/ecdsa/openssl.cnf | 2 +- .../hosts/winnetou/etc/openssl/monster/openssl.cnf | 2 +- testing/hosts/winnetou/etc/openssl/openssl.cnf | 2 +- .../winnetou/etc/openssl/research/openssl.cnf | 2 +- .../hosts/winnetou/etc/openssl/rfc3779/openssl.cnf | 2 +- .../hosts/winnetou/etc/openssl/sales/openssl.cnf | 2 +- testing/scripts/function.sh | 2 +- testing/scripts/recipes/005_anet.mk | 2 +- testing/scripts/recipes/006_tkm-rpc.mk | 2 +- testing/scripts/recipes/010_tkm.mk | 2 +- testing/scripts/recipes/013_strongswan.mk | 4 +- testing/scripts/recipes/patches/freeradius-tnc-fhh | 2 +- testing/testing.conf | 8 +- .../ikev2/mobike-virtual-ip-nat/description.txt | 9 + .../tests/ikev2/mobike-virtual-ip-nat/evaltest.dat | 31 + .../hosts/alice/etc/ipsec.conf | 19 + .../hosts/alice/etc/iptables.rules | 42 + .../hosts/alice/etc/strongswan.conf | 12 + .../mobike-virtual-ip-nat/hosts/sun/etc/ipsec.conf | 20 + .../hosts/sun/etc/iptables.rules | 32 + .../hosts/sun/etc/strongswan.conf | 11 + .../tests/ikev2/mobike-virtual-ip-nat/posttest.dat | 6 + .../tests/ikev2/mobike-virtual-ip-nat/pretest.dat | 10 + .../tests/ikev2/mobike-virtual-ip-nat/test.conf | 21 + .../ikev2/rw-eap-md5-class-radius/description.txt | 2 +- .../ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat | 4 +- .../ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat | 2 +- .../tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat | 8 +- .../tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat | 8 +- testing/tests/libipsec/host2host-cert/evaltest.dat | 4 +- testing/tests/libipsec/net2net-3des/evaltest.dat | 2 +- testing/tests/libipsec/net2net-cert/evaltest.dat | 2 +- .../tests/route-based/net2net-gre/description.txt | 12 + testing/tests/route-based/net2net-gre/evaltest.dat | 5 + .../net2net-gre/hosts/moon/etc/strongswan.conf | 13 + .../hosts/moon/etc/swanctl/swanctl.conf | 29 + .../net2net-gre/hosts/sun/etc/strongswan.conf | 13 + .../net2net-gre/hosts/sun/etc/swanctl/swanctl.conf | 29 + testing/tests/route-based/net2net-gre/posttest.dat | 7 + testing/tests/route-based/net2net-gre/pretest.dat | 17 + testing/tests/route-based/net2net-gre/test.conf | 25 + .../tests/route-based/net2net-vti/description.txt | 12 + testing/tests/route-based/net2net-vti/evaltest.dat | 5 + .../net2net-vti/hosts/moon/etc/strongswan.conf | 13 + .../hosts/moon/etc/swanctl/swanctl.conf | 29 + .../net2net-vti/hosts/sun/etc/strongswan.conf | 13 + .../net2net-vti/hosts/sun/etc/swanctl/swanctl.conf | 29 + testing/tests/route-based/net2net-vti/posttest.dat | 7 + testing/tests/route-based/net2net-vti/pretest.dat | 19 + testing/tests/route-based/net2net-vti/test.conf | 25 + .../rw-shared-vti-ip6-in-ip4/description.txt | 11 + .../rw-shared-vti-ip6-in-ip4/evaltest.dat | 10 + .../hosts/carol/etc/ip6tables.rules | 20 + .../hosts/carol/etc/strongswan.conf | 9 + .../hosts/carol/etc/swanctl/swanctl.conf | 28 + .../hosts/dave/etc/ip6tables.rules | 20 + .../hosts/dave/etc/strongswan.conf | 9 + .../hosts/dave/etc/swanctl/swanctl.conf | 28 + .../hosts/moon/etc/ip6tables.rules | 20 + .../hosts/moon/etc/strongswan.conf | 13 + .../hosts/moon/etc/swanctl/swanctl.conf | 33 + .../rw-shared-vti-ip6-in-ip4/posttest.dat | 13 + .../rw-shared-vti-ip6-in-ip4/pretest.dat | 21 + .../route-based/rw-shared-vti-ip6-in-ip4/test.conf | 29 + .../route-based/rw-shared-vti/description.txt | 12 + .../tests/route-based/rw-shared-vti/evaltest.dat | 10 + .../rw-shared-vti/hosts/carol/etc/strongswan.conf | 9 + .../hosts/carol/etc/swanctl/swanctl.conf | 28 + .../rw-shared-vti/hosts/dave/etc/strongswan.conf | 9 + .../hosts/dave/etc/swanctl/swanctl.conf | 28 + .../rw-shared-vti/hosts/moon/etc/strongswan.conf | 13 + .../hosts/moon/etc/swanctl/swanctl.conf | 33 + .../tests/route-based/rw-shared-vti/posttest.dat | 9 + .../tests/route-based/rw-shared-vti/pretest.dat | 17 + testing/tests/route-based/rw-shared-vti/test.conf | 25 + testing/tests/sql/ip-pool-db-restart/evaltest.dat | 2 +- testing/tests/sql/ip-pool-db/evaltest.dat | 2 +- .../sql/ip-split-pools-db-restart/evaltest.dat | 2 +- testing/tests/sql/multi-level-ca/evaltest.dat | 2 +- .../tests/sql/shunt-policies-nat-rw/evaltest.dat | 3 +- testing/tests/swanctl/config-payload/evaltest.dat | 4 +- testing/tests/swanctl/dhcp-dynamic/evaltest.dat | 4 +- testing/tests/swanctl/ip-pool-db/evaltest.dat | 4 +- testing/tests/swanctl/ip-pool/evaltest.dat | 4 +- testing/tests/swanctl/rw-psk-fqdn/evaltest.dat | 4 +- testing/tests/swanctl/rw-psk-ikev1/evaltest.dat | 4 +- testing/tests/swanctl/rw-psk-ipv4/evaltest.dat | 4 +- 270 files changed, 12653 insertions(+), 2825 deletions(-) create mode 100644 conf/plugins/save-keys.conf create mode 100644 conf/plugins/save-keys.opt delete mode 100644 src/libcharon/config/proposal.c delete mode 100644 src/libcharon/config/proposal.h create mode 100644 src/libcharon/plugins/save_keys/Makefile.am create mode 100644 src/libcharon/plugins/save_keys/Makefile.in create mode 100644 src/libcharon/plugins/save_keys/save_keys_listener.c create mode 100644 src/libcharon/plugins/save_keys/save_keys_listener.h create mode 100644 src/libcharon/plugins/save_keys/save_keys_plugin.c create mode 100644 src/libcharon/plugins/save_keys/save_keys_plugin.h delete mode 100644 src/libcharon/tests/suites/test_proposal.c delete mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag delete mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag create mode 100644 src/libstrongswan/crypto/proposal/proposal.c create mode 100644 src/libstrongswan/crypto/proposal/proposal.h create mode 100644 src/libstrongswan/tests/suites/test_proposal.c create mode 100644 src/libtpmtss/plugins/tpm/tpm_cert.c create mode 100644 src/libtpmtss/plugins/tpm/tpm_cert.h create mode 100644 src/tpm_extendpcr/Makefile.am create mode 100644 src/tpm_extendpcr/Makefile.in create mode 100644 src/tpm_extendpcr/tpm_extendpcr.c create mode 100644 testing/config/kernel/config-4.14 create mode 100644 testing/config/kernel/config-4.15 create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/description.txt create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/evaltest.dat create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/iptables.rules create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/iptables.rules create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/posttest.dat create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/pretest.dat create mode 100644 testing/tests/ikev2/mobike-virtual-ip-nat/test.conf create mode 100644 testing/tests/route-based/net2net-gre/description.txt create mode 100644 testing/tests/route-based/net2net-gre/evaltest.dat create mode 100644 testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/route-based/net2net-gre/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf create mode 100755 testing/tests/route-based/net2net-gre/hosts/sun/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/net2net-gre/posttest.dat create mode 100644 testing/tests/route-based/net2net-gre/pretest.dat create mode 100644 testing/tests/route-based/net2net-gre/test.conf create mode 100644 testing/tests/route-based/net2net-vti/description.txt create mode 100644 testing/tests/route-based/net2net-vti/evaltest.dat create mode 100644 testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/route-based/net2net-vti/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf create mode 100755 testing/tests/route-based/net2net-vti/hosts/sun/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/net2net-vti/posttest.dat create mode 100644 testing/tests/route-based/net2net-vti/pretest.dat create mode 100644 testing/tests/route-based/net2net-vti/test.conf create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/description.txt create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/evaltest.dat create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/ip6tables.rules create mode 100755 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/ip6tables.rules create mode 100755 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/ip6tables.rules create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/posttest.dat create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/pretest.dat create mode 100644 testing/tests/route-based/rw-shared-vti-ip6-in-ip4/test.conf create mode 100644 testing/tests/route-based/rw-shared-vti/description.txt create mode 100644 testing/tests/route-based/rw-shared-vti/evaltest.dat create mode 100755 testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti/hosts/carol/etc/swanctl/swanctl.conf create mode 100755 testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/route-based/rw-shared-vti/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/route-based/rw-shared-vti/posttest.dat create mode 100644 testing/tests/route-based/rw-shared-vti/pretest.dat create mode 100644 testing/tests/route-based/rw-shared-vti/test.conf diff --git a/Android.common.mk b/Android.common.mk index 19d654e0c..1d3068c14 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.6.1" +strongswan_VERSION := "5.6.2" diff --git a/NEWS b/NEWS index fe0d6f9c2..6a0ae7c4a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,54 @@ +strongswan-5.6.2 +---------------- + +- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that + was caused by insufficient input validation. One of the configurable + parameters in algorithm identifier structures for RSASSA-PSS signatures is the + mask generation function (MGF). Only MGF1 is currently specified for this + purpose. However, this in turn takes itself a parameter that specifies the + underlying hash function. strongSwan's parser did not correctly handle the + case of this parameter being absent, causing an undefined data read. + This vulnerability has been registered as CVE-2018-6459. + +- The previously negotiated DH group is reused when rekeying an SA, instead of + using the first group in the configured proposals, which avoids an additional + exchange if the peer selected a different group via INVALID_KE_PAYLOAD when + the SA was created initially. + The selected DH group is also moved to the front of all sent proposals that + contain it and all proposals that don't are moved to the back in order to + convey the preference for this group to the peer. + +- Handling of MOBIKE task queuing has been improved. In particular, the response + to an address update is not ignored anymore if only an address list update or + DPD is queued. + +- The fallback drop policies installed to avoid traffic leaks when replacing + addresses in installed policies are now replaced by temporary drop policies, + which also prevent acquires because we currently delete and reinstall IPsec + SAs to update their addresses. + +- Access X.509 certificates held in non-volatile storage of a TPM 2.0 + referenced via the NV index. + +- Adding the --keyid parameter to pki --print allows to print private keys + or certificates stored in a smartcard or a TPM 2.0. + +- Fixed proposal selection if a peer incorrectly sends DH groups in the ESP + proposals during IKE_AUTH and also if a DH group is configured in the local + ESP proposal and charon.prefer_configured_proposals is disabled. + +- MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility + issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g. + AES-XCBC-PRF-128). + +- The tpm_extendpcr command line tool extends a digest into a TPM PCR. + +- Ported the NetworkManager backend from the deprecated libnm-glib to libnm. + +- The save-keys debugging/development plugin saves IKE and/or ESP keys to files + compatible with Wireshark. + + strongswan-5.6.1 ---------------- @@ -1370,7 +1421,7 @@ strongswan-4.4.1 - The openssl plugin now supports X.509 certificate and CRL functions. - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled - by default. Plase update manual load directives in strongswan.conf. + by default. Please update manual load directives in strongswan.conf. - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock plugin, disabled by default. Enable it and update manual load directives @@ -1832,7 +1883,7 @@ strongswan-4.2.8 - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges, handle events if kernel detects NAT mapping changes in UDP-encapsulated - ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as + ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as long as possible and other fixes. - Fixed a bug in addr_in_subnet() which caused insertion of wrong source @@ -2111,7 +2162,7 @@ strongswan-4.1.7 - In NAT traversal situations and multiple queued Quick Modes, those pending connections inserted by auto=start after the - port floating from 500 to 4500 were erronously deleted. + port floating from 500 to 4500 were erroneously deleted. - Added a "forceencaps" connection parameter to enforce UDP encapsulation to surmount restrictive firewalls. NAT detection payloads are faked to @@ -2705,7 +2756,7 @@ strongswan-2.6.0 strongswan-2.5.7 ---------------- -- CA certicates are now automatically loaded from a smartcard +- CA certificates are now automatically loaded from a smartcard or USB crypto token and appear in the ipsec auto --listcacerts listing. @@ -2818,7 +2869,7 @@ strongswan-2.5.1 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute installed either by setting auto=route in ipsec.conf or by a connection put into hold, generates an XFRM_AQUIRE event - for each packet that wants to use the not-yet exisiting + for each packet that wants to use the not-yet existing tunnel. Up to now each XFRM_AQUIRE event led to an entry in the Quick Mode queue, causing multiple IPsec SA to be established in rapid succession. Starting with strongswan-2.5.1 diff --git a/README b/README index 979b0eb12..f26e59780 100644 --- a/README +++ b/README @@ -36,7 +36,7 @@ Configuration on gateway _moon_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/priv/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -66,7 +66,7 @@ Configuration on gateway _sun_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/sunCert.pem - /etc/swanctl/priv/sunKey.pem + /etc/swanctl/private/sunKey.pem /etc/swanctl/swanctl.conf: @@ -120,7 +120,7 @@ connections we will use the default IPsec tunnel mode. /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/priv/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -148,7 +148,7 @@ Configuration on host _sun_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/sunCert.pem - /etc/swanctl/priv/sunKey.pem + /etc/swanctl/private/sunKey.pem /etc/swanctl/swanctl.conf: @@ -185,7 +185,7 @@ Configuration on gateway _moon_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/priv/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -211,7 +211,7 @@ Configuration on roadwarrior _carol_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/carolCert.pem - /etc/swanctl/priv/carolKey.pem + /etc/swanctl/private/carolKey.pem /etc/swanctl/swanctl.conf: @@ -277,7 +277,7 @@ Configuration on gateway _moon_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/rsa/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -311,7 +311,7 @@ Configuration on roadwarrior _carol_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/carolCert.pem - /etc/swanctl/priv/carolKey.pem + /etc/swanctl/private/carolKey.pem /etc/swanctl/swanctl.conf: @@ -352,7 +352,7 @@ Configuration on gateway _moon_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/priv/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -437,7 +437,7 @@ Configuration on gateway _moon_: /etc/swanctl/x509ca/strongswanCert.pem /etc/swanctl/x509/moonCert.pem - /etc/swanctl/priv/moonKey.pem + /etc/swanctl/private/moonKey.pem /etc/swanctl/swanctl.conf: @@ -571,7 +571,7 @@ In a next step the command pki --req --type priv --in moonKey.pem \ --dn "C=CH, O=strongswan, CN=moon.strongswan.org \ - --san moon.strongswan.org -- outform pem > moonReq.pem + --san moon.strongswan.org --outform pem > moonReq.pem creates a PKCS#10 certificate request that has to be signed by the CA. Through the [multiple] use of the `--san` parameter any number of desired diff --git a/conf/Makefile.am b/conf/Makefile.am index 38181db2c..eb662c2e0 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -87,6 +87,7 @@ plugins = \ plugins/random.opt \ plugins/resolve.opt \ plugins/revocation.opt \ + plugins/save-keys.opt \ plugins/socket-default.opt \ plugins/sql.opt \ plugins/stroke.opt \ diff --git a/conf/Makefile.in b/conf/Makefile.in index c2cb213f7..e83d3b98f 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -493,6 +493,7 @@ plugins = \ plugins/random.opt \ plugins/resolve.opt \ plugins/revocation.opt \ + plugins/save-keys.opt \ plugins/socket-default.opt \ plugins/sql.opt \ plugins/stroke.opt \ diff --git a/conf/options/charon.conf b/conf/options/charon.conf index cef9fe36c..93dff172d 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -7,9 +7,9 @@ charon { # Maximum number of half-open IKE_SAs for a single peer IP. # block_threshold = 5 - # Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should - # be saved under a unique file name derived from the public key of the - # Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or + # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP + # should be saved under a unique file name derived from the public key of + # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or # /etc/swanctl/x509crl (vici), respectively. # cache_crls = no diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 161ebb724..fcde5f0b5 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -31,7 +31,7 @@ charon.cert_cache = yes memory. charon.cache_crls = no - Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should + Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should be saved under a unique file name derived from the public key of the Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or **/etc/swanctl/x509crl** (vici), respectively. diff --git a/conf/plugins/ha.opt b/conf/plugins/ha.opt index 77d5b7888..c821a880b 100644 --- a/conf/plugins/ha.opt +++ b/conf/plugins/ha.opt @@ -2,6 +2,13 @@ charon.plugins.ha.autobalance = 0 Interval in seconds to automatically balance handled segments between nodes. Set to 0 to disable. +charon.plugin.ha.buflen = 2048 + Buffer size for received HA messages. + + Buffer size for received HA messages. For IKEv1 the public DH factors are + also transmitted so depending on the DH group the HA messages can get quite + big (the default should be fine up to _modp4096_). + charon.plugins.ha.fifo_interface = yes charon.plugins.ha.heartbeat_delay = 1000 diff --git a/conf/plugins/imc-os.opt b/conf/plugins/imc-os.opt index 4f559f2b9..6c1da5e89 100644 --- a/conf/plugins/imc-os.opt +++ b/conf/plugins/imc-os.opt @@ -6,6 +6,10 @@ libimcv.plugins.imc-os.device_id = Manually set the client device ID in hexadecimal format (e.g. 1083f03988c9762703b1c1080c2e46f72b99cc31) +libimcv.plugins.imc-os.device_handle = + Manually set handle to a private key bound to a smartcard or TPM + (e.g. 0x81010004) + libimcv.plugins.imc-os.device_pubkey = Manually set the path to the client device public key (e.g. /etc/pts/aikPub.der) diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf index 22d94ee38..9827b2282 100644 --- a/conf/plugins/kernel-netlink.conf +++ b/conf/plugins/kernel-netlink.conf @@ -35,6 +35,9 @@ kernel-netlink { # Whether to use port or socket based IKE XFRM bypass policies. # port_bypass = no + # Whether to process changes in routing rules to trigger roam events. + # process_rules = no + # Maximum Netlink socket receive buffer in bytes. # receive_buffer_size = 0 diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt index 3d9c4a7a9..0e368ca1e 100644 --- a/conf/plugins/kernel-netlink.opt +++ b/conf/plugins/kernel-netlink.opt @@ -7,7 +7,7 @@ charon.plugins.kernel-netlink.force_receive_buffer_size = no If the maximum Netlink socket receive buffer in bytes set by _receive_buffer_size_ exceeds the system-wide maximum from /proc/sys/net/core/rmem_max, this option can be used to override the limit. - Enabling this option requires special priviliges (CAP_NET_ADMIN). + Enabling this option requires special privileges (CAP_NET_ADMIN). charon.plugins.kernel-netlink.fwmark = Firewall mark to set on the routing rule that directs traffic to our routing @@ -47,6 +47,13 @@ charon.plugins.kernel-netlink.port_bypass = no port based policies use global XFRM bypass policies for the used IKE UDP ports. +charon.plugins.kernel-netlink.process_rules = no + Whether to process changes in routing rules to trigger roam events. + + Whether to process changes in routing rules to trigger roam events. This is + currently only useful if the kernel based route lookup is used (i.e. if + route installation is disabled or an inverted fwmark match is configured). + charon.plugins.kernel-netlink.receive_buffer_size = 0 Maximum Netlink socket receive buffer in bytes. diff --git a/conf/plugins/save-keys.conf b/conf/plugins/save-keys.conf new file mode 100644 index 000000000..c38cdcf69 --- /dev/null +++ b/conf/plugins/save-keys.conf @@ -0,0 +1,16 @@ +save-keys { + + # Whether to save ESP keys. + # esp = no + + # Whether to save IKE keys. + # ike = no + + # Whether to load the plugin. + load = no + + # Directory where the keys are stored in the format supported by Wireshark + # wireshark_keys = + +} + diff --git a/conf/plugins/save-keys.opt b/conf/plugins/save-keys.opt new file mode 100644 index 000000000..22a766a6f --- /dev/null +++ b/conf/plugins/save-keys.opt @@ -0,0 +1,16 @@ +charon.plugins.save-keys.load := no + Whether to load the plugin. + +charon.plugins.save-keys.esp = no + Whether to save ESP keys. + +charon.plugins.save-keys.ike = no + Whether to save IKE keys. + +charon.plugins.save-keys.wireshark_keys + Directory where the keys are stored in the format supported by Wireshark + + Directory where the keys are stored in the format supported by Wireshark. + IKEv1 keys are stored in the _ikev1_decryption_table_ file. + IKEv2 keys are stored in the _ikev2_decryption_table_ file. + Keys for ESP CHILD_SAs are stored in the _esp_sa_ file. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index b54f3e492..977403e91 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -51,7 +51,7 @@ Maximum number of half\-open IKE_SAs for a single peer IP. .TP .BR charon.cache_crls " [no]" -Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should be +Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should be saved under a unique file name derived from the public key of the Certification Authority (CA) to .RB "" "/etc/ipsec.d/crls" "" @@ -405,6 +405,14 @@ WINS servers assigned to peer via configuration payload (CP). .BR charon.nbns2 " []" WINS servers assigned to peer via configuration payload (CP). +.TP +.BR charon.plugin.ha.buflen " [2048]" +Buffer size for received HA messages. For IKEv1 the public DH factors are also +transmitted so depending on the DH group the HA messages can get quite big (the +default should be fine up to +.RI "" "modp4096" ")." + + .TP .BR charon.plugins.addrblock.strict " [yes]" If set to yes, a subject certificate without an addrblock extension is rejected @@ -973,7 +981,7 @@ If the maximum Netlink socket receive buffer in bytes set by .RI "" "receive_buffer_size" "" exceeds the system\-wide maximum from /proc/sys/net/core/rmem_max, this option can be used to override the limit. -Enabling this option requires special priviliges (CAP_NET_ADMIN). +Enabling this option requires special privileges (CAP_NET_ADMIN). .TP .BR charon.plugins.kernel-netlink.fwmark " []" @@ -1015,6 +1023,12 @@ policies are used to exempt IKE traffic from XFRM processing. The default socket based policies are directly tied to the IKE UDP sockets, port based policies use global XFRM bypass policies for the used IKE UDP ports. +.TP +.BR charon.plugins.kernel-netlink.process_rules " [no]" +Whether to process changes in routing rules to trigger roam events. This is +currently only useful if the kernel based route lookup is used (i.e. if route +installation is disabled or an inverted fwmark match is configured). + .TP .BR charon.plugins.kernel-netlink.receive_buffer_size " [0]" Maximum Netlink socket receive buffer in bytes. This value controls how many @@ -1416,6 +1430,30 @@ Whether CRL validation should be enabled. .BR charon.plugins.revocation.enable_ocsp " [yes]" Whether OCSP validation should be enabled. +.TP +.BR charon.plugins.save-keys.esp " [no]" +Whether to save ESP keys. + +.TP +.BR charon.plugins.save-keys.ike " [no]" +Whether to save IKE keys. + +.TP +.BR charon.plugins.save-keys.load " [no]" +Whether to load the plugin. + +.TP +.BR charon.plugins.save-keys.wireshark_keys " []" +Directory where the keys are stored in the format supported by Wireshark. IKEv1 +keys are stored in the +.RI "" "ikev1_decryption_table" "" +file. IKEv2 keys are stored in +the +.RI "" "ikev2_decryption_table" "" +file. Keys for ESP CHILD_SAs are stored in the +.RI "" "esp_sa" "" +file. + .TP .BR charon.plugins.socket-default.fwmark " []" Firewall mark to set on outbound packets. @@ -2120,6 +2158,11 @@ manufacturer of the hardcopy device. Manually set the path to the client device certificate (e.g. /etc/pts/aikCert.der) +.TP +.BR libimcv.plugins.imc-os.device_handle " []" +Manually set handle to a private key bound to a smartcard or TPM (e.g. +0x81010004) + .TP .BR libimcv.plugins.imc-os.device_id " []" Manually set the client device ID in hexadecimal format (e.g. diff --git a/configure b/configure index 9eca70911..5bee7cea9 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.6.1. +# Generated by GNU Autoconf 2.69 for strongSwan 5.6.2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.6.1' -PACKAGE_STRING='strongSwan 5.6.1' +PACKAGE_VERSION='5.6.2' +PACKAGE_STRING='strongSwan 5.6.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -767,6 +767,8 @@ USE_SOCKET_DYNAMIC_FALSE USE_SOCKET_DYNAMIC_TRUE USE_SOCKET_DEFAULT_FALSE USE_SOCKET_DEFAULT_TRUE +USE_SAVE_KEYS_FALSE +USE_SAVE_KEYS_TRUE USE_IMV_HCD_FALSE USE_IMV_HCD_TRUE USE_IMC_HCD_FALSE @@ -1461,6 +1463,7 @@ enable_led enable_load_tester enable_lookip enable_radattr +enable_save_keys enable_systime_fix enable_test_vectors enable_updown @@ -2108,7 +2111,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.6.1 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.6.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2179,7 +2182,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.6.1:";; + short | recursive ) echo "Configuration of strongSwan 5.6.2:";; esac cat <<\_ACEOF @@ -2372,6 +2375,8 @@ Optional Features: plugin. --enable-radattr enable plugin to inject and process custom RADIUS attributes as IKEv2 client. + --enable-save-keys enable development/debugging plugin that saves IKE + and ESP keys in Wireshark format. --enable-systime-fix enable plugin to handle cert lifetimes with invalid system time gracefully. --enable-test-vectors enable plugin providing crypto test vectors. @@ -2659,7 +2664,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.6.1 +strongSwan configure 5.6.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3181,7 +3186,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.6.1, which was +It was created by strongSwan $as_me 5.6.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4044,7 +4049,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.6.1' + VERSION='5.6.2' cat >>confdefs.h <<_ACEOF @@ -7211,6 +7216,22 @@ fi disabled_by_default=${disabled_by_default}" radattr" +# Check whether --enable-save-keys was given. +if test "${enable_save_keys+set}" = set; then : + enableval=$enable_save_keys; save_keys_given=true + if test x$enableval = xyes; then + save_keys=true + else + save_keys=false + fi +else + save_keys=false + save_keys_given=false + +fi + + disabled_by_default=${disabled_by_default}" save_keys" + # Check whether --enable-systime-fix was given. if test "${enable_systime_fix+set}" = set; then : enableval=$enable_systime_fix; systime_fix_given=true @@ -22414,104 +22435,6 @@ fi fi if test x$nm = xtrue; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 -$as_echo_n "checking for nm... " >&6; } - -if test -n "$nm_CFLAGS"; then - pkg_cv_nm_CFLAGS="$nm_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$nm_LIBS"; then - pkg_cv_nm_LIBS="$nm_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn" 2>&1` - else - nm_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$nm_PKG_ERRORS" >&5 - - as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn) were not met: - -$nm_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details." "$LINENO" 5 -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } -else - nm_CFLAGS=$pkg_cv_nm_CFLAGS - nm_LIBS=$pkg_cv_nm_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -fi -else pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 @@ -22521,12 +22444,12 @@ if test -n "$nm_CFLAGS"; then pkg_cv_nm_CFLAGS="$nm_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gthread-2.0 libnm\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gthread-2.0 libnm") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn" 2>/dev/null` + pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "gthread-2.0 libnm" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -22538,12 +22461,12 @@ if test -n "$nm_LIBS"; then pkg_cv_nm_LIBS="$nm_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gthread-2.0 libnm\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gthread-2.0 libnm") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn" 2>/dev/null` + pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "gthread-2.0 libnm" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -22564,14 +22487,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn" 2>&1` + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gthread-2.0 libnm" 2>&1` else - nm_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn" 2>&1` + nm_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gthread-2.0 libnm" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$nm_PKG_ERRORS" >&5 - as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn) were not met: + as_fn_error $? "Package requirements (gthread-2.0 libnm) were not met: $nm_PKG_ERRORS @@ -22604,8 +22527,6 @@ $as_echo "yes" >&6; } fi -fi - fi @@ -24101,6 +24022,11 @@ if test x$resolve = xtrue; then fi +if test x$save_keys = xtrue; then + c_plugins=${c_plugins}" save-keys" + + fi + if test x$socket_default = xtrue; then c_plugins=${c_plugins}" socket-default" charon_plugins=${charon_plugins}" socket-default" @@ -25622,6 +25548,14 @@ else USE_IMV_HCD_FALSE= fi + if test x$save_keys = xtrue; then + USE_SAVE_KEYS_TRUE= + USE_SAVE_KEYS_FALSE='#' +else + USE_SAVE_KEYS_TRUE='#' + USE_SAVE_KEYS_FALSE= +fi + if test x$socket_default = xtrue; then USE_SOCKET_DEFAULT_TRUE= USE_SOCKET_DEFAULT_FALSE='#' @@ -26267,7 +26201,7 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= @@ -26979,6 +26913,10 @@ if test -z "${USE_IMV_HCD_TRUE}" && test -z "${USE_IMV_HCD_FALSE}"; then as_fn_error $? "conditional \"USE_IMV_HCD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_SAVE_KEYS_TRUE}" && test -z "${USE_SAVE_KEYS_FALSE}"; then + as_fn_error $? "conditional \"USE_SAVE_KEYS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then as_fn_error $? "conditional \"USE_SOCKET_DEFAULT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -27644,7 +27582,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.6.1, which was +This file was extended by strongSwan $as_me 5.6.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27710,7 +27648,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.6.1 +strongSwan config.status 5.6.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -28258,6 +28196,7 @@ do "src/libcharon/plugins/xauth_noauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/xauth_noauth/Makefile" ;; "src/libcharon/plugins/tnc_ifmap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_ifmap/Makefile" ;; "src/libcharon/plugins/tnc_pdp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_pdp/Makefile" ;; + "src/libcharon/plugins/save_keys/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/save_keys/Makefile" ;; "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;; "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;; "src/libcharon/plugins/socket_win/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_win/Makefile" ;; @@ -28318,6 +28257,7 @@ do "src/_copyright/Makefile") CONFIG_FILES="$CONFIG_FILES src/_copyright/Makefile" ;; "src/scepclient/Makefile") CONFIG_FILES="$CONFIG_FILES src/scepclient/Makefile" ;; "src/aikgen/Makefile") CONFIG_FILES="$CONFIG_FILES src/aikgen/Makefile" ;; + "src/tpm_extendpcr/Makefile") CONFIG_FILES="$CONFIG_FILES src/tpm_extendpcr/Makefile" ;; "src/pki/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/Makefile" ;; "src/pki/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/man/Makefile" ;; "src/pool/Makefile") CONFIG_FILES="$CONFIG_FILES src/pool/Makefile" ;; diff --git a/configure.ac b/configure.ac index 6effecce3..ae04fc87c 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.6.1]) +AC_INIT([strongSwan],[5.6.2]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -273,6 +273,7 @@ ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.]) ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.]) +ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.]) ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.]) ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) @@ -1174,10 +1175,7 @@ if test x$eap_sim_pcsc = xtrue; then fi if test x$nm = xtrue; then - PKG_CHECK_EXISTS([libnm-glib], - [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn])], - [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn])] - ) + PKG_CHECK_MODULES(nm, [gthread-2.0 libnm]) AC_SUBST(nm_CFLAGS) AC_SUBST(nm_LIBS) fi @@ -1438,6 +1436,7 @@ ADD_PLUGIN([kernel-pfkey], [c charon starter nm cmd]) ADD_PLUGIN([kernel-pfroute], [c charon starter nm cmd]) ADD_PLUGIN([kernel-netlink], [c charon starter nm cmd]) ADD_PLUGIN([resolve], [c charon cmd]) +ADD_PLUGIN([save-keys], [c]) ADD_PLUGIN([socket-default], [c charon nm cmd]) ADD_PLUGIN([socket-dynamic], [c charon cmd]) ADD_PLUGIN([socket-win], [c charon]) @@ -1667,6 +1666,7 @@ AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue) AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue) AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue) AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue) +AM_CONDITIONAL(USE_SAVE_KEYS, test x$save_keys = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) AM_CONDITIONAL(USE_SOCKET_WIN, test x$socket_win = xtrue) @@ -1931,6 +1931,7 @@ AC_CONFIG_FILES([ src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile + src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile @@ -1991,6 +1992,7 @@ AC_CONFIG_FILES([ src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile + src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 774df75ac..eef6efaa0 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -609,9 +609,10 @@ To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms to .BR pubkey or a key strength definition (for example -.BR pubkey-sha1-sha256 +.BR pubkey-sha256-sha512 , +.BR rsa-2048-sha256-sha384-sha512 , or -.BR rsa-2048-ecdsa-256-sha256-sha384-sha512 ). +.BR rsa-2048-sha256-ecdsa-256-sha256-sha384 ). Unless disabled in .BR strongswan.conf (5), or explicit IKEv2 signature constraints are configured (see below), such key diff --git a/src/Makefile.am b/src/Makefile.am index 7bef1a5dd..e2747c300 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -143,3 +143,7 @@ endif if USE_AIKGEN SUBDIRS += aikgen endif + +if USE_TPM + SUBDIRS += tpm_extendpcr +endif diff --git a/src/Makefile.in b/src/Makefile.in index baae1e09a..9aa3cb166 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -123,6 +123,7 @@ host_triplet = @host@ @USE_IMV_SWIMA_TRUE@am__append_34 = sec-updater @USE_INTEGRITY_TEST_TRUE@am__append_35 = checksum @USE_AIKGEN_TRUE@am__append_36 = aikgen +@USE_TPM_TRUE@am__append_37 = tpm_extendpcr subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -201,7 +202,8 @@ DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ libcharon starter ipsec _copyright charon charon-systemd \ charon-nm stroke _updown scepclient pki swanctl conftest dumm \ libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ - pt-tls-client sw-collector sec-updater checksum aikgen + pt-tls-client sw-collector sec-updater checksum aikgen \ + tpm_extendpcr am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -478,7 +480,8 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) $(am__append_35) $(am__append_36) + $(am__append_34) $(am__append_35) $(am__append_36) \ + $(am__append_37) all: all-recursive .SUFFIXES: diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h index c7441e795..aa13b0951 100644 --- a/src/charon-cmd/cmd/cmd_options.h +++ b/src/charon-cmd/cmd/cmd_options.h @@ -63,7 +63,7 @@ struct cmd_option_t { const char *name; /** takes argument */ int has_arg; - /** decription of argument */ + /** description of argument */ const char *arg; /** short description to option */ const char *desc; diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index 601daca0a..e4845e745 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -55,7 +55,7 @@ struct nm_backend_t { static nm_backend_t *nm_backend = NULL; /** - * NM plugin processing routine, creates and handles NMVPNPlugin + * NM plugin processing routine, creates and handles NMVpnServicePlugin */ static job_requeue_t run(nm_backend_t *this) { diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 3e8392a57..9beac392a 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -1,4 +1,6 @@ /* + * Copyright (C) 2017 Lubomir Rintel + * * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil @@ -14,8 +16,6 @@ * for more details. */ -#include -#include #include "nm_service.h" #include @@ -26,7 +26,7 @@ #include -G_DEFINE_TYPE(NMStrongswanPlugin, nm_strongswan_plugin, NM_TYPE_VPN_PLUGIN) +G_DEFINE_TYPE(NMStrongswanPlugin, nm_strongswan_plugin, NM_TYPE_VPN_SERVICE_PLUGIN) /** * Private data of NMStrongswanPlugin @@ -37,7 +37,7 @@ typedef struct { /* IKE_SA we are listening on */ ike_sa_t *ike_sa; /* backref to public plugin */ - NMVPNPlugin *plugin; + NMVpnServicePlugin *plugin; /* credentials to use for authentication */ nm_creds_t *creds; /* attribute handler for DNS/NBNS server information */ @@ -53,50 +53,46 @@ typedef struct { /** * convert enumerated handler chunks to a UINT_ARRAY GValue */ -static GValue* handler_to_val(nm_handler_t *handler, +static GVariant* handler_to_variant(nm_handler_t *handler, configuration_attribute_type_t type) { - GValue *val; - GArray *array; + GVariantBuilder builder; enumerator_t *enumerator; chunk_t chunk; + g_variant_builder_init (&builder, G_VARIANT_TYPE ("au")); + enumerator = handler->create_enumerator(handler, type); - array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) { - g_array_append_val (array, *(uint32_t*)chunk.ptr); + g_variant_builder_add (&builder, "u", + g_variant_new_uint32 (*(uint32_t*)chunk.ptr)); } enumerator->destroy(enumerator); - val = g_slice_new0 (GValue); - g_value_init (val, DBUS_TYPE_G_UINT_ARRAY); - g_value_set_boxed (val, array); - return val; + return g_variant_builder_end (&builder); } /** * signal IPv4 config to NM, set connection as established */ -static void signal_ipv4_config(NMVPNPlugin *plugin, +static void signal_ipv4_config(NMVpnServicePlugin *plugin, ike_sa_t *ike_sa, child_sa_t *child_sa) { NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); - GValue *val; - GHashTable *config; + GVariantBuilder builder; enumerator_t *enumerator; host_t *me, *other; nm_handler_t *handler; - config = g_hash_table_new(g_str_hash, g_str_equal); + g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT); + handler = priv->handler; /* NM apparently requires to know the gateway */ - val = g_slice_new0 (GValue); - g_value_init (val, G_TYPE_UINT); other = ike_sa->get_other_host(ike_sa); - g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, + g_variant_new_uint32 (*(uint32_t*)other->get_address(other).ptr)); /* NM installs this IP address on the interface above, so we use the VIP if * we got one. @@ -107,47 +103,40 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, me = ike_sa->get_my_host(ike_sa); } enumerator->destroy(enumerator); - val = g_slice_new0(GValue); - g_value_init(val, G_TYPE_UINT); - g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr); - g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, + g_variant_new_uint32 (*(uint32_t*)other->get_address(me).ptr)); - val = g_slice_new0(GValue); - g_value_init(val, G_TYPE_UINT); - g_value_set_uint(val, me->get_address(me).len * 8); - g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, + g_variant_new_uint32 (me->get_address(me).len * 8)); /* prevent NM from changing the default route. we set our own route in our * own routing table */ - val = g_slice_new0(GValue); - g_value_init(val, G_TYPE_BOOLEAN); - g_value_set_boolean(val, TRUE); - g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, val); + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, + g_variant_new_boolean (TRUE)); - val = handler_to_val(handler, INTERNAL_IP4_DNS); - g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - val = handler_to_val(handler, INTERNAL_IP4_NBNS); - g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_DNS, + handler_to_variant(handler, INTERNAL_IP4_DNS)); + + g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_IP4_CONFIG_NBNS, + handler_to_variant(handler, INTERNAL_IP4_NBNS)); handler->reset(handler); - nm_vpn_plugin_set_ip4_config(plugin, config); + nm_vpn_service_plugin_set_ip4_config(plugin, g_variant_builder_end (&builder)); } /** * signal failure to NM, connecting failed */ -static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure) +static void signal_failure(NMVpnServicePlugin *plugin, NMVpnPluginFailure failure) { nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; handler->reset(handler); - /* TODO: NM does not handle this failure!? */ - nm_vpn_plugin_failure(plugin, failure); - nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); + nm_vpn_service_plugin_failure(plugin, failure); } /** @@ -277,12 +266,12 @@ static identification_t *find_smartcard_key(NMStrongswanPluginPrivate *priv, /** * Connect function called from NM via DBUS */ -static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, +static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection, GError **err) { NMStrongswanPluginPrivate *priv; NMSettingConnection *conn; - NMSettingVPN *vpn; + NMSettingVpn *vpn; enumerator_t *enumerator; identification_t *user = NULL, *gateway = NULL; const char *address, *str; @@ -676,10 +665,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * NeedSecrets called from NM via DBUS */ -static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, - char **setting_name, GError **error) +static gboolean need_secrets(NMVpnServicePlugin *plugin, NMConnection *connection, + const char **setting_name, GError **error) { - NMSettingVPN *settings; + NMSettingVpn *settings; const char *method, *path; settings = NM_SETTING_VPN(nm_connection_get_setting(connection, @@ -735,9 +724,9 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, } /** - * Disconnect called from NM via DBUS + * The actual disconnection */ -static gboolean disconnect(NMVPNPlugin *plugin, GError **err) +static gboolean do_disconnect(gpointer plugin) { NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); enumerator_t *enumerator; @@ -755,16 +744,28 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) enumerator->destroy(enumerator); charon->controller->terminate_ike(charon->controller, id, controller_cb_empty, NULL, 0); - return TRUE; + return FALSE; } } enumerator->destroy(enumerator); - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, - "Connection not found."); + g_debug("Connection not found."); return FALSE; } +/** + * Disconnect called from NM via DBUS + */ +static gboolean disconnect(NMVpnServicePlugin *plugin, GError **err) +{ + /* enqueue the actual disconnection, because we may be called in + * response to a listener_t callback and the SA enumeration would + * possibly deadlock. */ + g_idle_add(do_disconnect, plugin); + + return TRUE; +} + /** * Initializer */ @@ -773,7 +774,7 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) NMStrongswanPluginPrivate *priv; priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); - priv->plugin = NM_VPN_PLUGIN(plugin); + priv->plugin = NM_VPN_SERVICE_PLUGIN(plugin); memset(&priv->listener, 0, sizeof(listener_t)); priv->listener.child_updown = child_updown; priv->listener.ike_rekey = ike_rekey; @@ -786,7 +787,7 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) static void nm_strongswan_plugin_class_init( NMStrongswanPluginClass *strongswan_class) { - NMVPNPluginClass *parent_class = NM_VPN_PLUGIN_CLASS(strongswan_class); + NMVpnServicePluginClass *parent_class = NM_VPN_SERVICE_PLUGIN_CLASS(strongswan_class); g_type_class_add_private(G_OBJECT_CLASS(strongswan_class), sizeof(NMStrongswanPluginPrivate)); @@ -801,10 +802,15 @@ static void nm_strongswan_plugin_class_init( NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, nm_handler_t *handler) { - NMStrongswanPlugin *plugin = (NMStrongswanPlugin *)g_object_new ( + GError *error = NULL; + + NMStrongswanPlugin *plugin = (NMStrongswanPlugin *)g_initable_new ( NM_TYPE_STRONGSWAN_PLUGIN, - NM_VPN_PLUGIN_DBUS_SERVICE_NAME, NM_DBUS_SERVICE_STRONGSWAN, + NULL, + &error, + NM_VPN_SERVICE_PLUGIN_DBUS_SERVICE_NAME, NM_DBUS_SERVICE_STRONGSWAN, NULL); + if (plugin) { NMStrongswanPluginPrivate *priv; @@ -814,5 +820,11 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, priv->creds = creds; priv->handler = handler; } + else + { + g_warning ("Failed to initialize a plugin instance: %s", error->message); + g_error_free (error); + } + return plugin; } diff --git a/src/charon-nm/nm/nm_service.h b/src/charon-nm/nm/nm_service.h index 0cb23e120..74ab38b03 100644 --- a/src/charon-nm/nm/nm_service.h +++ b/src/charon-nm/nm/nm_service.h @@ -23,7 +23,7 @@ #include #include -#include +#include #include "nm_creds.h" #include "nm_handler.h" @@ -40,11 +40,11 @@ #define NM_DBUS_PATH_STRONGSWAN "/org/freedesktop/NetworkManager/strongswan" typedef struct { - NMVPNPlugin parent; + NMVpnServicePlugin parent; } NMStrongswanPlugin; typedef struct { - NMVPNPluginClass parent; + NMVpnServicePluginClass parent; } NMStrongswanPluginClass; GType nm_strongswan_plugin_get_type(void); diff --git a/src/charon-tkm/src/ees/esa_event_service.adb b/src/charon-tkm/src/ees/esa_event_service.adb index 5b5d7003b..6b6b3f743 100644 --- a/src/charon-tkm/src/ees/esa_event_service.adb +++ b/src/charon-tkm/src/ees/esa_event_service.adb @@ -27,10 +27,13 @@ package body Esa_Event_Service is package Unix_TCP_Receiver is new Anet.Receivers.Stream - (Socket_Type => Anet.Sockets.Unix.TCP_Socket_Type); + (Socket_Type => Anet.Sockets.Unix.TCP_Socket_Type, + Address_Type => Anet.Sockets.Unix.Full_Path_Type, + Accept_Connection => Anet.Sockets.Unix.Accept_Connection); procedure Dispatch is new Tkmrpc.Process_Stream - (Dispatch => Tkmrpc.Dispatchers.Ees.Dispatch); + (Dispatch => Tkmrpc.Dispatchers.Ees.Dispatch, + Address_Type => Anet.Sockets.Unix.Full_Path_Type); Sock : aliased Anet.Sockets.Unix.TCP_Socket_Type; Receiver : Unix_TCP_Receiver.Receiver_Type (S => Sock'Access); diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index 5f2cbfe0c..48d0001ce 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -1,5 +1,5 @@ /* - * Copyrigth (C) 2012 Reto Buerki + * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index ed5366c2c..ac38078d7 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Copyrigth (C) 2012 Reto Buerki + * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index f57527602..290b00e37 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -1,5 +1,5 @@ /* - * Copyrigth (C) 2012 Reto Buerki + * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c index 493ea2922..2b3e66d2d 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.c +++ b/src/charon-tkm/src/tkm/tkm_nonceg.c @@ -1,5 +1,5 @@ /* - * Copyrigth (C) 2012 Reto Buerki + * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index 8bba1f9d9..d4751f7d0 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -17,7 +17,7 @@ #include #include -#include +#include #include #include diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index c4f8385c0..5e1cec089 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -18,7 +18,7 @@ #include #include -#include +#include typedef struct private_custom_proposal_t private_custom_proposal_t; diff --git a/src/dumm/guest.h b/src/dumm/guest.h index 0da05d88c..36a69681d 100644 --- a/src/dumm/guest.h +++ b/src/dumm/guest.h @@ -47,7 +47,7 @@ enum guest_state_t { extern enum_name_t *guest_state_names; /** - * Invoke function which lauches the UML guest. + * Invoke function which launches the UML guest. * * Consoles are all set to NULL, you may change them by adding additional UML * options to args before invocation. diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 17c918f60..4028096f0 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.6.1rc1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.6.2dr3" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index f381860b9..d1fb33702 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -16,7 +16,6 @@ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ config/peer_cfg.c config/peer_cfg.h \ -config/proposal.c config/proposal.h \ control/controller.c control/controller.h \ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 964a19ec8..25ac7972c 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -14,7 +14,6 @@ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ config/peer_cfg.c config/peer_cfg.h \ -config/proposal.c config/proposal.h \ control/controller.c control/controller.h \ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ @@ -209,6 +208,13 @@ if MONOLITHIC endif endif +if USE_SAVE_KEYS + SUBDIRS += plugins/save_keys +if MONOLITHIC + libcharon_la_LIBADD += plugins/save_keys/libstrongswan-save-keys.la +endif +endif + if USE_SOCKET_DEFAULT SUBDIRS += plugins/socket_default if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index d3cbb0fb6..6c39317fa 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -155,150 +155,152 @@ host_triplet = @host@ @USE_LOAD_TESTER_TRUE@am__append_6 = plugins/load_tester @MONOLITHIC_TRUE@@USE_LOAD_TESTER_TRUE@am__append_7 = plugins/load_tester/libstrongswan-load-tester.la -@USE_SOCKET_DEFAULT_TRUE@am__append_8 = plugins/socket_default -@MONOLITHIC_TRUE@@USE_SOCKET_DEFAULT_TRUE@am__append_9 = plugins/socket_default/libstrongswan-socket-default.la -@USE_SOCKET_DYNAMIC_TRUE@am__append_10 = plugins/socket_dynamic -@MONOLITHIC_TRUE@@USE_SOCKET_DYNAMIC_TRUE@am__append_11 = plugins/socket_dynamic/libstrongswan-socket-dynamic.la -@USE_SOCKET_WIN_TRUE@am__append_12 = plugins/socket_win -@MONOLITHIC_TRUE@@USE_SOCKET_WIN_TRUE@am__append_13 = plugins/socket_win/libstrongswan-socket-win.la -@USE_CONNMARK_TRUE@am__append_14 = plugins/connmark -@MONOLITHIC_TRUE@@USE_CONNMARK_TRUE@am__append_15 = plugins/connmark/libstrongswan-connmark.la -@USE_BYPASS_LAN_TRUE@am__append_16 = plugins/bypass_lan -@MONOLITHIC_TRUE@@USE_BYPASS_LAN_TRUE@am__append_17 = plugins/bypass_lan/libstrongswan-bypass-lan.la -@USE_FORECAST_TRUE@am__append_18 = plugins/forecast -@MONOLITHIC_TRUE@@USE_FORECAST_TRUE@am__append_19 = plugins/forecast/libstrongswan-forecast.la -@USE_FARP_TRUE@am__append_20 = plugins/farp -@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_21 = plugins/farp/libstrongswan-farp.la -@USE_COUNTERS_TRUE@am__append_22 = plugins/counters -@MONOLITHIC_TRUE@@USE_COUNTERS_TRUE@am__append_23 = plugins/counters/libstrongswan-counters.la -@USE_STROKE_TRUE@am__append_24 = plugins/stroke -@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_25 = plugins/stroke/libstrongswan-stroke.la -@USE_VICI_TRUE@am__append_26 = plugins/vici -@MONOLITHIC_TRUE@@USE_VICI_TRUE@am__append_27 = plugins/vici/libstrongswan-vici.la -@USE_SMP_TRUE@am__append_28 = plugins/smp -@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_29 = plugins/smp/libstrongswan-smp.la -@USE_SQL_TRUE@am__append_30 = plugins/sql -@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_31 = plugins/sql/libstrongswan-sql.la -@USE_DNSCERT_TRUE@am__append_32 = plugins/dnscert -@MONOLITHIC_TRUE@@USE_DNSCERT_TRUE@am__append_33 = plugins/dnscert/libstrongswan-dnscert.la -@USE_IPSECKEY_TRUE@am__append_34 = plugins/ipseckey -@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_35 = plugins/ipseckey/libstrongswan-ipseckey.la -@USE_UPDOWN_TRUE@am__append_36 = plugins/updown -@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_37 = plugins/updown/libstrongswan-updown.la -@USE_EXT_AUTH_TRUE@am__append_38 = plugins/ext_auth -@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_39 = plugins/ext_auth/libstrongswan-ext-auth.la -@USE_EAP_IDENTITY_TRUE@am__append_40 = plugins/eap_identity -@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_41 = plugins/eap_identity/libstrongswan-eap-identity.la -@USE_EAP_SIM_TRUE@am__append_42 = plugins/eap_sim -@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_43 = plugins/eap_sim/libstrongswan-eap-sim.la -@USE_EAP_SIM_FILE_TRUE@am__append_44 = plugins/eap_sim_file -@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_45 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la -@USE_EAP_SIM_PCSC_TRUE@am__append_46 = plugins/eap_sim_pcsc -@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_47 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la -@USE_EAP_SIMAKA_SQL_TRUE@am__append_48 = plugins/eap_simaka_sql -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_49 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_50 = plugins/eap_simaka_pseudonym -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_51 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_52 = plugins/eap_simaka_reauth -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_53 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la -@USE_EAP_AKA_TRUE@am__append_54 = plugins/eap_aka -@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_55 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP_TRUE@am__append_56 = plugins/eap_aka_3gpp -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_57 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_58 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_59 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_60 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_61 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_62 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_63 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_64 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_65 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_66 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_DYNAMIC_TRUE@am__append_67 = plugins/eap_dynamic -@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_68 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la -@USE_EAP_RADIUS_TRUE@am__append_69 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_70 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_71 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_72 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_73 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_74 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_PEAP_TRUE@am__append_75 = plugins/eap_peap -@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_76 = plugins/eap_peap/libstrongswan-eap-peap.la -@USE_EAP_TNC_TRUE@am__append_77 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_78 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_79 = $(top_builddir)/src/libtls/libtls.la -@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_80 = $(top_builddir)/src/libradius/libradius.la -@USE_TNC_IFMAP_TRUE@am__append_81 = plugins/tnc_ifmap -@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_82 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la -@USE_TNC_PDP_TRUE@am__append_83 = plugins/tnc_pdp -@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_84 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la -@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_85 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_MEDSRV_TRUE@am__append_86 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_87 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_88 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_89 = plugins/medcli/libstrongswan-medcli.la -@USE_DHCP_TRUE@am__append_90 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_91 = plugins/dhcp/libstrongswan-dhcp.la -@USE_OSX_ATTR_TRUE@am__append_92 = plugins/osx_attr -@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_93 = plugins/osx_attr/libstrongswan-osx-attr.la -@USE_P_CSCF_TRUE@am__append_94 = plugins/p_cscf -@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_95 = plugins/p_cscf/libstrongswan-p-cscf.la -@USE_ANDROID_DNS_TRUE@am__append_96 = plugins/android_dns -@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_97 = plugins/android_dns/libstrongswan-android-dns.la -@USE_ANDROID_LOG_TRUE@am__append_98 = plugins/android_log -@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_99 = plugins/android_log/libstrongswan-android-log.la -@USE_HA_TRUE@am__append_100 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_101 = plugins/ha/libstrongswan-ha.la -@USE_KERNEL_PFKEY_TRUE@am__append_102 = plugins/kernel_pfkey -@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_103 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la -@USE_KERNEL_PFROUTE_TRUE@am__append_104 = plugins/kernel_pfroute -@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_105 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la -@USE_KERNEL_NETLINK_TRUE@am__append_106 = plugins/kernel_netlink -@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_107 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la -@USE_KERNEL_LIBIPSEC_TRUE@am__append_108 = plugins/kernel_libipsec -@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_109 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la -@USE_KERNEL_WFP_TRUE@am__append_110 = plugins/kernel_wfp -@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_111 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la -@USE_KERNEL_IPH_TRUE@am__append_112 = plugins/kernel_iph -@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_113 = plugins/kernel_iph/libstrongswan-kernel-iph.la -@USE_WHITELIST_TRUE@am__append_114 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_115 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_116 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_117 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_118 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_119 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_120 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_121 = plugins/certexpire/libstrongswan-certexpire.la -@USE_SYSTIME_FIX_TRUE@am__append_122 = plugins/systime_fix -@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_123 = plugins/systime_fix/libstrongswan-systime-fix.la -@USE_LED_TRUE@am__append_124 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_125 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_126 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_127 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_128 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_129 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_130 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_131 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_132 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_133 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_134 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_135 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_136 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_137 = plugins/unity/libstrongswan-unity.la -@USE_XAUTH_GENERIC_TRUE@am__append_138 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_139 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_140 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_141 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_142 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_143 = plugins/xauth_pam/libstrongswan-xauth-pam.la -@USE_XAUTH_NOAUTH_TRUE@am__append_144 = plugins/xauth_noauth -@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_145 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la -@USE_RESOLVE_TRUE@am__append_146 = plugins/resolve -@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_147 = plugins/resolve/libstrongswan-resolve.la -@USE_ATTR_TRUE@am__append_148 = plugins/attr -@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_149 = plugins/attr/libstrongswan-attr.la -@USE_ATTR_SQL_TRUE@am__append_150 = plugins/attr_sql -@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_151 = plugins/attr_sql/libstrongswan-attr-sql.la +@USE_SAVE_KEYS_TRUE@am__append_8 = plugins/save_keys +@MONOLITHIC_TRUE@@USE_SAVE_KEYS_TRUE@am__append_9 = plugins/save_keys/libstrongswan-save-keys.la +@USE_SOCKET_DEFAULT_TRUE@am__append_10 = plugins/socket_default +@MONOLITHIC_TRUE@@USE_SOCKET_DEFAULT_TRUE@am__append_11 = plugins/socket_default/libstrongswan-socket-default.la +@USE_SOCKET_DYNAMIC_TRUE@am__append_12 = plugins/socket_dynamic +@MONOLITHIC_TRUE@@USE_SOCKET_DYNAMIC_TRUE@am__append_13 = plugins/socket_dynamic/libstrongswan-socket-dynamic.la +@USE_SOCKET_WIN_TRUE@am__append_14 = plugins/socket_win +@MONOLITHIC_TRUE@@USE_SOCKET_WIN_TRUE@am__append_15 = plugins/socket_win/libstrongswan-socket-win.la +@USE_CONNMARK_TRUE@am__append_16 = plugins/connmark +@MONOLITHIC_TRUE@@USE_CONNMARK_TRUE@am__append_17 = plugins/connmark/libstrongswan-connmark.la +@USE_BYPASS_LAN_TRUE@am__append_18 = plugins/bypass_lan +@MONOLITHIC_TRUE@@USE_BYPASS_LAN_TRUE@am__append_19 = plugins/bypass_lan/libstrongswan-bypass-lan.la +@USE_FORECAST_TRUE@am__append_20 = plugins/forecast +@MONOLITHIC_TRUE@@USE_FORECAST_TRUE@am__append_21 = plugins/forecast/libstrongswan-forecast.la +@USE_FARP_TRUE@am__append_22 = plugins/farp +@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_23 = plugins/farp/libstrongswan-farp.la +@USE_COUNTERS_TRUE@am__append_24 = plugins/counters +@MONOLITHIC_TRUE@@USE_COUNTERS_TRUE@am__append_25 = plugins/counters/libstrongswan-counters.la +@USE_STROKE_TRUE@am__append_26 = plugins/stroke +@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_27 = plugins/stroke/libstrongswan-stroke.la +@USE_VICI_TRUE@am__append_28 = plugins/vici +@MONOLITHIC_TRUE@@USE_VICI_TRUE@am__append_29 = plugins/vici/libstrongswan-vici.la +@USE_SMP_TRUE@am__append_30 = plugins/smp +@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_31 = plugins/smp/libstrongswan-smp.la +@USE_SQL_TRUE@am__append_32 = plugins/sql +@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_33 = plugins/sql/libstrongswan-sql.la +@USE_DNSCERT_TRUE@am__append_34 = plugins/dnscert +@MONOLITHIC_TRUE@@USE_DNSCERT_TRUE@am__append_35 = plugins/dnscert/libstrongswan-dnscert.la +@USE_IPSECKEY_TRUE@am__append_36 = plugins/ipseckey +@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_37 = plugins/ipseckey/libstrongswan-ipseckey.la +@USE_UPDOWN_TRUE@am__append_38 = plugins/updown +@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_39 = plugins/updown/libstrongswan-updown.la +@USE_EXT_AUTH_TRUE@am__append_40 = plugins/ext_auth +@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_41 = plugins/ext_auth/libstrongswan-ext-auth.la +@USE_EAP_IDENTITY_TRUE@am__append_42 = plugins/eap_identity +@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_43 = plugins/eap_identity/libstrongswan-eap-identity.la +@USE_EAP_SIM_TRUE@am__append_44 = plugins/eap_sim +@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_45 = plugins/eap_sim/libstrongswan-eap-sim.la +@USE_EAP_SIM_FILE_TRUE@am__append_46 = plugins/eap_sim_file +@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_47 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la +@USE_EAP_SIM_PCSC_TRUE@am__append_48 = plugins/eap_sim_pcsc +@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_49 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la +@USE_EAP_SIMAKA_SQL_TRUE@am__append_50 = plugins/eap_simaka_sql +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_51 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_52 = plugins/eap_simaka_pseudonym +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_53 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_54 = plugins/eap_simaka_reauth +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_55 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +@USE_EAP_AKA_TRUE@am__append_56 = plugins/eap_aka +@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_57 = plugins/eap_aka/libstrongswan-eap-aka.la +@USE_EAP_AKA_3GPP_TRUE@am__append_58 = plugins/eap_aka_3gpp +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_59 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_60 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_61 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_62 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_63 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_64 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_65 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_66 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_67 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_68 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_DYNAMIC_TRUE@am__append_69 = plugins/eap_dynamic +@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_70 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la +@USE_EAP_RADIUS_TRUE@am__append_71 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_72 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_73 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_74 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_75 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_76 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_77 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_78 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_79 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_80 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_81 = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_82 = $(top_builddir)/src/libradius/libradius.la +@USE_TNC_IFMAP_TRUE@am__append_83 = plugins/tnc_ifmap +@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_84 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la +@USE_TNC_PDP_TRUE@am__append_85 = plugins/tnc_pdp +@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_86 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la +@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_87 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_MEDSRV_TRUE@am__append_88 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_89 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_90 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_91 = plugins/medcli/libstrongswan-medcli.la +@USE_DHCP_TRUE@am__append_92 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_93 = plugins/dhcp/libstrongswan-dhcp.la +@USE_OSX_ATTR_TRUE@am__append_94 = plugins/osx_attr +@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_95 = plugins/osx_attr/libstrongswan-osx-attr.la +@USE_P_CSCF_TRUE@am__append_96 = plugins/p_cscf +@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_97 = plugins/p_cscf/libstrongswan-p-cscf.la +@USE_ANDROID_DNS_TRUE@am__append_98 = plugins/android_dns +@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_99 = plugins/android_dns/libstrongswan-android-dns.la +@USE_ANDROID_LOG_TRUE@am__append_100 = plugins/android_log +@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_101 = plugins/android_log/libstrongswan-android-log.la +@USE_HA_TRUE@am__append_102 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_103 = plugins/ha/libstrongswan-ha.la +@USE_KERNEL_PFKEY_TRUE@am__append_104 = plugins/kernel_pfkey +@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_105 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +@USE_KERNEL_PFROUTE_TRUE@am__append_106 = plugins/kernel_pfroute +@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_107 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +@USE_KERNEL_NETLINK_TRUE@am__append_108 = plugins/kernel_netlink +@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_109 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la +@USE_KERNEL_LIBIPSEC_TRUE@am__append_110 = plugins/kernel_libipsec +@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_111 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la +@USE_KERNEL_WFP_TRUE@am__append_112 = plugins/kernel_wfp +@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_113 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la +@USE_KERNEL_IPH_TRUE@am__append_114 = plugins/kernel_iph +@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_115 = plugins/kernel_iph/libstrongswan-kernel-iph.la +@USE_WHITELIST_TRUE@am__append_116 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_117 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_118 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_119 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_120 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_121 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_122 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_123 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_124 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_125 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_126 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_127 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_128 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_129 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_130 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_131 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_132 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_133 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_134 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_135 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_136 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_137 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_138 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_139 = plugins/unity/libstrongswan-unity.la +@USE_XAUTH_GENERIC_TRUE@am__append_140 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_141 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_142 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_143 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_144 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_145 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_146 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_147 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la +@USE_RESOLVE_TRUE@am__append_148 = plugins/resolve +@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_149 = plugins/resolve/libstrongswan-resolve.la +@USE_ATTR_TRUE@am__append_150 = plugins/attr +@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_151 = plugins/attr/libstrongswan-attr.la +@USE_ATTR_SQL_TRUE@am__append_152 = plugins/attr_sql +@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_153 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -361,12 +363,12 @@ libcharon_la_DEPENDENCIES = \ $(am__append_41) $(am__append_43) $(am__append_45) \ $(am__append_47) $(am__append_49) $(am__append_51) \ $(am__append_53) $(am__append_55) $(am__append_57) \ - $(am__append_59) $(am__append_60) $(am__append_62) \ + $(am__append_59) $(am__append_61) $(am__append_62) \ $(am__append_64) $(am__append_66) $(am__append_68) \ $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_76) $(am__append_78) $(am__append_79) \ - $(am__append_80) $(am__append_82) $(am__append_84) \ - $(am__append_85) $(am__append_87) $(am__append_89) \ + $(am__append_76) $(am__append_78) $(am__append_80) \ + $(am__append_81) $(am__append_82) $(am__append_84) \ + $(am__append_86) $(am__append_87) $(am__append_89) \ $(am__append_91) $(am__append_93) $(am__append_95) \ $(am__append_97) $(am__append_99) $(am__append_101) \ $(am__append_103) $(am__append_105) $(am__append_107) \ @@ -377,7 +379,7 @@ libcharon_la_DEPENDENCIES = \ $(am__append_133) $(am__append_135) $(am__append_137) \ $(am__append_139) $(am__append_141) $(am__append_143) \ $(am__append_145) $(am__append_147) $(am__append_149) \ - $(am__append_151) + $(am__append_151) $(am__append_153) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -388,11 +390,11 @@ am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ bus/listeners/file_logger.h config/backend_manager.c \ config/backend_manager.h config/backend.h config/child_cfg.c \ config/child_cfg.h config/ike_cfg.c config/ike_cfg.h \ - config/peer_cfg.c config/peer_cfg.h config/proposal.c \ - config/proposal.h control/controller.c control/controller.h \ - daemon.c daemon.h encoding/generator.c encoding/generator.h \ - encoding/message.c encoding/message.h encoding/parser.c \ - encoding/parser.h encoding/payloads/auth_payload.c \ + config/peer_cfg.c config/peer_cfg.h control/controller.c \ + control/controller.h daemon.c daemon.h encoding/generator.c \ + encoding/generator.h encoding/message.c encoding/message.h \ + encoding/parser.c encoding/parser.h \ + encoding/payloads/auth_payload.c \ encoding/payloads/auth_payload.h \ encoding/payloads/cert_payload.c \ encoding/payloads/cert_payload.h \ @@ -609,10 +611,9 @@ am_libcharon_la_OBJECTS = attributes/attributes.lo \ attributes/attribute_manager.lo attributes/mem_pool.lo \ bus/bus.lo bus/listeners/file_logger.lo \ config/backend_manager.lo config/child_cfg.lo \ - config/ike_cfg.lo config/peer_cfg.lo config/proposal.lo \ - control/controller.lo daemon.lo encoding/generator.lo \ - encoding/message.lo encoding/parser.lo \ - encoding/payloads/auth_payload.lo \ + config/ike_cfg.lo config/peer_cfg.lo control/controller.lo \ + daemon.lo encoding/generator.lo encoding/message.lo \ + encoding/parser.lo encoding/payloads/auth_payload.lo \ encoding/payloads/cert_payload.lo \ encoding/payloads/certreq_payload.lo \ encoding/payloads/configuration_attribute.lo \ @@ -744,22 +745,23 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ - plugins/socket_dynamic plugins/socket_win plugins/connmark \ - plugins/bypass_lan plugins/forecast plugins/farp \ - plugins/counters plugins/stroke plugins/vici plugins/smp \ - plugins/sql plugins/dnscert plugins/ipseckey plugins/updown \ - plugins/ext_auth plugins/eap_identity plugins/eap_sim \ - plugins/eap_sim_file plugins/eap_sim_pcsc \ - plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ - plugins/eap_simaka_reauth plugins/eap_aka plugins/eap_aka_3gpp \ - plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ - plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \ - plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ - plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \ - plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \ - plugins/p_cscf plugins/android_dns plugins/android_log \ - plugins/ha plugins/kernel_pfkey plugins/kernel_pfroute \ +DIST_SUBDIRS = . plugins/load_tester plugins/save_keys \ + plugins/socket_default plugins/socket_dynamic \ + plugins/socket_win plugins/connmark plugins/bypass_lan \ + plugins/forecast plugins/farp plugins/counters plugins/stroke \ + plugins/vici plugins/smp plugins/sql plugins/dnscert \ + plugins/ipseckey plugins/updown plugins/ext_auth \ + plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \ + plugins/eap_sim_pcsc plugins/eap_simaka_sql \ + plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ + plugins/eap_aka plugins/eap_aka_3gpp plugins/eap_aka_3gpp2 \ + plugins/eap_md5 plugins/eap_gtc plugins/eap_mschapv2 \ + plugins/eap_dynamic plugins/eap_radius plugins/eap_tls \ + plugins/eap_ttls plugins/eap_peap plugins/eap_tnc \ + plugins/tnc_ifmap plugins/tnc_pdp plugins/medsrv \ + plugins/medcli plugins/dhcp plugins/osx_attr plugins/p_cscf \ + plugins/android_dns plugins/android_log plugins/ha \ + plugins/kernel_pfkey plugins/kernel_pfroute \ plugins/kernel_netlink plugins/kernel_libipsec \ plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \ plugins/lookip plugins/error_notify plugins/certexpire \ @@ -1043,11 +1045,11 @@ libcharon_la_SOURCES = attributes/attributes.c attributes/attributes.h \ bus/listeners/file_logger.h config/backend_manager.c \ config/backend_manager.h config/backend.h config/child_cfg.c \ config/child_cfg.h config/ike_cfg.c config/ike_cfg.h \ - config/peer_cfg.c config/peer_cfg.h config/proposal.c \ - config/proposal.h control/controller.c control/controller.h \ - daemon.c daemon.h encoding/generator.c encoding/generator.h \ - encoding/message.c encoding/message.h encoding/parser.c \ - encoding/parser.h encoding/payloads/auth_payload.c \ + config/peer_cfg.c config/peer_cfg.h control/controller.c \ + control/controller.h daemon.c daemon.h encoding/generator.c \ + encoding/generator.h encoding/message.c encoding/message.h \ + encoding/parser.c encoding/parser.h \ + encoding/payloads/auth_payload.c \ encoding/payloads/auth_payload.h \ encoding/payloads/cert_payload.c \ encoding/payloads/cert_payload.h \ @@ -1163,11 +1165,11 @@ libcharon_la_LIBADD = \ $(am__append_43) $(am__append_45) $(am__append_47) \ $(am__append_49) $(am__append_51) $(am__append_53) \ $(am__append_55) $(am__append_57) $(am__append_59) \ - $(am__append_60) $(am__append_62) $(am__append_64) \ + $(am__append_61) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) \ - $(am__append_78) $(am__append_79) $(am__append_80) \ - $(am__append_82) $(am__append_84) $(am__append_85) \ + $(am__append_78) $(am__append_80) $(am__append_81) \ + $(am__append_82) $(am__append_84) $(am__append_86) \ $(am__append_87) $(am__append_89) $(am__append_91) \ $(am__append_93) $(am__append_95) $(am__append_97) \ $(am__append_99) $(am__append_101) $(am__append_103) \ @@ -1178,7 +1180,8 @@ libcharon_la_LIBADD = \ $(am__append_129) $(am__append_131) $(am__append_133) \ $(am__append_135) $(am__append_137) $(am__append_139) \ $(am__append_141) $(am__append_143) $(am__append_145) \ - $(am__append_147) $(am__append_149) $(am__append_151) + $(am__append_147) $(am__append_149) $(am__append_151) \ + $(am__append_153) EXTRA_DIST = Android.mk @STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c @STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c @@ -1195,13 +1198,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \ @MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \ -@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_61) \ +@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_60) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_FALSE@ $(am__append_75) $(am__append_77) \ -@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \ -@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ +@MONOLITHIC_FALSE@ $(am__append_79) $(am__append_83) \ +@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_88) \ @MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \ @MONOLITHIC_FALSE@ $(am__append_98) $(am__append_100) \ @@ -1217,7 +1220,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \ @MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) \ -@MONOLITHIC_FALSE@ $(am__append_150) tests +@MONOLITHIC_FALSE@ $(am__append_150) $(am__append_152) tests # build optional plugins ######################## @@ -1234,13 +1237,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \ @MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \ -@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_61) \ +@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_60) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_TRUE@ $(am__append_75) $(am__append_77) \ -@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \ -@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ +@MONOLITHIC_TRUE@ $(am__append_79) $(am__append_83) \ +@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_88) \ @MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \ @MONOLITHIC_TRUE@ $(am__append_98) $(am__append_100) \ @@ -1256,7 +1259,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ @MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) \ -@MONOLITHIC_TRUE@ $(am__append_150) . tests +@MONOLITHIC_TRUE@ $(am__append_150) $(am__append_152) . tests all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1367,8 +1370,6 @@ config/ike_cfg.lo: config/$(am__dirstamp) \ config/$(DEPDIR)/$(am__dirstamp) config/peer_cfg.lo: config/$(am__dirstamp) \ config/$(DEPDIR)/$(am__dirstamp) -config/proposal.lo: config/$(am__dirstamp) \ - config/$(DEPDIR)/$(am__dirstamp) control/$(am__dirstamp): @$(MKDIR_P) control @: > control/$(am__dirstamp) @@ -1784,7 +1785,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@config/$(DEPDIR)/child_cfg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@config/$(DEPDIR)/ike_cfg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@config/$(DEPDIR)/peer_cfg.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@config/$(DEPDIR)/proposal.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@control/$(DEPDIR)/controller.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/$(DEPDIR)/generator.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/$(DEPDIR)/message.Plo@am__quote@ diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index ec2a12431..3d110e9a2 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -224,6 +224,10 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, while (prefer_enum->enumerate(prefer_enum, &proposal)) { proposal = proposal->clone(proposal); + if (strip_dh) + { + proposal->strip_dh(proposal, MODP_NONE); + } if (prefer_self) { proposals->reset_enumerator(proposals, match_enum); @@ -234,11 +238,13 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, } while (match_enum->enumerate(match_enum, &match)) { + match = match->clone(match); if (strip_dh) { - proposal->strip_dh(proposal, MODP_NONE); + match->strip_dh(match, MODP_NONE); } selected = proposal->select(proposal, match, prefer_self, private); + match->destroy(match); if (selected) { DBG2(DBG_CFG, "received proposals: %#P", proposals); diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 93904ec71..e2834fa8f 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -31,7 +31,7 @@ typedef struct child_cfg_create_t child_cfg_create_t; #include #include -#include +#include #include /** diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 034996f60..81f2b6906 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -31,7 +31,7 @@ typedef struct ike_cfg_t ike_cfg_t; #include #include #include -#include +#include #include /** @@ -61,7 +61,7 @@ enum fragmentation_t { }; /** - * enum strings fro ike_version_t + * enum strings for ike_version_t */ extern enum_name_t *ike_version_names; diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index b294ae72f..6074a7cd4 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -32,7 +32,7 @@ typedef struct peer_cfg_create_t peer_cfg_create_t; #include #include #include -#include +#include #include #include #include diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c deleted file mode 100644 index 46c3c9400..000000000 --- a/src/libcharon/config/proposal.c +++ /dev/null @@ -1,1103 +0,0 @@ -/* - * Copyright (C) 2008-2016 Tobias Brunner - * Copyright (C) 2006-2010 Martin Willi - * Copyright (C) 2013-2015 Andreas Steffen - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include - -#include "proposal.h" - -#include -#include -#include - -#include -#include -#include -#include - -ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP, - "PROTO_NONE", - "IKE", - "AH", - "ESP", - "IPCOMP", -); - -typedef struct private_proposal_t private_proposal_t; - -/** - * Private data of an proposal_t object - */ -struct private_proposal_t { - - /** - * Public part - */ - proposal_t public; - - /** - * protocol (ESP or AH) - */ - protocol_id_t protocol; - - /** - * Priority ordered list of transforms, as entry_t - */ - array_t *transforms; - - /** - * senders SPI - */ - uint64_t spi; - - /** - * Proposal number - */ - u_int number; -}; - -/** - * Struct used to store different kinds of algorithms. - */ -typedef struct { - /** Type of the transform */ - transform_type_t type; - /** algorithm identifier */ - uint16_t alg; - /** key size in bits, or zero if not needed */ - uint16_t key_size; -} entry_t; - -METHOD(proposal_t, add_algorithm, void, - private_proposal_t *this, transform_type_t type, - uint16_t alg, uint16_t key_size) -{ - entry_t entry = { - .type = type, - .alg = alg, - .key_size = key_size, - }; - - array_insert(this->transforms, ARRAY_TAIL, &entry); -} - -CALLBACK(alg_filter, bool, - uintptr_t type, enumerator_t *orig, va_list args) -{ - entry_t *entry; - uint16_t *alg, *key_size; - - VA_ARGS_VGET(args, alg, key_size); - - while (orig->enumerate(orig, &entry)) - { - if (entry->type != type) - { - continue; - } - if (alg) - { - *alg = entry->alg; - } - if (key_size) - { - *key_size = entry->key_size; - } - return TRUE; - } - return FALSE; -} - -METHOD(proposal_t, create_enumerator, enumerator_t*, - private_proposal_t *this, transform_type_t type) -{ - return enumerator_create_filter( - array_create_enumerator(this->transforms), - alg_filter, (void*)(uintptr_t)type, NULL); -} - -METHOD(proposal_t, get_algorithm, bool, - private_proposal_t *this, transform_type_t type, - uint16_t *alg, uint16_t *key_size) -{ - enumerator_t *enumerator; - bool found = FALSE; - - enumerator = create_enumerator(this, type); - if (enumerator->enumerate(enumerator, alg, key_size)) - { - found = TRUE; - } - enumerator->destroy(enumerator); - - return found; -} - -METHOD(proposal_t, has_dh_group, bool, - private_proposal_t *this, diffie_hellman_group_t group) -{ - bool found = FALSE, any = FALSE; - enumerator_t *enumerator; - uint16_t current; - - enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP); - while (enumerator->enumerate(enumerator, ¤t, NULL)) - { - any = TRUE; - if (current == group) - { - found = TRUE; - break; - } - } - enumerator->destroy(enumerator); - - if (!any && group == MODP_NONE) - { - found = TRUE; - } - return found; -} - -METHOD(proposal_t, strip_dh, void, - private_proposal_t *this, diffie_hellman_group_t keep) -{ - enumerator_t *enumerator; - entry_t *entry; - - enumerator = array_create_enumerator(this->transforms); - while (enumerator->enumerate(enumerator, &entry)) - { - if (entry->type == DIFFIE_HELLMAN_GROUP && - entry->alg != keep) - { - array_remove_at(this->transforms, enumerator); - } - } - enumerator->destroy(enumerator); -} - -/** - * Select a matching proposal from this and other, insert into selected. - */ -static bool select_algo(private_proposal_t *this, proposal_t *other, - proposal_t *selected, transform_type_t type, bool priv) -{ - enumerator_t *e1, *e2; - uint16_t alg1, alg2, ks1, ks2; - bool found = FALSE, optional = FALSE; - - if (type == INTEGRITY_ALGORITHM && - selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) && - encryption_algorithm_is_aead(alg1)) - { - /* no integrity algorithm required, we have an AEAD */ - return TRUE; - } - if (type == DIFFIE_HELLMAN_GROUP) - { - optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH; - } - - e1 = create_enumerator(this, type); - e2 = other->create_enumerator(other, type); - if (!e1->enumerate(e1, &alg1, NULL)) - { - if (!e2->enumerate(e2, &alg2, NULL)) - { - found = TRUE; - } - else if (optional) - { - do - { /* if NONE is proposed, we accept the proposal */ - found = !alg2; - } - while (!found && e2->enumerate(e2, &alg2, NULL)); - } - } - else if (!e2->enumerate(e2, NULL, NULL)) - { - if (optional) - { - do - { /* if NONE is proposed, we accept the proposal */ - found = !alg1; - } - while (!found && e1->enumerate(e1, &alg1, NULL)); - } - } - - e1->destroy(e1); - e1 = create_enumerator(this, type); - /* compare algs, order of algs in "first" is preferred */ - while (!found && e1->enumerate(e1, &alg1, &ks1)) - { - e2->destroy(e2); - e2 = other->create_enumerator(other, type); - while (e2->enumerate(e2, &alg2, &ks2)) - { - if (alg1 == alg2 && ks1 == ks2) - { - if (!priv && alg1 >= 1024) - { - /* accept private use algorithms only if requested */ - DBG1(DBG_CFG, "an algorithm from private space would match, " - "but peer implementation is unknown, skipped"); - continue; - } - selected->add_algorithm(selected, type, alg1, ks1); - found = TRUE; - break; - } - } - } - /* no match in all comparisons */ - e1->destroy(e1); - e2->destroy(e2); - - if (!found) - { - DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type); - } - return found; -} - -METHOD(proposal_t, select_proposal, proposal_t*, - private_proposal_t *this, proposal_t *other, bool other_remote, - bool private) -{ - proposal_t *selected; - - DBG2(DBG_CFG, "selecting proposal:"); - - if (this->protocol != other->get_protocol(other)) - { - DBG2(DBG_CFG, " protocol mismatch, skipping"); - return NULL; - } - - if (other_remote) - { - selected = proposal_create(this->protocol, other->get_number(other)); - selected->set_spi(selected, other->get_spi(other)); - } - else - { - selected = proposal_create(this->protocol, this->number); - selected->set_spi(selected, this->spi); - - } - - if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || - !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || - !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) || - !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) || - !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private)) - { - selected->destroy(selected); - return NULL; - } - - DBG2(DBG_CFG, " proposal matches"); - return selected; -} - -METHOD(proposal_t, get_protocol, protocol_id_t, - private_proposal_t *this) -{ - return this->protocol; -} - -METHOD(proposal_t, set_spi, void, - private_proposal_t *this, uint64_t spi) -{ - this->spi = spi; -} - -METHOD(proposal_t, get_spi, uint64_t, - private_proposal_t *this) -{ - return this->spi; -} - -/** - * Check if two proposals have the same algorithms for a given transform type - */ -static bool algo_list_equals(private_proposal_t *this, proposal_t *other, - transform_type_t type) -{ - enumerator_t *e1, *e2; - uint16_t alg1, alg2, ks1, ks2; - bool equals = TRUE; - - e1 = create_enumerator(this, type); - e2 = other->create_enumerator(other, type); - while (e1->enumerate(e1, &alg1, &ks1)) - { - if (!e2->enumerate(e2, &alg2, &ks2)) - { - /* this has more algs */ - equals = FALSE; - break; - } - if (alg1 != alg2 || ks1 != ks2) - { - equals = FALSE; - break; - } - } - if (e2->enumerate(e2, &alg2, &ks2)) - { - /* other has more algs */ - equals = FALSE; - } - e1->destroy(e1); - e2->destroy(e2); - - return equals; -} - -METHOD(proposal_t, get_number, u_int, - private_proposal_t *this) -{ - return this->number; -} - -METHOD(proposal_t, equals, bool, - private_proposal_t *this, proposal_t *other) -{ - if (&this->public == other) - { - return TRUE; - } - return ( - algo_list_equals(this, other, ENCRYPTION_ALGORITHM) && - algo_list_equals(this, other, INTEGRITY_ALGORITHM) && - algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) && - algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) && - algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS)); -} - -METHOD(proposal_t, clone_, proposal_t*, - private_proposal_t *this) -{ - private_proposal_t *clone; - enumerator_t *enumerator; - entry_t *entry; - - clone = (private_proposal_t*)proposal_create(this->protocol, 0); - - enumerator = array_create_enumerator(this->transforms); - while (enumerator->enumerate(enumerator, &entry)) - { - array_insert(clone->transforms, ARRAY_TAIL, entry); - } - enumerator->destroy(enumerator); - - clone->spi = this->spi; - clone->number = this->number; - - return &clone->public; -} - -/** - * Map integrity algorithms to the PRF functions using the same algorithm. - */ -static const struct { - integrity_algorithm_t integ; - pseudo_random_function_t prf; -} integ_prf_map[] = { - {AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 }, - {AUTH_HMAC_SHA1_160, PRF_HMAC_SHA1 }, - {AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 }, - {AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 }, - {AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 }, - {AUTH_HMAC_MD5_96, PRF_HMAC_MD5 }, - {AUTH_HMAC_MD5_128, PRF_HMAC_MD5 }, - {AUTH_AES_XCBC_96, PRF_AES128_XCBC }, - {AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC }, - {AUTH_AES_CMAC_96, PRF_AES128_CMAC }, -}; - -/** - * Remove all entries of the given transform type - */ -static void remove_transform(private_proposal_t *this, transform_type_t type) -{ - enumerator_t *e; - entry_t *entry; - - e = array_create_enumerator(this->transforms); - while (e->enumerate(e, &entry)) - { - if (entry->type == type) - { - array_remove_at(this->transforms, e); - } - } - e->destroy(e); -} - -/** - * Checks the proposal read from a string. - */ -static bool check_proposal(private_proposal_t *this) -{ - enumerator_t *e; - entry_t *entry; - uint16_t alg, ks; - bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE; - int i; - - if (this->protocol == PROTO_IKE) - { - if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) - { /* No explicit PRF found. We assume the same algorithm as used - * for integrity checking. */ - e = create_enumerator(this, INTEGRITY_ALGORITHM); - while (e->enumerate(e, &alg, &ks)) - { - for (i = 0; i < countof(integ_prf_map); i++) - { - if (alg == integ_prf_map[i].integ) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, - integ_prf_map[i].prf, 0); - break; - } - } - } - e->destroy(e); - } - if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) - { - DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals"); - return FALSE; - } - /* remove MODP_NONE from IKE proposal */ - e = array_create_enumerator(this->transforms); - while (e->enumerate(e, &entry)) - { - if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg) - { - array_remove_at(this->transforms, e); - } - } - e->destroy(e); - if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL)) - { - DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals"); - return FALSE; - } - } - else - { /* remove PRFs from ESP/AH proposals */ - remove_transform(this, PSEUDO_RANDOM_FUNCTION); - } - - if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP) - { - e = create_enumerator(this, ENCRYPTION_ALGORITHM); - while (e->enumerate(e, &alg, &ks)) - { - any_enc = TRUE; - if (encryption_algorithm_is_aead(alg)) - { - any_aead = TRUE; - continue; - } - all_aead = FALSE; - } - e->destroy(e); - - if (!any_enc) - { - DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals", - protocol_id_names, this->protocol); - return FALSE; - } - else if (any_aead && !all_aead) - { - DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption " - "algorithms can't be contained in the same %N proposal", - protocol_id_names, this->protocol); - return FALSE; - } - else if (all_aead) - { /* if all encryption algorithms in the proposal are AEADs, - * we MUST NOT propose any integrity algorithms */ - remove_transform(this, INTEGRITY_ALGORITHM); - } - } - else - { /* AES-GMAC is parsed as encryption algorithm, so we map that to the - * proper integrity algorithm */ - e = array_create_enumerator(this->transforms); - while (e->enumerate(e, &entry)) - { - if (entry->type == ENCRYPTION_ALGORITHM) - { - if (entry->alg == ENCR_NULL_AUTH_AES_GMAC) - { - entry->type = INTEGRITY_ALGORITHM; - ks = entry->key_size; - entry->key_size = 0; - switch (ks) - { - case 128: - entry->alg = AUTH_AES_128_GMAC; - continue; - case 192: - entry->alg = AUTH_AES_192_GMAC; - continue; - case 256: - entry->alg = AUTH_AES_256_GMAC; - continue; - default: - break; - } - } - /* remove all other encryption algorithms */ - array_remove_at(this->transforms, e); - } - } - e->destroy(e); - - if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) - { - DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH " - "proposals"); - return FALSE; - } - } - - if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP) - { - if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL)) - { /* ESN not specified, assume not supported */ - add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - } - } - - array_compress(this->transforms); - return TRUE; -} - -/** - * add a algorithm identified by a string to the proposal. - */ -static bool add_string_algo(private_proposal_t *this, const char *alg) -{ - const proposal_token_t *token; - - token = lib->proposal->get_token(lib->proposal, alg); - if (token == NULL) - { - DBG1(DBG_CFG, "algorithm '%s' not recognized", alg); - return FALSE; - } - - add_algorithm(this, token->type, token->algorithm, token->keysize); - - return TRUE; -} - -/** - * print all algorithms of a kind to buffer - */ -static int print_alg(private_proposal_t *this, printf_hook_data_t *data, - u_int kind, void *names, bool *first) -{ - enumerator_t *enumerator; - size_t written = 0; - uint16_t alg, size; - - enumerator = create_enumerator(this, kind); - while (enumerator->enumerate(enumerator, &alg, &size)) - { - if (*first) - { - written += print_in_hook(data, "%N", names, alg); - *first = FALSE; - } - else - { - written += print_in_hook(data, "/%N", names, alg); - } - if (size) - { - written += print_in_hook(data, "_%u", size); - } - } - enumerator->destroy(enumerator); - return written; -} - -/** - * Described in header. - */ -int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, - const void *const *args) -{ - private_proposal_t *this = *((private_proposal_t**)(args[0])); - linked_list_t *list = *((linked_list_t**)(args[0])); - enumerator_t *enumerator; - size_t written = 0; - bool first = TRUE; - - if (this == NULL) - { - return print_in_hook(data, "(null)"); - } - - if (spec->hash) - { - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &this)) - { /* call recursivly */ - if (first) - { - written += print_in_hook(data, "%P", this); - first = FALSE; - } - else - { - written += print_in_hook(data, ", %P", this); - } - } - enumerator->destroy(enumerator); - return written; - } - - written = print_in_hook(data, "%N:", protocol_id_names, this->protocol); - written += print_alg(this, data, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, &first); - written += print_alg(this, data, INTEGRITY_ALGORITHM, - integrity_algorithm_names, &first); - written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION, - pseudo_random_function_names, &first); - written += print_alg(this, data, DIFFIE_HELLMAN_GROUP, - diffie_hellman_group_names, &first); - written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS, - extended_sequence_numbers_names, &first); - return written; -} - -METHOD(proposal_t, destroy, void, - private_proposal_t *this) -{ - array_destroy(this->transforms); - free(this); -} - -/* - * Described in header - */ -proposal_t *proposal_create(protocol_id_t protocol, u_int number) -{ - private_proposal_t *this; - - INIT(this, - .public = { - .add_algorithm = _add_algorithm, - .create_enumerator = _create_enumerator, - .get_algorithm = _get_algorithm, - .has_dh_group = _has_dh_group, - .strip_dh = _strip_dh, - .select = _select_proposal, - .get_protocol = _get_protocol, - .set_spi = _set_spi, - .get_spi = _get_spi, - .get_number = _get_number, - .equals = _equals, - .clone = _clone_, - .destroy = _destroy, - }, - .protocol = protocol, - .number = number, - .transforms = array_create(sizeof(entry_t), 0), - ); - - return &this->public; -} - -/** - * Add supported IKE algorithms to proposal - */ -static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) -{ - enumerator_t *enumerator; - encryption_algorithm_t encryption; - integrity_algorithm_t integrity; - pseudo_random_function_t prf; - diffie_hellman_group_t group; - const char *plugin_name; - - if (aead) - { - /* Round 1 adds algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_aead_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { - switch (encryption) - { - case ENCR_AES_GCM_ICV16: - case ENCR_AES_CCM_ICV16: - case ENCR_CAMELLIA_CCM_ICV16: - /* we assume that we support all AES/Camellia sizes */ - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); - break; - case ENCR_CHACHA20_POLY1305: - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 2 adds algorithms with less than 128 bit security strength */ - enumerator = lib->crypto->create_aead_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { - switch (encryption) - { - case ENCR_AES_GCM_ICV12: - case ENCR_AES_GCM_ICV8: - case ENCR_AES_CCM_ICV12: - case ENCR_AES_CCM_ICV8: - case ENCR_CAMELLIA_CCM_ICV12: - case ENCR_CAMELLIA_CCM_ICV8: - /* we assume that we support all AES/Camellia sizes */ - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - if (!array_count(this->transforms)) - { - return FALSE; - } - } - else - { - /* Round 1 adds algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { - switch (encryption) - { - case ENCR_AES_CBC: - case ENCR_AES_CTR: - case ENCR_CAMELLIA_CBC: - case ENCR_CAMELLIA_CTR: - /* we assume that we support all AES/Camellia sizes */ - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 2 adds algorithms with less than 128 bit security strength */ - enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { - switch (encryption) - { - case ENCR_3DES: - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0); - break; - case ENCR_DES: - /* no, thanks */ - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - if (!array_count(this->transforms)) - { - return FALSE; - } - - /* Round 1 adds algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_signer_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) - { - switch (integrity) - { - case AUTH_HMAC_SHA2_256_128: - case AUTH_HMAC_SHA2_384_192: - case AUTH_HMAC_SHA2_512_256: - add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 2 adds algorithms with less than 128 bit security strength */ - enumerator = lib->crypto->create_signer_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) - { - switch (integrity) - { - case AUTH_AES_XCBC_96: - case AUTH_AES_CMAC_96: - case AUTH_HMAC_SHA1_96: - add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); - break; - case AUTH_HMAC_MD5_96: - /* no, thanks */ - default: - break; - } - } - enumerator->destroy(enumerator); - } - - /* Round 1 adds algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_prf_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &prf, &plugin_name)) - { - switch (prf) - { - case PRF_HMAC_SHA2_256: - case PRF_HMAC_SHA2_384: - case PRF_HMAC_SHA2_512: - case PRF_AES128_XCBC: - case PRF_AES128_CMAC: - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 2 adds algorithms with less than 128 bit security strength */ - enumerator = lib->crypto->create_prf_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &prf, &plugin_name)) - { - switch (prf) - { - case PRF_HMAC_SHA1: - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); - break; - case PRF_HMAC_MD5: - /* no, thanks */ - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_dh_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &group, &plugin_name)) - { - switch (group) - { - case ECP_256_BIT: - case ECP_384_BIT: - case ECP_521_BIT: - case ECP_256_BP: - case ECP_384_BP: - case ECP_512_BP: - case CURVE_25519: - case CURVE_448: - case NTRU_128_BIT: - case NTRU_192_BIT: - case NTRU_256_BIT: - case NH_128_BIT: - add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 2 adds other algorithms with at least 128 bit security strength */ - enumerator = lib->crypto->create_dh_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &group, &plugin_name)) - { - switch (group) - { - case MODP_3072_BIT: - case MODP_4096_BIT: - case MODP_8192_BIT: - add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - /* Round 3 adds algorithms with less than 128 bit security strength */ - enumerator = lib->crypto->create_dh_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &group, &plugin_name)) - { - switch (group) - { - case MODP_NULL: - /* only for testing purposes */ - break; - case MODP_768_BIT: - case MODP_1024_BIT: - case MODP_1536_BIT: - /* weak */ - break; - case MODP_1024_160: - case MODP_2048_224: - case MODP_2048_256: - /* RFC 5114 primes are of questionable source */ - break; - case ECP_224_BIT: - case ECP_224_BP: - case ECP_192_BIT: - case NTRU_112_BIT: - /* rarely used */ - break; - case MODP_2048_BIT: - add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - return TRUE; -} - -/* - * Described in header - */ -proposal_t *proposal_create_default(protocol_id_t protocol) -{ - private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0); - - switch (protocol) - { - case PROTO_IKE: - if (!proposal_add_supported_ike(this, FALSE)) - { - destroy(this); - return NULL; - } - break; - case PROTO_ESP: - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - break; - case PROTO_AH: - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - break; - default: - break; - } - return &this->public; -} - -/* - * Described in header - */ -proposal_t *proposal_create_default_aead(protocol_id_t protocol) -{ - private_proposal_t *this; - - switch (protocol) - { - case PROTO_IKE: - this = (private_proposal_t*)proposal_create(protocol, 0); - if (!proposal_add_supported_ike(this, TRUE)) - { - destroy(this); - return NULL; - } - return &this->public; - case PROTO_ESP: - /* we currently don't include any AEAD proposal for ESP, as we - * don't know if our kernel backend actually supports it. */ - return NULL; - case PROTO_AH: - default: - return NULL; - } -} - -/* - * Described in header - */ -proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs) -{ - private_proposal_t *this; - enumerator_t *enumerator; - bool failed = TRUE; - char *alg; - - this = (private_proposal_t*)proposal_create(protocol, 0); - - /* get all tokens, separated by '-' */ - enumerator = enumerator_create_token(algs, "-", " "); - while (enumerator->enumerate(enumerator, &alg)) - { - if (!add_string_algo(this, alg)) - { - failed = TRUE; - break; - } - failed = FALSE; - } - enumerator->destroy(enumerator); - - if (failed || !check_proposal(this)) - { - destroy(this); - return NULL; - } - - return &this->public; -} diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h deleted file mode 100644 index 0dc70f4c5..000000000 --- a/src/libcharon/config/proposal.h +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Copyright (C) 2009-2016 Tobias Brunner - * Copyright (C) 2006 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup proposal proposal - * @{ @ingroup config - */ - -#ifndef PROPOSAL_H_ -#define PROPOSAL_H_ - -typedef enum protocol_id_t protocol_id_t; -typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; -typedef struct proposal_t proposal_t; - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/** - * Protocol ID of a proposal. - */ -enum protocol_id_t { - PROTO_NONE = 0, - PROTO_IKE = 1, - PROTO_AH = 2, - PROTO_ESP = 3, - PROTO_IPCOMP = 4, /* IKEv1 only */ -}; - -/** - * enum names for protocol_id_t - */ -extern enum_name_t *protocol_id_names; - -/** - * Stores a set of algorithms used for an SA. - * - * A proposal stores algorithms for a specific - * protocol. It can store algorithms for one protocol. - * Proposals with multiple protocols are not supported, - * as it's not specified in RFC4301 anymore. - */ -struct proposal_t { - - /** - * Add an algorithm to the proposal. - * - * The algorithms are stored by priority, first added - * is the most preferred. - * Key size is only needed for encryption algorithms - * with variable key size (such as AES). Must be set - * to zero if key size is not specified. - * The alg parameter accepts encryption_algorithm_t, - * integrity_algorithm_t, dh_group_number_t and - * extended_sequence_numbers_t. - * - * @param type kind of algorithm - * @param alg identifier for algorithm - * @param key_size key size to use - */ - void (*add_algorithm) (proposal_t *this, transform_type_t type, - uint16_t alg, uint16_t key_size); - - /** - * Get an enumerator over algorithms for a specific algo type. - * - * @param type kind of algorithm - * @return enumerator over uint16_t alg, uint16_t key_size - */ - enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); - - /** - * Get the algorithm for a type to use. - * - * If there are multiple algorithms, only the first is returned. - * - * @param type kind of algorithm - * @param alg pointer which receives algorithm - * @param key_size pointer which receives the key size - * @return TRUE if algorithm of this kind available - */ - bool (*get_algorithm) (proposal_t *this, transform_type_t type, - uint16_t *alg, uint16_t *key_size); - - /** - * Check if the proposal has a specific DH group. - * - * @param group group to check for - * @return TRUE if algorithm included - */ - bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group); - - /** - * Strip DH groups from proposal to use it without PFS. - * - * @param keep group to keep (MODP_NONE to remove all) - */ - void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep); - - /** - * Compare two proposal, and select a matching subset. - * - * If the proposals are for the same protocols (AH/ESP), they are - * compared. If they have at least one algorithm of each type - * in common, a resulting proposal of this kind is created. - * - * @param other proposal to compare against - * @param other_remote whether other is the remote proposal from which to - * copy SPI and proposal number to the result, - * otherwise copy from this proposal - * @param private accepts algorithms allocated in a private range - * @return selected proposal, NULL if proposals don't match - */ - proposal_t *(*select)(proposal_t *this, proposal_t *other, - bool other_remote, bool private); - - /** - * Get the protocol ID of the proposal. - * - * @return protocol of the proposal - */ - protocol_id_t (*get_protocol) (proposal_t *this); - - /** - * Get the SPI of the proposal. - * - * @return spi for proto - */ - uint64_t (*get_spi) (proposal_t *this); - - /** - * Set the SPI of the proposal. - * - * @param spi spi to set for proto - */ - void (*set_spi) (proposal_t *this, uint64_t spi); - - /** - * Get the proposal number, as encoded in SA payload - * - * @return proposal number - */ - u_int (*get_number)(proposal_t *this); - - /** - * Check for the eqality of two proposals. - * - * @param other other proposal to check for equality - * @return TRUE if other equal to this - */ - bool (*equals)(proposal_t *this, proposal_t *other); - - /** - * Clone a proposal. - * - * @return clone of proposal - */ - proposal_t *(*clone) (proposal_t *this); - - /** - * Destroys the proposal object. - */ - void (*destroy) (proposal_t *this); -}; - -/** - * Create a child proposal for AH, ESP or IKE. - * - * @param protocol protocol, such as PROTO_ESP - * @param number proposal number, as encoded in SA payload - * @return proposal_t object - */ -proposal_t *proposal_create(protocol_id_t protocol, u_int number); - -/** - * Create a default proposal if nothing further specified. - * - * @param protocol protocol, such as PROTO_ESP - * @return proposal_t object - */ -proposal_t *proposal_create_default(protocol_id_t protocol); - -/** - * Create a default proposal for supported AEAD algorithms - * - * @param protocol protocol, such as PROTO_ESP - * @return proposal_t object, NULL if none supported - */ -proposal_t *proposal_create_default_aead(protocol_id_t protocol); - -/** - * Create a proposal from a string identifying the algorithms. - * - * The string is in the same form as a in the ipsec.conf file. - * E.g.: aes128-sha2_256-modp2048 - * 3des-md5 - * An additional '!' at the end of the string forces this proposal, - * without it the peer may choose another algorithm we support. - * - * @param protocol protocol, such as PROTO_ESP - * @param algs algorithms as string - * @return proposal_t object - */ -proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); - -/** - * printf hook function for proposal_t. - * - * Arguments are: - * proposal_t *proposal - * With the #-specifier, arguments are: - * linked_list_t *list containing proposal_t* - */ -int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, - const void *const *args); - -#endif /** PROPOSAL_H_ @}*/ diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 7c9f83d12..e4b819710 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -55,7 +55,6 @@ #include #include #include -#include #include #include #include @@ -989,11 +988,6 @@ bool libcharon_init() dbg_old = dbg; dbg = dbg_bus; - lib->printf_hook->add_handler(lib->printf_hook, 'P', - proposal_printf_hook, - PRINTF_HOOK_ARGTYPE_POINTER, - PRINTF_HOOK_ARGTYPE_END); - if (lib->integrity && !lib->integrity->check(lib->integrity, "libcharon", libcharon_init)) { diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h index 375530776..9c7fe8979 100644 --- a/src/libcharon/encoding/generator.h +++ b/src/libcharon/encoding/generator.h @@ -35,8 +35,8 @@ typedef struct generator_t generator_t; * method. The generated bytes are appended. After all payloads are added, * the write_to_chunk method writes out all generated data since * the creation of the generator. - * The generater uses a set of encoding rules, which it can get from - * the supplied payload. With this rules, the generater can generate + * The generator uses a set of encoding rules, which it can get from + * the supplied payload. With this rules, the generator can generate * the payload and all substructures automatically. */ struct generator_t { diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 6d850aac0..735526e3c 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -657,6 +657,7 @@ static payload_rule_t quick_mode_i_rules[] = { {PLV1_ID, 0, 2, TRUE, FALSE}, {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** @@ -673,6 +674,7 @@ static payload_order_t quick_mode_i_order[] = { {PLV1_ID, 0}, {PLV1_NAT_OA, 0}, {PLV1_NAT_OA_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** @@ -689,6 +691,7 @@ static payload_rule_t quick_mode_r_rules[] = { {PLV1_ID, 0, 2, TRUE, FALSE}, {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** @@ -705,6 +708,7 @@ static payload_order_t quick_mode_r_order[] = { {PLV1_ID, 0}, {PLV1_NAT_OA, 0}, {PLV1_NAT_OA_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index 796c10890..cad597e58 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -29,7 +29,7 @@ typedef struct proposal_substructure_t proposal_substructure_t; #include #include #include -#include +#include #include #include #include diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index cb75f1ea7..a9d4f9f7d 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -32,7 +32,7 @@ typedef struct transform_substructure_t transform_substructure_t; #include #include #include -#include +#include /** * IKEv1 Value for a transform payload. diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index 3d736b25b..91ca259ef 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -351,7 +351,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t, if (entry) { /* we don't require a traffic selector match for explicit reqids, - * as we wan't to reuse a reqid for trap-triggered policies that + * as we want to reuse a reqid for trap-triggered policies that * got narrowed during negotiation. */ reqid_entry_destroy(tmpl); } diff --git a/src/libcharon/plugins/certexpire/certexpire_cron.h b/src/libcharon/plugins/certexpire/certexpire_cron.h index 0d6623d7f..3e1005b23 100644 --- a/src/libcharon/plugins/certexpire/certexpire_cron.h +++ b/src/libcharon/plugins/certexpire/certexpire_cron.h @@ -38,7 +38,7 @@ struct certexpire_cron_t { /** * Destroy a certexpire_cron_t. * - * It currently is not possible to savely cancel a cron job. Make sure + * It currently is not possible to safely cancel a cron job. Make sure * any scheduled jobs have been canceled before cleaning up. */ void (*destroy)(certexpire_cron_t *this); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 58bbc2edd..8188bb764 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -92,7 +92,7 @@ static void destroy_attr(attr_t *this) * Hashtable entry with leases and attributes */ typedef struct { - /** IKE_SA uniqe id we assign the IP lease */ + /** IKE_SA unique id we assign the IP lease */ uintptr_t id; /** list of IP leases received from AAA, as host_t */ linked_list_t *addrs; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c index 0fea50919..705fb188d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c @@ -72,7 +72,7 @@ struct private_eap_radius_xauth_t { xauth_round_t round; /** - * Concatentated password of all rounds + * Concatenated password of all rounds */ chunk_t pass; }; diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c index 0e83b1642..fb8d22915 100644 --- a/src/libcharon/plugins/ha/ha_ike.c +++ b/src/libcharon/plugins/ha/ha_ike.c @@ -335,7 +335,7 @@ METHOD(listener_t, message_hook, bool, chunk_t iv; /* we need the last block (or expected next IV) of Phase 1, which gets - * upated after successful en-/decryption depending on direction */ + * updated after successful en-/decryption depending on direction */ if (incoming == plain) { if (message->get_message_id(message) == 0) diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c index e41e78bbf..d23e45e0b 100644 --- a/src/libcharon/plugins/ha/ha_socket.c +++ b/src/libcharon/plugins/ha/ha_socket.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -52,6 +53,11 @@ struct private_ha_socket_t { * remote host to receive/send to */ host_t *remote; + + /** + * Receive buffer size + */ + u_int buflen; }; /** @@ -120,13 +126,26 @@ METHOD(ha_socket_t, pull, ha_message_t*, while (TRUE) { ha_message_t *message; - char buf[1024]; + char buf[this->buflen]; + struct iovec iov = { + .iov_base = buf, + .iov_len = this->buflen, + }; + struct msghdr msg = { + .msg_iov = &iov, + .msg_iovlen = 1, + }; bool oldstate; ssize_t len; oldstate = thread_cancelability(TRUE); - len = recv(this->fd, buf, sizeof(buf), 0); + len = recvmsg(this->fd, &msg, 0); thread_cancelability(oldstate); + if (msg.msg_flags & MSG_TRUNC) + { + DBG1(DBG_CFG, "HA message exceeds receive buffer"); + continue; + } if (len <= 0) { switch (errno) @@ -208,6 +227,8 @@ ha_socket_t *ha_socket_create(char *local, char *remote) }, .local = host_create_from_dns(local, 0, HA_PORT), .remote = host_create_from_dns(remote, 0, HA_PORT), + .buflen = lib->settings->get_int(lib->settings, + "%s.plugins.ha.buflen", 2048, lib->ns), .fd = -1, ); diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index a21d0ae7f..c3f92f500 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2016 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -78,6 +78,9 @@ #define ROUTING_TABLE_PRIO 0 #endif +/** multicast groups (for groups > 31 setsockopt has to be used) */ +#define nl_group(group) (1 << (group - 1)) + ENUM(rt_msg_names, RTM_NEWLINK, RTM_GETRULE, "RTM_NEWLINK", "RTM_DELLINK", @@ -472,6 +475,11 @@ struct private_kernel_netlink_net_t { */ bool process_route; + /** + * whether to react to RTM_NEWRULE or RTM_DELRULE events + */ + bool process_rules; + /** * whether to trigger roam events */ @@ -1451,6 +1459,45 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h host->destroy(host); } +/** + * process RTM_NEW|DELRULE from kernel + */ +static void process_rule(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr) +{ +#ifdef HAVE_LINUX_FIB_RULES_H + struct rtmsg* msg = NLMSG_DATA(hdr); + struct rtattr *rta = RTM_RTA(msg); + size_t rtasize = RTM_PAYLOAD(hdr); + uint32_t table = 0; + + /* ignore rules added by us or in the local routing table (local addrs) */ + if (msg->rtm_table && (msg->rtm_table == this->routing_table || + msg->rtm_table == RT_TABLE_LOCAL)) + { + return; + } + + while (RTA_OK(rta, rtasize)) + { + switch (rta->rta_type) + { + case FRA_TABLE: + if (RTA_PAYLOAD(rta) == sizeof(table)) + { + table = *(uint32_t*)RTA_DATA(rta); + } + break; + } + rta = RTA_NEXT(rta, rtasize); + } + if (table && table == this->routing_table) + { /* also check against extended table ID */ + return; + } + fire_roam_event(this, FALSE); +#endif +} + /** * Receives events from kernel */ @@ -1508,6 +1555,13 @@ static bool receive_events(private_kernel_netlink_net_t *this, int fd, process_route(this, hdr); } break; + case RTM_NEWRULE: + case RTM_DELRULE: + if (this->process_rules) + { + process_rule(this, hdr); + } + break; default: break; } @@ -2333,7 +2387,9 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type if (ip->get_family(ip) == AF_INET6) { +#ifdef IFA_F_NODAD msg->ifa_flags |= IFA_F_NODAD; +#endif if (this->rta_prefsrc_for_ipv6) { /* if source routes are possible we let the virtual IP get @@ -2983,6 +3039,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() "%s.prefer_temporary_addrs", FALSE, lib->ns), .roam_events = lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns), + .process_rules = lib->settings->get_bool(lib->settings, + "%s.plugins.kernel-netlink.process_rules", FALSE, lib->ns), .mtu = lib->settings->get_int(lib->settings, "%s.plugins.kernel-netlink.mtu", 0, lib->ns), .mss = lib->settings->get_int(lib->settings, @@ -3035,8 +3093,19 @@ kernel_netlink_net_t *kernel_netlink_net_create() destroy(this); return NULL; } - addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | - RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK; + addr.nl_groups = nl_group(RTNLGRP_IPV4_IFADDR) | + nl_group(RTNLGRP_IPV6_IFADDR) | + nl_group(RTNLGRP_LINK); + if (this->process_route) + { + addr.nl_groups |= nl_group(RTNLGRP_IPV4_ROUTE) | + nl_group(RTNLGRP_IPV6_ROUTE); + } + if (this->process_rules) + { + addr.nl_groups |= nl_group(RTNLGRP_IPV4_RULE) | + nl_group(RTNLGRP_IPV6_RULE); + } if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { DBG1(DBG_KNL, "unable to bind RT event socket: %s (%d)", diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 710107889..79abe587a 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1752,13 +1752,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, #ifdef SADB_X_EXT_SA_REPLAY if (data->inbound) { - struct sadb_x_sa_replay *replay; + struct sadb_x_sa_replay *repl; - replay = (struct sadb_x_sa_replay*)PFKEY_EXT_ADD_NEXT(msg); - replay->sadb_x_replay_exttype = SADB_X_EXT_SA_REPLAY; - replay->sadb_x_replay_len = PFKEY_LEN(sizeof(struct sadb_x_sa_replay)); - replay->sadb_x_replay_replay = min(data->replay_window, UINT32_MAX-32); - PFKEY_EXT_ADD(msg, replay); + repl = (struct sadb_x_sa_replay*)PFKEY_EXT_ADD_NEXT(msg); + repl->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; + repl->sadb_x_sa_replay_len = PFKEY_LEN(sizeof(struct sadb_x_sa_replay)); + repl->sadb_x_sa_replay_replay = min(data->replay_window, UINT32_MAX-32); + PFKEY_EXT_ADD(msg, repl); } #endif diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index 774fcf5c8..0f36e7be3 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -1982,7 +1982,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, uint32_t *spi) { - /* To avoid sequencial SPIs, we use a one-to-one permuation function on + /* To avoid sequential SPIs, we use a one-to-one permutation function on * an incrementing counter, that is a full period PRNG for the range we * allocate SPIs in. We add some randomness using a fixed XOR and start * the counter at random position. This is not cryptographically safe, diff --git a/src/libcharon/plugins/lookip/lookip_plugin.c b/src/libcharon/plugins/lookip/lookip_plugin.c index a6c32d65d..8324dd14f 100644 --- a/src/libcharon/plugins/lookip/lookip_plugin.c +++ b/src/libcharon/plugins/lookip/lookip_plugin.c @@ -33,7 +33,7 @@ struct private_lookip_plugin_t { lookip_plugin_t public; /** - * Listener collecting virtual IP assignements + * Listener collecting virtual IP assignments */ lookip_listener_t *listener; diff --git a/src/libcharon/plugins/osx_attr/osx_attr_handler.c b/src/libcharon/plugins/osx_attr/osx_attr_handler.c index e7a627b93..6f19a03d5 100644 --- a/src/libcharon/plugins/osx_attr/osx_attr_handler.c +++ b/src/libcharon/plugins/osx_attr/osx_attr_handler.c @@ -150,7 +150,7 @@ static bool manage_dns(private_osx_attr_handler_t *this, if (add) { if (!this->append && !this->original) - { /* backup orignal config, start with empty set */ + { /* backup original config, start with empty set */ this->original = arr; arr = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); } diff --git a/src/libcharon/plugins/save_keys/Makefile.am b/src/libcharon/plugins/save_keys/Makefile.am new file mode 100644 index 000000000..a41668bb5 --- /dev/null +++ b/src/libcharon/plugins/save_keys/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-save-keys.la +else +plugin_LTLIBRARIES = libstrongswan-save-keys.la +endif + +libstrongswan_save_keys_la_SOURCES = \ + save_keys_plugin.h save_keys_plugin.c \ + save_keys_listener.c save_keys_listener.h + +libstrongswan_save_keys_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/save_keys/Makefile.in b/src/libcharon/plugins/save_keys/Makefile.in new file mode 100644 index 000000000..a56d8eacd --- /dev/null +++ b/src/libcharon/plugins/save_keys/Makefile.in @@ -0,0 +1,803 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/save_keys +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_save_keys_la_LIBADD = +am_libstrongswan_save_keys_la_OBJECTS = save_keys_plugin.lo \ + save_keys_listener.lo +libstrongswan_save_keys_la_OBJECTS = \ + $(am_libstrongswan_save_keys_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_save_keys_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_save_keys_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_save_keys_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_save_keys_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_save_keys_la_SOURCES) +DIST_SOURCES = $(libstrongswan_save_keys_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-save-keys.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-save-keys.la +libstrongswan_save_keys_la_SOURCES = \ + save_keys_plugin.h save_keys_plugin.c \ + save_keys_listener.c save_keys_listener.h + +libstrongswan_save_keys_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/save_keys/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/save_keys/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-save-keys.la: $(libstrongswan_save_keys_la_OBJECTS) $(libstrongswan_save_keys_la_DEPENDENCIES) $(EXTRA_libstrongswan_save_keys_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_save_keys_la_LINK) $(am_libstrongswan_save_keys_la_rpath) $(libstrongswan_save_keys_la_OBJECTS) $(libstrongswan_save_keys_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/save_keys_listener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/save_keys_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/save_keys/save_keys_listener.c b/src/libcharon/plugins/save_keys/save_keys_listener.c new file mode 100644 index 000000000..fc16f20e6 --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_listener.c @@ -0,0 +1,435 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#define _GNU_SOURCE + +#include "save_keys_listener.h" + +#include +#include +#include + +#include + +typedef struct private_save_keys_listener_t private_save_keys_listener_t; +typedef struct algo_map_t algo_map_t; + +/** + * Name for IKEv1 decryption table file + */ +static char *ikev1_name = "ikev1_decryption_table"; + +/** + * Name for IKEv2 decryption table file + */ +static char *ikev2_name = "ikev2_decryption_table"; + +/** + * Name for esp decryption table file + */ +static char *esp_name = "esp_sa"; + +/** + * Private data. + */ +struct private_save_keys_listener_t { + + /** + * Public interface. + */ + save_keys_listener_t public; + + /** + * Path to the directory where the decryption tables will be stored. + */ + char *path; + + /** + * Whether to save IKE keys + */ + bool ike; + + /** + * Whether to save ESP keys + */ + bool esp; +}; + +METHOD(save_keys_listener_t, destroy, void, + private_save_keys_listener_t *this) +{ + free(this); +} + +/** + * Mapping strongSwan identifiers to Wireshark names + */ +struct algo_map_t { + + /** + * IKE identifier + */ + const uint16_t ike; + + /** + * Optional key length + */ + const int key_len; + + /** + * Name of the algorithm in wireshark + */ + const char *name; +}; + +/** + * Map an algorithm identifier to a name + */ +static inline const char *algo_name(algo_map_t *map, int count, + uint16_t alg, int key_len) +{ + int i; + + for (i = 0; i < count; i++) + { + if (map[i].ike == alg) + { + if (map[i].key_len == -1 || map[i].key_len == key_len) + { + return map[i].name; + } + } + } + return NULL; +} + +/** + * Wireshark IKE algorithm identifiers for encryption + */ +static algo_map_t ike_encr[] = { + { ENCR_3DES, -1, "3DES [RFC2451]" }, + { ENCR_NULL, -1, "NULL [RFC2410]" }, + { ENCR_AES_CBC, 128, "AES-CBC-128 [RFC3602]" }, + { ENCR_AES_CBC, 192, "AES-CBC-192 [RFC3602]" }, + { ENCR_AES_CBC, 256, "AES-CBC-256 [RFC3602]" }, + { ENCR_AES_CTR, 128, "AES-CTR-128 [RFC5930]" }, + { ENCR_AES_CTR, 192, "AES-CTR-192 [RFC5930]" }, + { ENCR_AES_CTR, 256, "AES-CTR-256 [RFC5930]" }, + { ENCR_AES_GCM_ICV8, 128, "AES-GCM-128 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV8, 192, "AES-GCM-192 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV8, 256, "AES-GCM-256 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV12, 128, "AES-GCM-128 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV12, 192, "AES-GCM-192 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV12, 256, "AES-GCM-256 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV16, 128, "AES-GCM-128 with 16 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV16, 192, "AES-GCM-192 with 16 octet ICV [RFC5282]" }, + { ENCR_AES_GCM_ICV16, 256, "AES-GCM-256 with 16 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV8, 128, "AES-CCM-128 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV8, 192, "AES-CCM-192 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV8, 256, "AES-CCM-256 with 8 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV12, 128, "AES-CCM-128 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV12, 192, "AES-CCM-192 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV12, 256, "AES-CCM-256 with 12 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV16, 128, "AES-CCM-128 with 16 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV16, 192, "AES-CCM-192 with 16 octet ICV [RFC5282]" }, + { ENCR_AES_CCM_ICV16, 256, "AES-CCM-256 with 16 octet ICV [RFC5282]" }, +}; + +/** + * Wireshark IKE algorithms for integrity + */ +static algo_map_t ike_integ[] = { + { AUTH_HMAC_MD5_96, -1, "HMAC_MD5_96 [RFC2403]" }, + { AUTH_HMAC_SHA1_96, -1, "HMAC_SHA1_96 [RFC2404]" }, + { AUTH_HMAC_MD5_128, -1, "HMAC_MD5_128 [RFC4595]" }, + { AUTH_HMAC_SHA1_160, -1, "HMAC_SHA1_160 [RFC4595]" }, + { AUTH_HMAC_SHA2_256_128, -1, "HMAC_SHA2_256_128 [RFC4868]" }, + { AUTH_HMAC_SHA2_384_192, -1, "HMAC_SHA2_384_192 [RFC4868]" }, + { AUTH_HMAC_SHA2_512_256, -1, "HMAC_SHA2_512_256 [RFC4868]" }, + { AUTH_HMAC_SHA2_256_96, -1, "HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00]" }, + { AUTH_UNDEFINED, -1, "NONE [RFC4306]" }, +}; + +/** + * Map an IKE proposal + */ +static inline void ike_names(proposal_t *proposal, const char **enc, + const char **integ) +{ + uint16_t alg, len; + + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len)) + { + *enc = algo_name(ike_encr, countof(ike_encr), alg, len); + } + if (encryption_algorithm_is_aead(alg)) + { + alg = AUTH_UNDEFINED; + } + else if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) + { + return; + } + *integ = algo_name(ike_integ, countof(ike_integ), alg, -1); +} + +/** + * Wireshark ESP algorithm identifiers for encryption + */ +static algo_map_t esp_encr[] = { + { ENCR_NULL, -1, "NULL" }, + { ENCR_3DES, -1, "TripleDes-CBC [RFC2451]" }, + { ENCR_AES_CBC, -1, "AES-CBC [RFC3602]" }, + { ENCR_AES_CTR, -1, "AES-CTR [RFC3686]" }, + { ENCR_DES, -1, "DES-CBC [RFC2405]" }, + { ENCR_CAST, -1, "CAST5-CBC [RFC2144]" }, + { ENCR_BLOWFISH, -1, "BLOWFISH-CBC [RFC2451]" }, + { ENCR_TWOFISH_CBC, -1, "TWOFISH-CBC" }, + { ENCR_AES_GCM_ICV8, -1, "AES-GCM [RFC4106]" }, + { ENCR_AES_GCM_ICV12, -1, "AES-GCM [RFC4106]" }, + { ENCR_AES_GCM_ICV16, -1, "AES-GCM [RFC4106]" }, +}; + +/** + * Wireshark ESP algorithms for integrity + */ +static algo_map_t esp_integ[] = { + { AUTH_HMAC_SHA1_96, -1, "HMAC-SHA-1-96 [RFC2404]" }, + { AUTH_HMAC_MD5_96, -1, "HMAC-MD5-96 [RFC2403]" }, + { AUTH_HMAC_SHA2_256_128, -1, "HMAC-SHA-256-128 [RFC4868]" }, + { AUTH_HMAC_SHA2_384_192, -1, "HMAC-SHA-384-192 [RFC4868]" }, + { AUTH_HMAC_SHA2_512_256, -1, "HMAC-SHA-512-256 [RFC4868]" }, + { AUTH_HMAC_SHA2_256_96, -1, "HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]" }, + { AUTH_UNDEFINED, 64, "ANY 64 bit authentication [no checking]" }, + { AUTH_UNDEFINED, 96, "ANY 96 bit authentication [no checking]" }, + { AUTH_UNDEFINED, 128, "ANY 128 bit authentication [no checking]" }, + { AUTH_UNDEFINED, 192, "ANY 192 bit authentication [no checking]" }, + { AUTH_UNDEFINED, 256, "ANY 256 bit authentication [no checking]" }, + { AUTH_UNDEFINED, -1, "NULL" }, +}; + +/** + * Map an ESP proposal + */ +static inline void esp_names(proposal_t *proposal, const char **enc, + const char **integ) +{ + uint16_t alg, len; + + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len)) + { + *enc = algo_name(esp_encr, countof(esp_encr), alg, len); + } + len = -1; + if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) + { + switch (alg) + { + case ENCR_AES_GCM_ICV8: + len = 64; + break; + case ENCR_AES_GCM_ICV12: + len = 64; + break; + case ENCR_AES_GCM_ICV16: + len = 128; + break; + } + alg = AUTH_UNDEFINED; + } + *integ = algo_name(esp_integ, countof(esp_integ), alg, len); +} + +METHOD(listener_t, ike_derived_keys, bool, + private_save_keys_listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei, + chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar) +{ + ike_version_t version; + ike_sa_id_t *id; + const char *enc = NULL, *integ = NULL; + char *path, *name; + FILE *file; + + if (!this->path || !this->ike) + { + return TRUE; + } + + version = ike_sa->get_version(ike_sa); + name = version == IKEV2 ? ikev2_name : ikev1_name; + if (asprintf(&path, "%s/%s", this->path, name) < 0) + { + DBG1(DBG_IKE, "failed to build path to IKE key table"); + return TRUE; + } + + file = fopen(path, "a"); + if (file) + { + id = ike_sa->get_id(ike_sa); + if (version == IKEV2) + { + ike_names(ike_sa->get_proposal(ike_sa), &enc, &integ); + if (enc && integ) + { + fprintf(file, "%.16"PRIx64",%.16"PRIx64",%+B,%+B,\"%s\"," + "%+B,%+B,\"%s\"\n", be64toh(id->get_initiator_spi(id)), + be64toh(id->get_responder_spi(id)), &sk_ei, &sk_er, + enc, &sk_ai, &sk_ar, integ); + } + } + else + { + fprintf(file, "%.16"PRIx64",%+B\n", + be64toh(id->get_initiator_spi(id)), &sk_ei); + } + fclose(file); + } + else + { + DBG1(DBG_IKE, "failed to open IKE key table '%s': %s", path, + strerror(errno)); + } + free(path); + return TRUE; +} + +METHOD(listener_t, child_derived_keys, bool, + private_save_keys_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + bool initiator, chunk_t encr_i, chunk_t encr_r, chunk_t integ_i, + chunk_t integ_r) +{ + host_t *init, *resp; + uint32_t spi_i, spi_r; + const char *enc = NULL, *integ = NULL; + char *path, *family; + FILE *file; + + if (!this->path || !this->esp || + child_sa->get_protocol(child_sa) != PROTO_ESP) + { + return TRUE; + } + + if (asprintf(&path, "%s/%s", this->path, esp_name) < 0) + { + DBG1(DBG_CHD, "failed to build path to ESP key table"); + return TRUE; + } + + file = fopen(path, "a"); + if (file) + { + esp_names(child_sa->get_proposal(child_sa), &enc, &integ); + if (enc && integ) + { + /* Since the IPs are printed this is not compatible with MOBIKE */ + if (initiator) + { + init = ike_sa->get_my_host(ike_sa); + resp = ike_sa->get_other_host(ike_sa); + } + else + { + init = ike_sa->get_other_host(ike_sa); + resp = ike_sa->get_my_host(ike_sa); + } + spi_i = child_sa->get_spi(child_sa, initiator); + spi_r = child_sa->get_spi(child_sa, !initiator); + family = init->get_family(init) == AF_INET ? "IPv4" : "IPv6"; + fprintf(file, "\"%s\",\"%H\",\"%H\",\"0x%.8x\",\"%s\",\"0x%+B\"," + "\"%s\",\"0x%+B\"\n", family, init, resp, ntohl(spi_r), enc, + &encr_i, integ, &integ_i); + fprintf(file, "\"%s\",\"%H\",\"%H\",\"0x%.8x\",\"%s\",\"0x%+B\"," + "\"%s\",\"0x%+B\"\n", family, resp, init, ntohl(spi_i), enc, + &encr_r, integ, &integ_r); + } + fclose(file); + } + else + { + DBG1(DBG_CHD, "failed to open ESP key table '%s': %s", path, + strerror(errno)); + } + free(path); + return TRUE; +} + +/** + * See header. + */ +save_keys_listener_t *save_keys_listener_create() +{ + private_save_keys_listener_t *this; + + INIT(this, + .public = { + .listener = { + .ike_derived_keys = _ike_derived_keys, + .child_derived_keys = _child_derived_keys, + }, + .destroy = _destroy, + }, + .path = lib->settings->get_str(lib->settings, + "%s.plugins.save-keys.wireshark_keys", + NULL, lib->ns), + .esp = lib->settings->get_bool(lib->settings, + "%s.plugins.save-keys.esp", + FALSE, lib->ns), + .ike = lib->settings->get_bool(lib->settings, + "%s.plugins.save-keys.ike", + FALSE, lib->ns), + ); + + if (this->path && (this->ike || this->esp)) + { + char *keys = "IKE"; + + if (this->ike && this->esp) + { + keys = "IKE AND ESP"; + } + else if (this->esp) + { + keys = "ESP"; + } + DBG0(DBG_DMN, "!!", keys, this->path); + DBG0(DBG_DMN, "!! WARNING: SAVING %s KEYS TO '%s'", keys, this->path); + DBG0(DBG_DMN, "!!", keys, this->path); + } + return &this->public; +} diff --git a/src/libcharon/plugins/save_keys/save_keys_listener.h b/src/libcharon/plugins/save_keys/save_keys_listener.h new file mode 100644 index 000000000..c4dc2cf45 --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_listener.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup save_keys_listener save_keys_listener + * @{ @ingroup save_keys + */ + +#ifndef SAVE_KEYS_LISTENER_H_ +#define SAVE_KEYS_LISTENER_H_ + +#include + +typedef struct save_keys_listener_t save_keys_listener_t; + +/** + * Listener saving derived IKE and ESP keys. + */ +struct save_keys_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy this instance. + */ + void (*destroy)(save_keys_listener_t *this); +}; + +/** + * Create a save_keys_listener_t instance. + */ +save_keys_listener_t *save_keys_listener_create(); + +#endif /** SAVE_KEYS_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/save_keys/save_keys_plugin.c b/src/libcharon/plugins/save_keys/save_keys_plugin.c new file mode 100644 index 000000000..93db5bcac --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_plugin.c @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "save_keys_plugin.h" +#include "save_keys_listener.h" + +#include + +typedef struct private_save_keys_plugin_t private_save_keys_plugin_t; + +/** + * Private data. + */ +struct private_save_keys_plugin_t { + + /** + * Implements plugin interface. + */ + save_keys_plugin_t public; + + /** + * Listener saving keys to file. + */ + save_keys_listener_t *listener; +}; + +METHOD(plugin_t, get_name, char*, + private_save_keys_plugin_t *this) +{ + return "save-keys"; +} + +/** + * Register listener. + */ +static bool plugin_cb(private_save_keys_plugin_t *this, + plugin_feature_t *feature, bool reg, void *cb_data) +{ + if (reg) + { + charon->bus->add_listener(charon->bus, &this->listener->listener); + } + else + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + private_save_keys_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), + PLUGIN_PROVIDE(CUSTOM, "save-keys"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_save_keys_plugin_t *this) +{ + this->listener->destroy(this->listener); + free(this); +} + +/** + * Plugin constructor. + */ +plugin_t *save_keys_plugin_create() +{ + private_save_keys_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + .listener = save_keys_listener_create(), + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/save_keys/save_keys_plugin.h b/src/libcharon/plugins/save_keys/save_keys_plugin.h new file mode 100644 index 000000000..9501b5479 --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_plugin.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup save_keys save_keys + * @ingroup cplugins + * + * @defgroup save_keys_plugin save_keys_plugin + * @{ @ingroup save_keys + */ + +#ifndef SAVE_KEYS_PLUGIN_H_ +#define SAVE_KEYS_PLUGIN_H_ + +#include + +typedef struct save_keys_plugin_t save_keys_plugin_t; + +/** + * Plugin that saves derived IKE and ESP keys. + */ +struct save_keys_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** SAVE_KEYS_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index ac0129210..ca22c7f82 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -519,7 +519,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator->destroy(enumerator); } - /* authentication metod (class, actually) */ + /* authentication method (class, actually) */ if (strpfx(auth, "ike:") || strpfx(auth, "pubkey") || strpfx(auth, "rsa") || diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 9b61afb5c..7fc95657e 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -1131,7 +1131,6 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr, shared_key_t *shared_key; linked_list_t *owners; chunk_t secret = chunk_empty; - bool any = TRUE; err_t ugh = extract_secret(&secret, &line); if (ugh != NULL) @@ -1148,7 +1147,6 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr, while (ids.len > 0) { chunk_t id; - identification_t *peer_id; ugh = extract_value(&id, &ids); if (ugh != NULL) @@ -1165,17 +1163,9 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr, /* NULL terminate the ID string */ *(id.ptr + id.len) = '\0'; - peer_id = identification_create_from_string(id.ptr); - if (peer_id->get_type(peer_id) == ID_ANY) - { - peer_id->destroy(peer_id); - continue; - } - - owners->insert_last(owners, peer_id); - any = FALSE; + owners->insert_last(owners, identification_create_from_string(id.ptr)); } - if (any) + if (!owners->get_count(owners)) { owners->insert_last(owners, identification_create_from_encoding(ID_ANY, chunk_empty)); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 22992599d..2bed420be 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -693,7 +693,7 @@ METHOD(stroke_list_t, status, void, /** * create a unique certificate list without duplicates - * certicates having the same issuer are grouped together. + * certificates having the same issuer are grouped together. */ static linked_list_t* create_unique_cert_list(certificate_type_t type) { diff --git a/src/libcharon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c index e847dd393..283d93928 100644 --- a/src/libcharon/plugins/uci/uci_parser.c +++ b/src/libcharon/plugins/uci/uci_parser.c @@ -112,7 +112,7 @@ METHOD(uci_parser_t, create_section_enumerator, enumerator_t*, va_list args; int i; - /* allocate enumerator large enought to hold keyword pointers */ + /* allocate enumerator large enough to hold keyword pointers */ i = 1; va_start(args, this); while (va_arg(args, char*)) diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 83521250d..49cce379d 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -530,11 +530,11 @@ on the key identifier derived from the public key). ### load-shared() ### -Load a shared IKE PSK, EAP or XAuth secret into the daemon. +Load a shared IKE PSK, EAP, XAuth or NTLM secret into the daemon. { id = - type = + type = data = owners = [ @@ -546,8 +546,8 @@ Load a shared IKE PSK, EAP or XAuth secret into the daemon. ### unload-shared() ### -Unload a previously loaded shared IKE PSK, EAP or XAuth secret by its unique -identifier. +Unload a previously loaded shared IKE PSK, EAP, XAuth or NTLM secret by its +unique identifier. { id = diff --git a/src/libcharon/plugins/vici/libvici.h b/src/libcharon/plugins/vici/libvici.h index 3ca9de424..d69597881 100644 --- a/src/libcharon/plugins/vici/libvici.h +++ b/src/libcharon/plugins/vici/libvici.h @@ -43,7 +43,7 @@ * thread pool. * * Connecting requires an uri, which is currently either a UNIX socket path - * prefixed with unix://, or a hostname:port touple prefixed with tcp://. + * prefixed with unix://, or a hostname:port tuple prefixed with tcp://. * Passing NULL takes the system default socket path. * * After the connection has been established, request messages can be sent. diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index ff4e07d2d..6d29988db 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -476,8 +476,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@uninstall-local: @RUBY_GEMS_INSTALL_FALSE@install-data-local: +@RUBY_GEMS_INSTALL_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index 5d8bf2f05..ec6c80a5b 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -434,7 +434,7 @@ CALLBACK(load_shared, vici_message_t*, { type = SHARED_IKE; } - else if (strcaseeq(str, "eap") || streq(str, "xauth")) + else if (strcaseeq(str, "eap") || strcaseeq(str, "xauth")) { type = SHARED_EAP; } diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 134ea375d..82c3d7855 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -774,7 +774,7 @@ CALLBACK(list_conns, vici_message_t*, ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; char *ike, *str, *interface; - uint32_t manual_prio; + uint32_t manual_prio, dpd_delay, dpd_timeout; linked_list_t *list; traffic_selector_t *ts; lifetime_cfg_t *lft; @@ -825,6 +825,18 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "unique", "%N", unique_policy_names, peer_cfg->get_unique_policy(peer_cfg)); + dpd_delay = peer_cfg->get_dpd(peer_cfg); + if (dpd_delay) + { + b->add_kv(b, "dpd_delay", "%u", dpd_delay); + } + + dpd_timeout = peer_cfg->get_dpd_timeout(peer_cfg); + if (dpd_timeout) + { + b->add_kv(b, "dpd_timeout", "%u", dpd_timeout); + } + build_auth_cfgs(peer_cfg, TRUE, b); build_auth_cfgs(peer_cfg, FALSE, b); @@ -843,6 +855,11 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey); free(lft); + b->add_kv(b, "dpd_action", "%N", action_names, + child_cfg->get_dpd_action(child_cfg)); + b->add_kv(b, "close_action", "%N", action_names, + child_cfg->get_close_action(child_cfg)); + b->begin_list(b, "local-ts"); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); selectors = list->create_enumerator(list); diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h index b2d5a11f6..b33ea617b 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.h +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h @@ -27,7 +27,7 @@ typedef struct delete_child_sa_job_t delete_child_sa_job_t; #include #include #include -#include +#include /** diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h index 1de06fd07..1c9d9b400 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h @@ -26,7 +26,7 @@ typedef struct rekey_child_sa_job_t rekey_child_sa_job_t; #include #include #include -#include +#include /** * Class representing an REKEY_CHILD_SA Job. @@ -50,4 +50,5 @@ struct rekey_child_sa_job_t { */ rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol, uint32_t spi, host_t *dst); + #endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h index ed978dc8b..17beb68b6 100644 --- a/src/libcharon/processing/jobs/update_sa_job.h +++ b/src/libcharon/processing/jobs/update_sa_job.h @@ -26,7 +26,7 @@ typedef struct update_sa_job_t update_sa_job_t; #include #include #include -#include +#include /** * Update the addresses of an IKE and its CHILD_SAs. diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 91da4d3e6..a01ee9e4d 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2017 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger @@ -1249,17 +1249,6 @@ METHOD(child_sa_t, install_policies, status_t, enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - /* install outbound drop policy to avoid packets leaving unencrypted - * when updating policies */ - if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && - require_policy_update() && install_outbound) - { - status |= install_policies_outbound(this, this->my_addr, - this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK, 0); - } - status |= install_policies_inbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, @@ -1350,15 +1339,6 @@ METHOD(child_sa_t, install_outbound, status_t, enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - /* install outbound drop policy to avoid packets leaving unencrypted - * when updating policies */ - if (manual_prio == 0 && require_policy_update()) - { - status |= install_policies_outbound(this, this->my_addr, - this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK, 0); - } status |= install_policies_outbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, @@ -1407,12 +1387,6 @@ METHOD(child_sa_t, remove_outbound, void, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, manual_prio); - if (manual_prio == 0 && require_policy_update()) - { - del_policies_outbound(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); - } } enumerator->destroy(enumerator); } @@ -1458,8 +1432,65 @@ CALLBACK(reinstall_vip, void, } } +/** + * Update addresses and encap state of IPsec SAs in the kernel + */ +static status_t update_sas(private_child_sa_t *this, host_t *me, host_t *other, + bool encap) +{ + /* update our (initiator) SA */ + if (this->my_spi) + { + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = mark_in_sa(this), + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, + .new_src = other, + .new_dst = me, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) + { + return NOT_SUPPORTED; + } + } + + /* update his (responder) SA */ + if (this->other_spi) + { + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, + .new_src = me, + .new_dst = other, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) + { + return NOT_SUPPORTED; + } + } + /* we currently ignore the actual return values above */ + return SUCCESS; +} + METHOD(child_sa_t, update, status_t, - private_child_sa_t *this, host_t *me, host_t *other, linked_list_t *vips, + private_child_sa_t *this, host_t *me, host_t *other, linked_list_t *vips, bool encap) { child_sa_state_t old; @@ -1478,84 +1509,50 @@ METHOD(child_sa_t, update, status_t, this->config->has_option(this->config, OPT_PROXY_MODE); - if (!transport_proxy_mode) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + require_policy_update()) { - /* update our (initiator) SA */ - if (this->my_spi) - { - kernel_ipsec_sa_id_t id = { - .src = this->other_addr, - .dst = this->my_addr, - .spi = this->my_spi, - .proto = proto_ike2ip(this->protocol), - .mark = mark_in_sa(this), - }; - kernel_ipsec_update_sa_t sa = { - .cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, - .new_src = other, - .new_dst = me, - .encap = this->encap, - .new_encap = encap, - }; - if (charon->kernel->update_sa(charon->kernel, &id, - &sa) == NOT_SUPPORTED) - { - set_state(this, old); - return NOT_SUPPORTED; - } - } + ipsec_sa_cfg_t my_sa, other_sa; + enumerator_t *enumerator; + traffic_selector_t *my_ts, *other_ts; + uint32_t manual_prio; + status_t state; + + prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); - /* update his (responder) SA */ - if (this->other_spi) + enumerator = create_policy_enumerator(this); + while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - kernel_ipsec_sa_id_t id = { - .src = this->my_addr, - .dst = this->other_addr, - .spi = this->other_spi, - .proto = proto_ike2ip(this->protocol), - .mark = this->mark_out, - }; - kernel_ipsec_update_sa_t sa = { - .cpi = this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, - .new_src = me, - .new_dst = other, - .encap = this->encap, - .new_encap = encap, - }; - if (charon->kernel->update_sa(charon->kernel, &id, - &sa) == NOT_SUPPORTED) - { - set_state(this, old); - return NOT_SUPPORTED; - } + /* install drop policy to avoid traffic leaks, acquires etc. */ + install_policies_outbound(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_DEFAULT, manual_prio); + + /* remove old policies */ + del_policies_internal(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio); } - } + enumerator->destroy(enumerator); - if (!this->config->has_option(this->config, OPT_NO_POLICIES) && - require_policy_update()) - { - if (!me->ip_equals(me, this->my_addr) || - !other->ip_equals(other, this->other_addr)) - { - ipsec_sa_cfg_t my_sa, other_sa; - enumerator_t *enumerator; - traffic_selector_t *my_ts, *other_ts; - uint32_t manual_prio; + /* update the IPsec SAs */ + state = update_sas(this, me, other, encap); - prepare_sa_cfg(this, &my_sa, &other_sa); - manual_prio = this->config->get_manual_prio(this->config); + enumerator = create_policy_enumerator(this); + while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) + { + traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL; - /* always use high priorities, as hosts getting updated are INSTALLED */ - enumerator = create_policy_enumerator(this); - while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) + /* reinstall the previous policies if we can't update the SAs */ + if (state == NOT_SUPPORTED) + { + install_policies_internal(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, manual_prio); + } + else { - traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL; - - /* remove old policies first */ - del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT, manual_prio); - /* check if we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && my_ts->is_host(my_ts, this->my_addr)) @@ -1578,23 +1575,32 @@ METHOD(child_sa_t, update, status_t, install_policies_internal(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, manual_prio); - - /* update fallback policies after the new policy is in place */ - if (manual_prio == 0) - { - del_policies_outbound(this, this->my_addr, this->other_addr, - old_my_ts ?: my_ts, - old_other_ts ?: other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK, 0); - install_policies_outbound(this, me, other, my_ts, other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK, 0); - } - DESTROY_IF(old_my_ts); - DESTROY_IF(old_other_ts); } - enumerator->destroy(enumerator); + /* remove the drop policy */ + del_policies_outbound(this, this->my_addr, this->other_addr, + old_my_ts ?: my_ts, + old_other_ts ?: other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_DEFAULT, 0); + + DESTROY_IF(old_my_ts); + DESTROY_IF(old_other_ts); + } + enumerator->destroy(enumerator); + + if (state == NOT_SUPPORTED) + { + set_state(this, old); + return NOT_SUPPORTED; + } + + } + else if (!transport_proxy_mode) + { + if (update_sas(this, me, other, encap) == NOT_SUPPORTED) + { + set_state(this, old); + return NOT_SUPPORTED; } } @@ -1655,13 +1661,6 @@ METHOD(child_sa_t, destroy, void, del_policies_inbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority, manual_prio); - if (!this->trap && manual_prio == 0 && require_policy_update() && - del_outbound) - { - del_policies_outbound(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); - } } enumerator->destroy(enumerator); } diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index 082404d93..49175ca01 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -30,7 +30,7 @@ typedef struct child_sa_t child_sa_t; #include #include #include -#include +#include #include /** @@ -145,7 +145,7 @@ extern enum_name_t *child_sa_outbound_state_names; * - B allocates an SPI for the selected protocol * - B calls child_sa_t.install for both, the allocated and received SPI * - B sends the proposal with the allocated SPI to A - * - A calls child_sa_t.install for both, the allocated and recevied SPI + * - A calls child_sa_t.install for both, the allocated and received SPI * * Once SAs are set up, policies can be added using add_policies. */ @@ -254,7 +254,7 @@ struct child_sa_t { /** * Set the negotiated IPsec mode to use. * - * @param mode TUNNEL | TRANPORT | BEET + * @param mode TUNNEL | TRANSPORT | BEET */ void (*set_mode)(child_sa_t *this, ipsec_mode_t mode); diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h index 4ed1cae20..391c906e9 100644 --- a/src/libcharon/sa/eap/eap_manager.h +++ b/src/libcharon/sa/eap/eap_manager.h @@ -30,7 +30,7 @@ typedef struct eap_manager_t eap_manager_t; * The EAP manager manages all EAP implementations and creates instances. * * A plugin registers it's implemented EAP method at the manager by - * providing type and a contructor function. The manager then instanciates + * providing type and a constructor function. The manager then instantiates * eap_method_t instances through the provided constructor to handle * EAP authentication. */ diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h index 8e25f7df8..840779727 100644 --- a/src/libcharon/sa/eap/eap_method.h +++ b/src/libcharon/sa/eap/eap_method.h @@ -64,7 +64,7 @@ struct eap_method_t { /** * Initiate the EAP exchange. * - * initiate() is only useable for server implementations, as clients only + * initiate() is only usable for server implementations, as clients only * reply to server requests. * A eap_payload is created in "out" if result is NEED_MORE. * diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 823cf2579..e1f4ec95a 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -231,11 +231,6 @@ struct private_ike_sa_t { */ chunk_t nat_detection_dest; - /** - * number pending UPDATE_SA_ADDRESS (MOBIKE) - */ - uint32_t pending_updates; - /** * NAT keep alive interval */ @@ -734,8 +729,11 @@ METHOD(ike_sa_t, set_condition, void, switch (condition) { case COND_NAT_HERE: - case COND_NAT_FAKE: case COND_NAT_THERE: + DBG1(DBG_IKE, "%s host is not behind NAT anymore", + condition == COND_NAT_HERE ? "local" : "remote"); + /* fall-through */ + case COND_NAT_FAKE: set_condition(this, COND_NAT_ANY, has_condition(this, COND_NAT_HERE) || has_condition(this, COND_NAT_THERE) || @@ -1052,18 +1050,6 @@ METHOD(ike_sa_t, has_mapping_changed, bool, return TRUE; } -METHOD(ike_sa_t, set_pending_updates, void, - private_ike_sa_t *this, uint32_t updates) -{ - this->pending_updates = updates; -} - -METHOD(ike_sa_t, get_pending_updates, uint32_t, - private_ike_sa_t *this) -{ - return this->pending_updates; -} - METHOD(ike_sa_t, float_ports, void, private_ike_sa_t *this) { @@ -2561,6 +2547,12 @@ METHOD(ike_sa_t, roam, status_t, break; } + if (!this->ike_cfg) + { /* this is the case for new HA SAs not yet in state IKE_PASSIVE and + * without config assigned */ + return SUCCESS; + } + /* ignore roam events if MOBIKE is not supported/enabled and the local * address is statically configured */ if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) && @@ -2964,8 +2956,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .supports_extension = _supports_extension, .set_condition = _set_condition, .has_condition = _has_condition, - .set_pending_updates = _set_pending_updates, - .get_pending_updates = _get_pending_updates, .create_peer_address_enumerator = _create_peer_address_enumerator, .add_peer_address = _add_peer_address, .clear_peer_addresses = _clear_peer_addresses, diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index fbc367292..b4fbc56d7 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -646,20 +646,6 @@ struct ike_sa_t { */ bool (*has_condition) (ike_sa_t *this, ike_condition_t condition); - /** - * Get the number of queued MOBIKE address updates. - * - * @return number of pending updates - */ - uint32_t (*get_pending_updates)(ike_sa_t *this); - - /** - * Set the number of queued MOBIKE address updates. - * - * @param updates number of pending updates - */ - void (*set_pending_updates)(ike_sa_t *this, uint32_t updates); - #ifdef ME /** * Activate mediation server functionality for this IKE_SA. @@ -869,7 +855,7 @@ struct ike_sa_t { * @param message_id ID of the request to retransmit * @return * - SUCCESS - * - NOT_FOUND if request doesn't have to be retransmited + * - NOT_FOUND if request doesn't have to be retransmitted */ status_t (*retransmit) (ike_sa_t *this, uint32_t message_id); @@ -1169,7 +1155,7 @@ struct ike_sa_t { void (*inherit_post) (ike_sa_t *this, ike_sa_t *other); /** - * Reset the IKE_SA, useable when initiating fails. + * Reset the IKE_SA, usable when initiating fails. * * @param new_spi TRUE to allocate a new initiator SPI */ diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index adce59f7e..5856f829e 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2012-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG @@ -101,6 +101,31 @@ static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local) return cfg; } +/** + * Find a shared key for the given identities + */ +static shared_key_t *find_shared_key(identification_t *my_id, host_t *me, + identification_t *other_id, host_t *other) +{ + identification_t *any_id = NULL; + shared_key_t *shared_key; + + if (!other_id) + { + any_id = identification_create_from_encoding(ID_ANY, chunk_empty); + other_id = any_id; + } + shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, + my_id, other_id); + if (!shared_key) + { + DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]", + my_id, me, other_id, other); + } + DESTROY_IF(any_id); + return shared_key; +} + /** * Lookup a shared secret for this IKE_SA */ @@ -131,15 +156,9 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this, { other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY); } - if (my_id && other_id) + if (my_id) { - shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, - my_id, other_id); - if (!shared_key) - { - DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]", - my_id, me, other_id, other); - } + shared_key = find_shared_key(my_id, me, other_id, other); } } } @@ -158,14 +177,11 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this, other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY); if (my_id) { - shared_key = lib->credmgr->get_shared(lib->credmgr, - SHARED_IKE, my_id, other_id); + shared_key = find_shared_key(my_id, me, other_id, other); if (shared_key) { break; } - DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]", - my_id, me, other_id, other); } } } diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index 7098d24a2..43897c304 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -547,7 +547,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message) type, value)); } enumerator->destroy(enumerator); - /* if a client did not re-request all adresses, release them */ + /* if a client did not re-request all addresses, release them */ enumerator = migrated->create_enumerator(migrated); while (enumerator->enumerate(enumerator, &found)) { diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 49b476ad8..77592e59a 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -1330,7 +1330,7 @@ METHOD(task_t, process_i, status_t, &this->cpi_r); if (!list->get_count(list)) { - DBG1(DBG_IKE, "peer did not acccept our IPComp proposal, " + DBG1(DBG_IKE, "peer did not accept our IPComp proposal, " "IPComp disabled"); this->cpi_i = 0; } diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index 361eb0fe1..5c0ec49f0 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2016 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2007-2010 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -737,7 +737,7 @@ static status_t process_response(private_task_manager_t *this, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); } - /* catch if we get resetted while processing */ + /* catch if we get reset while processing */ this->reset = FALSE; enumerator = array_create_enumerator(this->active_tasks); while (enumerator->enumerate(enumerator, &task)) @@ -1642,24 +1642,9 @@ METHOD(task_manager_t, process_message, status_t, METHOD(task_manager_t, queue_task_delayed, void, private_task_manager_t *this, task_t *task, uint32_t delay) { - enumerator_t *enumerator; queued_task_t *queued; timeval_t time; - if (task->get_type(task) == TASK_IKE_MOBIKE) - { /* there is no need to queue more than one mobike task */ - enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &queued)) - { - if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE) - { - enumerator->destroy(enumerator); - task->destroy(task); - return; - } - } - enumerator->destroy(enumerator); - } time_monotonic(&time); if (delay) { @@ -1877,12 +1862,41 @@ METHOD(task_manager_t, queue_ike_delete, void, queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE)); } +/** + * There is no need to queue more than one mobike task, so this either returns + * an already queued task or queues one if there is none yet. + */ +static ike_mobike_t *queue_mobike_task(private_task_manager_t *this) +{ + enumerator_t *enumerator; + queued_task_t *queued; + ike_mobike_t *mobike = NULL; + + enumerator = array_create_enumerator(this->queued_tasks); + while (enumerator->enumerate(enumerator, &queued)) + { + if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE) + { + mobike = (ike_mobike_t*)queued->task; + break; + } + } + enumerator->destroy(enumerator); + + if (!mobike) + { + mobike = ike_mobike_create(this->ike_sa, TRUE); + queue_task(this, &mobike->task); + } + return mobike; +} + METHOD(task_manager_t, queue_mobike, void, private_task_manager_t *this, bool roam, bool address) { ike_mobike_t *mobike; - mobike = ike_mobike_create(this->ike_sa, TRUE); + mobike = queue_mobike_task(this); if (roam) { enumerator_t *enumerator; @@ -1909,7 +1923,31 @@ METHOD(task_manager_t, queue_mobike, void, { mobike->addresses(mobike); } - queue_task(this, &mobike->task); +} + +METHOD(task_manager_t, queue_dpd, void, + private_task_manager_t *this) +{ + ike_mobike_t *mobike; + + if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) && + this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) + { +#ifdef ME + peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa); + if (cfg->get_peer_id(cfg) || + this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) +#else + if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) +#endif + { + /* use mobike enabled DPD to detect NAT mapping changes */ + mobike = queue_mobike_task(this); + mobike->dpd(mobike); + return; + } + } + queue_task(this, (task_t*)ike_dpd_create(TRUE)); } METHOD(task_manager_t, queue_child, void, @@ -1940,32 +1978,6 @@ METHOD(task_manager_t, queue_child_delete, void, protocol, spi, expired)); } -METHOD(task_manager_t, queue_dpd, void, - private_task_manager_t *this) -{ - ike_mobike_t *mobike; - - if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) && - this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) - { -#ifdef ME - peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - if (cfg->get_peer_id(cfg) || - this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) -#else - if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) -#endif - { - /* use mobike enabled DPD to detect NAT mapping changes */ - mobike = ike_mobike_create(this->ike_sa, TRUE); - mobike->dpd(mobike); - queue_task(this, &mobike->task); - return; - } - } - queue_task(this, (task_t*)ike_dpd_create(TRUE)); -} - METHOD(task_manager_t, adopt_tasks, void, private_task_manager_t *this, task_manager_t *other_public) { diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 4d4d72e0b..85dac6d59 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -277,12 +277,13 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host) } /** - * Allocate SPIs and update proposals + * Allocate SPIs and update proposals, we also promote the selected DH group */ static bool allocate_spi(private_child_create_t *this) { enumerator_t *enumerator; proposal_t *proposal; + linked_list_t *other_dh_groups; if (this->initiator) { @@ -304,12 +305,29 @@ static bool allocate_spi(private_child_create_t *this) { if (this->initiator) { + other_dh_groups = linked_list_create(); enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { proposal->set_spi(proposal, this->my_spi); + + /* move the selected DH group to the front, if any */ + if (this->dh_group != MODP_NONE && + !proposal->promote_dh_group(proposal, this->dh_group)) + { /* proposals that don't contain the selected group are + * moved to the back */ + this->proposals->remove_at(this->proposals, enumerator); + other_dh_groups->insert_last(other_dh_groups, proposal); + } + } + enumerator->destroy(enumerator); + enumerator = other_dh_groups->create_enumerator(other_dh_groups); + while (enumerator->enumerate(enumerator, (void**)&proposal)) + { /* no need to remove from the list as we destroy it anyway*/ + this->proposals->insert_last(this->proposals, proposal); } enumerator->destroy(enumerator); + other_dh_groups->destroy(other_dh_groups); } else { @@ -396,7 +414,7 @@ static linked_list_t *get_dynamic_hosts(ike_sa_t *ike_sa, bool local) } /** - * Substitude any host address with NATed address in traffic selector + * Substitute any host address with NATed address in traffic selector */ static linked_list_t* get_transport_nat_ts(private_child_create_t *this, bool local, linked_list_t *in) @@ -1006,8 +1024,8 @@ METHOD(task_t, build_i, status_t, chunk_empty); return SUCCESS; } - if (!this->retry) - { + if (!this->retry && this->dh_group == MODP_NONE) + { /* during a rekeying the group might already be set */ this->dh_group = this->config->get_dh_group(this->config); } break; @@ -1615,6 +1633,12 @@ METHOD(child_create_t, use_marks, void, this->mark_out = out; } +METHOD(child_create_t, use_dh_group, void, + private_child_create_t *this, diffie_hellman_group_t dh_group) +{ + this->dh_group = dh_group; +} + METHOD(child_create_t, get_child, child_sa_t*, private_child_create_t *this) { @@ -1736,6 +1760,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .get_lower_nonce = _get_lower_nonce, .use_reqid = _use_reqid, .use_marks = _use_marks, + .use_dh_group = _use_dh_group, .task = { .get_type = _get_type, .migrate = _migrate, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h index f48d7b0a9..59fc6d2d9 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.h +++ b/src/libcharon/sa/ikev2/tasks/child_create.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -59,6 +60,15 @@ struct child_create_t { */ void (*use_marks)(child_create_t *this, u_int in, u_int out); + /** + * Initially propose a specific DH group to override configuration. + * + * This is used during rekeying to prefer the previously negotiated group. + * + * @param dh_group DH group to use + */ + void (*use_dh_group)(child_create_t *this, diffie_hellman_group_t dh_group); + /** * Get the lower of the two nonces, used for rekey collisions. * diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index b67e9b80f..f90056658 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2017 Tobias Brunner + * Copyright (C) 2009-2018 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -190,8 +190,18 @@ METHOD(task_t, build_i, status_t, /* our CHILD_CREATE task does the hard work for us */ if (!this->child_create) { + proposal_t *proposal; + uint16_t dh_group; + this->child_create = child_create_create(this->ike_sa, config->get_ref(config), TRUE, NULL, NULL); + + proposal = this->child_sa->get_proposal(this->child_sa); + if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, + &dh_group, NULL)) + { /* reuse the DH group negotiated previously */ + this->child_create->use_dh_group(this->child_create, dh_group); + } } reqid = this->child_sa->get_reqid(this->child_sa); this->child_create->use_reqid(this->child_create, reqid); diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index d75d21715..3d73d728b 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -282,7 +282,7 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) sa_payload_t *sa_payload; ke_payload_t *ke_payload; nonce_payload_t *nonce_payload; - linked_list_t *proposal_list; + linked_list_t *proposal_list, *other_dh_groups; ike_sa_id_t *id; proposal_t *proposal; enumerator_t *enumerator; @@ -294,16 +294,31 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) if (this->initiator) { proposal_list = this->config->get_proposals(this->config); - if (this->old_sa) + other_dh_groups = linked_list_create(); + enumerator = proposal_list->create_enumerator(proposal_list); + while (enumerator->enumerate(enumerator, (void**)&proposal)) { /* include SPI of new IKE_SA when we are rekeying */ - enumerator = proposal_list->create_enumerator(proposal_list); - while (enumerator->enumerate(enumerator, (void**)&proposal)) + if (this->old_sa) { proposal->set_spi(proposal, id->get_initiator_spi(id)); } - enumerator->destroy(enumerator); + /* move the selected DH group to the front of the proposal */ + if (!proposal->promote_dh_group(proposal, this->dh_group)) + { /* the proposal does not include the group, move to the back */ + proposal_list->remove_at(proposal_list, enumerator); + other_dh_groups->insert_last(other_dh_groups, proposal); + } } + enumerator->destroy(enumerator); + /* add proposals that don't contain the selected group */ + enumerator = other_dh_groups->create_enumerator(other_dh_groups); + while (enumerator->enumerate(enumerator, (void**)&proposal)) + { /* no need to remove from the list as we destroy it anyway*/ + proposal_list->insert_last(proposal_list, proposal); + } + enumerator->destroy(enumerator); + other_dh_groups->destroy(other_dh_groups); sa_payload = sa_payload_create_from_proposals_v2(proposal_list); proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy)); @@ -531,10 +546,30 @@ METHOD(task_t, build_i, status_t, return FAILED; } - /* if the DH group is set via use_dh_group(), we already have a DH object */ + /* if we are retrying after an INVALID_KE_PAYLOAD we already have one */ if (!this->dh) { - this->dh_group = this->config->get_dh_group(this->config); + if (this->old_sa && lib->settings->get_bool(lib->settings, + "%s.prefer_previous_dh_group", TRUE, lib->ns)) + { /* reuse the DH group we used for the old IKE_SA when rekeying */ + proposal_t *proposal; + uint16_t dh_group; + + proposal = this->old_sa->get_proposal(this->old_sa); + if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, + &dh_group, NULL)) + { + this->dh_group = dh_group; + } + else + { /* this shouldn't happen, but let's be safe */ + this->dh_group = this->config->get_dh_group(this->config); + } + } + else + { + this->dh_group = this->config->get_dh_group(this->config); + } this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, this->dh_group); if (!this->dh) @@ -544,6 +579,18 @@ METHOD(task_t, build_i, status_t, return FAILED; } } + else if (this->dh->get_dh_group(this->dh) != this->dh_group) + { /* reset DH instance if group changed (INVALID_KE_PAYLOAD) */ + this->dh->destroy(this->dh); + this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, + this->dh_group); + if (!this->dh) + { + DBG1(DBG_IKE, "requested DH group %N not supported", + diffie_hellman_group_names, this->dh_group); + return FAILED; + } + } /* generate nonce only when we are trying the first time */ if (this->my_nonce.ptr == NULL) @@ -929,12 +976,6 @@ METHOD(task_t, migrate, void, this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); this->proposal = NULL; this->dh_failed = FALSE; - if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group) - { /* reset DH value only if group changed (INVALID_KE_PAYLOAD) */ - this->dh->destroy(this->dh); - this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, - this->dh_group); - } } METHOD(task_t, destroy, void, diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index dc0f24fb8..fe41a1cac 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -76,13 +76,35 @@ struct private_ike_mobike_t { * additional addresses got updated */ bool addresses_updated; - - /** - * whether the pending updates counter was increased - */ - bool pending_update; }; +/** + * Check if a newer MOBIKE update task is queued + */ +static bool is_newer_update_queued(private_ike_mobike_t *this) +{ + enumerator_t *enumerator; + private_ike_mobike_t *mobike; + task_t *task; + bool found = FALSE; + + enumerator = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_QUEUED); + while (enumerator->enumerate(enumerator, &task)) + { + if (task->get_type(task) == TASK_IKE_MOBIKE) + { + mobike = (private_ike_mobike_t*)task; + /* a queued check or update might invalidate the results of the + * current task */ + found = mobike->check || mobike->update; + break; + } + } + enumerator->destroy(enumerator); + return found; +} + /** * read notifys from message and evaluate them */ @@ -526,9 +548,8 @@ METHOD(task_t, process_i, status_t, } else if (message->get_exchange_type(message) == INFORMATIONAL) { - if (this->ike_sa->get_pending_updates(this->ike_sa) > 1) + if (is_newer_update_queued(this)) { - /* newer update queued, ignore this one */ return SUCCESS; } if (this->cookie2.ptr) @@ -553,7 +574,7 @@ METHOD(task_t, process_i, status_t, if (this->natd) { this->natd->task.process(&this->natd->task, message); - if (this->natd->has_mapping_changed(this->natd)) + if (!this->update && this->natd->has_mapping_changed(this->natd)) { /* force an update if mappings have changed */ this->update = this->check = TRUE; @@ -615,25 +636,13 @@ METHOD(ike_mobike_t, addresses, void, private_ike_mobike_t *this) { this->address = TRUE; - if (!this->pending_update) - { - this->pending_update = TRUE; - this->ike_sa->set_pending_updates(this->ike_sa, - this->ike_sa->get_pending_updates(this->ike_sa) + 1); - } } METHOD(ike_mobike_t, roam, void, private_ike_mobike_t *this, bool address) { this->check = TRUE; - this->address = address; - if (!this->pending_update) - { - this->pending_update = TRUE; - this->ike_sa->set_pending_updates(this->ike_sa, - this->ike_sa->get_pending_updates(this->ike_sa) + 1); - } + this->address |= address; } METHOD(ike_mobike_t, dpd, void, @@ -643,12 +652,6 @@ METHOD(ike_mobike_t, dpd, void, { this->natd = ike_natd_create(this->ike_sa, this->initiator); } - if (!this->pending_update) - { - this->pending_update = TRUE; - this->ike_sa->set_pending_updates(this->ike_sa, - this->ike_sa->get_pending_updates(this->ike_sa) + 1); - } } METHOD(ike_mobike_t, is_probing, bool, @@ -678,21 +681,11 @@ METHOD(task_t, migrate, void, { this->natd->task.migrate(&this->natd->task, ike_sa); } - if (this->pending_update) - { - this->ike_sa->set_pending_updates(this->ike_sa, - this->ike_sa->get_pending_updates(this->ike_sa) + 1); - } } METHOD(task_t, destroy, void, private_ike_mobike_t *this) { - if (this->pending_update) - { - this->ike_sa->set_pending_updates(this->ike_sa, - this->ike_sa->get_pending_updates(this->ike_sa) - 1); - } chunk_free(&this->cookie2); if (this->natd) { diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h index bc40b3d92..17d2efe37 100644 --- a/src/libcharon/sa/keymat.h +++ b/src/libcharon/sa/keymat.h @@ -27,7 +27,7 @@ typedef struct keymat_t keymat_t; #include #include #include -#include +#include #include #include diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index e3fddf39b..9545da4f3 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -86,7 +86,7 @@ enum task_queue_t { * completed. * For the initial IKE_SA setup, several tasks are queued: One for the * unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup - * and maybe one for virtual IP assignement. + * and maybe one for virtual IP assignment. * The task manager is also responsible for retransmission. It uses a backoff * algorithm. The timeout is calculated using * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try). diff --git a/src/libcharon/sa/xauth/xauth_manager.h b/src/libcharon/sa/xauth/xauth_manager.h index 65b3c58a3..513bf32f5 100644 --- a/src/libcharon/sa/xauth/xauth_manager.h +++ b/src/libcharon/sa/xauth/xauth_manager.h @@ -29,7 +29,7 @@ typedef struct xauth_manager_t xauth_manager_t; * The XAuth manager manages all XAuth implementations and creates instances. * * A plugin registers it's implemented XAuth method at the manager by - * providing type and a contructor function. The manager then instanciates + * providing type and a constructor function. The manager then instantiates * xauth_method_t instances through the provided constructor to handle * XAuth authentication. */ diff --git a/src/libcharon/sa/xauth/xauth_method.h b/src/libcharon/sa/xauth/xauth_method.h index 701b4dc77..c0c2024e0 100644 --- a/src/libcharon/sa/xauth/xauth_method.h +++ b/src/libcharon/sa/xauth/xauth_method.h @@ -54,7 +54,7 @@ struct xauth_method_t { /** * Initiate the XAuth exchange. * - * initiate() is only useable for server implementations, as clients only + * initiate() is only usable for server implementations, as clients only * reply to server requests. * A cp_payload is created in "out" if result is NEED_MORE. * diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am index 8f762a2e6..5ebd0456c 100644 --- a/src/libcharon/tests/Makefile.am +++ b/src/libcharon/tests/Makefile.am @@ -3,7 +3,6 @@ TESTS = libcharon_tests exchange_tests check_PROGRAMS = $(TESTS) libcharon_tests_SOURCES = \ - suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 66d2431c9..24552d201 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -138,7 +138,6 @@ exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(exchange_tests_CFLAGS) $(CFLAGS) $(exchange_tests_LDFLAGS) \ $(LDFLAGS) -o $@ am_libcharon_tests_OBJECTS = \ - suites/libcharon_tests-test_proposal.$(OBJEXT) \ suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \ suites/libcharon_tests-test_mem_pool.$(OBJEXT) \ suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \ @@ -475,7 +474,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ libcharon_tests_SOURCES = \ - suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ @@ -608,8 +606,6 @@ utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \ exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES) $(EXTRA_exchange_tests_DEPENDENCIES) @rm -f exchange_tests$(EXEEXT) $(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS) -suites/libcharon_tests-test_proposal.$(OBJEXT): \ - suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_mem_pool.$(OBJEXT): \ @@ -640,7 +636,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_proposal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@ @@ -854,20 +849,6 @@ exchange_tests-exchange_tests.obj: exchange_tests.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi` -suites/libcharon_tests-test_proposal.o: suites/test_proposal.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c - -suites/libcharon_tests-test_proposal.obj: suites/test_proposal.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` - suites/libcharon_tests-test_ike_cfg.o: suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_ike_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo -c -o suites/libcharon_tests-test_ike_cfg.o `test -f 'suites/test_ike_cfg.c' || echo '$(srcdir)/'`suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h index f770f464d..d17ea041d 100644 --- a/src/libcharon/tests/libcharon_tests.h +++ b/src/libcharon/tests/libcharon_tests.h @@ -24,7 +24,6 @@ * @ingroup libcharon-tests */ -TEST_SUITE(proposal_suite_create) TEST_SUITE(ike_cfg_suite_create) TEST_SUITE(mem_pool_suite_create) TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32) diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index ac169723f..44d004ab7 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -231,6 +231,61 @@ START_TEST(test_regular_ke_invalid) /* child_updown */ assert_hook(); + /* because the DH group should get reused another rekeying should complete + * without additional exchange */ + initiate_rekey(a, 5); + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 6, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 5, 6, 8); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 7, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 5, 6, 7, 8); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 6, 7, 8); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 7, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 5, 7, 8); + assert_hook(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 5); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 7, 8); + destroy_rekeyed(b, 6); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 7, 8); + + /* child_updown */ + assert_hook(); + call_ikesa(a, destroy); call_ikesa(b, destroy); } diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c index ba39657a4..e22a0c288 100644 --- a/src/libcharon/tests/suites/test_ike_rekey.c +++ b/src/libcharon/tests/suites/test_ike_rekey.c @@ -138,6 +138,8 @@ START_TEST(test_regular_ke_invalid) lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); + lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group", + FALSE, lib->ns); initiate_rekey(a); @@ -382,6 +384,8 @@ START_TEST(test_collision_ke_invalid) lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); + lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group", + FALSE, lib->ns); /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): @@ -591,6 +595,8 @@ START_TEST(test_collision_ke_invalid_delayed_retry) lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); + lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group", + FALSE, lib->ns); /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c deleted file mode 100644 index f1591794a..000000000 --- a/src/libcharon/tests/suites/test_proposal.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (C) 2016 Tobias Brunner - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "test_suite.h" - -#include - -static struct { - protocol_id_t proto; - char *proposal; - char *expected; -} create_data[] = { - { PROTO_IKE, "", NULL }, - { PROTO_IKE, "sha256", NULL }, - { PROTO_IKE, "sha256-modp3072", NULL }, - { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, - { PROTO_IKE, "aes128", NULL }, - { PROTO_IKE, "aes128-sha256", NULL }, - { PROTO_IKE, "aes128-sha256-modpnone", NULL }, - { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, - { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" }, - { PROTO_IKE, "aes128gcm16-modp3072", NULL }, - { PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, - { PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, - { PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL }, - { PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "", NULL }, - { PROTO_ESP, "sha256", NULL }, - { PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" }, - { PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, - { PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" }, - { PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" }, - { PROTO_AH, "", NULL }, - { PROTO_AH, "aes128", NULL }, - { PROTO_AH, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_AH, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" }, - { PROTO_AH, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_AH, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_AH, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_AH, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" }, - { PROTO_AH, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, - { PROTO_AH, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, -}; - -START_TEST(test_create_from_string) -{ - proposal_t *proposal; - char str[BUF_LEN]; - - proposal = proposal_create_from_string(create_data[_i].proto, - create_data[_i].proposal); - if (!create_data[_i].expected) - { - ck_assert(!proposal); - return; - } - snprintf(str, sizeof(str), "%P", proposal); - ck_assert_str_eq(create_data[_i].expected, str); - proposal->destroy(proposal); -} -END_TEST - -static struct { - protocol_id_t proto; - char *self; - char *other; - char *expected; -} select_data[] = { - { PROTO_ESP, "aes128", "aes128", "aes128" }, - { PROTO_ESP, "aes128", "aes256", NULL }, - { PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" }, - { PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" }, - { PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, - { PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, - { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL }, - { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, - { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, - { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, - { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, - { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, -}; - -START_TEST(test_select) -{ - proposal_t *self, *other, *selected, *expected; - - self = proposal_create_from_string(select_data[_i].proto, - select_data[_i].self); - other = proposal_create_from_string(select_data[_i].proto, - select_data[_i].other); - selected = self->select(self, other, TRUE, FALSE); - if (select_data[_i].expected) - { - expected = proposal_create_from_string(select_data[_i].proto, - select_data[_i].expected); - ck_assert(selected); - ck_assert_msg(expected->equals(expected, selected), "proposal %P does " - "not match expected %P", selected, expected); - expected->destroy(expected); - } - else - { - ck_assert(!selected); - } - DESTROY_IF(selected); - other->destroy(other); - self->destroy(self); -} -END_TEST - -START_TEST(test_select_spi) -{ - proposal_t *self, *other, *selected; - - self = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072"); - other = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072"); - other->set_spi(other, 0x12345678); - - selected = self->select(self, other, TRUE, FALSE); - ck_assert(selected); - ck_assert_int_eq(selected->get_spi(selected), other->get_spi(other)); - selected->destroy(selected); - - selected = self->select(self, other, FALSE, FALSE); - ck_assert(selected); - ck_assert_int_eq(selected->get_spi(selected), self->get_spi(self)); - selected->destroy(selected); - - other->destroy(other); - self->destroy(self); -} -END_TEST - -Suite *proposal_suite_create() -{ - Suite *s; - TCase *tc; - - s = suite_create("proposal"); - - tc = tcase_create("create_from_string"); - tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data)); - suite_add_tcase(s, tc); - - tc = tcase_create("select"); - tcase_add_loop_test(tc, test_select, 0, countof(select_data)); - tcase_add_test(tc, test_select_spi); - suite_add_tcase(s, tc); - - return s; -} diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index cabcd0a9e..d7b508ab9 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -239,9 +239,10 @@ static void add_default_pwd_enabled(imc_msg_t *msg) static void add_device_id(imc_msg_t *msg) { pa_tnc_attr_t *attr; - chunk_t value = chunk_empty, keyid; - char *name, *device_id, *cert_path; + chunk_t chunk, value = chunk_empty, keyid; + char *name, *device_id, *device_handle, *cert_path; certificate_t *cert = NULL; + private_key_t *privkey = NULL; public_key_t *pubkey; /* Get the device ID as a character string */ @@ -252,6 +253,32 @@ static void add_device_id(imc_msg_t *msg) value = chunk_clone(chunk_from_str(device_id)); } + if (value.len == 0) + { + /* Derive the device ID from a private key bound to a smartcard or TPM */ + device_handle = lib->settings->get_str(lib->settings, + "%s.plugins.imc-os.device_handle", NULL, lib->ns); + if (device_handle) + { + chunk = chunk_from_hex( + chunk_create(device_handle, strlen(device_handle)), NULL); + privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + free(chunk.ptr); + + if (privkey) + { + if (privkey->get_fingerprint(privkey, KEYID_PUBKEY_INFO_SHA1, + &keyid)) + { + value = chunk_to_hex(keyid, NULL, FALSE); + } + privkey->destroy(privkey); + + } + } + } + if (value.len == 0) { /* Derive the device ID from a raw public key */ diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag deleted file mode 100644 index f10740d60..000000000 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag +++ /dev/null @@ -1,11 +0,0 @@ - - - - diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag new file mode 100644 index 000000000..bb4d300a9 --- /dev/null +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag deleted file mode 100644 index f10740d60..000000000 --- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag +++ /dev/null @@ -1,11 +0,0 @@ - - - - diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag new file mode 100644 index 000000000..bb4d300a9 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/pts/pts_database.h b/src/libimcv/pts/pts_database.h index 3a5ff5992..a19f14485 100644 --- a/src/libimcv/pts/pts_database.h +++ b/src/libimcv/pts/pts_database.h @@ -74,7 +74,7 @@ struct pts_database_t { * @param measurement File measurement hash * @param filename Optional name of the file to be checked * @param is_dir TRUE if part of directory measurement - * @param id Primary key into direcories/files table + * @param id Primary key into directories/files table * @return TRUE if successful */ bool (*add_file_measurement)(pts_database_t *this, int vid, diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h index df84c679f..0658f1f98 100644 --- a/src/libimcv/pts/pts_pcr.h +++ b/src/libimcv/pts/pts_pcr.h @@ -92,7 +92,7 @@ struct pts_pcr_t { * Extend the content of a PCR * * @param pcr index of PCR - * @param measurement measurment value to be extended into PCR + * @param measurement measurement value to be extended into PCR * @return new content of PCR */ chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement); diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index 2cee8e10f..3a1feae53 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -102,7 +102,7 @@ enum pt_tls_auth_t { * @param tls TLS socket to read from * @param vendor receives Message Type Vendor ID from header * @param type receives Message Type from header - * @param identifier receives Message Identifer + * @param identifier receives Message Identifier * @return reader over message value, NULL on error */ bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index a1c645319..0168b1802 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -390,7 +390,7 @@ static bool authenticate(private_pt_tls_server_t *this) { if (do_sasl(this)) { - /* complete SASL with emtpy mechanism list */ + /* complete SASL with empty mechanism list */ return pt_tls_write(this->tls, PT_TLS_SASL_MECHS, this->identifier++, chunk_empty); } diff --git a/src/libradius/radius_client.h b/src/libradius/radius_client.h index cf5f79b6c..2f6c8a43a 100644 --- a/src/libradius/radius_client.h +++ b/src/libradius/radius_client.h @@ -30,7 +30,7 @@ typedef struct radius_client_t radius_client_t; * RADIUS client functionality. * * To communicate with a RADIUS server, create a client and send messages over - * it. The client allocates a socket from the best RADIUS server abailable. + * it. The client allocates a socket from the best RADIUS server available. */ struct radius_client_t { diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index c72773312..eb14bf08e 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -320,7 +320,7 @@ struct radius_message_t { radius_message_t *radius_message_create(radius_message_code_t code); /** - * Parse and verify a recevied RADIUS message. + * Parse and verify a received RADIUS message. * * @param data received message data * @return radius_message_t object, NULL if length invalid diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 115be79fb..b3d90d3e5 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -348,7 +348,14 @@ METHOD(radius_socket_t, decrypt_msk, chunk_t, enumerator->destroy(enumerator); if (send.ptr && recv.ptr) { - return chunk_cat("mm", recv, send); + chunk_t pad = chunk_empty; + + if ((send.len + recv.len) < 64) + { /* zero-pad MSK to at least 64 bytes */ + pad = chunk_alloca(64 - send.len - recv.len); + memset(pad.ptr, 0, pad.len); + } + return chunk_cat("mmc", recv, send, pad); } chunk_clear(&send); chunk_clear(&recv); diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h index b10d1659b..9f6810f8f 100644 --- a/src/libsimaka/simaka_manager.h +++ b/src/libsimaka/simaka_manager.h @@ -98,7 +98,7 @@ struct simaka_manager_t { * @param id permanent identity to request quintuplet for * @param rand random value rand * @param auts resynchronization parameter auts - * @return TRUE if calculated, FALSE if no matcing card found + * @return TRUE if calculated, FALSE if no matching card found */ bool (*card_resync)(simaka_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 6827c1795..8f5812a76 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -49,7 +49,7 @@ struct hdr_t { struct attr_hdr_t { /** attribute type */ uint8_t type; - /** attibute length */ + /** attribute length */ uint8_t length; } __attribute__((__packed__)); diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 0247add96..fb7c62a8a 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -8,7 +8,7 @@ asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \ collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \ collections/array.c \ collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \ -crypto/hashers/hash_algorithm_set.c \ +crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \ crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index a9759aeee..66539a879 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -6,7 +6,7 @@ asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \ collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \ collections/array.c \ collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \ -crypto/hashers/hash_algorithm_set.c \ +crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \ crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \ @@ -69,7 +69,7 @@ asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \ collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \ collections/linked_list.h collections/array.h collections/dictionary.h \ crypto/crypters/crypter.h crypto/hashers/hasher.h \ -crypto/hashers/hash_algorithm_set.h crypto/mac.h \ +crypto/hashers/hash_algorithm_set.h crypto/mac.h crypto/proposal/proposal.h \ crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \ crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 356670dad..a0eb8b6b5 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -335,7 +335,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ collections/enumerator.c collections/hashtable.c \ collections/array.c collections/linked_list.c \ crypto/crypters/crypter.c crypto/hashers/hasher.c \ - crypto/hashers/hash_algorithm_set.c \ + crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \ crypto/proposal/proposal_keywords.c \ crypto/proposal/proposal_keywords_static.c crypto/prfs/prf.c \ crypto/prfs/mac_prf.c crypto/pkcs5.c crypto/rngs/rng.c \ @@ -425,6 +425,7 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \ collections/array.lo collections/linked_list.lo \ crypto/crypters/crypter.lo crypto/hashers/hasher.lo \ crypto/hashers/hash_algorithm_set.lo \ + crypto/proposal/proposal.lo \ crypto/proposal/proposal_keywords.lo \ crypto/proposal/proposal_keywords_static.lo crypto/prfs/prf.lo \ crypto/prfs/mac_prf.lo crypto/pkcs5.lo crypto/rngs/rng.lo \ @@ -556,7 +557,8 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ collections/linked_list.h collections/array.h \ collections/dictionary.h crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hash_algorithm_set.h \ - crypto/mac.h crypto/proposal/proposal_keywords.h \ + crypto/mac.h crypto/proposal/proposal.h \ + crypto/proposal/proposal_keywords.h \ crypto/proposal/proposal_keywords_static.h crypto/prfs/prf.h \ crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \ crypto/prf_plus.h crypto/signers/signer.h \ @@ -942,7 +944,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ collections/hashtable.c collections/array.c \ collections/linked_list.c crypto/crypters/crypter.c \ crypto/hashers/hasher.c crypto/hashers/hash_algorithm_set.c \ - crypto/proposal/proposal_keywords.c \ + crypto/proposal/proposal.c crypto/proposal/proposal_keywords.c \ crypto/proposal/proposal_keywords_static.c crypto/prfs/prf.c \ crypto/prfs/mac_prf.c crypto/pkcs5.c crypto/rngs/rng.c \ crypto/prf_plus.c crypto/signers/signer.c \ @@ -1005,7 +1007,7 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \ @USE_DEV_HEADERS_TRUE@collections/linked_list.h collections/array.h collections/dictionary.h \ @USE_DEV_HEADERS_TRUE@crypto/crypters/crypter.h crypto/hashers/hasher.h \ -@USE_DEV_HEADERS_TRUE@crypto/hashers/hash_algorithm_set.h crypto/mac.h \ +@USE_DEV_HEADERS_TRUE@crypto/hashers/hash_algorithm_set.h crypto/mac.h crypto/proposal/proposal.h \ @USE_DEV_HEADERS_TRUE@crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \ @USE_DEV_HEADERS_TRUE@crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \ @USE_DEV_HEADERS_TRUE@crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ @@ -1302,6 +1304,8 @@ crypto/proposal/$(am__dirstamp): crypto/proposal/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) crypto/proposal/$(DEPDIR) @: > crypto/proposal/$(DEPDIR)/$(am__dirstamp) +crypto/proposal/proposal.lo: crypto/proposal/$(am__dirstamp) \ + crypto/proposal/$(DEPDIR)/$(am__dirstamp) crypto/proposal/proposal_keywords.lo: crypto/proposal/$(am__dirstamp) \ crypto/proposal/$(DEPDIR)/$(am__dirstamp) crypto/proposal/proposal_keywords_static.lo: \ @@ -1855,6 +1859,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_seq.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/mac_prf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/prf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@crypto/proposal/$(DEPDIR)/proposal.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/proposal/$(DEPDIR)/proposal_keywords.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/proposal/$(DEPDIR)/proposal_keywords_static.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/rngs/$(DEPDIR)/rng.Plo@am__quote@ diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 6d9f98ee4..a70aafdd9 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -205,8 +205,8 @@ const oid_t oid_names[] = { { 0x02, 193, 0, 7, "ecdsa-with-SHA256" }, /* 192 */ { 0x03, 194, 0, 7, "ecdsa-with-SHA384" }, /* 193 */ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 194 */ - {0x2B, 425, 1, 0, "" }, /* 195 */ - { 0x06, 336, 1, 1, "dod" }, /* 196 */ + {0x2B, 426, 1, 0, "" }, /* 195 */ + { 0x06, 337, 1, 1, "dod" }, /* 196 */ { 0x01, 0, 1, 2, "internet" }, /* 197 */ { 0x04, 287, 1, 3, "private" }, /* 198 */ { 0x01, 0, 1, 4, "enterprise" }, /* 199 */ @@ -299,211 +299,212 @@ const oid_t oid_names[] = { { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 286 */ { 0x05, 0, 1, 3, "security" }, /* 287 */ { 0x05, 0, 1, 4, "mechanisms" }, /* 288 */ - { 0x07, 333, 1, 5, "id-pkix" }, /* 289 */ - { 0x01, 294, 1, 6, "id-pe" }, /* 290 */ + { 0x07, 334, 1, 5, "id-pkix" }, /* 289 */ + { 0x01, 295, 1, 6, "id-pe" }, /* 290 */ { 0x01, 292, 0, 7, "authorityInfoAccess" }, /* 291 */ { 0x03, 293, 0, 7, "qcStatements" }, /* 292 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 293 */ - { 0x02, 297, 1, 6, "id-qt" }, /* 294 */ - { 0x01, 296, 0, 7, "cps" }, /* 295 */ - { 0x02, 0, 0, 7, "unotice" }, /* 296 */ - { 0x03, 307, 1, 6, "id-kp" }, /* 297 */ - { 0x01, 299, 0, 7, "serverAuth" }, /* 298 */ - { 0x02, 300, 0, 7, "clientAuth" }, /* 299 */ - { 0x03, 301, 0, 7, "codeSigning" }, /* 300 */ - { 0x04, 302, 0, 7, "emailProtection" }, /* 301 */ - { 0x05, 303, 0, 7, "ipsecEndSystem" }, /* 302 */ - { 0x06, 304, 0, 7, "ipsecTunnel" }, /* 303 */ - { 0x07, 305, 0, 7, "ipsecUser" }, /* 304 */ - { 0x08, 306, 0, 7, "timeStamping" }, /* 305 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 306 */ - { 0x08, 315, 1, 6, "id-otherNames" }, /* 307 */ - { 0x01, 309, 0, 7, "personalData" }, /* 308 */ - { 0x02, 310, 0, 7, "userGroup" }, /* 309 */ - { 0x03, 311, 0, 7, "id-on-permanentIdentifier" }, /* 310 */ - { 0x04, 312, 0, 7, "id-on-hardwareModuleName" }, /* 311 */ - { 0x05, 313, 0, 7, "xmppAddr" }, /* 312 */ - { 0x06, 314, 0, 7, "id-on-SIM" }, /* 313 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 314 */ - { 0x0A, 320, 1, 6, "id-aca" }, /* 315 */ - { 0x01, 317, 0, 7, "authenticationInfo" }, /* 316 */ - { 0x02, 318, 0, 7, "accessIdentity" }, /* 317 */ - { 0x03, 319, 0, 7, "chargingIdentity" }, /* 318 */ - { 0x04, 0, 0, 7, "group" }, /* 319 */ - { 0x0B, 321, 0, 6, "subjectInfoAccess" }, /* 320 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 321 */ - { 0x01, 330, 1, 7, "ocsp" }, /* 322 */ - { 0x01, 324, 0, 8, "basic" }, /* 323 */ - { 0x02, 325, 0, 8, "nonce" }, /* 324 */ - { 0x03, 326, 0, 8, "crl" }, /* 325 */ - { 0x04, 327, 0, 8, "response" }, /* 326 */ - { 0x05, 328, 0, 8, "noCheck" }, /* 327 */ - { 0x06, 329, 0, 8, "archiveCutoff" }, /* 328 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 329 */ - { 0x02, 331, 0, 7, "caIssuers" }, /* 330 */ - { 0x03, 332, 0, 7, "timeStamping" }, /* 331 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 332 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 333 */ - { 0x02, 0, 1, 6, "certificate" }, /* 334 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 335 */ - { 0x0E, 342, 1, 1, "oiw" }, /* 336 */ - { 0x03, 0, 1, 2, "secsig" }, /* 337 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 338 */ - { 0x07, 340, 0, 4, "des-cbc" }, /* 339 */ - { 0x1A, 341, 0, 4, "sha-1" }, /* 340 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 341 */ - { 0x24, 388, 1, 1, "TeleTrusT" }, /* 342 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 343 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 344 */ - { 0x01, 349, 1, 4, "rsaSignature" }, /* 345 */ - { 0x02, 347, 0, 5, "rsaSigWithripemd160" }, /* 346 */ - { 0x03, 348, 0, 5, "rsaSigWithripemd128" }, /* 347 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 348 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 349 */ - { 0x01, 351, 0, 5, "ecSignWithsha1" }, /* 350 */ - { 0x02, 352, 0, 5, "ecSignWithripemd160" }, /* 351 */ - { 0x03, 353, 0, 5, "ecSignWithmd2" }, /* 352 */ - { 0x04, 354, 0, 5, "ecSignWithmd5" }, /* 353 */ - { 0x05, 371, 1, 5, "ttt-ecg" }, /* 354 */ - { 0x01, 359, 1, 6, "fieldType" }, /* 355 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 356 */ - { 0x01, 0, 1, 8, "basisType" }, /* 357 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 358 */ - { 0x02, 361, 1, 6, "keyType" }, /* 359 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 360 */ - { 0x03, 362, 0, 6, "curve" }, /* 361 */ - { 0x04, 369, 1, 6, "signatures" }, /* 362 */ - { 0x01, 364, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 363 */ - { 0x02, 365, 0, 7, "ecgdsa-with-SHA1" }, /* 364 */ - { 0x03, 366, 0, 7, "ecgdsa-with-SHA224" }, /* 365 */ - { 0x04, 367, 0, 7, "ecgdsa-with-SHA256" }, /* 366 */ - { 0x05, 368, 0, 7, "ecgdsa-with-SHA384" }, /* 367 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 368 */ - { 0x05, 0, 1, 6, "module" }, /* 369 */ - { 0x01, 0, 0, 7, "1" }, /* 370 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 371 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 372 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 373 */ - { 0x01, 375, 0, 8, "brainpoolP160r1" }, /* 374 */ - { 0x02, 376, 0, 8, "brainpoolP160t1" }, /* 375 */ - { 0x03, 377, 0, 8, "brainpoolP192r1" }, /* 376 */ - { 0x04, 378, 0, 8, "brainpoolP192t1" }, /* 377 */ - { 0x05, 379, 0, 8, "brainpoolP224r1" }, /* 378 */ - { 0x06, 380, 0, 8, "brainpoolP224t1" }, /* 379 */ - { 0x07, 381, 0, 8, "brainpoolP256r1" }, /* 380 */ - { 0x08, 382, 0, 8, "brainpoolP256t1" }, /* 381 */ - { 0x09, 383, 0, 8, "brainpoolP320r1" }, /* 382 */ - { 0x0A, 384, 0, 8, "brainpoolP320t1" }, /* 383 */ - { 0x0B, 385, 0, 8, "brainpoolP384r1" }, /* 384 */ - { 0x0C, 386, 0, 8, "brainpoolP384t1" }, /* 385 */ - { 0x0D, 387, 0, 8, "brainpoolP512r1" }, /* 386 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 387 */ - { 0x65, 391, 1, 1, "Thawte" }, /* 388 */ - { 0x70, 390, 0, 2, "id-Ed25519" }, /* 389 */ - { 0x71, 0, 0, 2, "id-Ed448" }, /* 390 */ - { 0x81, 0, 1, 1, "" }, /* 391 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 392 */ - { 0x00, 0, 1, 3, "curve" }, /* 393 */ - { 0x01, 395, 0, 4, "sect163k1" }, /* 394 */ - { 0x02, 396, 0, 4, "sect163r1" }, /* 395 */ - { 0x03, 397, 0, 4, "sect239k1" }, /* 396 */ - { 0x04, 398, 0, 4, "sect113r1" }, /* 397 */ - { 0x05, 399, 0, 4, "sect113r2" }, /* 398 */ - { 0x06, 400, 0, 4, "secp112r1" }, /* 399 */ - { 0x07, 401, 0, 4, "secp112r2" }, /* 400 */ - { 0x08, 402, 0, 4, "secp160r1" }, /* 401 */ - { 0x09, 403, 0, 4, "secp160k1" }, /* 402 */ - { 0x0A, 404, 0, 4, "secp256k1" }, /* 403 */ - { 0x0F, 405, 0, 4, "sect163r2" }, /* 404 */ - { 0x10, 406, 0, 4, "sect283k1" }, /* 405 */ - { 0x11, 407, 0, 4, "sect283r1" }, /* 406 */ - { 0x16, 408, 0, 4, "sect131r1" }, /* 407 */ - { 0x17, 409, 0, 4, "sect131r2" }, /* 408 */ - { 0x18, 410, 0, 4, "sect193r1" }, /* 409 */ - { 0x19, 411, 0, 4, "sect193r2" }, /* 410 */ - { 0x1A, 412, 0, 4, "sect233k1" }, /* 411 */ - { 0x1B, 413, 0, 4, "sect233r1" }, /* 412 */ - { 0x1C, 414, 0, 4, "secp128r1" }, /* 413 */ - { 0x1D, 415, 0, 4, "secp128r2" }, /* 414 */ - { 0x1E, 416, 0, 4, "secp160r2" }, /* 415 */ - { 0x1F, 417, 0, 4, "secp192k1" }, /* 416 */ - { 0x20, 418, 0, 4, "secp224k1" }, /* 417 */ - { 0x21, 419, 0, 4, "secp224r1" }, /* 418 */ - { 0x22, 420, 0, 4, "secp384r1" }, /* 419 */ - { 0x23, 421, 0, 4, "secp521r1" }, /* 420 */ - { 0x24, 422, 0, 4, "sect409k1" }, /* 421 */ - { 0x25, 423, 0, 4, "sect409r1" }, /* 422 */ - { 0x26, 424, 0, 4, "sect571k1" }, /* 423 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 424 */ - {0x60, 488, 1, 0, "" }, /* 425 */ - { 0x86, 0, 1, 1, "" }, /* 426 */ - { 0x48, 0, 1, 2, "" }, /* 427 */ - { 0x01, 0, 1, 3, "organization" }, /* 428 */ - { 0x65, 464, 1, 4, "gov" }, /* 429 */ - { 0x03, 0, 1, 5, "csor" }, /* 430 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 431 */ - { 0x01, 442, 1, 7, "aes" }, /* 432 */ - { 0x02, 434, 0, 8, "id-aes128-CBC" }, /* 433 */ - { 0x06, 435, 0, 8, "id-aes128-GCM" }, /* 434 */ - { 0x07, 436, 0, 8, "id-aes128-CCM" }, /* 435 */ - { 0x16, 437, 0, 8, "id-aes192-CBC" }, /* 436 */ - { 0x1A, 438, 0, 8, "id-aes192-GCM" }, /* 437 */ - { 0x1B, 439, 0, 8, "id-aes192-CCM" }, /* 438 */ - { 0x2A, 440, 0, 8, "id-aes256-CBC" }, /* 439 */ - { 0x2E, 441, 0, 8, "id-aes256-GCM" }, /* 440 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 441 */ - { 0x02, 455, 1, 7, "hashAlgs" }, /* 442 */ - { 0x01, 444, 0, 8, "id-sha256" }, /* 443 */ - { 0x02, 445, 0, 8, "id-sha384" }, /* 444 */ - { 0x03, 446, 0, 8, "id-sha512" }, /* 445 */ - { 0x04, 447, 0, 8, "id-sha224" }, /* 446 */ - { 0x05, 448, 0, 8, "id-sha512-224" }, /* 447 */ - { 0x06, 449, 0, 8, "id-sha512-256" }, /* 448 */ - { 0x07, 450, 0, 8, "id-sha3-224" }, /* 449 */ - { 0x08, 451, 0, 8, "id-sha3-256" }, /* 450 */ - { 0x09, 452, 0, 8, "id-sha3-384" }, /* 451 */ - { 0x0A, 453, 0, 8, "id-sha3-512" }, /* 452 */ - { 0x0B, 454, 0, 8, "id-shake128" }, /* 453 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 454 */ - { 0x03, 0, 1, 7, "sigAlgs" }, /* 455 */ - { 0x09, 457, 0, 8, "id-ecdsa-with-sha3-224" }, /* 456 */ - { 0x0A, 458, 0, 8, "id-ecdsa-with-sha3-256" }, /* 457 */ - { 0x0B, 459, 0, 8, "id-ecdsa-with-sha3-384" }, /* 458 */ - { 0x0C, 460, 0, 8, "id-ecdsa-with-sha3-512" }, /* 459 */ - { 0x0D, 461, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 460 */ - { 0x0E, 462, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 461 */ - { 0x0F, 463, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 462 */ - { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 463 */ - { 0x86, 0, 1, 4, "" }, /* 464 */ - { 0xf8, 0, 1, 5, "" }, /* 465 */ - { 0x42, 478, 1, 6, "netscape" }, /* 466 */ - { 0x01, 473, 1, 7, "" }, /* 467 */ - { 0x01, 469, 0, 8, "nsCertType" }, /* 468 */ - { 0x03, 470, 0, 8, "nsRevocationUrl" }, /* 469 */ - { 0x04, 471, 0, 8, "nsCaRevocationUrl" }, /* 470 */ - { 0x08, 472, 0, 8, "nsCaPolicyUrl" }, /* 471 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 472 */ - { 0x03, 476, 1, 7, "directory" }, /* 473 */ - { 0x01, 0, 1, 8, "" }, /* 474 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 475 */ - { 0x04, 0, 1, 7, "policy" }, /* 476 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 477 */ - { 0x45, 0, 1, 6, "verisign" }, /* 478 */ - { 0x01, 0, 1, 7, "pki" }, /* 479 */ - { 0x09, 0, 1, 8, "attributes" }, /* 480 */ - { 0x02, 482, 0, 9, "messageType" }, /* 481 */ - { 0x03, 483, 0, 9, "pkiStatus" }, /* 482 */ - { 0x04, 484, 0, 9, "failInfo" }, /* 483 */ - { 0x05, 485, 0, 9, "senderNonce" }, /* 484 */ - { 0x06, 486, 0, 9, "recipientNonce" }, /* 485 */ - { 0x07, 487, 0, 9, "transID" }, /* 486 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 487 */ - {0x67, 0, 1, 0, "" }, /* 488 */ - { 0x81, 0, 1, 1, "" }, /* 489 */ - { 0x05, 0, 1, 2, "" }, /* 490 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 491 */ - { 0x01, 493, 0, 4, "tcg-at-tpmManufacturer" }, /* 492 */ - { 0x02, 494, 0, 4, "tcg-at-tpmModel" }, /* 493 */ - { 0x03, 495, 0, 4, "tcg-at-tpmVersion" }, /* 494 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 495 */ + { 0x07, 294, 0, 7, "ipAddrBlocks" }, /* 293 */ + { 0x18, 0, 0, 7, "tlsfeature" }, /* 294 */ + { 0x02, 298, 1, 6, "id-qt" }, /* 295 */ + { 0x01, 297, 0, 7, "cps" }, /* 296 */ + { 0x02, 0, 0, 7, "unotice" }, /* 297 */ + { 0x03, 308, 1, 6, "id-kp" }, /* 298 */ + { 0x01, 300, 0, 7, "serverAuth" }, /* 299 */ + { 0x02, 301, 0, 7, "clientAuth" }, /* 300 */ + { 0x03, 302, 0, 7, "codeSigning" }, /* 301 */ + { 0x04, 303, 0, 7, "emailProtection" }, /* 302 */ + { 0x05, 304, 0, 7, "ipsecEndSystem" }, /* 303 */ + { 0x06, 305, 0, 7, "ipsecTunnel" }, /* 304 */ + { 0x07, 306, 0, 7, "ipsecUser" }, /* 305 */ + { 0x08, 307, 0, 7, "timeStamping" }, /* 306 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 307 */ + { 0x08, 316, 1, 6, "id-otherNames" }, /* 308 */ + { 0x01, 310, 0, 7, "personalData" }, /* 309 */ + { 0x02, 311, 0, 7, "userGroup" }, /* 310 */ + { 0x03, 312, 0, 7, "id-on-permanentIdentifier" }, /* 311 */ + { 0x04, 313, 0, 7, "id-on-hardwareModuleName" }, /* 312 */ + { 0x05, 314, 0, 7, "xmppAddr" }, /* 313 */ + { 0x06, 315, 0, 7, "id-on-SIM" }, /* 314 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 315 */ + { 0x0A, 321, 1, 6, "id-aca" }, /* 316 */ + { 0x01, 318, 0, 7, "authenticationInfo" }, /* 317 */ + { 0x02, 319, 0, 7, "accessIdentity" }, /* 318 */ + { 0x03, 320, 0, 7, "chargingIdentity" }, /* 319 */ + { 0x04, 0, 0, 7, "group" }, /* 320 */ + { 0x0B, 322, 0, 6, "subjectInfoAccess" }, /* 321 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 322 */ + { 0x01, 331, 1, 7, "ocsp" }, /* 323 */ + { 0x01, 325, 0, 8, "basic" }, /* 324 */ + { 0x02, 326, 0, 8, "nonce" }, /* 325 */ + { 0x03, 327, 0, 8, "crl" }, /* 326 */ + { 0x04, 328, 0, 8, "response" }, /* 327 */ + { 0x05, 329, 0, 8, "noCheck" }, /* 328 */ + { 0x06, 330, 0, 8, "archiveCutoff" }, /* 329 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 330 */ + { 0x02, 332, 0, 7, "caIssuers" }, /* 331 */ + { 0x03, 333, 0, 7, "timeStamping" }, /* 332 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 333 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 334 */ + { 0x02, 0, 1, 6, "certificate" }, /* 335 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 336 */ + { 0x0E, 343, 1, 1, "oiw" }, /* 337 */ + { 0x03, 0, 1, 2, "secsig" }, /* 338 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 339 */ + { 0x07, 341, 0, 4, "des-cbc" }, /* 340 */ + { 0x1A, 342, 0, 4, "sha-1" }, /* 341 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 342 */ + { 0x24, 389, 1, 1, "TeleTrusT" }, /* 343 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 344 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 345 */ + { 0x01, 350, 1, 4, "rsaSignature" }, /* 346 */ + { 0x02, 348, 0, 5, "rsaSigWithripemd160" }, /* 347 */ + { 0x03, 349, 0, 5, "rsaSigWithripemd128" }, /* 348 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 349 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 350 */ + { 0x01, 352, 0, 5, "ecSignWithsha1" }, /* 351 */ + { 0x02, 353, 0, 5, "ecSignWithripemd160" }, /* 352 */ + { 0x03, 354, 0, 5, "ecSignWithmd2" }, /* 353 */ + { 0x04, 355, 0, 5, "ecSignWithmd5" }, /* 354 */ + { 0x05, 372, 1, 5, "ttt-ecg" }, /* 355 */ + { 0x01, 360, 1, 6, "fieldType" }, /* 356 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 357 */ + { 0x01, 0, 1, 8, "basisType" }, /* 358 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 359 */ + { 0x02, 362, 1, 6, "keyType" }, /* 360 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 361 */ + { 0x03, 363, 0, 6, "curve" }, /* 362 */ + { 0x04, 370, 1, 6, "signatures" }, /* 363 */ + { 0x01, 365, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 364 */ + { 0x02, 366, 0, 7, "ecgdsa-with-SHA1" }, /* 365 */ + { 0x03, 367, 0, 7, "ecgdsa-with-SHA224" }, /* 366 */ + { 0x04, 368, 0, 7, "ecgdsa-with-SHA256" }, /* 367 */ + { 0x05, 369, 0, 7, "ecgdsa-with-SHA384" }, /* 368 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 369 */ + { 0x05, 0, 1, 6, "module" }, /* 370 */ + { 0x01, 0, 0, 7, "1" }, /* 371 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 372 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 373 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 374 */ + { 0x01, 376, 0, 8, "brainpoolP160r1" }, /* 375 */ + { 0x02, 377, 0, 8, "brainpoolP160t1" }, /* 376 */ + { 0x03, 378, 0, 8, "brainpoolP192r1" }, /* 377 */ + { 0x04, 379, 0, 8, "brainpoolP192t1" }, /* 378 */ + { 0x05, 380, 0, 8, "brainpoolP224r1" }, /* 379 */ + { 0x06, 381, 0, 8, "brainpoolP224t1" }, /* 380 */ + { 0x07, 382, 0, 8, "brainpoolP256r1" }, /* 381 */ + { 0x08, 383, 0, 8, "brainpoolP256t1" }, /* 382 */ + { 0x09, 384, 0, 8, "brainpoolP320r1" }, /* 383 */ + { 0x0A, 385, 0, 8, "brainpoolP320t1" }, /* 384 */ + { 0x0B, 386, 0, 8, "brainpoolP384r1" }, /* 385 */ + { 0x0C, 387, 0, 8, "brainpoolP384t1" }, /* 386 */ + { 0x0D, 388, 0, 8, "brainpoolP512r1" }, /* 387 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 388 */ + { 0x65, 392, 1, 1, "Thawte" }, /* 389 */ + { 0x70, 391, 0, 2, "id-Ed25519" }, /* 390 */ + { 0x71, 0, 0, 2, "id-Ed448" }, /* 391 */ + { 0x81, 0, 1, 1, "" }, /* 392 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 393 */ + { 0x00, 0, 1, 3, "curve" }, /* 394 */ + { 0x01, 396, 0, 4, "sect163k1" }, /* 395 */ + { 0x02, 397, 0, 4, "sect163r1" }, /* 396 */ + { 0x03, 398, 0, 4, "sect239k1" }, /* 397 */ + { 0x04, 399, 0, 4, "sect113r1" }, /* 398 */ + { 0x05, 400, 0, 4, "sect113r2" }, /* 399 */ + { 0x06, 401, 0, 4, "secp112r1" }, /* 400 */ + { 0x07, 402, 0, 4, "secp112r2" }, /* 401 */ + { 0x08, 403, 0, 4, "secp160r1" }, /* 402 */ + { 0x09, 404, 0, 4, "secp160k1" }, /* 403 */ + { 0x0A, 405, 0, 4, "secp256k1" }, /* 404 */ + { 0x0F, 406, 0, 4, "sect163r2" }, /* 405 */ + { 0x10, 407, 0, 4, "sect283k1" }, /* 406 */ + { 0x11, 408, 0, 4, "sect283r1" }, /* 407 */ + { 0x16, 409, 0, 4, "sect131r1" }, /* 408 */ + { 0x17, 410, 0, 4, "sect131r2" }, /* 409 */ + { 0x18, 411, 0, 4, "sect193r1" }, /* 410 */ + { 0x19, 412, 0, 4, "sect193r2" }, /* 411 */ + { 0x1A, 413, 0, 4, "sect233k1" }, /* 412 */ + { 0x1B, 414, 0, 4, "sect233r1" }, /* 413 */ + { 0x1C, 415, 0, 4, "secp128r1" }, /* 414 */ + { 0x1D, 416, 0, 4, "secp128r2" }, /* 415 */ + { 0x1E, 417, 0, 4, "secp160r2" }, /* 416 */ + { 0x1F, 418, 0, 4, "secp192k1" }, /* 417 */ + { 0x20, 419, 0, 4, "secp224k1" }, /* 418 */ + { 0x21, 420, 0, 4, "secp224r1" }, /* 419 */ + { 0x22, 421, 0, 4, "secp384r1" }, /* 420 */ + { 0x23, 422, 0, 4, "secp521r1" }, /* 421 */ + { 0x24, 423, 0, 4, "sect409k1" }, /* 422 */ + { 0x25, 424, 0, 4, "sect409r1" }, /* 423 */ + { 0x26, 425, 0, 4, "sect571k1" }, /* 424 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 425 */ + {0x60, 489, 1, 0, "" }, /* 426 */ + { 0x86, 0, 1, 1, "" }, /* 427 */ + { 0x48, 0, 1, 2, "" }, /* 428 */ + { 0x01, 0, 1, 3, "organization" }, /* 429 */ + { 0x65, 465, 1, 4, "gov" }, /* 430 */ + { 0x03, 0, 1, 5, "csor" }, /* 431 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 432 */ + { 0x01, 443, 1, 7, "aes" }, /* 433 */ + { 0x02, 435, 0, 8, "id-aes128-CBC" }, /* 434 */ + { 0x06, 436, 0, 8, "id-aes128-GCM" }, /* 435 */ + { 0x07, 437, 0, 8, "id-aes128-CCM" }, /* 436 */ + { 0x16, 438, 0, 8, "id-aes192-CBC" }, /* 437 */ + { 0x1A, 439, 0, 8, "id-aes192-GCM" }, /* 438 */ + { 0x1B, 440, 0, 8, "id-aes192-CCM" }, /* 439 */ + { 0x2A, 441, 0, 8, "id-aes256-CBC" }, /* 440 */ + { 0x2E, 442, 0, 8, "id-aes256-GCM" }, /* 441 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 442 */ + { 0x02, 456, 1, 7, "hashAlgs" }, /* 443 */ + { 0x01, 445, 0, 8, "id-sha256" }, /* 444 */ + { 0x02, 446, 0, 8, "id-sha384" }, /* 445 */ + { 0x03, 447, 0, 8, "id-sha512" }, /* 446 */ + { 0x04, 448, 0, 8, "id-sha224" }, /* 447 */ + { 0x05, 449, 0, 8, "id-sha512-224" }, /* 448 */ + { 0x06, 450, 0, 8, "id-sha512-256" }, /* 449 */ + { 0x07, 451, 0, 8, "id-sha3-224" }, /* 450 */ + { 0x08, 452, 0, 8, "id-sha3-256" }, /* 451 */ + { 0x09, 453, 0, 8, "id-sha3-384" }, /* 452 */ + { 0x0A, 454, 0, 8, "id-sha3-512" }, /* 453 */ + { 0x0B, 455, 0, 8, "id-shake128" }, /* 454 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 455 */ + { 0x03, 0, 1, 7, "sigAlgs" }, /* 456 */ + { 0x09, 458, 0, 8, "id-ecdsa-with-sha3-224" }, /* 457 */ + { 0x0A, 459, 0, 8, "id-ecdsa-with-sha3-256" }, /* 458 */ + { 0x0B, 460, 0, 8, "id-ecdsa-with-sha3-384" }, /* 459 */ + { 0x0C, 461, 0, 8, "id-ecdsa-with-sha3-512" }, /* 460 */ + { 0x0D, 462, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 461 */ + { 0x0E, 463, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 462 */ + { 0x0F, 464, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 463 */ + { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 464 */ + { 0x86, 0, 1, 4, "" }, /* 465 */ + { 0xf8, 0, 1, 5, "" }, /* 466 */ + { 0x42, 479, 1, 6, "netscape" }, /* 467 */ + { 0x01, 474, 1, 7, "" }, /* 468 */ + { 0x01, 470, 0, 8, "nsCertType" }, /* 469 */ + { 0x03, 471, 0, 8, "nsRevocationUrl" }, /* 470 */ + { 0x04, 472, 0, 8, "nsCaRevocationUrl" }, /* 471 */ + { 0x08, 473, 0, 8, "nsCaPolicyUrl" }, /* 472 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 473 */ + { 0x03, 477, 1, 7, "directory" }, /* 474 */ + { 0x01, 0, 1, 8, "" }, /* 475 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 476 */ + { 0x04, 0, 1, 7, "policy" }, /* 477 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 478 */ + { 0x45, 0, 1, 6, "verisign" }, /* 479 */ + { 0x01, 0, 1, 7, "pki" }, /* 480 */ + { 0x09, 0, 1, 8, "attributes" }, /* 481 */ + { 0x02, 483, 0, 9, "messageType" }, /* 482 */ + { 0x03, 484, 0, 9, "pkiStatus" }, /* 483 */ + { 0x04, 485, 0, 9, "failInfo" }, /* 484 */ + { 0x05, 486, 0, 9, "senderNonce" }, /* 485 */ + { 0x06, 487, 0, 9, "recipientNonce" }, /* 486 */ + { 0x07, 488, 0, 9, "transID" }, /* 487 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 488 */ + {0x67, 0, 1, 0, "" }, /* 489 */ + { 0x81, 0, 1, 1, "" }, /* 490 */ + { 0x05, 0, 1, 2, "" }, /* 491 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 492 */ + { 0x01, 494, 0, 4, "tcg-at-tpmManufacturer" }, /* 493 */ + { 0x02, 495, 0, 4, "tcg-at-tpmModel" }, /* 494 */ + { 0x03, 496, 0, 4, "tcg-at-tpmVersion" }, /* 495 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 496 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 0e9b7ea24..230fe2f87 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -167,110 +167,110 @@ extern const oid_t oid_names[]; #define OID_BLOWFISH_CBC 247 #define OID_AUTHORITY_INFO_ACCESS 291 #define OID_IP_ADDR_BLOCKS 293 -#define OID_POLICY_QUALIFIER_CPS 295 -#define OID_POLICY_QUALIFIER_UNOTICE 296 -#define OID_SERVER_AUTH 298 -#define OID_CLIENT_AUTH 299 -#define OID_OCSP_SIGNING 306 -#define OID_XMPP_ADDR 312 -#define OID_AUTHENTICATION_INFO 316 -#define OID_ACCESS_IDENTITY 317 -#define OID_CHARGING_IDENTITY 318 -#define OID_GROUP 319 -#define OID_OCSP 322 -#define OID_BASIC 323 -#define OID_NONCE 324 -#define OID_CRL 325 -#define OID_RESPONSE 326 -#define OID_NO_CHECK 327 -#define OID_ARCHIVE_CUTOFF 328 -#define OID_SERVICE_LOCATOR 329 -#define OID_CA_ISSUERS 330 -#define OID_IKE_INTERMEDIATE 335 -#define OID_DES_CBC 339 -#define OID_SHA1 340 -#define OID_SHA1_WITH_RSA_OIW 341 -#define OID_ECGDSA_PUBKEY 360 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 363 -#define OID_ECGDSA_SIG_WITH_SHA1 364 -#define OID_ECGDSA_SIG_WITH_SHA224 365 -#define OID_ECGDSA_SIG_WITH_SHA256 366 -#define OID_ECGDSA_SIG_WITH_SHA384 367 -#define OID_ECGDSA_SIG_WITH_SHA512 368 -#define OID_ED25519 389 -#define OID_ED448 390 -#define OID_SECT163K1 394 -#define OID_SECT163R1 395 -#define OID_SECT239K1 396 -#define OID_SECT113R1 397 -#define OID_SECT113R2 398 -#define OID_SECT112R1 399 -#define OID_SECT112R2 400 -#define OID_SECT160R1 401 -#define OID_SECT160K1 402 -#define OID_SECT256K1 403 -#define OID_SECT163R2 404 -#define OID_SECT283K1 405 -#define OID_SECT283R1 406 -#define OID_SECT131R1 407 -#define OID_SECT131R2 408 -#define OID_SECT193R1 409 -#define OID_SECT193R2 410 -#define OID_SECT233K1 411 -#define OID_SECT233R1 412 -#define OID_SECT128R1 413 -#define OID_SECT128R2 414 -#define OID_SECT160R2 415 -#define OID_SECT192K1 416 -#define OID_SECT224K1 417 -#define OID_SECT224R1 418 -#define OID_SECT384R1 419 -#define OID_SECT521R1 420 -#define OID_SECT409K1 421 -#define OID_SECT409R1 422 -#define OID_SECT571K1 423 -#define OID_SECT571R1 424 -#define OID_AES128_CBC 433 -#define OID_AES128_GCM 434 -#define OID_AES128_CCM 435 -#define OID_AES192_CBC 436 -#define OID_AES192_GCM 437 -#define OID_AES192_CCM 438 -#define OID_AES256_CBC 439 -#define OID_AES256_GCM 440 -#define OID_AES256_CCM 441 -#define OID_SHA256 443 -#define OID_SHA384 444 -#define OID_SHA512 445 -#define OID_SHA224 446 -#define OID_SHA3_224 449 -#define OID_SHA3_256 450 -#define OID_SHA3_384 451 -#define OID_SHA3_512 452 -#define OID_ECDSA_WITH_SHA3_224 456 -#define OID_ECDSA_WITH_SHA3_256 457 -#define OID_ECDSA_WITH_SHA3_384 458 -#define OID_ECDSA_WITH_SHA3_512 459 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 460 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 461 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 462 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 463 -#define OID_NS_REVOCATION_URL 469 -#define OID_NS_CA_REVOCATION_URL 470 -#define OID_NS_CA_POLICY_URL 471 -#define OID_NS_COMMENT 472 -#define OID_EMPLOYEE_NUMBER 475 -#define OID_PKI_MESSAGE_TYPE 481 -#define OID_PKI_STATUS 482 -#define OID_PKI_FAIL_INFO 483 -#define OID_PKI_SENDER_NONCE 484 -#define OID_PKI_RECIPIENT_NONCE 485 -#define OID_PKI_TRANS_ID 486 -#define OID_TPM_MANUFACTURER 492 -#define OID_TPM_MODEL 493 -#define OID_TPM_VERSION 494 -#define OID_TPM_ID_LABEL 495 +#define OID_POLICY_QUALIFIER_CPS 296 +#define OID_POLICY_QUALIFIER_UNOTICE 297 +#define OID_SERVER_AUTH 299 +#define OID_CLIENT_AUTH 300 +#define OID_OCSP_SIGNING 307 +#define OID_XMPP_ADDR 313 +#define OID_AUTHENTICATION_INFO 317 +#define OID_ACCESS_IDENTITY 318 +#define OID_CHARGING_IDENTITY 319 +#define OID_GROUP 320 +#define OID_OCSP 323 +#define OID_BASIC 324 +#define OID_NONCE 325 +#define OID_CRL 326 +#define OID_RESPONSE 327 +#define OID_NO_CHECK 328 +#define OID_ARCHIVE_CUTOFF 329 +#define OID_SERVICE_LOCATOR 330 +#define OID_CA_ISSUERS 331 +#define OID_IKE_INTERMEDIATE 336 +#define OID_DES_CBC 340 +#define OID_SHA1 341 +#define OID_SHA1_WITH_RSA_OIW 342 +#define OID_ECGDSA_PUBKEY 361 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 364 +#define OID_ECGDSA_SIG_WITH_SHA1 365 +#define OID_ECGDSA_SIG_WITH_SHA224 366 +#define OID_ECGDSA_SIG_WITH_SHA256 367 +#define OID_ECGDSA_SIG_WITH_SHA384 368 +#define OID_ECGDSA_SIG_WITH_SHA512 369 +#define OID_ED25519 390 +#define OID_ED448 391 +#define OID_SECT163K1 395 +#define OID_SECT163R1 396 +#define OID_SECT239K1 397 +#define OID_SECT113R1 398 +#define OID_SECT113R2 399 +#define OID_SECT112R1 400 +#define OID_SECT112R2 401 +#define OID_SECT160R1 402 +#define OID_SECT160K1 403 +#define OID_SECT256K1 404 +#define OID_SECT163R2 405 +#define OID_SECT283K1 406 +#define OID_SECT283R1 407 +#define OID_SECT131R1 408 +#define OID_SECT131R2 409 +#define OID_SECT193R1 410 +#define OID_SECT193R2 411 +#define OID_SECT233K1 412 +#define OID_SECT233R1 413 +#define OID_SECT128R1 414 +#define OID_SECT128R2 415 +#define OID_SECT160R2 416 +#define OID_SECT192K1 417 +#define OID_SECT224K1 418 +#define OID_SECT224R1 419 +#define OID_SECT384R1 420 +#define OID_SECT521R1 421 +#define OID_SECT409K1 422 +#define OID_SECT409R1 423 +#define OID_SECT571K1 424 +#define OID_SECT571R1 425 +#define OID_AES128_CBC 434 +#define OID_AES128_GCM 435 +#define OID_AES128_CCM 436 +#define OID_AES192_CBC 437 +#define OID_AES192_GCM 438 +#define OID_AES192_CCM 439 +#define OID_AES256_CBC 440 +#define OID_AES256_GCM 441 +#define OID_AES256_CCM 442 +#define OID_SHA256 444 +#define OID_SHA384 445 +#define OID_SHA512 446 +#define OID_SHA224 447 +#define OID_SHA3_224 450 +#define OID_SHA3_256 451 +#define OID_SHA3_384 452 +#define OID_SHA3_512 453 +#define OID_ECDSA_WITH_SHA3_224 457 +#define OID_ECDSA_WITH_SHA3_256 458 +#define OID_ECDSA_WITH_SHA3_384 459 +#define OID_ECDSA_WITH_SHA3_512 460 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 461 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 462 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 463 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 464 +#define OID_NS_REVOCATION_URL 470 +#define OID_NS_CA_REVOCATION_URL 471 +#define OID_NS_CA_POLICY_URL 472 +#define OID_NS_COMMENT 473 +#define OID_EMPLOYEE_NUMBER 476 +#define OID_PKI_MESSAGE_TYPE 482 +#define OID_PKI_STATUS 483 +#define OID_PKI_FAIL_INFO 484 +#define OID_PKI_SENDER_NONCE 485 +#define OID_PKI_RECIPIENT_NONCE 486 +#define OID_PKI_TRANS_ID 487 +#define OID_TPM_MANUFACTURER 493 +#define OID_TPM_MODEL 494 +#define OID_TPM_VERSION 495 +#define OID_TPM_ID_LABEL 496 -#define OID_MAX 496 +#define OID_MAX 497 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 9583baa5e..369f6f899 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -292,6 +292,7 @@ 0x01 "authorityInfoAccess" OID_AUTHORITY_INFO_ACCESS 0x03 "qcStatements" 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS + 0x18 "tlsfeature" 0x02 "id-qt" 0x01 "cps" OID_POLICY_QUALIFIER_CPS 0x02 "unotice" OID_POLICY_QUALIFIER_UNOTICE diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h index 246b9a5c5..c99cb836b 100644 --- a/src/libstrongswan/collections/linked_list.h +++ b/src/libstrongswan/collections/linked_list.h @@ -195,7 +195,7 @@ struct linked_list_t { * If a linked list contains objects with function pointers, * invoke() can call a method on each of the objects. The * method is specified by an offset of the function pointer, - * which can be evalutated at compile time using the offsetof + * which can be evaluated at compile time using the offsetof * macro, e.g.: list->invoke(list, offsetof(object_t, method)); * * @param offset offset of the method to invoke on objects diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index d1be7b401..278c67405 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -73,9 +73,6 @@ static inline bool is_multi_value_rule(auth_rule_t type) case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: - case AUTH_RULE_RSA_STRENGTH: - case AUTH_RULE_ECDSA_STRENGTH: - case AUTH_RULE_BLISS_STRENGTH: case AUTH_RULE_IDENTITY: case AUTH_RULE_IDENTITY_LOOSE: case AUTH_RULE_EAP_IDENTITY: @@ -94,6 +91,9 @@ static inline bool is_multi_value_rule(auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_CERT_POLICY: + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: + case AUTH_RULE_BLISS_STRENGTH: case AUTH_RULE_SIGNATURE_SCHEME: case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_HELPER_IM_CERT: @@ -737,8 +737,8 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } enumerator->destroy(enumerator); - /* if no explicit IKE signature contraints were added we add them for all - * configured signature contraints */ + /* if no explicit IKE signature constraints were added we add them for all + * configured signature constraints */ if (ike && !ike_added && lib->settings->get_bool(lib->settings, "%s.signature_authentication_constraints", TRUE, diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index 303816391..d6523821e 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -39,7 +39,7 @@ struct private_cred_encoding_t { hashtable_t *cache[CRED_ENCODING_MAX]; /** - * Registered encoding fuctions, cred_encoder_t + * Registered encoding functions, cred_encoder_t */ linked_list_t *encoders; diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c index 6b4d22e7b..8f42fb940 100644 --- a/src/libstrongswan/credentials/keys/signature_params.c +++ b/src/libstrongswan/credentials/keys/signature_params.c @@ -280,13 +280,17 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) case RSASSA_PSS_PARAMS_MGF_ALG: if (object.len) { - chunk_t hash; + chunk_t hash = chunk_empty; alg = asn1_parse_algorithmIdentifier(object, level, &hash); if (alg != OID_MGF1) { goto end; } + if (!hash.len) + { + goto end; + } alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL); params->mgf1_hash = hasher_algorithm_from_oid(alg); if (params->mgf1_hash == HASH_UNKNOWN) diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 0e64f0350..f1579c60a 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -239,7 +239,7 @@ METHOD(cert_cache_t, issued_by, bool, } /** - * certificate enumerator implemenation + * certificate enumerator implementation */ typedef struct { /** implements enumerator_t interface */ diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c new file mode 100644 index 000000000..bb0a02b59 --- /dev/null +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -0,0 +1,1134 @@ +/* + * Copyright (C) 2008-2018 Tobias Brunner + * Copyright (C) 2006-2010 Martin Willi + * Copyright (C) 2013-2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "proposal.h" + +#include +#include + +#include +#include +#include +#include + +ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP, + "PROTO_NONE", + "IKE", + "AH", + "ESP", + "IPCOMP", +); + +typedef struct private_proposal_t private_proposal_t; + +/** + * Private data of an proposal_t object + */ +struct private_proposal_t { + + /** + * Public part + */ + proposal_t public; + + /** + * protocol (ESP or AH) + */ + protocol_id_t protocol; + + /** + * Priority ordered list of transforms, as entry_t + */ + array_t *transforms; + + /** + * senders SPI + */ + uint64_t spi; + + /** + * Proposal number + */ + u_int number; +}; + +/** + * Struct used to store different kinds of algorithms. + */ +typedef struct { + /** Type of the transform */ + transform_type_t type; + /** algorithm identifier */ + uint16_t alg; + /** key size in bits, or zero if not needed */ + uint16_t key_size; +} entry_t; + +METHOD(proposal_t, add_algorithm, void, + private_proposal_t *this, transform_type_t type, + uint16_t alg, uint16_t key_size) +{ + entry_t entry = { + .type = type, + .alg = alg, + .key_size = key_size, + }; + + array_insert(this->transforms, ARRAY_TAIL, &entry); +} + +CALLBACK(alg_filter, bool, + uintptr_t type, enumerator_t *orig, va_list args) +{ + entry_t *entry; + uint16_t *alg, *key_size; + + VA_ARGS_VGET(args, alg, key_size); + + while (orig->enumerate(orig, &entry)) + { + if (entry->type != type) + { + continue; + } + if (alg) + { + *alg = entry->alg; + } + if (key_size) + { + *key_size = entry->key_size; + } + return TRUE; + } + return FALSE; +} + +METHOD(proposal_t, create_enumerator, enumerator_t*, + private_proposal_t *this, transform_type_t type) +{ + return enumerator_create_filter( + array_create_enumerator(this->transforms), + alg_filter, (void*)(uintptr_t)type, NULL); +} + +METHOD(proposal_t, get_algorithm, bool, + private_proposal_t *this, transform_type_t type, + uint16_t *alg, uint16_t *key_size) +{ + enumerator_t *enumerator; + bool found = FALSE; + + enumerator = create_enumerator(this, type); + if (enumerator->enumerate(enumerator, alg, key_size)) + { + found = TRUE; + } + enumerator->destroy(enumerator); + + return found; +} + +METHOD(proposal_t, has_dh_group, bool, + private_proposal_t *this, diffie_hellman_group_t group) +{ + bool found = FALSE, any = FALSE; + enumerator_t *enumerator; + uint16_t current; + + enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP); + while (enumerator->enumerate(enumerator, ¤t, NULL)) + { + any = TRUE; + if (current == group) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + + if (!any && group == MODP_NONE) + { + found = TRUE; + } + return found; +} + +METHOD(proposal_t, promote_dh_group, bool, + private_proposal_t *this, diffie_hellman_group_t group) +{ + enumerator_t *enumerator; + entry_t *entry; + bool found = FALSE; + + enumerator = array_create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->type == DIFFIE_HELLMAN_GROUP && + entry->alg == group) + { + array_remove_at(this->transforms, enumerator); + found = TRUE; + } + } + enumerator->destroy(enumerator); + + if (found) + { + entry_t entry = { + .type = DIFFIE_HELLMAN_GROUP, + .alg = group, + }; + array_insert(this->transforms, ARRAY_HEAD, &entry); + } + return found; +} + +METHOD(proposal_t, strip_dh, void, + private_proposal_t *this, diffie_hellman_group_t keep) +{ + enumerator_t *enumerator; + entry_t *entry; + + enumerator = array_create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->type == DIFFIE_HELLMAN_GROUP && + entry->alg != keep) + { + array_remove_at(this->transforms, enumerator); + } + } + enumerator->destroy(enumerator); +} + +/** + * Select a matching proposal from this and other, insert into selected. + */ +static bool select_algo(private_proposal_t *this, proposal_t *other, + proposal_t *selected, transform_type_t type, bool priv) +{ + enumerator_t *e1, *e2; + uint16_t alg1, alg2, ks1, ks2; + bool found = FALSE, optional = FALSE; + + if (type == INTEGRITY_ALGORITHM && + selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) && + encryption_algorithm_is_aead(alg1)) + { + /* no integrity algorithm required, we have an AEAD */ + return TRUE; + } + if (type == DIFFIE_HELLMAN_GROUP) + { + optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH; + } + + e1 = create_enumerator(this, type); + e2 = other->create_enumerator(other, type); + if (!e1->enumerate(e1, &alg1, NULL)) + { + if (!e2->enumerate(e2, &alg2, NULL)) + { + found = TRUE; + } + else if (optional) + { + do + { /* if NONE is proposed, we accept the proposal */ + found = !alg2; + } + while (!found && e2->enumerate(e2, &alg2, NULL)); + } + } + else if (!e2->enumerate(e2, NULL, NULL)) + { + if (optional) + { + do + { /* if NONE is proposed, we accept the proposal */ + found = !alg1; + } + while (!found && e1->enumerate(e1, &alg1, NULL)); + } + } + + e1->destroy(e1); + e1 = create_enumerator(this, type); + /* compare algs, order of algs in "first" is preferred */ + while (!found && e1->enumerate(e1, &alg1, &ks1)) + { + e2->destroy(e2); + e2 = other->create_enumerator(other, type); + while (e2->enumerate(e2, &alg2, &ks2)) + { + if (alg1 == alg2 && ks1 == ks2) + { + if (!priv && alg1 >= 1024) + { + /* accept private use algorithms only if requested */ + DBG1(DBG_CFG, "an algorithm from private space would match, " + "but peer implementation is unknown, skipped"); + continue; + } + selected->add_algorithm(selected, type, alg1, ks1); + found = TRUE; + break; + } + } + } + /* no match in all comparisons */ + e1->destroy(e1); + e2->destroy(e2); + + if (!found) + { + DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type); + } + return found; +} + +METHOD(proposal_t, select_proposal, proposal_t*, + private_proposal_t *this, proposal_t *other, bool other_remote, + bool private) +{ + proposal_t *selected; + + DBG2(DBG_CFG, "selecting proposal:"); + + if (this->protocol != other->get_protocol(other)) + { + DBG2(DBG_CFG, " protocol mismatch, skipping"); + return NULL; + } + + if (other_remote) + { + selected = proposal_create(this->protocol, other->get_number(other)); + selected->set_spi(selected, other->get_spi(other)); + } + else + { + selected = proposal_create(this->protocol, this->number); + selected->set_spi(selected, this->spi); + + } + + if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || + !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || + !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) || + !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) || + !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private)) + { + selected->destroy(selected); + return NULL; + } + + DBG2(DBG_CFG, " proposal matches"); + return selected; +} + +METHOD(proposal_t, get_protocol, protocol_id_t, + private_proposal_t *this) +{ + return this->protocol; +} + +METHOD(proposal_t, set_spi, void, + private_proposal_t *this, uint64_t spi) +{ + this->spi = spi; +} + +METHOD(proposal_t, get_spi, uint64_t, + private_proposal_t *this) +{ + return this->spi; +} + +/** + * Check if two proposals have the same algorithms for a given transform type + */ +static bool algo_list_equals(private_proposal_t *this, proposal_t *other, + transform_type_t type) +{ + enumerator_t *e1, *e2; + uint16_t alg1, alg2, ks1, ks2; + bool equals = TRUE; + + e1 = create_enumerator(this, type); + e2 = other->create_enumerator(other, type); + while (e1->enumerate(e1, &alg1, &ks1)) + { + if (!e2->enumerate(e2, &alg2, &ks2)) + { + /* this has more algs */ + equals = FALSE; + break; + } + if (alg1 != alg2 || ks1 != ks2) + { + equals = FALSE; + break; + } + } + if (e2->enumerate(e2, &alg2, &ks2)) + { + /* other has more algs */ + equals = FALSE; + } + e1->destroy(e1); + e2->destroy(e2); + + return equals; +} + +METHOD(proposal_t, get_number, u_int, + private_proposal_t *this) +{ + return this->number; +} + +METHOD(proposal_t, equals, bool, + private_proposal_t *this, proposal_t *other) +{ + if (&this->public == other) + { + return TRUE; + } + return ( + algo_list_equals(this, other, ENCRYPTION_ALGORITHM) && + algo_list_equals(this, other, INTEGRITY_ALGORITHM) && + algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) && + algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) && + algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS)); +} + +METHOD(proposal_t, clone_, proposal_t*, + private_proposal_t *this) +{ + private_proposal_t *clone; + enumerator_t *enumerator; + entry_t *entry; + + clone = (private_proposal_t*)proposal_create(this->protocol, 0); + + enumerator = array_create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, &entry)) + { + array_insert(clone->transforms, ARRAY_TAIL, entry); + } + enumerator->destroy(enumerator); + + clone->spi = this->spi; + clone->number = this->number; + + return &clone->public; +} + +/** + * Map integrity algorithms to the PRF functions using the same algorithm. + */ +static const struct { + integrity_algorithm_t integ; + pseudo_random_function_t prf; +} integ_prf_map[] = { + {AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 }, + {AUTH_HMAC_SHA1_160, PRF_HMAC_SHA1 }, + {AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 }, + {AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 }, + {AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 }, + {AUTH_HMAC_MD5_96, PRF_HMAC_MD5 }, + {AUTH_HMAC_MD5_128, PRF_HMAC_MD5 }, + {AUTH_AES_XCBC_96, PRF_AES128_XCBC }, + {AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC }, + {AUTH_AES_CMAC_96, PRF_AES128_CMAC }, +}; + +/** + * Remove all entries of the given transform type + */ +static void remove_transform(private_proposal_t *this, transform_type_t type) +{ + enumerator_t *e; + entry_t *entry; + + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == type) + { + array_remove_at(this->transforms, e); + } + } + e->destroy(e); +} + +/** + * Checks the proposal read from a string. + */ +static bool check_proposal(private_proposal_t *this) +{ + enumerator_t *e; + entry_t *entry; + uint16_t alg, ks; + bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE; + int i; + + if (this->protocol == PROTO_IKE) + { + if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) + { /* No explicit PRF found. We assume the same algorithm as used + * for integrity checking. */ + e = create_enumerator(this, INTEGRITY_ALGORITHM); + while (e->enumerate(e, &alg, &ks)) + { + for (i = 0; i < countof(integ_prf_map); i++) + { + if (alg == integ_prf_map[i].integ) + { + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, + integ_prf_map[i].prf, 0); + break; + } + } + } + e->destroy(e); + } + if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) + { + DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals"); + return FALSE; + } + /* remove MODP_NONE from IKE proposal */ + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg) + { + array_remove_at(this->transforms, e); + } + } + e->destroy(e); + if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL)) + { + DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals"); + return FALSE; + } + } + else + { /* remove PRFs from ESP/AH proposals */ + remove_transform(this, PSEUDO_RANDOM_FUNCTION); + } + + if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP) + { + e = create_enumerator(this, ENCRYPTION_ALGORITHM); + while (e->enumerate(e, &alg, &ks)) + { + any_enc = TRUE; + if (encryption_algorithm_is_aead(alg)) + { + any_aead = TRUE; + continue; + } + all_aead = FALSE; + } + e->destroy(e); + + if (!any_enc) + { + DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals", + protocol_id_names, this->protocol); + return FALSE; + } + else if (any_aead && !all_aead) + { + DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption " + "algorithms can't be contained in the same %N proposal", + protocol_id_names, this->protocol); + return FALSE; + } + else if (all_aead) + { /* if all encryption algorithms in the proposal are AEADs, + * we MUST NOT propose any integrity algorithms */ + remove_transform(this, INTEGRITY_ALGORITHM); + } + } + else + { /* AES-GMAC is parsed as encryption algorithm, so we map that to the + * proper integrity algorithm */ + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == ENCRYPTION_ALGORITHM) + { + if (entry->alg == ENCR_NULL_AUTH_AES_GMAC) + { + entry->type = INTEGRITY_ALGORITHM; + ks = entry->key_size; + entry->key_size = 0; + switch (ks) + { + case 128: + entry->alg = AUTH_AES_128_GMAC; + continue; + case 192: + entry->alg = AUTH_AES_192_GMAC; + continue; + case 256: + entry->alg = AUTH_AES_256_GMAC; + continue; + default: + break; + } + } + /* remove all other encryption algorithms */ + array_remove_at(this->transforms, e); + } + } + e->destroy(e); + + if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) + { + DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH " + "proposals"); + return FALSE; + } + } + + if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP) + { + if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL)) + { /* ESN not specified, assume not supported */ + add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + } + } + + array_compress(this->transforms); + return TRUE; +} + +/** + * add a algorithm identified by a string to the proposal. + */ +static bool add_string_algo(private_proposal_t *this, const char *alg) +{ + const proposal_token_t *token; + + token = lib->proposal->get_token(lib->proposal, alg); + if (token == NULL) + { + DBG1(DBG_CFG, "algorithm '%s' not recognized", alg); + return FALSE; + } + + add_algorithm(this, token->type, token->algorithm, token->keysize); + + return TRUE; +} + +/** + * print all algorithms of a kind to buffer + */ +static int print_alg(private_proposal_t *this, printf_hook_data_t *data, + u_int kind, void *names, bool *first) +{ + enumerator_t *enumerator; + size_t written = 0; + uint16_t alg, size; + + enumerator = create_enumerator(this, kind); + while (enumerator->enumerate(enumerator, &alg, &size)) + { + if (*first) + { + written += print_in_hook(data, "%N", names, alg); + *first = FALSE; + } + else + { + written += print_in_hook(data, "/%N", names, alg); + } + if (size) + { + written += print_in_hook(data, "_%u", size); + } + } + enumerator->destroy(enumerator); + return written; +} + +/** + * Described in header. + */ +int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, + const void *const *args) +{ + private_proposal_t *this = *((private_proposal_t**)(args[0])); + linked_list_t *list = *((linked_list_t**)(args[0])); + enumerator_t *enumerator; + size_t written = 0; + bool first = TRUE; + + if (this == NULL) + { + return print_in_hook(data, "(null)"); + } + + if (spec->hash) + { + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &this)) + { /* call recursively */ + if (first) + { + written += print_in_hook(data, "%P", this); + first = FALSE; + } + else + { + written += print_in_hook(data, ", %P", this); + } + } + enumerator->destroy(enumerator); + return written; + } + + written = print_in_hook(data, "%N:", protocol_id_names, this->protocol); + written += print_alg(this, data, ENCRYPTION_ALGORITHM, + encryption_algorithm_names, &first); + written += print_alg(this, data, INTEGRITY_ALGORITHM, + integrity_algorithm_names, &first); + written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION, + pseudo_random_function_names, &first); + written += print_alg(this, data, DIFFIE_HELLMAN_GROUP, + diffie_hellman_group_names, &first); + written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS, + extended_sequence_numbers_names, &first); + return written; +} + +METHOD(proposal_t, destroy, void, + private_proposal_t *this) +{ + array_destroy(this->transforms); + free(this); +} + +/* + * Described in header + */ +proposal_t *proposal_create(protocol_id_t protocol, u_int number) +{ + private_proposal_t *this; + + INIT(this, + .public = { + .add_algorithm = _add_algorithm, + .create_enumerator = _create_enumerator, + .get_algorithm = _get_algorithm, + .has_dh_group = _has_dh_group, + .promote_dh_group = _promote_dh_group, + .strip_dh = _strip_dh, + .select = _select_proposal, + .get_protocol = _get_protocol, + .set_spi = _set_spi, + .get_spi = _get_spi, + .get_number = _get_number, + .equals = _equals, + .clone = _clone_, + .destroy = _destroy, + }, + .protocol = protocol, + .number = number, + .transforms = array_create(sizeof(entry_t), 0), + ); + + return &this->public; +} + +/** + * Add supported IKE algorithms to proposal + */ +static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) +{ + enumerator_t *enumerator; + encryption_algorithm_t encryption; + integrity_algorithm_t integrity; + pseudo_random_function_t prf; + diffie_hellman_group_t group; + const char *plugin_name; + + if (aead) + { + /* Round 1 adds algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_aead_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) + { + switch (encryption) + { + case ENCR_AES_GCM_ICV16: + case ENCR_AES_CCM_ICV16: + case ENCR_CAMELLIA_CCM_ICV16: + /* we assume that we support all AES/Camellia sizes */ + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + break; + case ENCR_CHACHA20_POLY1305: + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds algorithms with less than 128 bit security strength */ + enumerator = lib->crypto->create_aead_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) + { + switch (encryption) + { + case ENCR_AES_GCM_ICV12: + case ENCR_AES_GCM_ICV8: + case ENCR_AES_CCM_ICV12: + case ENCR_AES_CCM_ICV8: + case ENCR_CAMELLIA_CCM_ICV12: + case ENCR_CAMELLIA_CCM_ICV8: + /* we assume that we support all AES/Camellia sizes */ + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (!array_count(this->transforms)) + { + return FALSE; + } + } + else + { + /* Round 1 adds algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) + { + switch (encryption) + { + case ENCR_AES_CBC: + case ENCR_AES_CTR: + case ENCR_CAMELLIA_CBC: + case ENCR_CAMELLIA_CTR: + /* we assume that we support all AES/Camellia sizes */ + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds algorithms with less than 128 bit security strength */ + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) + { + switch (encryption) + { + case ENCR_3DES: + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0); + break; + case ENCR_DES: + /* no, thanks */ + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (!array_count(this->transforms)) + { + return FALSE; + } + + /* Round 1 adds algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) + { + switch (integrity) + { + case AUTH_HMAC_SHA2_256_128: + case AUTH_HMAC_SHA2_384_192: + case AUTH_HMAC_SHA2_512_256: + add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds algorithms with less than 128 bit security strength */ + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) + { + switch (integrity) + { + case AUTH_AES_XCBC_96: + case AUTH_AES_CMAC_96: + case AUTH_HMAC_SHA1_96: + add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); + break; + case AUTH_HMAC_MD5_96: + /* no, thanks */ + default: + break; + } + } + enumerator->destroy(enumerator); + } + + /* Round 1 adds algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &prf, &plugin_name)) + { + switch (prf) + { + case PRF_HMAC_SHA2_256: + case PRF_HMAC_SHA2_384: + case PRF_HMAC_SHA2_512: + case PRF_AES128_XCBC: + case PRF_AES128_CMAC: + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds algorithms with less than 128 bit security strength */ + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &prf, &plugin_name)) + { + switch (prf) + { + case PRF_HMAC_SHA1: + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); + break; + case PRF_HMAC_MD5: + /* no, thanks */ + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &group, &plugin_name)) + { + switch (group) + { + case ECP_256_BIT: + case ECP_384_BIT: + case ECP_521_BIT: + case ECP_256_BP: + case ECP_384_BP: + case ECP_512_BP: + case CURVE_25519: + case CURVE_448: + case NTRU_128_BIT: + case NTRU_192_BIT: + case NTRU_256_BIT: + case NH_128_BIT: + add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds other algorithms with at least 128 bit security strength */ + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &group, &plugin_name)) + { + switch (group) + { + case MODP_3072_BIT: + case MODP_4096_BIT: + case MODP_6144_BIT: + case MODP_8192_BIT: + add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 3 adds algorithms with less than 128 bit security strength */ + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &group, &plugin_name)) + { + switch (group) + { + case MODP_NULL: + /* only for testing purposes */ + break; + case MODP_768_BIT: + case MODP_1024_BIT: + case MODP_1536_BIT: + /* weak */ + break; + case MODP_1024_160: + case MODP_2048_224: + case MODP_2048_256: + /* RFC 5114 primes are of questionable source */ + break; + case ECP_224_BIT: + case ECP_224_BP: + case ECP_192_BIT: + case NTRU_112_BIT: + /* rarely used */ + break; + case MODP_2048_BIT: + add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + return TRUE; +} + +/* + * Described in header + */ +proposal_t *proposal_create_default(protocol_id_t protocol) +{ + private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0); + + switch (protocol) + { + case PROTO_IKE: + if (!proposal_add_supported_ike(this, FALSE)) + { + destroy(this); + return NULL; + } + break; + case PROTO_ESP: + add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); + add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192); + add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); + add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + break; + case PROTO_AH: + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); + add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + break; + default: + break; + } + return &this->public; +} + +/* + * Described in header + */ +proposal_t *proposal_create_default_aead(protocol_id_t protocol) +{ + private_proposal_t *this; + + switch (protocol) + { + case PROTO_IKE: + this = (private_proposal_t*)proposal_create(protocol, 0); + if (!proposal_add_supported_ike(this, TRUE)) + { + destroy(this); + return NULL; + } + return &this->public; + case PROTO_ESP: + /* we currently don't include any AEAD proposal for ESP, as we + * don't know if our kernel backend actually supports it. */ + return NULL; + case PROTO_AH: + default: + return NULL; + } +} + +/* + * Described in header + */ +proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs) +{ + private_proposal_t *this; + enumerator_t *enumerator; + bool failed = TRUE; + char *alg; + + this = (private_proposal_t*)proposal_create(protocol, 0); + + /* get all tokens, separated by '-' */ + enumerator = enumerator_create_token(algs, "-", " "); + while (enumerator->enumerate(enumerator, &alg)) + { + if (!add_string_algo(this, alg)) + { + failed = TRUE; + break; + } + failed = FALSE; + } + enumerator->destroy(enumerator); + + if (failed || !check_proposal(this)) + { + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h new file mode 100644 index 000000000..0052674b9 --- /dev/null +++ b/src/libstrongswan/crypto/proposal/proposal.h @@ -0,0 +1,246 @@ +/* + * Copyright (C) 2009-2018 Tobias Brunner + * Copyright (C) 2006 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup proposal proposal + * @{ @ingroup crypto + */ + +#ifndef PROPOSAL_H_ +#define PROPOSAL_H_ + +typedef enum protocol_id_t protocol_id_t; +typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; +typedef struct proposal_t proposal_t; + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * Protocol ID of a proposal. + */ +enum protocol_id_t { + PROTO_NONE = 0, + PROTO_IKE = 1, + PROTO_AH = 2, + PROTO_ESP = 3, + PROTO_IPCOMP = 4, /* IKEv1 only */ +}; + +/** + * enum names for protocol_id_t + */ +extern enum_name_t *protocol_id_names; + +/** + * Stores a set of algorithms used for an SA. + * + * A proposal stores algorithms for a specific + * protocol. It can store algorithms for one protocol. + * Proposals with multiple protocols are not supported, + * as it's not specified in RFC4301 anymore. + */ +struct proposal_t { + + /** + * Add an algorithm to the proposal. + * + * The algorithms are stored by priority, first added + * is the most preferred. + * Key size is only needed for encryption algorithms + * with variable key size (such as AES). Must be set + * to zero if key size is not specified. + * The alg parameter accepts encryption_algorithm_t, + * integrity_algorithm_t, dh_group_number_t and + * extended_sequence_numbers_t. + * + * @param type kind of algorithm + * @param alg identifier for algorithm + * @param key_size key size to use + */ + void (*add_algorithm) (proposal_t *this, transform_type_t type, + uint16_t alg, uint16_t key_size); + + /** + * Get an enumerator over algorithms for a specific algo type. + * + * @param type kind of algorithm + * @return enumerator over uint16_t alg, uint16_t key_size + */ + enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); + + /** + * Get the algorithm for a type to use. + * + * If there are multiple algorithms, only the first is returned. + * + * @param type kind of algorithm + * @param alg pointer which receives algorithm + * @param key_size pointer which receives the key size + * @return TRUE if algorithm of this kind available + */ + bool (*get_algorithm) (proposal_t *this, transform_type_t type, + uint16_t *alg, uint16_t *key_size); + + /** + * Check if the proposal has a specific DH group. + * + * @param group group to check for + * @return TRUE if algorithm included + */ + bool (*has_dh_group)(proposal_t *this, diffie_hellman_group_t group); + + /** + * Move the given DH group to the front of the list if it was contained in + * the proposal. + * + * @param group group to promote + * @return TRUE if algorithm included + */ + bool (*promote_dh_group)(proposal_t *this, diffie_hellman_group_t group); + + /** + * Strip DH groups from proposal to use it without PFS. + * + * @param keep group to keep (MODP_NONE to remove all) + */ + void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep); + + /** + * Compare two proposal, and select a matching subset. + * + * If the proposals are for the same protocols (AH/ESP), they are + * compared. If they have at least one algorithm of each type + * in common, a resulting proposal of this kind is created. + * + * @param other proposal to compare against + * @param other_remote whether other is the remote proposal from which to + * copy SPI and proposal number to the result, + * otherwise copy from this proposal + * @param private accepts algorithms allocated in a private range + * @return selected proposal, NULL if proposals don't match + */ + proposal_t *(*select)(proposal_t *this, proposal_t *other, + bool other_remote, bool private); + + /** + * Get the protocol ID of the proposal. + * + * @return protocol of the proposal + */ + protocol_id_t (*get_protocol) (proposal_t *this); + + /** + * Get the SPI of the proposal. + * + * @return spi for proto + */ + uint64_t (*get_spi) (proposal_t *this); + + /** + * Set the SPI of the proposal. + * + * @param spi spi to set for proto + */ + void (*set_spi) (proposal_t *this, uint64_t spi); + + /** + * Get the proposal number, as encoded in SA payload + * + * @return proposal number + */ + u_int (*get_number)(proposal_t *this); + + /** + * Check for the eqality of two proposals. + * + * @param other other proposal to check for equality + * @return TRUE if other equal to this + */ + bool (*equals)(proposal_t *this, proposal_t *other); + + /** + * Clone a proposal. + * + * @return clone of proposal + */ + proposal_t *(*clone) (proposal_t *this); + + /** + * Destroys the proposal object. + */ + void (*destroy) (proposal_t *this); +}; + +/** + * Create a child proposal for AH, ESP or IKE. + * + * @param protocol protocol, such as PROTO_ESP + * @param number proposal number, as encoded in SA payload + * @return proposal_t object + */ +proposal_t *proposal_create(protocol_id_t protocol, u_int number); + +/** + * Create a default proposal if nothing further specified. + * + * @param protocol protocol, such as PROTO_ESP + * @return proposal_t object + */ +proposal_t *proposal_create_default(protocol_id_t protocol); + +/** + * Create a default proposal for supported AEAD algorithms + * + * @param protocol protocol, such as PROTO_ESP + * @return proposal_t object, NULL if none supported + */ +proposal_t *proposal_create_default_aead(protocol_id_t protocol); + +/** + * Create a proposal from a string identifying the algorithms. + * + * The string is in the same form as a in the ipsec.conf file. + * E.g.: aes128-sha2_256-modp2048 + * 3des-md5 + * An additional '!' at the end of the string forces this proposal, + * without it the peer may choose another algorithm we support. + * + * @param protocol protocol, such as PROTO_ESP + * @param algs algorithms as string + * @return proposal_t object + */ +proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); + +/** + * printf hook function for proposal_t. + * + * Arguments are: + * proposal_t *proposal + * With the #-specifier, arguments are: + * linked_list_t *list containing proposal_t* + */ +int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, + const void *const *args); + +#endif /** PROPOSAL_H_ @}*/ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index 856abdce6..b062221e5 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -37,7 +37,7 @@ /** * @defgroup proposal_keywords proposal_keywords - * @{ @ingroup crypto + * @{ @ingroup proposal */ #ifndef PROPOSAL_KEYWORDS_H_ diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index 64b5dbe51..2b7295e3d 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -157,6 +157,7 @@ eap_vendor_type_t *eap_vendor_type_from_string(char *str) type = eap_type_from_string(part); if (!type) { + errno = 0; type = strtoul(part, &end, 0); if (*end != '\0' || errno) { @@ -166,6 +167,7 @@ eap_vendor_type_t *eap_vendor_type_from_string(char *str) } continue; } + errno = 0; vendor = strtoul(part, &end, 0); if (*end != '\0' || errno) { diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index 68c3935b9..c992eb5ad 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -104,7 +104,10 @@ bool mark_from_string(const char *value, mark_t *mark) { mark->mask = 0xffffffff; } - /* apply the mask to ensure the value is in range */ - mark->value &= mark->mask; + if (!MARK_IS_UNIQUE(mark->value)) + { + /* apply the mask to ensure the value is in range */ + mark->value &= mark->mask; + } return TRUE; } diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 7944b9356..dbdf5cfe9 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -26,6 +26,7 @@ #include #include #include +#include #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so" @@ -369,6 +370,8 @@ bool library_init(char *settings, const char *namespace) PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); pfh->add_handler(pfh, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); + pfh->add_handler(pfh, 'P', proposal_printf_hook, + PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c index ebcc5dbdf..f9591c1a4 100644 --- a/src/libstrongswan/plugins/blowfish/bf_enc.c +++ b/src/libstrongswan/plugins/blowfish/bf_enc.c @@ -7,7 +7,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -32,7 +32,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h index 1375a0aa9..e5f49280b 100644 --- a/src/libstrongswan/plugins/blowfish/bf_locl.h +++ b/src/libstrongswan/plugins/blowfish/bf_locl.h @@ -7,7 +7,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -32,7 +32,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h index 79d23db6c..86c2ef366 100644 --- a/src/libstrongswan/plugins/blowfish/bf_pi.h +++ b/src/libstrongswan/plugins/blowfish/bf_pi.h @@ -7,7 +7,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -32,7 +32,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c index ceec3b8d4..52a051890 100644 --- a/src/libstrongswan/plugins/blowfish/bf_skey.c +++ b/src/libstrongswan/plugins/blowfish/bf_skey.c @@ -7,7 +7,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -32,7 +32,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h index 9aa30df4b..3c8f77a0f 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish.h +++ b/src/libstrongswan/plugins/blowfish/blowfish.h @@ -7,7 +7,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -32,7 +32,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 1708e078d..6d8d1d709 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -6,7 +6,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions + * the following conditions are adhered to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms @@ -31,7 +31,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index d236bd429..cb5064d90 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -13,7 +13,7 @@ * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. + * the following conditions are adhered to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. @@ -34,7 +34,7 @@ * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library + * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: @@ -309,7 +309,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* The changes to this macro may help or hinder, depending on the - * compiler and the achitecture. gcc2 always seems to do well :-). + * compiler and the architecture. gcc2 always seems to do well :-). * Inspired by Dana How * DO NOT use the alternative version on machines with 8 byte longs. * It does not seem to work on the Alpha, even when DES_LONG is 4 diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index aca232c86..241ef7d3b 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -936,7 +936,12 @@ static bool calculate_pq(private_gmp_rsa_private_key_t *this) bool success = FALSE; gmp_randinit_default(rstate); - mpz_inits(k, r, g, y, n1, x, NULL); + mpz_init(k); + mpz_init(r); + mpz_init(g); + mpz_init(y); + mpz_init(n1); + mpz_init(x); /* k = (d * e) - 1 */ mpz_mul(k, *this->d, this->e); mpz_sub_ui(k, k, 1); @@ -956,7 +961,7 @@ static bool calculate_pq(private_gmp_rsa_private_key_t *this) { /* generate random integer g in [0, n-1] */ mpz_urandomm(g, rstate, this->n); /* y = g^r mod n */ - mpz_powm_sec(y, g, r, this->n); + mpz_powm(y, g, r, this->n); /* try again if y == 1 or y == n-1 */ if (mpz_cmp_ui(y, 1) == 0 || mpz_cmp(y, n1) == 0) { diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c index 28956d5fb..72b7e034c 100644 --- a/src/libstrongswan/plugins/newhope/newhope_ke.c +++ b/src/libstrongswan/plugins/newhope/newhope_ke.c @@ -246,7 +246,7 @@ static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b) } /** - * Pack four 2-bit coefficents into one byte + * Pack four 2-bit coefficients into one byte */ static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r) { diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c index ca6899786..efcd2b30a 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c @@ -202,7 +202,7 @@ pkcs7_attributes_t *pkcs7_attributes_create(void) } /** - * ASN.1 definition of the X.501 atttribute type + * ASN.1 definition of the X.501 attribute type */ static const asn1Object_t attributesObjects[] = { { 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */ diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 92a860615..156bd8656 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -76,7 +76,7 @@ struct plugin_loader_t { * If \.load_modular is enabled (where \ is lib->ns) the plugins to * load are determined via a load option in their respective plugin config * section e.g. \.plugins.\.load = . - * The oder is determined by the configured priority. If two plugins have + * The order is determined by the configured priority. If two plugins have * the same priority the order as seen in list is preserved. Plugins not * found in list are loaded first, in alphabetical order. * diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 16ee0ecc7..1b68320df 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -444,7 +444,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, enumerator_t *enumerator; time_t revocation; crl_reason_t reason; - chunk_t serial; + chunk_t subject_serial, serial; crl_t *crl = (crl_t*)cand; if (base) @@ -473,10 +473,11 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, return best; } + subject_serial = chunk_skip_zero(subject->get_serial(subject)); enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) { - if (chunk_equals(serial, subject->get_serial(subject))) + if (chunk_equals(subject_serial, chunk_skip_zero(serial))) { if (reason != CRL_REASON_CERTIFICATE_HOLD) { diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h index 1cd96d976..239487dae 100644 --- a/src/libstrongswan/processing/scheduler.h +++ b/src/libstrongswan/processing/scheduler.h @@ -45,7 +45,7 @@ typedef struct scheduler_t scheduler_t; * in-between got slower, as the number of events grew larger (O(n)). * For each connection there could be several events: IKE-rekey, NAT-keepalive, * retransmissions, expire (half-open), and others. So a gateway that probably - * has to handle thousands of concurrent connnections has to be able to queue a + * has to handle thousands of concurrent connections has to be able to queue a * large number of events as fast as possible. Locking makes this even worse, to * provide thread-safety, no events can be processed, while an event is queued, * so making the insertion fast is even more important. @@ -97,13 +97,13 @@ struct scheduler_t { void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms); /** - * Adds a event to the queue, using an absolut time. + * Adds a event to the queue, using an absolute time. * * The passed timeval should be calculated based on the time_monotonic() * function. * * @param job job to schedule - * @param time absolut time to schedule job + * @param time absolute time to schedule job */ void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv); diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index 07f5eb5f2..5737e7a17 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -47,6 +47,7 @@ libstrongswan_tests_SOURCES = tests.h tests.c \ suites/test_auth_cfg.c \ suites/test_hasher.c \ suites/test_crypter.c \ + suites/test_proposal.c \ suites/test_crypto_factory.c \ suites/test_iv_gen.c \ suites/test_pen.c \ diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index f8f8ce83e..20cb27cf3 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -152,6 +152,7 @@ am_libstrongswan_tests_OBJECTS = libstrongswan_tests-tests.$(OBJEXT) \ suites/libstrongswan_tests-test_auth_cfg.$(OBJEXT) \ suites/libstrongswan_tests-test_hasher.$(OBJEXT) \ suites/libstrongswan_tests-test_crypter.$(OBJEXT) \ + suites/libstrongswan_tests-test_proposal.$(OBJEXT) \ suites/libstrongswan_tests-test_crypto_factory.$(OBJEXT) \ suites/libstrongswan_tests-test_iv_gen.$(OBJEXT) \ suites/libstrongswan_tests-test_pen.$(OBJEXT) \ @@ -535,6 +536,7 @@ libstrongswan_tests_SOURCES = tests.h tests.c \ suites/test_auth_cfg.c \ suites/test_hasher.c \ suites/test_crypter.c \ + suites/test_proposal.c \ suites/test_crypto_factory.c \ suites/test_iv_gen.c \ suites/test_pen.c \ @@ -683,6 +685,8 @@ suites/libstrongswan_tests-test_hasher.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libstrongswan_tests-test_crypter.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/libstrongswan_tests-test_proposal.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libstrongswan_tests-test_crypto_factory.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libstrongswan_tests-test_iv_gen.$(OBJEXT): \ @@ -750,6 +754,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_pen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_printf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_process.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_settings.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Po@am__quote@ @@ -1199,6 +1204,20 @@ suites/libstrongswan_tests-test_crypter.obj: suites/test_crypter.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi` +suites/libstrongswan_tests-test_proposal.o: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_proposal.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Tpo -c -o suites/libstrongswan_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libstrongswan_tests-test_proposal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c + +suites/libstrongswan_tests-test_proposal.obj: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_proposal.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Tpo -c -o suites/libstrongswan_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libstrongswan_tests-test_proposal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` + suites/libstrongswan_tests-test_crypto_factory.o: suites/test_crypto_factory.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_crypto_factory.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo -c -o suites/libstrongswan_tests-test_crypto_factory.o `test -f 'suites/test_crypto_factory.c' || echo '$(srcdir)/'`suites/test_crypto_factory.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Po diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c new file mode 100644 index 000000000..1a2f97d5f --- /dev/null +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -0,0 +1,220 @@ +/* + * Copyright (C) 2016-2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include + +static struct { + protocol_id_t proto; + char *proposal; + char *expected; +} create_data[] = { + { PROTO_IKE, "", NULL }, + { PROTO_IKE, "sha256", NULL }, + { PROTO_IKE, "sha256-modp3072", NULL }, + { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128", NULL }, + { PROTO_IKE, "aes128-sha256", NULL }, + { PROTO_IKE, "aes128-sha256-modpnone", NULL }, + { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-modp3072", NULL }, + { PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL }, + { PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "", NULL }, + { PROTO_ESP, "sha256", NULL }, + { PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" }, + { PROTO_AH, "", NULL }, + { PROTO_AH, "aes128", NULL }, + { PROTO_AH, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" }, + { PROTO_AH, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, +}; + +static void assert_proposal_eq(proposal_t *proposal, char *expected) +{ + char str[BUF_LEN]; + + if (!expected) + { + ck_assert(!proposal); + return; + } + snprintf(str, sizeof(str), "%P", proposal); + ck_assert_str_eq(expected, str); +} + +START_TEST(test_create_from_string) +{ + proposal_t *proposal; + + proposal = proposal_create_from_string(create_data[_i].proto, + create_data[_i].proposal); + assert_proposal_eq(proposal, create_data[_i].expected); + DESTROY_IF(proposal); +} +END_TEST + +static struct { + protocol_id_t proto; + char *self; + char *other; + char *expected; +} select_data[] = { + { PROTO_ESP, "aes128", "aes128", "aes128" }, + { PROTO_ESP, "aes128", "aes256", NULL }, + { PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" }, + { PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" }, + { PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, + { PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, + { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, + { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, +}; + +START_TEST(test_select) +{ + proposal_t *self, *other, *selected, *expected; + + self = proposal_create_from_string(select_data[_i].proto, + select_data[_i].self); + other = proposal_create_from_string(select_data[_i].proto, + select_data[_i].other); + selected = self->select(self, other, TRUE, FALSE); + if (select_data[_i].expected) + { + expected = proposal_create_from_string(select_data[_i].proto, + select_data[_i].expected); + ck_assert(selected); + ck_assert_msg(expected->equals(expected, selected), "proposal %P does " + "not match expected %P", selected, expected); + expected->destroy(expected); + } + else + { + ck_assert(!selected); + } + DESTROY_IF(selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_select_spi) +{ + proposal_t *self, *other, *selected; + + self = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072"); + other = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072"); + other->set_spi(other, 0x12345678); + + selected = self->select(self, other, TRUE, FALSE); + ck_assert(selected); + ck_assert_int_eq(selected->get_spi(selected), other->get_spi(other)); + selected->destroy(selected); + + selected = self->select(self, other, FALSE, FALSE); + ck_assert(selected); + ck_assert_int_eq(selected->get_spi(selected), self->get_spi(self)); + selected->destroy(selected); + + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_promote_dh_group) +{ + proposal_t *proposal; + + proposal = proposal_create_from_string(PROTO_IKE, + "aes128-sha256-modp3072-ecp256"); + ck_assert(proposal->promote_dh_group(proposal, ECP_256_BIT)); + assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/MODP_3072"); + proposal->destroy(proposal); +} +END_TEST + +START_TEST(test_promote_dh_group_already_front) +{ + proposal_t *proposal; + + proposal = proposal_create_from_string(PROTO_IKE, + "aes128-sha256-modp3072-ecp256"); + ck_assert(proposal->promote_dh_group(proposal, MODP_3072_BIT)); + assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256"); + proposal->destroy(proposal); +} +END_TEST + +START_TEST(test_promote_dh_group_not_contained) +{ + proposal_t *proposal; + + proposal = proposal_create_from_string(PROTO_IKE, + "aes128-sha256-modp3072-ecp256"); + + ck_assert(!proposal->promote_dh_group(proposal, MODP_2048_BIT)); + assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256"); + proposal->destroy(proposal); +} +END_TEST + +Suite *proposal_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("proposal"); + + tc = tcase_create("create_from_string"); + tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("select"); + tcase_add_loop_test(tc, test_select, 0, countof(select_data)); + tcase_add_test(tc, test_select_spi); + suite_add_tcase(s, tc); + + tc = tcase_create("promote_dh_group"); + tcase_add_test(tc, test_promote_dh_group); + tcase_add_test(tc, test_promote_dh_group_already_front); + tcase_add_test(tc, test_promote_dh_group_not_contained); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 353010aaf..b423d7d2d 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -877,8 +877,23 @@ static struct { {"/0xff", TRUE, { 0, 0xff }}, {"/x", FALSE, { 0 }}, {"x/x", FALSE, { 0 }}, - {"0xffffffff/0x0000ffff", TRUE, { 0x0000ffff, 0x0000ffff }}, - {"0xffffffff/0xffffffff", TRUE, { 0xffffffff, 0xffffffff }}, + {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }}, + {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique/", TRUE, { MARK_UNIQUE, 0 }}, + {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, + {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique0xffffffffff", FALSE, { 0, 0 }}, + {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, + {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }}, + {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir0xffffffff", FALSE, { 0, 0 }}, + {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-/0xffffffff", FALSE, { 0, 0 }}, + {"%unique-foo/0xffffffff", FALSE, { 0, 0 }}, }; START_TEST(test_mark_from_string) diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 525bdeb94..5fab227f2 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -40,6 +40,7 @@ TEST_SUITE(printf_suite_create) TEST_SUITE(auth_cfg_suite_create) TEST_SUITE(hasher_suite_create) TEST_SUITE(crypter_suite_create) +TEST_SUITE(proposal_suite_create) TEST_SUITE(crypto_factory_suite_create) TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG) TEST_SUITE(pen_suite_create) diff --git a/src/libstrongswan/threading/semaphore.h b/src/libstrongswan/threading/semaphore.h index d3ab0f3d9..bb384e669 100644 --- a/src/libstrongswan/threading/semaphore.h +++ b/src/libstrongswan/threading/semaphore.h @@ -29,7 +29,7 @@ typedef struct semaphore_t semaphore_t; * A semaphore is basically an integer whose value is never allowed to be * lower than 0. Two operations can be performed on it: increment the * value by one, and decrement the value by one. If the value is currently - * zero, then the decrement operation will blcok until the value becomes + * zero, then the decrement operation will block until the value becomes * greater than zero. */ struct semaphore_t { diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 8f4b7efff..3a7984098 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -478,7 +478,7 @@ chunk_t chunk_to_hex(chunk_t chunk, char *buf, bool uppercase) } /** - * convert a signle hex character to its binary value + * convert a single hex character to its binary value */ static char hex2bin(char hex) { @@ -859,7 +859,7 @@ static inline uint64_t siplast(size_t len, u_char *pos) } /** - * Caculate SipHash-2-4 with an optional first block given as argument. + * Calculate SipHash-2-4 with an optional first block given as argument. */ static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m) { diff --git a/src/libtls/tls_alert.c b/src/libtls/tls_alert.c index 7dd219db8..69570e9c9 100644 --- a/src/libtls/tls_alert.c +++ b/src/libtls/tls_alert.c @@ -106,7 +106,7 @@ struct private_tls_alert_t { bool consumed; /** - * Fatal alert discription + * Fatal alert description */ tls_alert_desc_t desc; }; diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 7f7742e88..0ec2f5cbe 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -376,7 +376,7 @@ struct private_tls_crypto_t { tls_cache_t *cache; /** - * All handshake data concatentated + * All handshake data concatenated */ chunk_t handshake; diff --git a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h index 3477fa74e..cf6110868 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h +++ b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h @@ -28,7 +28,7 @@ typedef struct imc_imv_msg_t imc_imv_msg_t; #include /** - * Classs representing the PB-PA message type. + * Class representing the PB-PA message type. */ struct imc_imv_msg_t { diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am index 5f3a97a99..1b3a9706f 100644 --- a/src/libtpmtss/Makefile.am +++ b/src/libtpmtss/Makefile.am @@ -48,5 +48,3 @@ if MONOLITHIC libtpmtss_la_LIBADD += plugins/tpm/libstrongswan-tpm.la endif endif - - diff --git a/src/libtpmtss/plugins/tpm/Makefile.am b/src/libtpmtss/plugins/tpm/Makefile.am index 281281022..27db5cc01 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.am +++ b/src/libtpmtss/plugins/tpm/Makefile.am @@ -15,6 +15,7 @@ endif libstrongswan_tpm_la_SOURCES = \ tpm_plugin.h tpm_plugin.c \ + tpm_cert.h tpm_cert.c \ tpm_private_key.h tpm_private_key.c \ tpm_rng.h tpm_rng.c diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in index a12c18a35..e03e73656 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.in +++ b/src/libtpmtss/plugins/tpm/Makefile.in @@ -138,8 +138,8 @@ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) @MONOLITHIC_FALSE@libstrongswan_tpm_la_DEPENDENCIES = \ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtpmtss/libtpmtss.la -am_libstrongswan_tpm_la_OBJECTS = tpm_plugin.lo tpm_private_key.lo \ - tpm_rng.lo +am_libstrongswan_tpm_la_OBJECTS = tpm_plugin.lo tpm_cert.lo \ + tpm_private_key.lo tpm_rng.lo libstrongswan_tpm_la_OBJECTS = $(am_libstrongswan_tpm_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -465,6 +465,7 @@ AM_CFLAGS = \ libstrongswan_tpm_la_SOURCES = \ tpm_plugin.h tpm_plugin.c \ + tpm_cert.h tpm_cert.c \ tpm_private_key.h tpm_private_key.c \ tpm_rng.h tpm_rng.c @@ -558,6 +559,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_cert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_private_key.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_rng.Plo@am__quote@ diff --git a/src/libtpmtss/plugins/tpm/tpm_cert.c b/src/libtpmtss/plugins/tpm/tpm_cert.c new file mode 100644 index 000000000..248da7e53 --- /dev/null +++ b/src/libtpmtss/plugins/tpm/tpm_cert.c @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule für Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_cert.h" + +#include + +#include + + +/** + * See header. + */ +certificate_t *tpm_cert_load(certificate_type_t type, va_list args) +{ + tpm_tss_t *tpm; + chunk_t keyid = chunk_empty, pin = chunk_empty, data = chunk_empty; + certificate_t *cert; + char handle_str[4]; + size_t len; + uint32_t hierarchy = 0x40000001; /* TPM_RH_OWNER */ + uint32_t handle; + bool success; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_PKCS11_KEYID: + keyid = va_arg(args, chunk_t); + continue; + case BUILD_PKCS11_SLOT: + hierarchy = va_arg(args, int); + continue; + case BUILD_PKCS11_MODULE: + va_arg(args, char*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + /* convert keyid into 32 bit TPM key object handle */ + if (!keyid.len) + { + return NULL; + } + len = min(keyid.len, 4); + memset(handle_str, 0x00, 4); + memcpy(handle_str + 4 - len, keyid.ptr + keyid.len - len, len); + handle = untoh32(handle_str); + + /* try to find a TPM 2.0 */ + tpm = tpm_tss_probe(TPM_VERSION_2_0); + if (!tpm) + { + DBG1(DBG_LIB, "no TPM 2.0 found"); + return NULL; + } + success = tpm->get_data(tpm, hierarchy, handle, pin, &data); + tpm->destroy(tpm); + + if (!success) + { + DBG1(DBG_LIB, "loading certificate from TPM NV index 0x%08x failed", + handle); + return NULL; + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, data, BUILD_END); + free(data.ptr); + + if (!cert) + { + DBG1(DBG_LIB, "parsing certificate from TPM NV index 0x%08x failed", + handle); + return NULL; + } + DBG1(DBG_LIB, "loaded certificate from TPM NV index 0x%08x", handle); + + return cert; +} diff --git a/src/libtpmtss/plugins/tpm/tpm_cert.h b/src/libtpmtss/plugins/tpm/tpm_cert.h new file mode 100644 index 000000000..a6cb34554 --- /dev/null +++ b/src/libtpmtss/plugins/tpm/tpm_cert.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_cert tpm_cert + * @{ @ingroup tpm + */ + +#ifndef TPM_CERT_H_ +#define TPM_CERT_H_ + +#include + +/** + * Load a specific certificate from a TPM + * + * Requires a BUILD_PKCS11_KEYID argument, and optionally a BUILD_PKCS11_SLOT + * to designate the NV storage hierarchy. + * + * @param type certificate type, must be CERT_X509 + * @param args variable argument list, containing BUILD_PKCS11_KEYID. + * @return loaded certificate, or NULL on failure + */ +certificate_t *tpm_cert_load(certificate_type_t type, va_list args); + +#endif /** TPM_CERT_H_ @}*/ diff --git a/src/libtpmtss/plugins/tpm/tpm_plugin.c b/src/libtpmtss/plugins/tpm/tpm_plugin.c index b9a4c12a8..e98899852 100644 --- a/src/libtpmtss/plugins/tpm/tpm_plugin.c +++ b/src/libtpmtss/plugins/tpm/tpm_plugin.c @@ -15,6 +15,7 @@ #include "tpm_plugin.h" #include "tpm_private_key.h" +#include "tpm_cert.h" #include "tpm_rng.h" #include @@ -50,13 +51,19 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PRIVKEY, tpm_private_key_connect, FALSE), PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), }; - static plugin_feature_t f[countof(f_rng) + countof(f_privkey)] = {}; - + static plugin_feature_t f_cert[] = { + PLUGIN_REGISTER(CERT_DECODE, tpm_cert_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509), + PLUGIN_DEPENDS(CERT_DECODE, CERT_X509), + }; + static plugin_feature_t f[countof(f_rng) + countof(f_privkey) + + countof(f_cert)] = {}; static int count = 0; if (!count) { plugin_features_add(f, f_privkey, countof(f_privkey), &count); + plugin_features_add(f, f_cert, countof(f_cert), &count); if (lib->settings->get_bool(lib->settings, "%s.plugins.tpm.use_rng", FALSE, lib->ns)) diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h index f408d0440..bcb7ab949 100644 --- a/src/libtpmtss/tpm_tss.h +++ b/src/libtpmtss/tpm_tss.h @@ -143,6 +143,18 @@ struct tpm_tss_t { */ bool (*get_random)(tpm_tss_t *this, size_t bytes, uint8_t *buffer); + /** + * Get a data blob from TPM NV store using its object handle (TPM 2.0 only) + * + * @param handle object handle of TPM key to be used for signature + * @param hierarchy hierarchy the TPM key object is attached to + * @param pin PIN code or empty chunk + * @param data returns data blob + * @return TRUE if data retrieval succeeded + */ + bool (*get_data)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, + chunk_t pin, chunk_t *data); + /** * Destroy a tpm_tss_t. */ diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c index d5bc2b84f..6ed57af9d 100644 --- a/src/libtpmtss/tpm_tss_trousers.c +++ b/src/libtpmtss/tpm_tss_trousers.c @@ -595,6 +595,13 @@ METHOD(tpm_tss_t, get_random, bool, return FALSE; } +METHOD(tpm_tss_t, get_data, bool, + private_tpm_tss_trousers_t *this, uint32_t hierarchy, uint32_t handle, + chunk_t pin, chunk_t *data) +{ + return FALSE; +} + METHOD(tpm_tss_t, destroy, void, private_tpm_tss_trousers_t *this) { @@ -639,6 +646,7 @@ tpm_tss_t *tpm_tss_trousers_create() .quote = _quote, .sign = _sign, .get_random = _get_random, + .get_data = _get_data, .destroy = _destroy, }, .load_aik = _load_aik, diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c index 4c0d95fe5..8b91fb44a 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -150,14 +150,56 @@ static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM_ALG_ID alg_id) static bool get_algs_capability(private_tpm_tss_tss2_t *this) { TPMS_CAPABILITY_DATA cap_data; + TPMS_TAGGED_PROPERTY tp; TPMI_YES_NO more_data; TPM_ALG_ID alg; - uint32_t rval, i; + uint32_t rval, i, offset, revision = 0, year = 0; size_t len = BUF_LEN; - char buf[BUF_LEN]; + char buf[BUF_LEN], manufacturer[5], vendor_string[17]; char *pos = buf; int written; + /* get fixed properties */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES, + PT_FIXED, MAX_TPM_PROPERTIES, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_TPM_PROPERTIES: 0x%06x", + LABEL, rval); + return FALSE; + } + memset(manufacturer, '\0', sizeof(manufacturer)); + memset(vendor_string, '\0', sizeof(vendor_string)); + + /* print fixed properties */ + for (i = 0; i < cap_data.data.tpmProperties.count; i++) + { + tp = cap_data.data.tpmProperties.tpmProperty[i]; + switch (tp.property) + { + case TPM_PT_REVISION: + revision = tp.value; + break; + case TPM_PT_YEAR: + year = tp.value; + break; + case TPM_PT_MANUFACTURER: + htoun32(manufacturer, tp.value); + break; + case TPM_PT_VENDOR_STRING_1: + case TPM_PT_VENDOR_STRING_2: + case TPM_PT_VENDOR_STRING_3: + case TPM_PT_VENDOR_STRING_4: + offset = 4 * (tp.property - TPM_PT_VENDOR_STRING_1); + htoun32(vendor_string + offset, tp.value); + break; + default: + break; + } + } + DBG2(DBG_PTS, "%s manufacturer: %s (%s) rev: %05.2f %u", LABEL, manufacturer, + vendor_string, (float)revision/100, year); + /* get supported algorithms */ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ALGS, 0, TPM_PT_ALGORITHM_SET, &more_data, &cap_data, 0); @@ -433,6 +475,7 @@ METHOD(tpm_tss_t, get_public, chunk_t, { DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " "failed", LABEL); + return chunk_empty; } break; } @@ -563,8 +606,93 @@ METHOD(tpm_tss_t, extend_pcr, bool, private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, chunk_t data, hash_algorithm_t alg) { - /* TODO */ - return FALSE; + uint32_t rval; + TPM_ALG_ID alg_id; + TPML_DIGEST_VALUES digest_values; + TPMS_AUTH_COMMAND session_data_cmd; + TPMS_AUTH_RESPONSE session_data_rsp; + TSS2_SYS_CMD_AUTHS sessions_data_cmd; + TSS2_SYS_RSP_AUTHS sessions_data_rsp; + TPMS_AUTH_COMMAND *session_data_cmd_array[1]; + TPMS_AUTH_RESPONSE *session_data_rsp_array[1]; + + session_data_cmd_array[0] = &session_data_cmd; + session_data_rsp_array[0] = &session_data_rsp; + + sessions_data_cmd.cmdAuths = &session_data_cmd_array[0]; + sessions_data_rsp.rspAuths = &session_data_rsp_array[0]; + + sessions_data_cmd.cmdAuthsCount = 1; + sessions_data_rsp.rspAuthsCount = 1; + + session_data_cmd.sessionHandle = TPM_RS_PW; + session_data_cmd.hmac.t.size = 0; + session_data_cmd.nonce.t.size = 0; + + *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; + + /* check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, alg); + return FALSE; + } + + digest_values.count = 1; + digest_values.digests[0].hashAlg = alg_id; + + switch (alg) + { + case HASH_SHA1: + if (data.len != HASH_SIZE_SHA1) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha1, data.ptr, + HASH_SIZE_SHA1); + break; + case HASH_SHA256: + if (data.len != HASH_SIZE_SHA256) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha256, data.ptr, + HASH_SIZE_SHA256); + break; + case HASH_SHA384: + if (data.len != HASH_SIZE_SHA384) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha384, data.ptr, + HASH_SIZE_SHA384); + break; + case HASH_SHA512: + if (data.len != HASH_SIZE_SHA512) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha512, data.ptr, + HASH_SIZE_SHA512); + break; + default: + return FALSE; + } + + /* extend PCR */ + rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &sessions_data_cmd, + &digest_values, &sessions_data_rsp); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x", + LABEL, pcr_num, rval); + return FALSE; + } + + /* get updated PCR value */ + return read_pcr(this, pcr_num, pcr_value, alg); } METHOD(tpm_tss_t, quote, bool, @@ -913,6 +1041,78 @@ METHOD(tpm_tss_t, get_random, bool, return TRUE; } +METHOD(tpm_tss_t, get_data, bool, + private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle, + chunk_t pin, chunk_t *data) +{ + uint16_t nv_size, nv_offset = 0; + uint32_t rval; + + TPM2B_NAME nv_name = { { sizeof(TPM2B_NAME)-2, } }; + TPM2B_NV_PUBLIC nv_public = { { 0, } }; + TPM2B_MAX_NV_BUFFER nv_data = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } }; + TPMS_AUTH_COMMAND session_data_cmd; + TPMS_AUTH_RESPONSE session_data_rsp; + TSS2_SYS_CMD_AUTHS sessions_data_cmd; + TSS2_SYS_RSP_AUTHS sessions_data_rsp; + TPMS_AUTH_COMMAND *session_data_cmd_array[1]; + TPMS_AUTH_RESPONSE *session_data_rsp_array[1]; + + /* get size of NV object */ + rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public, + &nv_name, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval); + return FALSE; + } + nv_size = nv_public.t.nvPublic.dataSize; + *data = chunk_alloc(nv_size); + + /*prepare NV read session */ + session_data_cmd_array[0] = &session_data_cmd; + session_data_rsp_array[0] = &session_data_rsp; + + sessions_data_cmd.cmdAuths = &session_data_cmd_array[0]; + sessions_data_rsp.rspAuths = &session_data_rsp_array[0]; + + sessions_data_cmd.cmdAuthsCount = 1; + sessions_data_rsp.rspAuthsCount = 1; + + session_data_cmd.sessionHandle = TPM_RS_PW; + session_data_cmd.nonce.t.size = 0; + session_data_cmd.hmac.t.size = 0; + + if (pin.len > 0) + { + session_data_cmd.hmac.t.size = min(sizeof(session_data_cmd.hmac.t) - 2, + pin.len); + memcpy(session_data_cmd.hmac.t.buffer, pin.ptr, + session_data_cmd.hmac.t.size); + } + *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; + + /* read NV data an NV buffer block at a time */ + while (nv_size > 0) + { + rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, + &sessions_data_cmd, min(nv_size, MAX_NV_BUFFER_SIZE), + nv_offset, &nv_data, &sessions_data_rsp); + + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval); + chunk_free(data); + return FALSE; + } + memcpy(data->ptr + nv_offset, nv_data.t.buffer, nv_data.t.size); + nv_offset += nv_data.t.size; + nv_size -= nv_data.t.size; + } + + return TRUE; +} + METHOD(tpm_tss_t, destroy, void, private_tpm_tss_tss2_t *this) { @@ -939,6 +1139,7 @@ tpm_tss_t *tpm_tss_tss2_create() .quote = _quote, .sign = _sign, .get_random = _get_random, + .get_data = _get_data, .destroy = _destroy, }, ); diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 80210166a..2ab3e61fc 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -60,7 +60,8 @@ static int print() credential_type_t type = CRED_CERTIFICATE; int subtype = CERT_X509; void *cred; - char *arg, *file = NULL; + char *arg, *file = NULL, *keyid = NULL; + chunk_t chunk; while (TRUE) { @@ -126,6 +127,9 @@ static int print() case 'i': file = arg; continue; + case 'x': + keyid = arg; + continue; case EOF: break; default: @@ -133,15 +137,20 @@ static int print() } break; } - if (file) + if (keyid) + { + chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + free(chunk.ptr); + } + else if (file) { cred = lib->creds->create(lib->creds, type, subtype, BUILD_FROM_FILE, file, BUILD_END); } else { - chunk_t chunk; - set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { @@ -187,10 +196,12 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { print, 'a', "print", "print a credential in a human readable form", - {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"}, + {"[--in file|--keyid hex] " + "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, + {"keyid", 'x', 1, "smartcard or TPM object handle"}, {"type", 't', 1, "type of credential, default: x509"}, } }); diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in index ad85fb381..09b8a10c3 100644 --- a/src/pki/man/pki---print.1.in +++ b/src/pki/man/pki---print.1.in @@ -7,7 +7,9 @@ pki \-\-print \- Print a credential (key, certificate etc.) in human readable fo .SH "SYNOPSIS" . .SY pki\ \-\-print -.OP \-\-in file +.RB [ \-\-in +.IR file | \fB\-\-keyid\fR +.IR hex ] .OP \-\-type type .OP \-\-debug level .YS @@ -43,6 +45,10 @@ Read command line options from \fIfile\fR. .BI "\-i, \-\-in " file Input file. If not given the input is read from \fISTDIN\fR. .TP +.BI "\-x, \-\-keyid " hex +Smartcard or TPM private key or certificate object handle in hex format with +an optional 0x prefix. +.TP .BI "\-t, \-\-type " type Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), diff --git a/src/pt-tls-client/pt-tls-client.1.in b/src/pt-tls-client/pt-tls-client.1.in index 795054c80..3e14cbe37 100644 --- a/src/pt-tls-client/pt-tls-client.1.in +++ b/src/pt-tls-client/pt-tls-client.1.in @@ -10,7 +10,8 @@ pt-tls-client \- Simple client using PT-TLS to collect integrity information .BI \-\-connect .IR hostname |\fIaddress .OP \-\-port hex -.RB [ \-\-cert +.RB [ \-\-certid +.IR hex |\fB\-\-cert .IR file ]+ .RB [ \-\-keyid .IR hex |\fB\-\-key @@ -64,6 +65,10 @@ Set the port of the PT-TLS server, default: 271. Set the path to an X.509 certificate file. This option can be repeated to load multiple client and CA certificates. .TP +.BI "\-X, \-\-certid " hex +Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted +Platform Module. +.TP .BI "\-k, \-\-key " file Set the path to the client's PKCS#1 or PKCS#8 private key file .TP @@ -71,7 +76,7 @@ Set the path to the client's PKCS#1 or PKCS#8 private key file Define the type of the private key if stored in PKCS#1 format. Can be omitted with PKCS#8 keys. .TP -.BI "\-x, \-\-keyid " hex +.BI "\-K, \-\-keyid " hex Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted Platform Module. .TP diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 841724eb3..d31e16220 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -42,7 +42,7 @@ static void usage(FILE *out) { fprintf(out, "Usage: pt-tls --connect [--port ]\n" - " [--cert ]+ [--keyid |--key ]\n" + " [--certid |--cert ]+ [--keyid |--key ]\n" " [--key-type rsa|ecdsa] [--client ]\n" " [--secret ] [--mutual] [--quiet]\n" " [--debug ] [--options ]\n"); @@ -104,15 +104,26 @@ static mem_cred_t *creds; /** * Load certificate from file */ -static bool load_certificate(char *filename) +static bool load_certificate(char *certid, char *filename) { certificate_t *cert; + chunk_t chunk; - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, filename, BUILD_END); + if (certid) + { + chunk = chunk_from_hex(chunk_create(certid, strlen(certid)), NULL); + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + } + else + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, filename, BUILD_END); + } if (!cert) { - DBG1(DBG_TLS, "loading certificate from '%s' failed", filename); + DBG1(DBG_TLS, "loading certificate from '%s' failed", + certid ? certid : filename); return FALSE; } creds->add_cert(creds, TRUE, cert); @@ -282,6 +293,7 @@ int main(int argc, char *argv[]) {"client", required_argument, NULL, 'i' }, {"secret", required_argument, NULL, 's' }, {"port", required_argument, NULL, 'p' }, + {"certid", required_argument, NULL, 'X' }, {"cert", required_argument, NULL, 'x' }, {"keyid", required_argument, NULL, 'K' }, {"key", required_argument, NULL, 'k' }, @@ -301,8 +313,14 @@ int main(int argc, char *argv[]) case 'h': /* --help */ usage(stdout); return 0; + case 'X': /* --certid */ + if (!load_certificate(optarg, NULL)) + { + return 1; + } + continue; case 'x': /* --cert */ - if (!load_certificate(optarg)) + if (!load_certificate(NULL, optarg)) { return 1; } diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c index 19e7050da..f692e9966 100644 --- a/src/swanctl/commands/list_conns.c +++ b/src/swanctl/commands/list_conns.c @@ -84,8 +84,8 @@ CALLBACK(children_sn, int, { hashtable_t *child; char *mode, *interface, *priority; - char *rekey_time, *rekey_bytes, *rekey_packets; - bool no_time, no_bytes, no_packets, or = FALSE; + char *rekey_time, *rekey_bytes, *rekey_packets, *dpd_action, *dpd_delay; + bool no_time, no_bytes, no_packets, no_dpd, or = FALSE; int ret; child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); @@ -98,14 +98,18 @@ CALLBACK(children_sn, int, rekey_time = child->get(child, "rekey_time"); rekey_bytes = child->get(child, "rekey_bytes"); rekey_packets = child->get(child, "rekey_packets"); + dpd_action = child->get(child, "dpd_action"); + dpd_delay = ike->get(ike, "dpd_delay"); + no_time = streq(rekey_time, "0"); no_bytes = streq(rekey_bytes, "0"); no_packets = streq(rekey_packets, "0"); + no_dpd = streq(dpd_delay, "0"); if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") || (no_time && no_bytes && no_packets)) { - printf("no rekeying\n"); + printf("no rekeying"); } else { @@ -124,8 +128,12 @@ CALLBACK(children_sn, int, { printf("%s %s packets", or ? " or" : "", rekey_packets); } - printf("\n"); } + if (!no_dpd) + { + printf(", dpd action is %s", dpd_action); + } + printf("\n"); printf(" local: %s\n", child->get(child, "local-ts")); printf(" remote: %s\n", child->get(child, "remote-ts")); @@ -153,7 +161,7 @@ CALLBACK(conn_sn, int, if (streq(name, "children")) { - return vici_parse_cb(res, children_sn, NULL, NULL, NULL); + return vici_parse_cb(res, children_sn, NULL, NULL, ike); } if (strpfx(name, "local") || strpfx(name, "remote")) { @@ -225,11 +233,17 @@ CALLBACK(conn_list, int, CALLBACK(conns, int, void *null, vici_res_t *res, char *name) { - char *version, *reauth_time, *rekey_time; + int ret; + char *version, *reauth_time, *rekey_time, *dpd_delay; + hashtable_t *ike; version = vici_find_str(res, "", "%s.version", name); - reauth_time = vici_find_str(res, "", "%s.reauth_time", name); - rekey_time = vici_find_str(res, "", "%s.rekey_time", name); + reauth_time = vici_find_str(res, "0", "%s.reauth_time", name); + rekey_time = vici_find_str(res, "0", "%s.rekey_time", name); + dpd_delay = vici_find_str(res, "0", "%s.dpd_delay", name); + + ike = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); + free(ike->put(ike,"dpd_delay", strdup(dpd_delay))); printf("%s: %s, ", name, version); if (streq(version, "IKEv1")) @@ -247,22 +261,26 @@ CALLBACK(conns, int, { printf("reauthentication every %ss", reauth_time); } - if (streq(version, "IKEv1")) - { - printf("\n"); - } - else + if (!streq(version, "IKEv1")) { if (streq(rekey_time, "0")) { - printf(", no rekeying\n"); + printf(", no rekeying"); } else { - printf(", rekeying every %ss\n", rekey_time); + printf(", rekeying every %ss", rekey_time); } } - return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL); + if (!streq(dpd_delay, "0")) + { + printf(", dpd delay %ss", dpd_delay); + } + printf("\n"); + + ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike); + free_hashtable(ike); + return ret; } CALLBACK(list_cb, void, diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c index 8947866f5..d82c0f98e 100644 --- a/src/swanctl/commands/load_authorities.c +++ b/src/swanctl/commands/load_authorities.c @@ -75,15 +75,15 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value) } /** - * Translate sletting key/values from a section into vici key-values/lists + * Translate sletting key/values from a section enumerator into vici + * key-values/lists. Destroys the enumerator. */ -static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) +static bool add_key_values(vici_req_t *req, enumerator_t *enumerator) { - enumerator_t *enumerator; char *key, *value; bool ret = TRUE; - enumerator = cfg->create_key_value_enumerator(cfg, section); + while (enumerator->enumerate(enumerator, &key, &value)) { if (streq(key, "cacert")) @@ -115,17 +115,17 @@ static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) static bool load_authority(vici_conn_t *conn, settings_t *cfg, char *section, command_format_options_t format) { + enumerator_t *enumerator; vici_req_t *req; vici_res_t *res; bool ret = TRUE; - char buf[128]; - - snprintf(buf, sizeof(buf), "%s.%s", "authorities", section); req = vici_begin("load-authority"); vici_begin_section(req, section); - if (!add_key_values(req, cfg, buf)) + enumerator = cfg->create_key_value_enumerator(cfg, "authorities.%s", + section); + if (!add_key_values(req, enumerator)) { vici_free_req(req); return FALSE; diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index d8541061e..15ef2f151 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -337,7 +337,7 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type, credential_type_t credtype; int subtype; enumerator_t *enumerator, *secrets; - char *section, *key, *value, *file, buf[128]; + char *section, *key, *value, *file; shared_key_t *shared; void *cred = NULL; mem_cred_t *mem = NULL; @@ -356,8 +356,8 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type, file = ctx->cfg->get_str(ctx->cfg, "secrets.%s.file", NULL, section); if (file && strcaseeq(file, name)) { - snprintf(buf, sizeof(buf), "secrets.%s", section); - secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf); + secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg, + "secrets.%s", section); while (secrets->enumerate(secrets, &key, &value)) { if (strpfx(key, "secret")) @@ -657,7 +657,7 @@ static bool load_secret(load_ctx_t *ctx, char *section) vici_req_t *req; vici_res_t *res; chunk_t data; - char *key, *value, buf[128], *type = NULL; + char *key, *value, *type = NULL; bool ret = TRUE; int i; char *types[] = { @@ -720,8 +720,8 @@ static bool load_secret(load_ctx_t *ctx, char *section) chunk_clear(&data); vici_begin_list(req, "owners"); - snprintf(buf, sizeof(buf), "secrets.%s", section); - enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf); + enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, "secrets.%s", + section); while (enumerator->enumerate(enumerator, &key, &value)) { if (strpfx(key, "id")) diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index 2b9fa2d42..feb8d3a52 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -41,14 +41,13 @@ static void add_list_key(vici_req_t *req, char *key, char *value) } /** - * Translate setting key/values from a section into vici key-values/lists + * Translate setting key/values from a section enumerator into vici + * key-values/lists. Destroys the enumerator. */ -static void add_key_values(vici_req_t *req, settings_t *cfg, char *section) +static void add_key_values(vici_req_t *req, enumerator_t *enumerator) { - enumerator_t *enumerator; char *key, *value; - enumerator = cfg->create_key_value_enumerator(cfg, section); while (enumerator->enumerate(enumerator, &key, &value)) { /* pool subnet is encoded as key/value, all other attributes as list */ @@ -70,17 +69,16 @@ static void add_key_values(vici_req_t *req, settings_t *cfg, char *section) static bool load_pool(vici_conn_t *conn, settings_t *cfg, char *section, command_format_options_t format) { + enumerator_t *enumerator; vici_req_t *req; vici_res_t *res; bool ret = TRUE; - char buf[128]; - - snprintf(buf, sizeof(buf), "%s.%s", "pools", section); req = vici_begin("load-pool"); vici_begin_section(req, section); - add_key_values(req, cfg, buf); + enumerator = cfg->create_key_value_enumerator(cfg, "pools.%s", section); + add_key_values(req, enumerator); vici_end_section(req); res = vici_submit(req, conn); diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 6c73d4775..637661083 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -726,9 +726,10 @@ trustchain validation, append hash algorithms to .RI "" "pubkey" "" or a key strength definition (for example -.RI "" "pubkey\-sha1\-sha256" "" +.RI "" "pubkey\-sha256\-sha512" "," +.RI "" "rsa\-2048\-sha256\-sha384\-sha512" "" or -.RI "" "rsa\-2048\-ecdsa\-256\-sha256\-sha384\-sha512" ")." +.RI "" "rsa\-2048\-sha256\-ecdsa\-256\-sha256\-sha384" ")." Unless disabled in .RB "" "strongswan.conf" "(5)," or explicit IKEv2 signature constraints are configured diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 2dd9ea374..5675b31ca 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -587,8 +587,9 @@ connections..remote.auth = pubkey key type followed by the minimum strength in bits (for example _ecdsa-384_ or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms to _pubkey_ or a key - strength definition (for example _pubkey-sha1-sha256_ or - _rsa-2048-ecdsa-256-sha256-sha384-sha512_). + strength definition (for example _pubkey-sha256-sha512_, + _rsa-2048-sha256-sha384-sha512_ or + _rsa-2048-sha256-ecdsa-256-sha256-sha384_). Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature constraints are configured (refer to the description of the **local** section's **auth** keyword for details), such key types and hash algorithms diff --git a/src/tpm_extendpcr/Makefile.am b/src/tpm_extendpcr/Makefile.am new file mode 100644 index 000000000..2e2474418 --- /dev/null +++ b/src/tpm_extendpcr/Makefile.am @@ -0,0 +1,14 @@ +bin_PROGRAMS = tpm_extendpcr + +tpm_extendpcr_SOURCES = tpm_extendpcr.c + +tpm_extendpcr_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +tpm_extendpcr.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" diff --git a/src/tpm_extendpcr/Makefile.in b/src/tpm_extendpcr/Makefile.in new file mode 100644 index 000000000..0ce681c69 --- /dev/null +++ b/src/tpm_extendpcr/Makefile.in @@ -0,0 +1,769 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = tpm_extendpcr$(EXEEXT) +subdir = src/tpm_extendpcr +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am_tpm_extendpcr_OBJECTS = tpm_extendpcr.$(OBJEXT) +tpm_extendpcr_OBJECTS = $(am_tpm_extendpcr_OBJECTS) +tpm_extendpcr_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(tpm_extendpcr_SOURCES) +DIST_SOURCES = $(tpm_extendpcr_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +tpm_extendpcr_SOURCES = tpm_extendpcr.c +tpm_extendpcr_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/tpm_extendpcr/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/tpm_extendpcr/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +tpm_extendpcr$(EXEEXT): $(tpm_extendpcr_OBJECTS) $(tpm_extendpcr_DEPENDENCIES) $(EXTRA_tpm_extendpcr_DEPENDENCIES) + @rm -f tpm_extendpcr$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tpm_extendpcr_OBJECTS) $(tpm_extendpcr_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_extendpcr.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS + +.PRECIOUS: Makefile + + +tpm_extendpcr.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tpm_extendpcr/tpm_extendpcr.c b/src/tpm_extendpcr/tpm_extendpcr.c new file mode 100644 index 000000000..31d0d3d25 --- /dev/null +++ b/src/tpm_extendpcr/tpm_extendpcr.c @@ -0,0 +1,317 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include +#include +#include + +#include +#include +#include + + +/* logging */ +static bool log_to_stderr = TRUE; +static bool log_to_syslog = TRUE; +static level_t default_loglevel = 1; + +/* global variables */ +tpm_tss_t *tpm; +chunk_t digest; +chunk_t pcr_value; + +/** + * logging function for tpm_extendpcr + */ +static void tpm_extendpcr_dbg(debug_t group, level_t level, char *fmt, ...) +{ + char buffer[8192]; + char *current = buffer, *next; + va_list args; + + if (level <= default_loglevel) + { + if (log_to_stderr) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fprintf(stderr, "\n"); + } + if (log_to_syslog) + { + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(LOG_INFO, "%s\n", current); + current = next; + } + } + } +} + +/** + * Initialize logging to stderr/syslog + */ +static void init_log(const char *program) +{ + dbg = tpm_extendpcr_dbg; + + if (log_to_stderr) + { + setbuf(stderr, NULL); + } + if (log_to_syslog) + { + openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); + } +} + +/** + * @brief exit tpm_extendpcr + * + * @param status 0 = OK, -1 = general discomfort + */ +static void exit_tpm_extendpcr(err_t message, ...) +{ + int status = 0; + + DESTROY_IF(tpm); + chunk_free(&digest); + chunk_free(&pcr_value); + + /* print any error message to stderr */ + if (message != NULL && *message != '\0') + { + va_list args; + char m[8192]; + + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); + + fprintf(stderr, "tpm_extendpcr error: %s\n", m); + status = -1; + } + library_deinit(); + exit(status); +} + +/** + * @brief prints the usage of the program to the stderr output + * + * If message is set, program is exited with 1 (error) + * @param message message in case of an error + */ +static void usage(const char *message) +{ + fprintf(stderr, + "Usage: tpm_extendpcr [--alg ] --pcr --digest |--in" + " \n" + " [--hash] [--out ] [--quiet]" + " [--debug ]\n" + " tpm_extendpcr --help\n" + "\n" + "Options:\n" + " --alg (-a) hash algorithm (sha1|sha256)\n" + " --pcr (-p) platform configuration register (0..23)\n" + " --digest (-d) digest in hex format to be extended\n" + " --in (-i) binary input file with digest to be extended\n" + " --hash (-x) prehash the input file to create digest\n" + " --out (-o) binary output file with updated PCR value\n" + " --help (-h) show usage and exit\n" + "\n" + "Debugging output:\n" + " --debug (-l) changes the log level (-1..4, default: 1)\n" + " --quiet (-q) do not write log output to stderr\n" + ); + exit_tpm_extendpcr(message); +} + +/** + * @brief main of tpm_extendpcr which extends digest into a PCR + * + * @param argc number of arguments + * @param argv pointer to the argument values + */ +int main(int argc, char *argv[]) +{ + hash_algorithm_t alg = HASH_SHA1; + hasher_t *hasher = NULL; + char *infile = NULL, *outfile = NULL; + uint32_t pcr = 16; + bool hash = FALSE; + + atexit(library_deinit); + if (!library_init(NULL, "tpm_extendpcr")) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "tpm_extendpcr", argv[0])) + { + fprintf(stderr, "integrity check of tpm_extendpcr failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + + for (;;) + { + static const struct option long_opts[] = { + /* name, has_arg, flag, val */ + { "help", no_argument, NULL, 'h' }, + { "alg", required_argument, NULL, 'a' }, + { "pcr", required_argument, NULL, 'p' }, + { "digest", required_argument, NULL, 'd' }, + { "in", required_argument, NULL, 'i' }, + { "hash", no_argument, NULL, 'x' }, + { "out", required_argument, NULL, 'o' }, + { "quiet", no_argument, NULL, 'q' }, + { "debug", required_argument, NULL, 'l' }, + { 0,0,0,0 } + }; + + /* parse next option */ + int c = getopt_long(argc, argv, "ha:p:d:i:xo:ql:", long_opts, NULL); + + switch (c) + { + case EOF: /* end of flags */ + break; + + case 'h': /* --help */ + usage(NULL); + + case 'a': /* --alg */ + if (!enum_from_name(hash_algorithm_short_names, optarg, &alg)) + { + usage("unsupported hash algorithm"); + } + continue; + case 'p': /* --pcr */ + pcr = atoi(optarg); + continue; + + case 'd': /* --digest */ + digest = chunk_from_hex(chunk_from_str(optarg), NULL); + continue; + + case 'i': /* --in */ + infile = optarg; + continue; + + case 'x': /* --hash */ + hash = TRUE; + continue; + + case 'o': /* --out */ + outfile = optarg; + continue; + + case 'q': /* --quiet */ + log_to_stderr = FALSE; + continue; + + case 'l': /* --debug */ + default_loglevel = atoi(optarg); + continue; + + default: + usage("unknown option"); + } + /* break from loop */ + break; + } + + init_log("tpm_extendpcr"); + + if (!lib->plugins->load(lib->plugins, + lib->settings->get_str(lib->settings, "tpm_extendpcr.load", + "tpm sha1 sha2"))) + { + exit_tpm_extendpcr("plugin loading failed"); + } + + /* try to find a TPM */ + tpm = tpm_tss_probe(TPM_VERSION_ANY); + if (!tpm) + { + exit_tpm_extendpcr("no TPM found"); + } + + /* read digest from file */ + if (digest.len == 0) + { + chunk_t *chunk; + + if (!infile) + { + exit_tpm_extendpcr("--digest or --in option required"); + } + chunk = chunk_map(infile, FALSE); + if (!chunk) + { + exit_tpm_extendpcr("reading input file failed"); + } + if (hash) + { + hasher = lib->crypto->create_hasher(lib->crypto, alg); + if (!hasher || !hasher->allocate_hash(hasher, *chunk, &digest)) + { + DESTROY_IF(hasher); + chunk_unmap(chunk); + exit_tpm_extendpcr("prehashing infile failed"); + } + hasher->destroy(hasher); + } + else + { + digest = chunk_clone(*chunk); + } + chunk_unmap(chunk); + } + DBG1(DBG_PTS, "Digest: %#B", &digest); + + /* extend digest into PCR */ + if (!tpm->extend_pcr(tpm, pcr, &pcr_value, digest, alg)) + { + exit_tpm_extendpcr("extending PCR failed"); + } + DBG1(DBG_PTS, "PCR %02u: %#B", pcr, &pcr_value); + + /* write PCR value to file */ + if (outfile) + { + if (!chunk_write(pcr_value, outfile, 022, TRUE)) + { + DBG1(DBG_PTS, "writing '%s' failed", outfile); + } + } + chunk_free(&pcr_value); + + exit_tpm_extendpcr(NULL); + return -1; /* should never be reached */ +} diff --git a/testing/config/kernel/config-4.13 b/testing/config/kernel/config-4.13 index dcdceccd8..b1f84aaed 100644 --- a/testing/config/kernel/config-4.13 +++ b/testing/config/kernel/config-4.13 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.13.12 Kernel Configuration +# Linux/x86 4.13.16 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -664,12 +664,14 @@ CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_CLASSID=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set -# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IPGRE_DEMUX=y CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IPGRE=y # CONFIG_SYN_COOKIES is not set -# CONFIG_NET_IPVTI is not set +CONFIG_NET_IPVTI=y CONFIG_NET_UDP_TUNNEL=y # CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set CONFIG_INET_AH=y CONFIG_INET_ESP=y # CONFIG_INET_ESP_OFFLOAD is not set @@ -703,9 +705,10 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set -# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_VTI=y # CONFIG_IPV6_SIT is not set CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y # CONFIG_IPV6_FOU is not set # CONFIG_IPV6_FOU_TUNNEL is not set CONFIG_IPV6_MULTIPLE_TABLES=y diff --git a/testing/config/kernel/config-4.14 b/testing/config/kernel/config-4.14 new file mode 100644 index 000000000..ad74e6457 --- /dev/null +++ b/testing/config/kernel/config-4.14 @@ -0,0 +1,2640 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.14.13 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TINY_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_RCU_NEED_SEGCBLIST is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_POSIX_TIMERS=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_CLK=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_RCU_TABLE_FREE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_THIN_ARCHIVES=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +# CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set +# CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_REFCOUNT=y +# CONFIG_REFCOUNT_FULL is not set + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_SED_OPAL is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_INTEL_RDT is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_HAVE_GENERIC_GUP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_ZONE_DEVICE=y +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT is not set + +# +# PCI host controller drivers +# +# CONFIG_VMD is not set + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_TLS=y +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +CONFIG_NET_IPGRE_DEMUX=y +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IPGRE=y +# CONFIG_SYN_COOKIES is not set +CONFIG_NET_IPVTI=y +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +# CONFIG_INET_ESP_OFFLOAD is not set +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +# CONFIG_INET6_ESP_OFFLOAD is not set +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +CONFIG_IPV6_VTI=y +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_STREAM_PARSER is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_VIRTIO_BLK_SCSI is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +# CONFIG_CXL_LIB is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_AMD_XGBE is not set +# CONFIG_AMD_XGBE_HAVE_ECC is not set +CONFIG_NET_VENDOR_AQUANTIA=y +# CONFIG_AQTION is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_HUAWEI=y +# CONFIG_HINIC is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_MDIO_DEVICE is not set +# CONFIG_MDIO_BUS is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WLAN_VENDOR_QUANTENNA=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +CONFIG_RC_CORE=y +CONFIG_RC_MAP=y +CONFIG_RC_DECODERS=y +# CONFIG_LIRC is not set +CONFIG_IR_NEC_DECODER=y +CONFIG_IR_RC5_DECODER=y +CONFIG_IR_RC6_DECODER=y +CONFIG_IR_JVC_DECODER=y +CONFIG_IR_SONY_DECODER=y +CONFIG_IR_SANYO_DECODER=y +CONFIG_IR_SHARP_DECODER=y +CONFIG_IR_MCE_KBD_DECODER=y +CONFIG_IR_XMP_DECODER=y +# CONFIG_RC_DEVICES is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# +# CONFIG_DRM_LIB_RANDOM is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +CONFIG_HID_ITE=y +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set +CONFIG_USB_PCI=y + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set + +# +# USB Power Delivery and Type-C drivers +# +# CONFIG_TYPEC_UCSI is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV_TSCPAGE is not set +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_MLX_CPLD_PLATFORM is not set +CONFIG_PMC_ATOM=y +# CONFIG_CHROME_PLATFORMS is not set +CONFIG_CLKDEV_LOOKUP=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Common Clock Framework +# +# CONFIG_COMMON_CLK_NXP is not set +# CONFIG_COMMON_CLK_PXA is not set +# CONFIG_COMMON_CLK_PIC32 is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# + +# +# Broadcom SoC drivers +# + +# +# i.MX SoC drivers +# + +# +# Qualcomm SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# CONFIG_FPGA is not set + +# +# FSI support +# +# CONFIG_FSI is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set +# CONFIG_EFI_DEV_PATH_PARSER is not set + +# +# Tegra firmware driver +# + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_STACK_VALIDATION=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENTS is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_TEST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +CONFIG_CRYPTO_ACOMP2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +# CONFIG_DMA_NOOP_OPS is not set +# CONFIG_DMA_VIRT_OPS is not set +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_SBITMAP=y +# CONFIG_STRING_SELFTEST is not set diff --git a/testing/config/kernel/config-4.15 b/testing/config/kernel/config-4.15 new file mode 100644 index 000000000..c16e64b89 --- /dev/null +++ b/testing/config/kernel/config-4.15 @@ -0,0 +1,2685 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.15.0 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TINY_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_RCU_NEED_SEGCBLIST is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +# CONFIG_BPF_SYSCALL is not set +# CONFIG_USERFAULTFD is not set +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SYSTEM_DATA_VERIFICATION=y +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_CLK=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_RCU_TABLE_FREE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_THIN_ARCHIVES=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +# CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set +# CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_REFCOUNT=y +# CONFIG_REFCOUNT_FULL is not set + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_SED_OPAL is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y +# CONFIG_INTEL_RDT is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_HAVE_GENERIC_GUP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_ZONE_DEVICE=y +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_BENCHMARK is not set +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_UMIP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_STUB is not set +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT is not set + +# +# PCI host controller drivers +# +# CONFIG_VMD is not set + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_TLS=y +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +CONFIG_NET_IPGRE_DEMUX=y +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IPGRE=y +# CONFIG_SYN_COOKIES is not set +CONFIG_NET_IPVTI=y +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +# CONFIG_INET_ESP_OFFLOAD is not set +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +# CONFIG_INET6_ESP_OFFLOAD is not set +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +CONFIG_IPV6_VTI=y +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_STREAM_PARSER is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y +CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_VIRTIO_BLK_SCSI is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC & related support +# + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +# CONFIG_CXL_LIB is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_AMD_XGBE is not set +# CONFIG_AMD_XGBE_HAVE_ECC is not set +CONFIG_NET_VENDOR_AQUANTIA=y +# CONFIG_AQTION is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_HUAWEI=y +# CONFIG_HINIC is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_MDIO_DEVICE is not set +# CONFIG_MDIO_BUS is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WLAN_VENDOR_QUANTENNA=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +CONFIG_RC_CORE=y +CONFIG_RC_MAP=y +CONFIG_RC_DECODERS=y +# CONFIG_LIRC is not set +CONFIG_IR_NEC_DECODER=y +CONFIG_IR_RC5_DECODER=y +CONFIG_IR_RC6_DECODER=y +CONFIG_IR_JVC_DECODER=y +CONFIG_IR_SONY_DECODER=y +CONFIG_IR_SANYO_DECODER=y +CONFIG_IR_SHARP_DECODER=y +CONFIG_IR_MCE_KBD_DECODER=y +CONFIG_IR_XMP_DECODER=y +# CONFIG_RC_DEVICES is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# AMD Library routines +# +# CONFIG_CHASH is not set +# CONFIG_DRM_LIB_RANDOM is not set + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +CONFIG_HID_ITE=y +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set +CONFIG_USB_PCI=y + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV_TSCPAGE is not set +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_MLX_CPLD_PLATFORM is not set +CONFIG_PMC_ATOM=y +# CONFIG_CHROME_PLATFORMS is not set +CONFIG_CLKDEV_LOOKUP=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Common Clock Framework +# +# CONFIG_COMMON_CLK_NXP is not set +# CONFIG_COMMON_CLK_PXA is not set +# CONFIG_COMMON_CLK_PIC32 is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_VIRTIO is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# + +# +# Broadcom SoC drivers +# + +# +# i.MX SoC drivers +# + +# +# Qualcomm SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_ARM_GIC_V3_ITS is not set +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# CONFIG_FPGA is not set + +# +# FSI support +# +# CONFIG_FSI is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set +# CONFIG_EFI_DEV_PATH_PARSER is not set + +# +# Tegra firmware driver +# + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_FS_IOMAP=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_STACK_VALIDATION=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENTS is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_TEST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_TEST_FIND_BIT is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_BIG_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_SM3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +CONFIG_CRYPTO_HASH_INFO=y +# CONFIG_CRYPTO_HW is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +# CONFIG_DMA_NOOP_OPS is not set +# CONFIG_DMA_VIRT_OPS is not set +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_SBITMAP=y +# CONFIG_STRING_SELFTEST is not set diff --git a/testing/do-tests b/testing/do-tests index 38999ea61..641529533 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -776,8 +776,10 @@ do do eval HOSTLOGIN=root@\$ipv4_${host} IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'` + # ignore IPv4/v6 states created with IPComp SAs + IPSECSTATEISSUE=`echo "$IPSECSTATE" | grep 'proto.*spi' | grep -v 'proto 4'` IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'` - if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ] + if [ -n "$IPSECSTATEISSUE" -o -n "$IPSECPOLICY" ] then echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG echo "$IPSECSTATE" >> $CONSOLE_LOG diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf index 6f5f3011c..68438a656 100644 --- a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf +++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf @@ -1 +1,4 @@ -AddType text/plain .iptables .log .sql +AddType text/plain .conf .log .sql .users +AddType text/plain .secrets .listall .statusall +AddType text/plain .conns .certs .sas .pools .authorities .stats +AddType text/plain .policy .state .route .iptables .iptables-save diff --git a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text index 6f5f3011c..68438a656 100644 --- a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text +++ b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text @@ -1 +1,4 @@ -AddType text/plain .iptables .log .sql +AddType text/plain .conf .log .sql .users +AddType text/plain .secrets .listall .statusall +AddType text/plain .conns .certs .sas .pools .authorities .stats +AddType text/plain .policy .state .route .iptables .iptables-save diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf index c73872d15..260171cfd 100644 --- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/duck RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf index 0e29dcf79..d31752e30 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/ecdsa RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf index 77474c129..5985b5650 100644 --- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/monster RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf index 3939efc98..9078b2043 100644 --- a/testing/hosts/winnetou/etc/openssl/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf index 6ccf3c2f8..7099413f0 100644 --- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/research RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf index e8a0a2ee7..12da734aa 100644 --- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/rfc3779 RANDFILE = $CAHOME/.rand diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf index 8511c5452..f3ec7e168 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf @@ -3,7 +3,7 @@ # # This definitions were set by the ca_init script DO NOT change -# them manualy. +# them manually. CAHOME = /etc/openssl/sales RANDFILE = $CAHOME/.rand diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh index 9a32c44ab..c512b8add 100755 --- a/testing/scripts/function.sh +++ b/testing/scripts/function.sh @@ -50,7 +50,7 @@ execute() # $1 - command to execute execute_chroot() { - execute "chroot $LOOPDIR $@" + execute "chroot $LOOPDIR env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin $@" } # write green status message to console diff --git a/testing/scripts/recipes/005_anet.mk b/testing/scripts/recipes/005_anet.mk index b02d63094..a6af5df5c 100644 --- a/testing/scripts/recipes/005_anet.mk +++ b/testing/scripts/recipes/005_anet.mk @@ -2,7 +2,7 @@ PKG = anet SRC = http://git.codelabs.ch/git/$(PKG).git -REV = v0.3.1 +REV = c9bdee807f2fcd2b6ec2ad8fe4c814e1abb71358 PREFIX = /usr/local/ada diff --git a/testing/scripts/recipes/006_tkm-rpc.mk b/testing/scripts/recipes/006_tkm-rpc.mk index 5c98123d6..5f2e207c8 100644 --- a/testing/scripts/recipes/006_tkm-rpc.mk +++ b/testing/scripts/recipes/006_tkm-rpc.mk @@ -2,7 +2,7 @@ PKG = tkm-rpc SRC = http://git.codelabs.ch/git/$(PKG).git -REV = v0.2 +REV = 9a70e4f88e054d7a2a8fd35245e147880bce4809 PREFIX = /usr/local/ada diff --git a/testing/scripts/recipes/010_tkm.mk b/testing/scripts/recipes/010_tkm.mk index 8799d424d..03ee5b526 100644 --- a/testing/scripts/recipes/010_tkm.mk +++ b/testing/scripts/recipes/010_tkm.mk @@ -2,7 +2,7 @@ PKG = tkm SRC = http://git.codelabs.ch/git/$(PKG).git -REV = v0.1.3 +REV = 53d224a7312124516aa6220743355c896be6345a export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index 80f779c7d..52462d077 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -104,7 +104,9 @@ CONFIG_OPTS = \ --enable-bliss \ --enable-sha3 \ --enable-newhope \ - --enable-systemd + --enable-systemd \ + --enable-counters \ + --enable-save-keys export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh index 26a233d48..6460c86a3 100644 --- a/testing/scripts/recipes/patches/freeradius-tnc-fhh +++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh @@ -5363,7 +5363,7 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc -#define VLAN_ACCESS 2 -/* - **** -- * EAP - MD5 doesnot specify code, id & length but chap specifies them, +- * EAP - MD5 does not specify code, id & length but chap specifies them, - * for generalization purpose, complete header should be sent - * and not just value_size, value and name. - * future implementation. diff --git a/testing/testing.conf b/testing/testing.conf index e33fb4fc9..595fd9667 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,14 +24,14 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.10.17} +: ${KERNELVERSION=4.15} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} -: ${KERNELCONFIG=$DIR/../config/kernel/config-4.10} -: ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} +: ${KERNELCONFIG=$DIR/../config/kernel/config-4.15} +: ${KERNELPATCH=ha-4.14-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.6.1} +: ${SWANVERSION=5.6.2} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/description.txt b/testing/tests/ikev2/mobike-virtual-ip-nat/description.txt new file mode 100644 index 000000000..6f1837c86 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/description.txt @@ -0,0 +1,9 @@ +The roadwarrior alice is sitting behind the NAT router moon but +at the outset of the scenariou is also directly connected to the 192.168.0.0/24 network +via an additional eth1 interface. alice builds up a tunnel to gateway sun +in order to reach bob in the subnet behind. When the eth1 interface +goes away, alice switches to eth0 and signals the IP address change +via a MOBIKE ADDRESS_UPDATE notification to peer sun. Later the interface +comes back up again and because the best path is preferred (charon.prefer_best_path) +there is another switch to the directly connected path. alice sets +a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed. diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip-nat/evaltest.dat new file mode 100644 index 000000000..46df60041 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/evaltest.dat @@ -0,0 +1,31 @@ +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES +alice::ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP SPIs::YES +sun:: ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP SPIs::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ifdown eth1::No output expected::NO +alice::sleep 1::No output expected::NO +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES +alice::ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP in UDP SPIs::YES +sun:: ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP in UDP SPIs::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ifup eth1::No output expected::NO +alice::sleep 1::No output expected::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES +alice::ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP SPIs::YES +sun:: ipsec status 2> /dev/null::mobike.*INSTALLED.*ESP SPIs::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES +sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES +sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES +moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES +moon::tcpdump::sun.strongswan.org.*moon.strongswan.org.*: ESP.*seq=0x2::YES +bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::3 +bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::3 diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/ipsec.conf new file mode 100644 index 000000000..6039e5f46 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/ipsec.conf @@ -0,0 +1,19 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn mobike + leftsourceip=%config + leftcert=aliceCert.pem + leftid=alice@strongswan.org + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/iptables.rules new file mode 100644 index 000000000..450e7cef6 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/iptables.rules @@ -0,0 +1,42 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953 +-A OUTPUT -o lo -j ACCEPT +-A INPUT -i lo -j ACCEPT + +# allow IPsec tunnel traffic +-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT +-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT + +# allow ESP +-A INPUT -i eth0 -p 50 -j ACCEPT +-A INPUT -i eth1 -p 50 -j ACCEPT +-A OUTPUT -o eth0 -p 50 -j ACCEPT +-A OUTPUT -o eth1 -p 50 -j ACCEPT + +# allow IKE +-A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT +-A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT +-A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT + +# allow MobIKE +-A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT +-A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT +-A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT +-A OUTPUT -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + +COMMIT diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..bd51a50bb --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf @@ -0,0 +1,12 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default + prefer_best_path = yes + + syslog { + daemon { + knl = 2 + } + } +} diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..e187f9569 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/ipsec.conf @@ -0,0 +1,20 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn mobike + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + right=%any + rightsourceip=10.3.0.3 + rightid=alice@strongswan.org + auto=add diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/iptables.rules b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/iptables.rules new file mode 100644 index 000000000..929b1b247 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/iptables.rules @@ -0,0 +1,32 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow IPsec tunnel traffic +-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT +-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT + +# allow ESP +-A INPUT -i eth0 -p 50 -j ACCEPT +-A OUTPUT -o eth0 -p 50 -j ACCEPT + +# allow IKE +-A INPUT -i eth0 -p udp --dport 500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT + +# allow MobIKE +-A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + +COMMIT diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..9241d28d6 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default + + syslog { + daemon { + knl = 2 + } + } +} diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/posttest.dat b/testing/tests/ikev2/mobike-virtual-ip-nat/posttest.dat new file mode 100644 index 000000000..0adb75555 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/posttest.dat @@ -0,0 +1,6 @@ +alice::ipsec stop +sun::ipsec stop +alice::ifdown eth1 +alice::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::iptables -t nat -F diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/pretest.dat b/testing/tests/ikev2/mobike-virtual-ip-nat/pretest.dat new file mode 100644 index 000000000..ece8912b9 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/pretest.dat @@ -0,0 +1,10 @@ +alice::ifup eth1 +alice::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 +moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 +alice::ipsec start +sun::ipsec start +alice::expect-connection mobike +sun::expect-connection mobike +alice::ipsec up mobike diff --git a/testing/tests/ikev2/mobike-virtual-ip-nat/test.conf b/testing/tests/ikev2/mobike-virtual-ip-nat/test.conf new file mode 100644 index 000000000..70c64c503 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip-nat/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="bob moon sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="alice sun" diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt b/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt index 6860700db..f823455a4 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt @@ -6,4 +6,4 @@ against the gateway moon. The user credentials of carol and dave are kept both on the local clients and the RADIUS server alice. carol possesses the RADIUS class attribute Research and therefore obtains access to the research subnet behind gateway moon whereas dave -belongs to the class Accounting and has access to the acccess subnet. +belongs to the class Accounting and has access to the access subnet. diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat index 849da7c61..591e2da59 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat @@ -1,5 +1,5 @@ alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES -moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16] -sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16] +moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES +sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat index 40ae8524a..2ee553a61 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat @@ -1,4 +1,4 @@ alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES -moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16] +moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat index 78488871f..026235171 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat @@ -1,9 +1,9 @@ carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16] -dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16] -moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128] -moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]::YES +dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]::YES +moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]::YES moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat index d0f2bac96..dd120f524 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat @@ -1,9 +1,9 @@ carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16] -dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16] -moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128] -moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]::YES +dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]::YES +moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]::YES moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/libipsec/host2host-cert/evaltest.dat b/testing/tests/libipsec/host2host-cert/evaltest.dat index f482c558a..eb65da374 100644 --- a/testing/tests/libipsec/host2host-cert/evaltest.dat +++ b/testing/tests/libipsec/host2host-cert/evaltest.dat @@ -1,5 +1,5 @@ moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES -moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32] -sun::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32] +moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]::YES +sun::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]::YES sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat index 36c0ee781..41723ae92 100644 --- a/testing/tests/libipsec/net2net-3des/evaltest.dat +++ b/testing/tests/libipsec/net2net-3des/evaltest.dat @@ -1,5 +1,5 @@ alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES] +sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/libipsec/net2net-cert/evaltest.dat b/testing/tests/libipsec/net2net-cert/evaltest.dat index 5364c1e82..2771251ff 100644 --- a/testing/tests/libipsec/net2net-cert/evaltest.dat +++ b/testing/tests/libipsec/net2net-cert/evaltest.dat @@ -1,5 +1,5 @@ alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES] +sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES diff --git a/testing/tests/route-based/net2net-gre/description.txt b/testing/tests/route-based/net2net-gre/description.txt new file mode 100644 index 000000000..422f935ad --- /dev/null +++ b/testing/tests/route-based/net2net-gre/description.txt @@ -0,0 +1,12 @@ +A connection between the subnets behind the gateways moon and sun +is set up using GRE interfaces. +

+The gateways use route-based forwarding with GRE tunnels, with +firewall rules to allow traffic to pass. The IPsec traffic selector is limited +to the GRE protocol, specific routing is achieved with routes on the GRE +interfaces. The IKE daemon is configured to not install routes with +charon.install_routes=0, and static routes are installed for the +target subnets on the VTI interfaces. +

+Client alice behind gateway moon pings client bob located +behind gateway sun. diff --git a/testing/tests/route-based/net2net-gre/evaltest.dat b/testing/tests/route-based/net2net-gre/evaltest.dat new file mode 100644 index 000000000..ba9945833 --- /dev/null +++ b/testing/tests/route-based/net2net-gre/evaltest.dat @@ -0,0 +1,5 @@ +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*gre.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*local-ts=\[PH_IP_MOON/32\[gre]] remote-ts=\[PH_IP_SUN/32\[gre]]::YES +sun:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*gre.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*local-ts=\[PH_IP_SUN/32\[gre]] remote-ts=\[PH_IP_MOON/32\[gre]]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf b/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/net2net-gre/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/route-based/net2net-gre/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..b2c3af7e6 --- /dev/null +++ b/testing/tests/route-based/net2net-gre/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = PH_IP_MOON + remote_addrs = PH_IP_SUN + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + gre { + local_ts = dynamic[gre] + remote_ts = dynamic[gre] + mode = transport + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf b/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/net2net-gre/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/route-based/net2net-gre/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..d19d37311 --- /dev/null +++ b/testing/tests/route-based/net2net-gre/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = PH_IP_SUN + remote_addrs = PH_IP_MOON + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + gre { + local_ts = dynamic[gre] + remote_ts = dynamic[gre] + mode = transport + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/net2net-gre/posttest.dat b/testing/tests/route-based/net2net-gre/posttest.dat new file mode 100644 index 000000000..4007d2c64 --- /dev/null +++ b/testing/tests/route-based/net2net-gre/posttest.dat @@ -0,0 +1,7 @@ +moon::swanctl --terminate --ike gw-gw +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::ip tunnel del gre-moon +sun::ip tunnel del gre-sun diff --git a/testing/tests/route-based/net2net-gre/pretest.dat b/testing/tests/route-based/net2net-gre/pretest.dat new file mode 100644 index 000000000..213845221 --- /dev/null +++ b/testing/tests/route-based/net2net-gre/pretest.dat @@ -0,0 +1,17 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::ip tunnel add gre-moon local PH_IP_MOON remote PH_IP_SUN mode gre key 42 +moon::ip link set gre-moon up +moon::ip route add 10.2.0.0/16 dev gre-moon +moon::iptables -A FORWARD -i gre-moon -j ACCEPT +moon::iptables -A FORWARD -o gre-moon -j ACCEPT +sun::ip tunnel add gre-sun local PH_IP_SUN remote PH_IP_MOON mode gre key 42 +sun::ip link set gre-sun up +sun::ip route add 10.1.0.0/16 dev gre-sun +sun::iptables -A FORWARD -i gre-sun -j ACCEPT +sun::iptables -A FORWARD -o gre-sun -j ACCEPT +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child gre diff --git a/testing/tests/route-based/net2net-gre/test.conf b/testing/tests/route-based/net2net-gre/test.conf new file mode 100644 index 000000000..87abc763b --- /dev/null +++ b/testing/tests/route-based/net2net-gre/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/route-based/net2net-vti/description.txt b/testing/tests/route-based/net2net-vti/description.txt new file mode 100644 index 000000000..fc35caf6f --- /dev/null +++ b/testing/tests/route-based/net2net-vti/description.txt @@ -0,0 +1,12 @@ +A connection between the subnets behind the gateways moon and sun +is set up using VTI interfaces. +

+The gateways use route-based forwarding with VTI tunnels, with +firewall rules to allow traffic to pass. The IPsec traffic selector used is +0.0.0.0/0, however specific routing is achieved with routes on the VTI +interfaces. The IKE daemon is configured to not install routes with +charon.install_routes=0, and static routes are installed for the +target subnets on the VTI interfaces. +

+Client alice behind gateway moon pings client bob located +behind gateway sun. diff --git a/testing/tests/route-based/net2net-vti/evaltest.dat b/testing/tests/route-based/net2net-vti/evaltest.dat new file mode 100644 index 000000000..0bf5cdb5a --- /dev/null +++ b/testing/tests/route-based/net2net-vti/evaltest.dat @@ -0,0 +1,5 @@ +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[0.0.0.0/0] remote-ts=\[0.0.0.0/0]::YES +sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[0.0.0.0/0] remote-ts=\[0.0.0.0/0]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf b/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/net2net-vti/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/route-based/net2net-vti/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..e8beec307 --- /dev/null +++ b/testing/tests/route-based/net2net-vti/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = PH_IP_MOON + remote_addrs = PH_IP_SUN + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-net { + local_ts = 0.0.0.0/0 + remote_ts = 0.0.0.0/0 + mark_in = 42 + mark_out = 42 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf b/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/net2net-vti/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/route-based/net2net-vti/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..df213159f --- /dev/null +++ b/testing/tests/route-based/net2net-vti/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + gw-gw { + local_addrs = PH_IP_SUN + remote_addrs = PH_IP_MOON + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-net { + local_ts = 0.0.0.0/0 + remote_ts = 0.0.0.0/0 + mark_in = 1337 + mark_out = 1337 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/net2net-vti/posttest.dat b/testing/tests/route-based/net2net-vti/posttest.dat new file mode 100644 index 000000000..47b3dff06 --- /dev/null +++ b/testing/tests/route-based/net2net-vti/posttest.dat @@ -0,0 +1,7 @@ +moon::swanctl --terminate --ike gw-gw +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::ip tunnel del vti-moon +sun::ip tunnel del vti-sun diff --git a/testing/tests/route-based/net2net-vti/pretest.dat b/testing/tests/route-based/net2net-vti/pretest.dat new file mode 100644 index 000000000..24b285edb --- /dev/null +++ b/testing/tests/route-based/net2net-vti/pretest.dat @@ -0,0 +1,19 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::ip tunnel add vti-moon local PH_IP_MOON remote PH_IP_SUN mode vti key 42 +moon::sysctl -w net.ipv4.conf.vti-moon.disable_policy=1 +moon::ip link set vti-moon up +moon::ip route add 10.2.0.0/16 dev vti-moon +moon::iptables -A FORWARD -i vti-moon -j ACCEPT +moon::iptables -A FORWARD -o vti-moon -j ACCEPT +sun::ip tunnel add vti-sun local PH_IP_SUN remote PH_IP_MOON mode vti key 1337 +sun::sysctl -w net.ipv4.conf.vti-sun.disable_policy=1 +sun::ip link set vti-sun up +sun::ip route add 10.1.0.0/16 dev vti-sun +sun::iptables -A FORWARD -i vti-sun -j ACCEPT +sun::iptables -A FORWARD -o vti-sun -j ACCEPT +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child net-net diff --git a/testing/tests/route-based/net2net-vti/test.conf b/testing/tests/route-based/net2net-vti/test.conf new file mode 100644 index 000000000..87abc763b --- /dev/null +++ b/testing/tests/route-based/net2net-vti/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/description.txt b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/description.txt new file mode 100644 index 000000000..305e491f0 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/description.txt @@ -0,0 +1,11 @@ +The roadwarriors carol and dave set up an IPv6-in-IPv4 connection each to +gateway moon. Both carol and dave request an IPv6 virtual +IP via the IKEv2 configuration payload. +

+The gateway moon uses route-based forwarding with VTI +tunnels, with firewall rules to allow traffic to pass. The IKE daemon is +configured to not install routes with charon.install_routes=0, and a +static route is installed for the IPv6 virtual IP subnet on the VTI device. +

+Both carol and dave ping the client alice behind the +gateway moon. diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/evaltest.dat b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/evaltest.dat new file mode 100644 index 000000000..6e427b265 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=PH_IP_CAROL local-port=4500 local-id=carol@strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]::YES +dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=PH_IP_DAVE local-port=4500 local-id=dave@strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_CAROL remote-port=4500 remote-id=carol@strongswan.org.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]::YES +moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_DAVE remote-port=4500 remote-id=dave@strongswan.org.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]::YES +carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES +dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES +moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/ip6tables.rules b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/ip6tables.rules new file mode 100644 index 000000000..409f2e9bb --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/ip6tables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ICMPv6 neighbor-solicitations +-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + +# allow ICMPv6 neighbor-advertisements +-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + +# log dropped packets +-A INPUT -j LOG --log-prefix " IN: " +-A OUTPUT -j LOG --log-prefix " OUT: " + +COMMIT diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..ad4c18e43 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..514013ee6 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = PH_IP_CAROL + remote_addrs = PH_IP_MOON + vips = :: + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = fec1::/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/ip6tables.rules b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/ip6tables.rules new file mode 100644 index 000000000..409f2e9bb --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/ip6tables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ICMPv6 neighbor-solicitations +-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + +# allow ICMPv6 neighbor-advertisements +-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + +# log dropped packets +-A INPUT -j LOG --log-prefix " IN: " +-A OUTPUT -j LOG --log-prefix " OUT: " + +COMMIT diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..ad4c18e43 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..439310569 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = PH_IP_DAVE + remote_addrs = PH_IP_MOON + vips = :: + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = fec1::/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/ip6tables.rules b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/ip6tables.rules new file mode 100644 index 000000000..409f2e9bb --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/ip6tables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow ICMPv6 neighbor-solicitations +-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + +# allow ICMPv6 neighbor-advertisements +-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT +-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + +# log dropped packets +-A INPUT -j LOG --log-prefix " IN: " +-A OUTPUT -j LOG --log-prefix " OUT: " + +COMMIT diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..c4d236aa6 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + rw { + local_addrs = PH_IP_MOON + pools = rw_pool + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = fec1::/16 + mark_in = 42 + mark_out = 42 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +pools { + rw_pool { + addrs = fec3::/120 + } +} diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/posttest.dat b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/posttest.dat new file mode 100644 index 000000000..2b17600b8 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/posttest.dat @@ -0,0 +1,13 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +moon::systemctl stop strongswan-swanctl +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush +moon::ip6tables-restore < /etc/iptables.flush +carol::ip6tables-restore < /etc/iptables.flush +dave::ip6tables-restore < /etc/iptables.flush +moon::ip tunnel del vti0 +alice::"ip route del fec3:\:/16 via fec1:\:1" diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/pretest.dat b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/pretest.dat new file mode 100644 index 000000000..2380dc0f3 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/pretest.dat @@ -0,0 +1,21 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::ip6tables-restore < /etc/ip6tables.rules +carol::ip6tables-restore < /etc/ip6tables.rules +dave::ip6tables-restore < /etc/ip6tables.rules +alice::"ip route add fec3:\:/16 via fec1:\:1" +moon::ip tunnel add vti0 local PH_IP_MOON remote 0.0.0.0 mode vti key 42 +moon::sysctl -w net.ipv4.conf.vti0.disable_policy=1 +moon::ip link set vti0 up +moon::"ip route add fec3:\:/16 dev vti0" +moon::ip6tables -A FORWARD -i vti0 -j ACCEPT +moon::ip6tables -A FORWARD -o vti0 -j ACCEPT +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home +dave::expect-connection home +dave::swanctl --initiate --child home diff --git a/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/test.conf b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/test.conf new file mode 100644 index 000000000..0f02a1a11 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/test.conf @@ -0,0 +1,29 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d-ip6.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# IP protocol used by IPsec is IPv6 +# +IPV6=1 + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/route-based/rw-shared-vti/description.txt b/testing/tests/route-based/rw-shared-vti/description.txt new file mode 100644 index 000000000..fa11b2df5 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/description.txt @@ -0,0 +1,12 @@ +The roadwarriors carol and dave set up a connection each to +gateway moon. Both carol and dave request a virtual +IP via the IKEv2 configuration payload. +

+The gateway moon uses route-based forwarding with VTI +tunnels, with firewall rules to allow traffic to pass. The IKE daemon is +configured to not install routes with charon.install_routes=0, and a +static route is installed for the virtual IP subnet on the VTI device. +

+Both carol and dave ping the client alice behind the +gateway moon. The source IP addresses of the two pings will be the +virtual IPs carol1 and dave1, respectively. diff --git a/testing/tests/route-based/rw-shared-vti/evaltest.dat b/testing/tests/route-based/rw-shared-vti/evaltest.dat new file mode 100644 index 000000000..f69310314 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=PH_IP_CAROL local-port=4500 local-id=carol@strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=PH_IP_DAVE local-port=4500 local-id=dave@strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_CAROL remote-port=4500 remote-id=carol@strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_DAVE remote-port=4500 remote-id=dave@strongswan.org.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..ad4c18e43 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..15e80d2aa --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = PH_IP_CAROL + remote_addrs = PH_IP_MOON + vips = 0.0.0.0 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..ad4c18e43 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..5b14d36ef --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = PH_IP_DAVE + remote_addrs = PH_IP_MOON + vips = 0.0.0.0 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf b/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..136dbe84f --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown +} + +charon { + install_routes = 0 +} diff --git a/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..b0efaf9c1 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + rw { + local_addrs = PH_IP_MOON + pools = rw_pool + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + mark_in = 42 + mark_out = 42 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +pools { + rw_pool { + addrs = 10.3.0.0/28 + } +} diff --git a/testing/tests/route-based/rw-shared-vti/posttest.dat b/testing/tests/route-based/rw-shared-vti/posttest.dat new file mode 100644 index 000000000..31d75642a --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/posttest.dat @@ -0,0 +1,9 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +moon::systemctl stop strongswan-swanctl +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush +moon::ip tunnel del vti0 diff --git a/testing/tests/route-based/rw-shared-vti/pretest.dat b/testing/tests/route-based/rw-shared-vti/pretest.dat new file mode 100644 index 000000000..a7afeeb35 --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/pretest.dat @@ -0,0 +1,17 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::ip tunnel add vti0 local PH_IP_MOON remote 0.0.0.0 mode vti key 42 +moon::sysctl -w net.ipv4.conf.vti0.disable_policy=1 +moon::ip link set vti0 up +moon::ip route add 10.3.0.0/28 dev vti0 +moon::iptables -A FORWARD -i vti0 -j ACCEPT +moon::iptables -A FORWARD -o vti0 -j ACCEPT +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home +dave::expect-connection home +dave::swanctl --initiate --child home diff --git a/testing/tests/route-based/rw-shared-vti/test.conf b/testing/tests/route-based/rw-shared-vti/test.conf new file mode 100644 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/route-based/rw-shared-vti/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/sql/ip-pool-db-restart/evaltest.dat b/testing/tests/sql/ip-pool-db-restart/evaltest.dat index 2e3fe8f76..d7669ef41 100644 --- a/testing/tests/sql/ip-pool-db-restart/evaltest.dat +++ b/testing/tests/sql/ip-pool-db-restart/evaltest.dat @@ -12,7 +12,7 @@ moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired existing lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*static.*2::YES moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES diff --git a/testing/tests/sql/ip-pool-db/evaltest.dat b/testing/tests/sql/ip-pool-db/evaltest.dat index 0f55c040f..d5f30c40a 100644 --- a/testing/tests/sql/ip-pool-db/evaltest.dat +++ b/testing/tests/sql/ip-pool-db/evaltest.dat @@ -21,7 +21,7 @@ moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon:: ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES moon:: ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*static.*2::YES diff --git a/testing/tests/sql/ip-split-pools-db-restart/evaltest.dat b/testing/tests/sql/ip-split-pools-db-restart/evaltest.dat index b77707035..b605bef2b 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/evaltest.dat +++ b/testing/tests/sql/ip-split-pools-db-restart/evaltest.dat @@ -11,4 +11,4 @@ moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.2.*static.*2 .* moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.1.1/32]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.1.1/32]::YES diff --git a/testing/tests/sql/multi-level-ca/evaltest.dat b/testing/tests/sql/multi-level-ca/evaltest.dat index b003091a5..9f43b6c37 100644 --- a/testing/tests/sql/multi-level-ca/evaltest.dat +++ b/testing/tests/sql/multi-level-ca/evaltest.dat @@ -11,7 +11,7 @@ moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat index 2d8b95659..2efde556d 100644 --- a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat @@ -6,8 +6,7 @@ alice::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[1 venus::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[0.0.0.0/0]::YES venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.20 local-port=4500 local-id=venus.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.2/32] remote-ts=\[0.0.0.0/0]::YES -sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 - local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES +sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.2/32]::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES diff --git a/testing/tests/swanctl/config-payload/evaltest.dat b/testing/tests/swanctl/config-payload/evaltest.dat index 3827b655b..de62af271 100755 --- a/testing/tests/swanctl/config-payload/evaltest.dat +++ b/testing/tests/swanctl/config-payload/evaltest.dat @@ -1,7 +1,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES diff --git a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat index 7b88c6df9..aa62bcec4 100644 --- a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat @@ -4,8 +4,8 @@ alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.1.0.50] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.50/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.1.0.51] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.51/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.50/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.51] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.51/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.50/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.51] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.51/32]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/ip-pool-db/evaltest.dat b/testing/tests/swanctl/ip-pool-db/evaltest.dat index 93983d8d3..130a0b918 100755 --- a/testing/tests/swanctl/ip-pool-db/evaltest.dat +++ b/testing/tests/swanctl/ip-pool-db/evaltest.dat @@ -1,7 +1,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES moon:: ipsec pool --status 2> /dev/null::big_pool.*10.3.0.1.*10.3.3.232.*static.*2::YES diff --git a/testing/tests/swanctl/ip-pool/evaltest.dat b/testing/tests/swanctl/ip-pool/evaltest.dat index 0be5dcffb..51ac523b8 100755 --- a/testing/tests/swanctl/ip-pool/evaltest.dat +++ b/testing/tests/swanctl/ip-pool/evaltest.dat @@ -1,7 +1,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon:: swanctl --list-pools --raw 2> /dev/null::rw_pool.*base=10.3.0.0 size=14 online=2 offline=0::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES diff --git a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat index 1a34a9248..8a8a95f7e 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat @@ -1,7 +1,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat index 3eacc397d..3804e0712 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat @@ -6,8 +6,8 @@ alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE25519.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32]::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat index c4d46e706..11a3f6b06 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat @@ -1,7 +1,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -- cgit v1.2.3 From 51a71ee15c1bcf0e82f363a16898f571e211f9c3 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Mon, 4 Jun 2018 09:59:21 +0200 Subject: New upstream version 5.6.3 --- Android.common.mk | 2 +- NEWS | 64 +- conf/plugins/dhcp.conf | 3 +- conf/plugins/dhcp.opt | 3 +- conf/plugins/kernel-pfkey.conf | 3 + conf/plugins/kernel-pfkey.opt | 10 + conf/strongswan.conf.5.main | 12 +- conf/strongswan.conf.5.tail.in | 2 +- configure | 23 +- configure.ac | 3 +- fuzz/Makefile.am | 5 +- fuzz/Makefile.in | 5 +- man/ipsec.conf.5.in | 8 - scripts/aes-test.c | 2 +- scripts/bin2array.c | 2 +- scripts/bin2sql.c | 2 +- scripts/dh_speed.c | 2 +- scripts/dnssec.c | 2 +- scripts/id2sql.c | 2 +- scripts/key2keyid.c | 2 +- scripts/keyid2sql.c | 2 +- scripts/pubkey_speed.c | 2 +- scripts/settings-test.c | 2 +- scripts/thread_analysis.c | 2 +- src/_updown/_updown.in | 4 - src/charon-cmd/charon-cmd.c | 2 +- src/charon-cmd/cmd/cmd_connection.c | 2 +- src/charon-cmd/cmd/cmd_creds.c | 2 +- src/charon-cmd/cmd/cmd_options.c | 2 +- src/charon-cmd/cmd/cmd_options.h | 2 +- src/charon-nm/charon-nm.c | 2 +- src/charon-nm/nm/nm_backend.c | 2 +- src/charon-nm/nm/nm_backend.h | 2 +- src/charon-nm/nm/nm_creds.c | 2 +- src/charon-nm/nm/nm_creds.h | 2 +- src/charon-nm/nm/nm_handler.c | 2 +- src/charon-nm/nm/nm_handler.h | 2 +- src/charon-nm/nm/nm_service.c | 9 +- src/charon-nm/nm/nm_service.h | 2 +- src/charon-systemd/charon-systemd.c | 2 +- src/charon-tkm/src/charon-tkm.c | 2 +- src/charon-tkm/src/ees/ees_callbacks.c | 2 +- src/charon-tkm/src/ees/ees_callbacks.h | 2 +- src/charon-tkm/src/ees/esa_event_service.adb | 2 +- src/charon-tkm/src/ees/esa_event_service.ads | 2 +- src/charon-tkm/src/ehandler/eh_callbacks.c | 2 +- src/charon-tkm/src/ehandler/eh_callbacks.h | 2 +- src/charon-tkm/src/ehandler/exception_handler.adb | 2 +- src/charon-tkm/src/ehandler/exception_handler.ads | 2 +- src/charon-tkm/src/tkm/tkm.c | 2 +- src/charon-tkm/src/tkm/tkm.h | 2 +- src/charon-tkm/src/tkm/tkm_chunk_map.c | 2 +- src/charon-tkm/src/tkm/tkm_chunk_map.h | 2 +- src/charon-tkm/src/tkm/tkm_cred.c | 2 +- src/charon-tkm/src/tkm/tkm_cred.h | 2 +- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +- src/charon-tkm/src/tkm/tkm_diffie_hellman.h | 2 +- src/charon-tkm/src/tkm/tkm_encoder.c | 2 +- src/charon-tkm/src/tkm/tkm_encoder.h | 2 +- src/charon-tkm/src/tkm/tkm_id_manager.c | 2 +- src/charon-tkm/src/tkm/tkm_id_manager.h | 2 +- src/charon-tkm/src/tkm/tkm_kernel_ipsec.h | 2 +- src/charon-tkm/src/tkm/tkm_kernel_sad.c | 2 +- src/charon-tkm/src/tkm/tkm_kernel_sad.h | 2 +- src/charon-tkm/src/tkm/tkm_keymat.c | 2 +- src/charon-tkm/src/tkm/tkm_keymat.h | 2 +- src/charon-tkm/src/tkm/tkm_listener.c | 2 +- src/charon-tkm/src/tkm/tkm_listener.h | 2 +- src/charon-tkm/src/tkm/tkm_nonceg.c | 2 +- src/charon-tkm/src/tkm/tkm_nonceg.h | 2 +- src/charon-tkm/src/tkm/tkm_private_key.c | 2 +- src/charon-tkm/src/tkm/tkm_private_key.h | 2 +- src/charon-tkm/src/tkm/tkm_public_key.c | 2 +- src/charon-tkm/src/tkm/tkm_public_key.h | 2 +- src/charon-tkm/src/tkm/tkm_spi_generator.c | 2 +- src/charon-tkm/src/tkm/tkm_spi_generator.h | 2 +- src/charon-tkm/src/tkm/tkm_types.h | 2 +- src/charon-tkm/src/tkm/tkm_utils.c | 2 +- src/charon-tkm/src/tkm/tkm_utils.h | 2 +- src/charon-tkm/tests/chunk_map_tests.c | 2 +- src/charon-tkm/tests/diffie_hellman_tests.c | 2 +- src/charon-tkm/tests/id_manager_tests.c | 2 +- src/charon-tkm/tests/kernel_sad_tests.c | 2 +- src/charon-tkm/tests/keymat_tests.c | 2 +- src/charon-tkm/tests/nonceg_tests.c | 2 +- src/charon-tkm/tests/tests.c | 2 +- src/charon-tkm/tests/tests.h | 2 +- src/charon-tkm/tests/utils_tests.c | 2 +- src/charon/charon.c | 14 +- src/checksum/checksum_builder.c | 2 +- src/conftest/actions.c | 3 +- src/dumm/bridge.c | 2 +- src/dumm/bridge.h | 2 +- src/dumm/cowfs.c | 2 +- src/dumm/cowfs.h | 2 +- src/dumm/dumm.c | 2 +- src/dumm/dumm.h | 2 +- src/dumm/ext/dumm.c | 2 +- src/dumm/ext/lib/dumm.rb | 2 +- src/dumm/ext/lib/dumm/guest.rb | 2 +- src/dumm/guest.c | 2 +- src/dumm/guest.h | 2 +- src/dumm/iface.c | 2 +- src/dumm/iface.h | 2 +- src/dumm/irdumm.c | 2 +- src/dumm/main.c | 2 +- src/dumm/mconsole.c | 2 +- src/dumm/mconsole.h | 2 +- src/ipsec/_ipsec.8 | 2 +- src/libcharon/Makefile.am | 8 + src/libcharon/Makefile.in | 15 +- src/libcharon/attributes/attribute_handler.h | 2 +- src/libcharon/attributes/attribute_manager.c | 2 +- src/libcharon/attributes/attribute_manager.h | 2 +- src/libcharon/attributes/attribute_provider.h | 2 +- src/libcharon/attributes/attributes.c | 2 +- src/libcharon/attributes/attributes.h | 2 +- src/libcharon/attributes/mem_pool.c | 2 +- src/libcharon/attributes/mem_pool.h | 2 +- src/libcharon/bus/bus.c | 5 +- src/libcharon/bus/bus.h | 2 +- src/libcharon/bus/listeners/file_logger.c | 2 +- src/libcharon/bus/listeners/file_logger.h | 2 +- src/libcharon/bus/listeners/listener.h | 2 +- src/libcharon/bus/listeners/logger.h | 2 +- src/libcharon/bus/listeners/sys_logger.c | 2 +- src/libcharon/bus/listeners/sys_logger.h | 2 +- src/libcharon/config/backend.h | 2 +- src/libcharon/config/backend_manager.c | 2 +- src/libcharon/config/backend_manager.h | 2 +- src/libcharon/config/child_cfg.c | 13 + src/libcharon/config/child_cfg.h | 16 +- src/libcharon/config/ike_cfg.c | 2 +- src/libcharon/config/ike_cfg.h | 2 +- src/libcharon/control/controller.c | 51 +- src/libcharon/control/controller.h | 9 +- src/libcharon/daemon.h | 2 +- src/libcharon/encoding/generator.c | 2 +- src/libcharon/encoding/generator.h | 2 +- src/libcharon/encoding/message.c | 2 +- src/libcharon/encoding/message.h | 2 +- src/libcharon/encoding/parser.c | 2 +- src/libcharon/encoding/parser.h | 2 +- src/libcharon/encoding/payloads/auth_payload.c | 2 +- src/libcharon/encoding/payloads/auth_payload.h | 2 +- src/libcharon/encoding/payloads/cert_payload.c | 2 +- src/libcharon/encoding/payloads/cert_payload.h | 2 +- src/libcharon/encoding/payloads/certreq_payload.c | 2 +- src/libcharon/encoding/payloads/certreq_payload.h | 2 +- .../encoding/payloads/configuration_attribute.c | 2 +- .../encoding/payloads/configuration_attribute.h | 2 +- src/libcharon/encoding/payloads/cp_payload.c | 2 +- src/libcharon/encoding/payloads/cp_payload.h | 2 +- src/libcharon/encoding/payloads/delete_payload.c | 2 +- src/libcharon/encoding/payloads/delete_payload.h | 2 +- src/libcharon/encoding/payloads/eap_payload.c | 2 +- src/libcharon/encoding/payloads/eap_payload.h | 2 +- src/libcharon/encoding/payloads/encodings.c | 2 +- src/libcharon/encoding/payloads/encodings.h | 2 +- .../encoding/payloads/encrypted_fragment_payload.h | 2 +- .../encoding/payloads/encrypted_payload.c | 2 +- .../encoding/payloads/encrypted_payload.h | 2 +- src/libcharon/encoding/payloads/endpoint_notify.c | 2 +- src/libcharon/encoding/payloads/endpoint_notify.h | 2 +- src/libcharon/encoding/payloads/fragment_payload.c | 2 +- src/libcharon/encoding/payloads/fragment_payload.h | 2 +- src/libcharon/encoding/payloads/id_payload.c | 2 +- src/libcharon/encoding/payloads/id_payload.h | 2 +- src/libcharon/encoding/payloads/ike_header.c | 2 +- src/libcharon/encoding/payloads/ike_header.h | 2 +- src/libcharon/encoding/payloads/ke_payload.c | 2 +- src/libcharon/encoding/payloads/ke_payload.h | 2 +- src/libcharon/encoding/payloads/nonce_payload.c | 2 +- src/libcharon/encoding/payloads/nonce_payload.h | 2 +- src/libcharon/encoding/payloads/notify_payload.c | 2 +- src/libcharon/encoding/payloads/notify_payload.h | 2 +- src/libcharon/encoding/payloads/payload.c | 2 +- src/libcharon/encoding/payloads/payload.h | 2 +- .../encoding/payloads/proposal_substructure.c | 2 +- .../encoding/payloads/proposal_substructure.h | 2 +- src/libcharon/encoding/payloads/sa_payload.c | 2 +- src/libcharon/encoding/payloads/sa_payload.h | 2 +- .../payloads/traffic_selector_substructure.c | 2 +- .../payloads/traffic_selector_substructure.h | 2 +- .../encoding/payloads/transform_attribute.c | 2 +- .../encoding/payloads/transform_attribute.h | 2 +- .../encoding/payloads/transform_substructure.c | 2 +- .../encoding/payloads/transform_substructure.h | 2 +- src/libcharon/encoding/payloads/ts_payload.c | 2 +- src/libcharon/encoding/payloads/ts_payload.h | 2 +- src/libcharon/encoding/payloads/unknown_payload.c | 2 +- src/libcharon/encoding/payloads/unknown_payload.h | 2 +- .../encoding/payloads/vendor_id_payload.c | 2 +- .../encoding/payloads/vendor_id_payload.h | 2 +- src/libcharon/kernel/kernel_handler.c | 2 +- src/libcharon/kernel/kernel_handler.h | 2 +- src/libcharon/kernel/kernel_ipsec.c | 2 +- src/libcharon/kernel/kernel_ipsec.h | 4 +- src/libcharon/kernel/kernel_listener.h | 2 +- src/libcharon/network/receiver.c | 2 +- src/libcharon/network/receiver.h | 2 +- src/libcharon/network/sender.c | 2 +- src/libcharon/network/sender.h | 2 +- src/libcharon/network/socket.h | 2 +- src/libcharon/network/socket_manager.c | 2 +- src/libcharon/network/socket_manager.h | 2 +- src/libcharon/plugins/addrblock/addrblock_narrow.c | 2 +- .../plugins/addrblock/addrblock_validator.c | 7 +- .../plugins/android_dns/android_dns_handler.c | 2 +- .../plugins/android_dns/android_dns_handler.h | 2 +- .../plugins/android_dns/android_dns_plugin.c | 2 +- .../plugins/android_dns/android_dns_plugin.h | 2 +- .../plugins/android_log/android_log_logger.c | 2 +- .../plugins/android_log/android_log_logger.h | 2 +- .../plugins/android_log/android_log_plugin.c | 2 +- .../plugins/android_log/android_log_plugin.h | 2 +- src/libcharon/plugins/attr/attr_plugin.c | 2 +- src/libcharon/plugins/attr/attr_plugin.h | 2 +- src/libcharon/plugins/attr/attr_provider.c | 2 +- src/libcharon/plugins/attr/attr_provider.h | 2 +- src/libcharon/plugins/attr_sql/attr_sql_plugin.c | 2 +- src/libcharon/plugins/attr_sql/attr_sql_plugin.h | 2 +- src/libcharon/plugins/attr_sql/attr_sql_provider.c | 2 +- src/libcharon/plugins/attr_sql/attr_sql_provider.h | 2 +- src/libcharon/plugins/connmark/connmark_listener.c | 2 +- src/libcharon/plugins/dhcp/dhcp_plugin.c | 2 +- src/libcharon/plugins/dhcp/dhcp_socket.c | 79 +- src/libcharon/plugins/dhcp/dhcp_transaction.h | 6 +- src/libcharon/plugins/dnscert/dnscert_cred.c | 2 +- src/libcharon/plugins/dnscert/dnscert_plugin.c | 2 +- src/libcharon/plugins/eap_aka/eap_aka_peer.c | 2 +- src/libcharon/plugins/eap_aka/eap_aka_peer.h | 2 +- src/libcharon/plugins/eap_aka/eap_aka_plugin.c | 2 +- src/libcharon/plugins/eap_aka/eap_aka_plugin.h | 2 +- src/libcharon/plugins/eap_aka/eap_aka_server.c | 2 +- src/libcharon/plugins/eap_aka/eap_aka_server.h | 2 +- src/libcharon/plugins/eap_aka_3gpp/Makefile.am | 17 +- src/libcharon/plugins/eap_aka_3gpp/Makefile.in | 43 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.c | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.h | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c | 2 +- .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h | 2 +- .../plugins/eap_aka_3gpp/tests/Makefile.am | 24 + .../plugins/eap_aka_3gpp/tests/Makefile.in | 899 +++++++++++++++++++++ .../eap_aka_3gpp/tests/suites/test_vectors.c | 210 +++++ src/libcharon/plugins/eap_aka_3gpp/tests/tests.c | 63 ++ src/libcharon/plugins/eap_aka_3gpp/tests/tests.h | 16 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h | 2 +- .../eap_aka_3gpp2/eap_aka_3gpp2_functions.c | 2 +- .../eap_aka_3gpp2/eap_aka_3gpp2_functions.h | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h | 2 +- src/libcharon/plugins/eap_dynamic/eap_dynamic.c | 2 +- src/libcharon/plugins/eap_dynamic/eap_dynamic.h | 2 +- .../plugins/eap_dynamic/eap_dynamic_plugin.c | 2 +- .../plugins/eap_dynamic/eap_dynamic_plugin.h | 2 +- src/libcharon/plugins/eap_gtc/eap_gtc.c | 2 +- src/libcharon/plugins/eap_gtc/eap_gtc.h | 2 +- src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c | 2 +- src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h | 2 +- src/libcharon/plugins/eap_identity/eap_identity.c | 2 +- src/libcharon/plugins/eap_identity/eap_identity.h | 2 +- .../plugins/eap_identity/eap_identity_plugin.c | 2 +- .../plugins/eap_identity/eap_identity_plugin.h | 2 +- src/libcharon/plugins/eap_md5/eap_md5.c | 2 +- src/libcharon/plugins/eap_md5/eap_md5.h | 2 +- src/libcharon/plugins/eap_md5/eap_md5_plugin.c | 2 +- src/libcharon/plugins/eap_md5/eap_md5_plugin.h | 2 +- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 2 +- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h | 2 +- .../plugins/eap_mschapv2/eap_mschapv2_plugin.c | 2 +- .../plugins/eap_mschapv2/eap_mschapv2_plugin.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap.c | 7 +- src/libcharon/plugins/eap_peap/eap_peap.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap_avp.c | 2 +- src/libcharon/plugins/eap_peap/eap_peap_avp.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap_peer.c | 2 +- src/libcharon/plugins/eap_peap/eap_peap_peer.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap_plugin.c | 2 +- src/libcharon/plugins/eap_peap/eap_peap_plugin.h | 2 +- src/libcharon/plugins/eap_peap/eap_peap_server.c | 2 +- src/libcharon/plugins/eap_peap/eap_peap_server.h | 2 +- src/libcharon/plugins/eap_radius/eap_radius.h | 2 +- .../plugins/eap_radius/eap_radius_forward.h | 2 +- .../plugins/eap_radius/eap_radius_plugin.c | 2 +- .../plugins/eap_radius/eap_radius_plugin.h | 4 +- src/libcharon/plugins/eap_sim/eap_sim_peer.c | 2 +- src/libcharon/plugins/eap_sim/eap_sim_peer.h | 2 +- src/libcharon/plugins/eap_sim/eap_sim_plugin.c | 2 +- src/libcharon/plugins/eap_sim/eap_sim_plugin.h | 2 +- src/libcharon/plugins/eap_sim/eap_sim_server.c | 2 +- src/libcharon/plugins/eap_sim/eap_sim_server.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_card.c | 2 +- .../plugins/eap_sim_file/eap_sim_file_card.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_plugin.c | 2 +- .../plugins/eap_sim_file/eap_sim_file_plugin.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_provider.c | 2 +- .../plugins/eap_sim_file/eap_sim_file_provider.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_triplets.c | 2 +- .../plugins/eap_sim_file/eap_sim_file_triplets.h | 2 +- .../eap_simaka_pseudonym_card.h | 2 +- .../eap_simaka_pseudonym_plugin.c | 2 +- .../eap_simaka_pseudonym_plugin.h | 2 +- .../eap_simaka_pseudonym_provider.c | 2 +- .../eap_simaka_pseudonym_provider.h | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_card.c | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_card.h | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_plugin.c | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_plugin.h | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_provider.c | 2 +- .../eap_simaka_reauth/eap_simaka_reauth_provider.h | 2 +- src/libcharon/plugins/eap_tnc/eap_tnc.h | 2 +- src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c | 2 +- src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls.c | 7 +- src/libcharon/plugins/eap_ttls/eap_ttls.h | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_avp.h | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_peer.h | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h | 2 +- src/libcharon/plugins/eap_ttls/eap_ttls_server.h | 2 +- src/libcharon/plugins/forecast/forecast_listener.c | 2 +- src/libcharon/plugins/ha/ha_child.c | 2 +- src/libcharon/plugins/ha/ha_child.h | 2 +- src/libcharon/plugins/ha/ha_ctl.c | 2 +- src/libcharon/plugins/ha/ha_ctl.h | 2 +- src/libcharon/plugins/ha/ha_dispatcher.c | 2 +- src/libcharon/plugins/ha/ha_dispatcher.h | 2 +- src/libcharon/plugins/ha/ha_ike.c | 2 +- src/libcharon/plugins/ha/ha_ike.h | 2 +- src/libcharon/plugins/ha/ha_kernel.c | 2 +- src/libcharon/plugins/ha/ha_kernel.h | 2 +- src/libcharon/plugins/ha/ha_message.c | 4 +- src/libcharon/plugins/ha/ha_message.h | 2 +- src/libcharon/plugins/ha/ha_plugin.c | 2 +- src/libcharon/plugins/ha/ha_plugin.h | 2 +- src/libcharon/plugins/ha/ha_segments.c | 2 +- src/libcharon/plugins/ha/ha_segments.h | 2 +- src/libcharon/plugins/ha/ha_socket.h | 2 +- src/libcharon/plugins/ha/ha_tunnel.c | 15 +- src/libcharon/plugins/ha/ha_tunnel.h | 2 +- src/libcharon/plugins/ipseckey/ipseckey.c | 2 +- src/libcharon/plugins/ipseckey/ipseckey.h | 2 +- src/libcharon/plugins/ipseckey/ipseckey_cred.c | 2 +- src/libcharon/plugins/ipseckey/ipseckey_cred.h | 2 +- src/libcharon/plugins/ipseckey/ipseckey_plugin.c | 2 +- src/libcharon/plugins/ipseckey/ipseckey_plugin.h | 2 +- .../kernel_libipsec/kernel_libipsec_ipsec.c | 2 +- .../kernel_libipsec/kernel_libipsec_ipsec.h | 2 +- .../kernel_libipsec/kernel_libipsec_plugin.c | 2 +- .../kernel_libipsec/kernel_libipsec_plugin.h | 2 +- .../kernel_libipsec/kernel_libipsec_router.c | 2 +- .../kernel_libipsec/kernel_libipsec_router.h | 2 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 262 +++++- .../plugins/kernel_netlink/kernel_netlink_ipsec.h | 2 +- .../plugins/kernel_netlink/kernel_netlink_net.c | 188 +++-- .../plugins/kernel_netlink/kernel_netlink_net.h | 2 +- .../plugins/kernel_netlink/kernel_netlink_plugin.c | 2 +- .../plugins/kernel_netlink/kernel_netlink_plugin.h | 2 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 2 +- .../plugins/kernel_netlink/kernel_netlink_shared.h | 4 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 10 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h | 2 +- .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 2 +- .../plugins/kernel_pfkey/kernel_pfkey_plugin.h | 2 +- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 2 +- .../plugins/kernel_pfroute/kernel_pfroute_net.h | 2 +- .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 2 +- .../plugins/kernel_pfroute/kernel_pfroute_plugin.h | 2 +- .../plugins/load_tester/load_tester_config.c | 3 +- .../plugins/load_tester/load_tester_config.h | 2 +- .../plugins/load_tester/load_tester_creds.c | 2 +- .../plugins/load_tester/load_tester_creds.h | 2 +- .../load_tester/load_tester_diffie_hellman.c | 2 +- .../load_tester/load_tester_diffie_hellman.h | 2 +- .../plugins/load_tester/load_tester_ipsec.c | 2 +- .../plugins/load_tester/load_tester_ipsec.h | 2 +- .../plugins/load_tester/load_tester_listener.c | 2 +- .../plugins/load_tester/load_tester_listener.h | 2 +- .../plugins/load_tester/load_tester_plugin.c | 2 +- .../plugins/load_tester/load_tester_plugin.h | 2 +- src/libcharon/plugins/medcli/medcli_config.c | 2 +- src/libcharon/plugins/medcli/medcli_config.h | 2 +- src/libcharon/plugins/medcli/medcli_creds.c | 2 +- src/libcharon/plugins/medcli/medcli_creds.h | 2 +- src/libcharon/plugins/medcli/medcli_listener.c | 2 +- src/libcharon/plugins/medcli/medcli_listener.h | 2 +- src/libcharon/plugins/medcli/medcli_plugin.c | 2 +- src/libcharon/plugins/medcli/medcli_plugin.h | 2 +- src/libcharon/plugins/medsrv/medsrv_config.c | 2 +- src/libcharon/plugins/medsrv/medsrv_config.h | 2 +- src/libcharon/plugins/medsrv/medsrv_creds.c | 2 +- src/libcharon/plugins/medsrv/medsrv_creds.h | 2 +- src/libcharon/plugins/medsrv/medsrv_plugin.c | 2 +- src/libcharon/plugins/medsrv/medsrv_plugin.h | 2 +- src/libcharon/plugins/p_cscf/p_cscf_handler.c | 2 +- src/libcharon/plugins/p_cscf/p_cscf_handler.h | 2 +- src/libcharon/plugins/p_cscf/p_cscf_plugin.c | 2 +- src/libcharon/plugins/p_cscf/p_cscf_plugin.h | 2 +- src/libcharon/plugins/resolve/resolve_handler.h | 2 +- src/libcharon/plugins/resolve/resolve_plugin.c | 2 +- src/libcharon/plugins/resolve/resolve_plugin.h | 2 +- src/libcharon/plugins/smp/smp.c | 4 +- src/libcharon/plugins/smp/smp.h | 2 +- .../plugins/socket_default/socket_default_plugin.c | 2 +- .../plugins/socket_default/socket_default_socket.c | 2 +- .../plugins/socket_dynamic/socket_dynamic_plugin.c | 2 +- .../plugins/socket_dynamic/socket_dynamic_socket.c | 2 +- src/libcharon/plugins/sql/sql_config.c | 2 +- src/libcharon/plugins/sql/sql_config.h | 2 +- src/libcharon/plugins/sql/sql_cred.c | 2 +- src/libcharon/plugins/sql/sql_cred.h | 2 +- src/libcharon/plugins/sql/sql_logger.c | 2 +- src/libcharon/plugins/sql/sql_logger.h | 2 +- src/libcharon/plugins/sql/sql_plugin.c | 2 +- src/libcharon/plugins/sql/sql_plugin.h | 2 +- src/libcharon/plugins/stroke/stroke_attribute.c | 2 +- src/libcharon/plugins/stroke/stroke_attribute.h | 2 +- src/libcharon/plugins/stroke/stroke_ca.c | 2 +- src/libcharon/plugins/stroke/stroke_ca.h | 2 +- src/libcharon/plugins/stroke/stroke_config.c | 2 +- src/libcharon/plugins/stroke/stroke_config.h | 2 +- src/libcharon/plugins/stroke/stroke_control.c | 91 +-- src/libcharon/plugins/stroke/stroke_control.h | 2 +- src/libcharon/plugins/stroke/stroke_cred.h | 2 +- src/libcharon/plugins/stroke/stroke_list.c | 2 +- src/libcharon/plugins/stroke/stroke_list.h | 2 +- src/libcharon/plugins/stroke/stroke_plugin.c | 2 +- src/libcharon/plugins/stroke/stroke_plugin.h | 2 +- src/libcharon/plugins/stroke/stroke_socket.c | 5 + src/libcharon/plugins/stroke/stroke_socket.h | 2 +- src/libcharon/plugins/uci/uci_config.c | 2 +- src/libcharon/plugins/uci/uci_config.h | 2 +- src/libcharon/plugins/uci/uci_control.c | 4 +- src/libcharon/plugins/uci/uci_control.h | 2 +- src/libcharon/plugins/uci/uci_creds.c | 2 +- src/libcharon/plugins/uci/uci_creds.h | 2 +- src/libcharon/plugins/uci/uci_parser.c | 2 +- src/libcharon/plugins/uci/uci_parser.h | 2 +- src/libcharon/plugins/uci/uci_plugin.c | 2 +- src/libcharon/plugins/uci/uci_plugin.h | 2 +- src/libcharon/plugins/unity/unity_handler.c | 2 +- src/libcharon/plugins/unity/unity_narrow.c | 2 +- src/libcharon/plugins/unity/unity_provider.c | 2 +- src/libcharon/plugins/updown/updown_listener.h | 2 +- src/libcharon/plugins/updown/updown_plugin.c | 2 +- src/libcharon/plugins/updown/updown_plugin.h | 2 +- src/libcharon/plugins/vici/README.md | 4 +- .../vici/perl/Vici-Session/lib/Vici/Transport.pm | 23 +- src/libcharon/plugins/vici/ruby/Makefile.in | 2 +- src/libcharon/plugins/vici/suites/test_message.c | 2 +- src/libcharon/plugins/vici/vici_attribute.c | 2 +- src/libcharon/plugins/vici/vici_config.c | 96 +-- src/libcharon/plugins/vici/vici_control.c | 95 +-- src/libcharon/plugins/vici/vici_message.c | 2 +- src/libcharon/plugins/vici/vici_message.h | 2 +- .../plugins/xauth_generic/xauth_generic.c | 2 +- .../plugins/xauth_generic/xauth_generic.h | 2 +- .../plugins/xauth_generic/xauth_generic_plugin.c | 2 +- .../plugins/xauth_generic/xauth_generic_plugin.h | 2 +- src/libcharon/plugins/xauth_noauth/xauth_noauth.c | 2 +- src/libcharon/plugins/xauth_noauth/xauth_noauth.h | 2 +- .../plugins/xauth_noauth/xauth_noauth_plugin.c | 2 +- .../plugins/xauth_noauth/xauth_noauth_plugin.h | 2 +- src/libcharon/processing/jobs/acquire_job.c | 2 +- src/libcharon/processing/jobs/acquire_job.h | 2 +- src/libcharon/processing/jobs/adopt_children_job.c | 2 +- src/libcharon/processing/jobs/delete_ike_sa_job.c | 4 +- src/libcharon/processing/jobs/delete_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/inactivity_job.c | 4 +- src/libcharon/processing/jobs/inactivity_job.h | 2 +- .../processing/jobs/initiate_mediation_job.c | 2 +- .../processing/jobs/initiate_mediation_job.h | 2 +- src/libcharon/processing/jobs/mediation_job.c | 2 +- src/libcharon/processing/jobs/mediation_job.h | 2 +- src/libcharon/processing/jobs/migrate_job.c | 2 +- src/libcharon/processing/jobs/migrate_job.h | 2 +- .../processing/jobs/process_message_job.c | 2 +- .../processing/jobs/process_message_job.h | 2 +- src/libcharon/processing/jobs/redirect_job.c | 2 +- src/libcharon/processing/jobs/redirect_job.h | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.c | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.h | 2 +- src/libcharon/processing/jobs/rekey_ike_sa_job.c | 2 +- src/libcharon/processing/jobs/rekey_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/retransmit_job.c | 2 +- src/libcharon/processing/jobs/retransmit_job.h | 2 +- src/libcharon/processing/jobs/retry_initiate_job.c | 2 +- src/libcharon/processing/jobs/retry_initiate_job.h | 2 +- src/libcharon/processing/jobs/roam_job.c | 2 +- src/libcharon/processing/jobs/roam_job.h | 2 +- src/libcharon/processing/jobs/send_dpd_job.c | 2 +- src/libcharon/processing/jobs/send_dpd_job.h | 2 +- src/libcharon/processing/jobs/send_keepalive_job.c | 2 +- src/libcharon/processing/jobs/send_keepalive_job.h | 2 +- src/libcharon/processing/jobs/start_action_job.c | 2 +- src/libcharon/processing/jobs/update_sa_job.c | 2 +- src/libcharon/processing/jobs/update_sa_job.h | 2 +- src/libcharon/sa/authenticator.c | 2 +- src/libcharon/sa/authenticator.h | 2 +- src/libcharon/sa/child_sa.c | 116 ++- src/libcharon/sa/child_sa.h | 5 + src/libcharon/sa/eap/eap_manager.c | 2 +- src/libcharon/sa/eap/eap_manager.h | 2 +- src/libcharon/sa/eap/eap_method.c | 2 +- src/libcharon/sa/eap/eap_method.h | 2 +- src/libcharon/sa/ike_sa.c | 116 ++- src/libcharon/sa/ike_sa.h | 15 +- src/libcharon/sa/ike_sa_id.c | 2 +- src/libcharon/sa/ike_sa_id.h | 2 +- src/libcharon/sa/ike_sa_manager.c | 17 +- .../ikev1/authenticators/pubkey_v1_authenticator.c | 27 +- src/libcharon/sa/ikev1/iv_manager.c | 2 +- src/libcharon/sa/ikev1/iv_manager.h | 2 +- src/libcharon/sa/ikev1/keymat_v1.c | 2 +- src/libcharon/sa/ikev1/keymat_v1.h | 2 +- src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_delete.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_natd.h | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 2 +- src/libcharon/sa/ikev1/tasks/main_mode.c | 2 +- src/libcharon/sa/ikev1/tasks/quick_delete.c | 3 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 24 +- src/libcharon/sa/ikev1/tasks/quick_mode.h | 2 +- .../sa/ikev2/authenticators/eap_authenticator.c | 2 +- .../sa/ikev2/authenticators/eap_authenticator.h | 2 +- .../sa/ikev2/authenticators/psk_authenticator.c | 2 +- .../sa/ikev2/authenticators/psk_authenticator.h | 2 +- .../sa/ikev2/authenticators/pubkey_authenticator.c | 35 +- .../sa/ikev2/authenticators/pubkey_authenticator.h | 2 +- src/libcharon/sa/ikev2/connect_manager.c | 2 +- src/libcharon/sa/ikev2/connect_manager.h | 2 +- src/libcharon/sa/ikev2/keymat_v2.c | 6 +- src/libcharon/sa/ikev2/keymat_v2.h | 2 +- src/libcharon/sa/ikev2/mediation_manager.c | 2 +- src/libcharon/sa/ikev2/mediation_manager.h | 2 +- src/libcharon/sa/ikev2/task_manager_v2.c | 20 +- src/libcharon/sa/ikev2/tasks/child_create.c | 109 ++- src/libcharon/sa/ikev2/tasks/child_delete.c | 9 +- src/libcharon/sa/ikev2/tasks/child_delete.h | 2 +- src/libcharon/sa/ikev2/tasks/child_rekey.c | 6 +- src/libcharon/sa/ikev2/tasks/ike_auth.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_auth.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_cert_post.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_cert_post.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_cert_pre.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_cert_pre.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_config.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_config.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_delete.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_dpd.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_dpd.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_init.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_me.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_me.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_mobike.h | 4 +- src/libcharon/sa/ikev2/tasks/ike_natd.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_natd.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_reauth.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_reauth.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_redirect.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_redirect.h | 2 +- src/libcharon/sa/ikev2/tasks/ike_rekey.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_vendor.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_vendor.h | 2 +- .../sa/ikev2/tasks/ike_verify_peer_cert.c | 2 +- .../sa/ikev2/tasks/ike_verify_peer_cert.h | 2 +- src/libcharon/sa/keymat.c | 3 +- src/libcharon/sa/keymat.h | 2 +- src/libcharon/sa/redirect_manager.c | 2 +- src/libcharon/sa/redirect_manager.h | 2 +- src/libcharon/sa/redirect_provider.h | 2 +- src/libcharon/sa/shunt_manager.c | 13 +- src/libcharon/sa/shunt_manager.h | 10 +- src/libcharon/sa/task.c | 2 +- src/libcharon/sa/task.h | 2 +- src/libcharon/sa/task_manager.c | 2 +- src/libcharon/sa/trap_manager.c | 64 +- src/libcharon/sa/trap_manager.h | 25 +- src/libcharon/sa/xauth/xauth_method.c | 2 +- src/libcharon/sa/xauth/xauth_method.h | 2 +- src/libcharon/tests/suites/test_child_delete.c | 2 +- src/libcharon/tests/suites/test_child_rekey.c | 84 +- src/libcharon/tests/suites/test_ike_cfg.c | 2 +- src/libcharon/tests/suites/test_ike_delete.c | 6 +- src/libcharon/tests/suites/test_ike_rekey.c | 4 +- src/libcharon/tests/suites/test_mem_pool.c | 2 +- src/libfast/fast_context.h | 2 +- src/libfast/fast_controller.h | 2 +- src/libfast/fast_dispatcher.c | 2 +- src/libfast/fast_dispatcher.h | 4 +- src/libfast/fast_filter.h | 2 +- src/libfast/fast_request.c | 4 +- src/libfast/fast_request.h | 2 +- src/libfast/fast_session.c | 2 +- src/libfast/fast_session.h | 2 +- src/libimcv/imcv.h | 3 +- src/libimcv/imv/data.sql | 24 + src/libimcv/imv/imv_database.c | 5 +- src/libimcv/imv/imv_policy_manager.c | 2 +- src/libimcv/imv/tables-mysql.sql | 4 +- src/libimcv/imv/tables.sql | 3 +- src/libimcv/ita/ita_attr_settings.c | 2 +- .../plugins/imc_scanner/imc_scanner_state.h | 3 +- src/libimcv/plugins/imc_swid/imc_swid_state.h | 3 +- .../strongswan.org__strongSwan-5-6-2.swidtag | 11 - .../strongswan.org__strongSwan-5-6-3.swidtag | 11 + .../strongswan.org__strongSwan-5-6-2.swidtag | 11 - .../strongswan.org__strongSwan-5-6-3.swidtag | 11 + src/libimcv/plugins/imc_test/imc_test_state.h | 3 +- src/libimcv/plugins/imv_test/imv_test_state.h | 3 +- src/libimcv/pts/pts.c | 2 +- src/libipsec/esp_context.c | 2 +- src/libipsec/esp_context.h | 2 +- src/libipsec/esp_packet.c | 2 +- src/libipsec/esp_packet.h | 2 +- src/libipsec/ip_packet.c | 4 +- src/libipsec/ip_packet.h | 2 +- src/libipsec/ipsec.c | 2 +- src/libipsec/ipsec.h | 2 +- src/libipsec/ipsec_event_listener.h | 2 +- src/libipsec/ipsec_event_relay.c | 2 +- src/libipsec/ipsec_event_relay.h | 2 +- src/libipsec/ipsec_policy.c | 2 +- src/libipsec/ipsec_policy.h | 2 +- src/libipsec/ipsec_policy_mgr.c | 2 +- src/libipsec/ipsec_policy_mgr.h | 2 +- src/libipsec/ipsec_processor.c | 2 +- src/libipsec/ipsec_processor.h | 2 +- src/libipsec/ipsec_sa.c | 2 +- src/libipsec/ipsec_sa.h | 2 +- src/libipsec/ipsec_sa_mgr.c | 2 +- src/libipsec/ipsec_sa_mgr.h | 2 +- src/libradius/radius_client.c | 2 +- src/libradius/radius_client.h | 2 +- src/libradius/radius_message.c | 2 +- src/libradius/radius_message.h | 2 +- src/libsimaka/simaka_card.h | 2 +- src/libsimaka/simaka_crypto.c | 2 +- src/libsimaka/simaka_crypto.h | 2 +- src/libsimaka/simaka_hooks.h | 2 +- src/libsimaka/simaka_manager.c | 2 +- src/libsimaka/simaka_manager.h | 2 +- src/libsimaka/simaka_message.c | 2 +- src/libsimaka/simaka_message.h | 2 +- src/libsimaka/simaka_provider.h | 2 +- src/libstrongswan/asn1/asn1.c | 2 +- src/libstrongswan/asn1/asn1.h | 2 +- src/libstrongswan/asn1/oid.c | 703 ++++++++-------- src/libstrongswan/asn1/oid.h | 327 ++++---- src/libstrongswan/asn1/oid.pl | 2 +- src/libstrongswan/asn1/oid.txt | 7 + src/libstrongswan/bio/bio_reader.c | 2 +- src/libstrongswan/bio/bio_reader.h | 2 +- src/libstrongswan/bio/bio_writer.c | 2 +- src/libstrongswan/bio/bio_writer.h | 2 +- src/libstrongswan/collections/array.c | 2 +- src/libstrongswan/collections/array.h | 2 +- src/libstrongswan/collections/blocking_queue.c | 2 +- src/libstrongswan/collections/blocking_queue.h | 2 +- src/libstrongswan/collections/dictionary.h | 2 +- src/libstrongswan/collections/enumerator.c | 2 +- src/libstrongswan/collections/hashtable.c | 2 +- src/libstrongswan/collections/hashtable.h | 2 +- src/libstrongswan/collections/linked_list.c | 2 +- src/libstrongswan/collections/linked_list.h | 2 +- src/libstrongswan/credentials/auth_cfg.h | 2 +- .../credentials/certificates/certificate.h | 2 +- src/libstrongswan/credentials/certificates/crl.c | 2 +- src/libstrongswan/credentials/certificates/crl.h | 2 +- .../credentials/certificates/ocsp_request.h | 2 +- .../credentials/certificates/ocsp_response.c | 2 +- .../credentials/certificates/ocsp_response.h | 2 +- .../credentials/certificates/pgp_certificate.h | 2 +- src/libstrongswan/credentials/certificates/x509.h | 5 +- .../credentials/containers/container.h | 2 +- src/libstrongswan/credentials/containers/pkcs12.c | 2 +- src/libstrongswan/credentials/containers/pkcs12.h | 2 +- src/libstrongswan/credentials/cred_encoding.c | 2 +- src/libstrongswan/credentials/cred_encoding.h | 2 +- src/libstrongswan/credentials/credential_factory.c | 2 +- src/libstrongswan/credentials/credential_factory.h | 2 +- src/libstrongswan/credentials/credential_manager.c | 2 +- src/libstrongswan/credentials/credential_manager.h | 2 +- src/libstrongswan/credentials/credential_set.h | 2 +- src/libstrongswan/credentials/keys/private_key.c | 2 +- src/libstrongswan/credentials/keys/shared_key.c | 2 +- src/libstrongswan/credentials/keys/shared_key.h | 2 +- .../credentials/sets/auth_cfg_wrapper.c | 2 +- .../credentials/sets/auth_cfg_wrapper.h | 2 +- src/libstrongswan/credentials/sets/cert_cache.h | 2 +- src/libstrongswan/credentials/sets/mem_cred.c | 2 +- .../credentials/sets/ocsp_response_wrapper.c | 2 +- .../credentials/sets/ocsp_response_wrapper.h | 2 +- src/libstrongswan/crypto/aead.c | 2 +- src/libstrongswan/crypto/aead.h | 2 +- src/libstrongswan/crypto/crypters/crypter.c | 2 +- src/libstrongswan/crypto/crypters/crypter.h | 2 +- src/libstrongswan/crypto/crypto_tester.c | 2 +- src/libstrongswan/crypto/crypto_tester.h | 2 +- src/libstrongswan/crypto/diffie_hellman.c | 47 +- src/libstrongswan/crypto/diffie_hellman.h | 2 +- .../crypto/hashers/hash_algorithm_set.c | 2 +- .../crypto/hashers/hash_algorithm_set.h | 2 +- src/libstrongswan/crypto/iv/iv_gen.c | 2 +- src/libstrongswan/crypto/iv/iv_gen.h | 2 +- src/libstrongswan/crypto/iv/iv_gen_null.c | 2 +- src/libstrongswan/crypto/iv/iv_gen_null.h | 2 +- src/libstrongswan/crypto/iv/iv_gen_rand.c | 2 +- src/libstrongswan/crypto/iv/iv_gen_rand.h | 2 +- src/libstrongswan/crypto/iv/iv_gen_seq.c | 2 +- src/libstrongswan/crypto/iv/iv_gen_seq.h | 2 +- src/libstrongswan/crypto/mac.h | 2 +- src/libstrongswan/crypto/nonce_gen.h | 2 +- src/libstrongswan/crypto/pkcs5.c | 26 +- src/libstrongswan/crypto/pkcs5.h | 2 +- src/libstrongswan/crypto/prf_plus.c | 2 +- src/libstrongswan/crypto/prf_plus.h | 2 +- src/libstrongswan/crypto/prfs/mac_prf.c | 2 +- src/libstrongswan/crypto/prfs/mac_prf.h | 2 +- src/libstrongswan/crypto/prfs/prf.c | 27 +- src/libstrongswan/crypto/prfs/prf.h | 11 +- src/libstrongswan/crypto/proposal/proposal.c | 236 +++++- .../crypto/proposal/proposal_keywords.c | 2 +- .../crypto/proposal/proposal_keywords.h | 2 +- .../crypto/proposal/proposal_keywords_static.c | 153 ++-- .../crypto/proposal/proposal_keywords_static.h | 2 +- .../crypto/proposal/proposal_keywords_static.h.in | 2 +- .../crypto/proposal/proposal_keywords_static.txt | 5 +- src/libstrongswan/crypto/rngs/rng.c | 2 +- src/libstrongswan/crypto/rngs/rng.h | 2 +- src/libstrongswan/crypto/signers/mac_signer.c | 2 +- src/libstrongswan/crypto/signers/mac_signer.h | 2 +- src/libstrongswan/crypto/signers/signer.c | 2 +- src/libstrongswan/crypto/signers/signer.h | 2 +- src/libstrongswan/crypto/transform.c | 22 +- src/libstrongswan/crypto/transform.h | 15 +- src/libstrongswan/database/database.h | 2 +- src/libstrongswan/database/database_factory.c | 2 +- src/libstrongswan/database/database_factory.h | 2 +- src/libstrongswan/eap/eap.c | 2 +- src/libstrongswan/eap/eap.h | 2 +- src/libstrongswan/fetcher/fetcher.h | 2 +- src/libstrongswan/fetcher/fetcher_manager.c | 2 +- src/libstrongswan/fetcher/fetcher_manager.h | 2 +- src/libstrongswan/ipsec/ipsec_types.c | 8 +- src/libstrongswan/ipsec/ipsec_types.h | 17 +- src/libstrongswan/library.c | 2 +- src/libstrongswan/library.h | 2 +- src/libstrongswan/networking/host.c | 2 +- src/libstrongswan/networking/host.h | 2 +- src/libstrongswan/networking/host_resolver.c | 2 +- src/libstrongswan/networking/host_resolver.h | 2 +- src/libstrongswan/networking/packet.c | 2 +- src/libstrongswan/networking/packet.h | 2 +- .../networking/streams/stream_service_unix.c | 9 +- src/libstrongswan/networking/tun_device.c | 2 +- src/libstrongswan/networking/tun_device.h | 2 +- src/libstrongswan/plugins/aes/aes_crypter.c | 2 +- src/libstrongswan/plugins/aes/aes_crypter.h | 2 +- src/libstrongswan/plugins/aes/aes_plugin.c | 2 +- src/libstrongswan/plugins/aes/aes_plugin.h | 2 +- src/libstrongswan/plugins/aesni/aesni_cmac.c | 2 +- src/libstrongswan/plugins/aesni/aesni_xcbc.c | 2 +- src/libstrongswan/plugins/agent/agent_plugin.c | 2 +- src/libstrongswan/plugins/agent/agent_plugin.h | 2 +- .../plugins/agent/agent_private_key.c | 2 +- .../plugins/agent/agent_private_key.h | 2 +- .../plugins/bliss/bliss_private_key.c | 4 +- src/libstrongswan/plugins/blowfish/bf_enc.c | 2 +- src/libstrongswan/plugins/blowfish/bf_locl.h | 2 +- src/libstrongswan/plugins/blowfish/bf_pi.h | 2 +- src/libstrongswan/plugins/blowfish/bf_skey.c | 2 +- src/libstrongswan/plugins/blowfish/blowfish.h | 2 +- .../plugins/blowfish/blowfish_crypter.c | 2 +- .../plugins/blowfish/blowfish_crypter.h | 2 +- .../plugins/blowfish/blowfish_plugin.c | 2 +- .../plugins/blowfish/blowfish_plugin.h | 2 +- src/libstrongswan/plugins/cmac/cmac.c | 2 +- src/libstrongswan/plugins/cmac/cmac.h | 2 +- src/libstrongswan/plugins/cmac/cmac_plugin.c | 2 +- src/libstrongswan/plugins/cmac/cmac_plugin.h | 2 +- src/libstrongswan/plugins/curl/curl_fetcher.c | 2 +- src/libstrongswan/plugins/curl/curl_fetcher.h | 2 +- src/libstrongswan/plugins/curl/curl_plugin.c | 2 +- src/libstrongswan/plugins/curl/curl_plugin.h | 2 +- src/libstrongswan/plugins/des/des_crypter.c | 4 +- src/libstrongswan/plugins/des/des_crypter.h | 2 +- src/libstrongswan/plugins/des/des_plugin.c | 2 +- src/libstrongswan/plugins/des/des_plugin.h | 2 +- src/libstrongswan/plugins/dnskey/dnskey_builder.c | 2 +- src/libstrongswan/plugins/dnskey/dnskey_builder.h | 2 +- src/libstrongswan/plugins/dnskey/dnskey_plugin.c | 2 +- src/libstrongswan/plugins/dnskey/dnskey_plugin.h | 2 +- src/libstrongswan/plugins/files/files_fetcher.c | 2 +- src/libstrongswan/plugins/files/files_fetcher.h | 2 +- src/libstrongswan/plugins/files/files_plugin.c | 2 +- src/libstrongswan/plugins/files/files_plugin.h | 2 +- src/libstrongswan/plugins/fips_prf/fips_prf.c | 2 +- src/libstrongswan/plugins/fips_prf/fips_prf.h | 2 +- .../plugins/fips_prf/fips_prf_plugin.c | 2 +- .../plugins/fips_prf/fips_prf_plugin.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.h | 2 +- .../plugins/gcrypt/gcrypt_rsa_private_key.h | 2 +- .../plugins/gcrypt/gcrypt_rsa_public_key.h | 2 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h | 2 +- src/libstrongswan/plugins/gmp/gmp_plugin.c | 2 +- src/libstrongswan/plugins/gmp/gmp_plugin.h | 2 +- .../plugins/gmp/gmp_rsa_private_key.h | 2 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h | 2 +- src/libstrongswan/plugins/hmac/hmac.c | 2 +- src/libstrongswan/plugins/hmac/hmac.h | 2 +- src/libstrongswan/plugins/hmac/hmac_plugin.c | 2 +- src/libstrongswan/plugins/hmac/hmac_plugin.h | 2 +- src/libstrongswan/plugins/ldap/ldap_fetcher.c | 2 +- src/libstrongswan/plugins/ldap/ldap_fetcher.h | 2 +- src/libstrongswan/plugins/ldap/ldap_plugin.c | 2 +- src/libstrongswan/plugins/ldap/ldap_plugin.h | 2 +- src/libstrongswan/plugins/md4/md4_hasher.c | 2 +- src/libstrongswan/plugins/md4/md4_hasher.h | 2 +- src/libstrongswan/plugins/md4/md4_plugin.c | 2 +- src/libstrongswan/plugins/md4/md4_plugin.h | 2 +- src/libstrongswan/plugins/md5/md5_hasher.c | 2 +- src/libstrongswan/plugins/md5/md5_hasher.h | 2 +- src/libstrongswan/plugins/md5/md5_plugin.c | 2 +- src/libstrongswan/plugins/md5/md5_plugin.h | 2 +- src/libstrongswan/plugins/mysql/mysql_database.c | 2 +- src/libstrongswan/plugins/mysql/mysql_database.h | 2 +- src/libstrongswan/plugins/mysql/mysql_plugin.c | 2 +- src/libstrongswan/plugins/mysql/mysql_plugin.h | 2 +- src/libstrongswan/plugins/nonce/nonce_nonceg.c | 2 +- src/libstrongswan/plugins/nonce/nonce_nonceg.h | 2 +- src/libstrongswan/plugins/nonce/nonce_plugin.c | 2 +- src/libstrongswan/plugins/nonce/nonce_plugin.h | 2 +- src/libstrongswan/plugins/ntru/ntru_private_key.c | 2 +- src/libstrongswan/plugins/openssl/openssl_crl.c | 2 +- .../plugins/openssl/openssl_crypter.c | 2 +- .../plugins/openssl/openssl_crypter.h | 2 +- .../plugins/openssl/openssl_diffie_hellman.c | 2 +- .../plugins/openssl/openssl_diffie_hellman.h | 2 +- .../plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- .../plugins/openssl/openssl_ec_diffie_hellman.h | 2 +- .../plugins/openssl/openssl_ec_public_key.c | 2 +- .../plugins/openssl/openssl_ec_public_key.h | 2 +- src/libstrongswan/plugins/openssl/openssl_gcm.c | 2 +- src/libstrongswan/plugins/openssl/openssl_gcm.h | 2 +- src/libstrongswan/plugins/openssl/openssl_hmac.c | 2 +- src/libstrongswan/plugins/openssl/openssl_hmac.h | 2 +- src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 2 +- src/libstrongswan/plugins/openssl/openssl_pkcs12.h | 2 +- src/libstrongswan/plugins/openssl/openssl_plugin.h | 2 +- .../plugins/openssl/openssl_rsa_public_key.h | 2 +- .../plugins/openssl/openssl_sha1_prf.c | 2 +- .../plugins/openssl/openssl_sha1_prf.h | 2 +- src/libstrongswan/plugins/openssl/openssl_util.c | 2 +- src/libstrongswan/plugins/openssl/openssl_util.h | 2 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 11 + .../plugins/padlock/padlock_aes_crypter.c | 2 +- .../plugins/padlock/padlock_aes_crypter.h | 2 +- src/libstrongswan/plugins/padlock/padlock_plugin.c | 2 +- src/libstrongswan/plugins/padlock/padlock_plugin.h | 2 +- src/libstrongswan/plugins/padlock/padlock_rng.c | 2 +- src/libstrongswan/plugins/padlock/padlock_rng.h | 2 +- .../plugins/padlock/padlock_sha1_hasher.c | 2 +- .../plugins/padlock/padlock_sha1_hasher.h | 2 +- src/libstrongswan/plugins/pem/pem_builder.c | 2 +- src/libstrongswan/plugins/pem/pem_builder.h | 2 +- src/libstrongswan/plugins/pem/pem_encoder.h | 2 +- src/libstrongswan/plugins/pem/pem_plugin.c | 2 +- src/libstrongswan/plugins/pem/pem_plugin.h | 2 +- src/libstrongswan/plugins/pgp/pgp_builder.c | 2 +- src/libstrongswan/plugins/pgp/pgp_builder.h | 2 +- src/libstrongswan/plugins/pgp/pgp_cert.c | 2 +- src/libstrongswan/plugins/pgp/pgp_cert.h | 2 +- src/libstrongswan/plugins/pgp/pgp_encoder.c | 2 +- src/libstrongswan/plugins/pgp/pgp_encoder.h | 2 +- src/libstrongswan/plugins/pgp/pgp_plugin.c | 2 +- src/libstrongswan/plugins/pgp/pgp_plugin.h | 2 +- src/libstrongswan/plugins/pgp/pgp_utils.c | 2 +- src/libstrongswan/plugins/pgp/pgp_utils.h | 2 +- src/libstrongswan/plugins/pkcs1/pkcs1_builder.h | 2 +- src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c | 2 +- src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h | 2 +- src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_dh.h | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 6 +- src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 2 +- .../plugins/pkcs11/pkcs11_private_key.c | 2 +- .../plugins/pkcs11/pkcs11_private_key.h | 2 +- .../plugins/pkcs11/pkcs11_public_key.c | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_rng.c | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_rng.h | 2 +- src/libstrongswan/plugins/pkcs12/pkcs12_decode.c | 2 +- src/libstrongswan/plugins/pkcs12/pkcs12_decode.h | 2 +- src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c | 2 +- src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h | 4 +- src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c | 2 +- src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h | 2 +- .../plugins/pkcs7/pkcs7_encrypted_data.c | 2 +- .../plugins/pkcs7/pkcs7_encrypted_data.h | 2 +- .../plugins/pkcs7/pkcs7_enveloped_data.c | 2 +- src/libstrongswan/plugins/pkcs7/pkcs7_generic.c | 2 +- src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h | 2 +- src/libstrongswan/plugins/pkcs8/pkcs8_builder.c | 2 +- src/libstrongswan/plugins/pkcs8/pkcs8_builder.h | 2 +- src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c | 2 +- src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h | 4 +- src/libstrongswan/plugins/plugin.h | 2 +- src/libstrongswan/plugins/plugin_feature.c | 2 +- src/libstrongswan/plugins/plugin_feature.h | 2 +- src/libstrongswan/plugins/plugin_loader.c | 2 +- src/libstrongswan/plugins/plugin_loader.h | 2 +- src/libstrongswan/plugins/pubkey/pubkey_cert.c | 2 +- src/libstrongswan/plugins/pubkey/pubkey_cert.h | 2 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.c | 2 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.h | 2 +- src/libstrongswan/plugins/random/random_plugin.c | 2 +- src/libstrongswan/plugins/random/random_plugin.h | 2 +- src/libstrongswan/plugins/random/random_rng.c | 2 +- src/libstrongswan/plugins/random/random_rng.h | 2 +- src/libstrongswan/plugins/rc2/rc2_crypter.c | 2 +- src/libstrongswan/plugins/rc2/rc2_crypter.h | 2 +- src/libstrongswan/plugins/rc2/rc2_plugin.c | 2 +- src/libstrongswan/plugins/rc2/rc2_plugin.h | 2 +- .../plugins/revocation/revocation_validator.c | 134 ++- src/libstrongswan/plugins/sha1/sha1_hasher.c | 2 +- src/libstrongswan/plugins/sha1/sha1_hasher.h | 2 +- src/libstrongswan/plugins/sha1/sha1_plugin.c | 2 +- src/libstrongswan/plugins/sha1/sha1_plugin.h | 2 +- src/libstrongswan/plugins/sha1/sha1_prf.c | 2 +- src/libstrongswan/plugins/sha1/sha1_prf.h | 2 +- src/libstrongswan/plugins/sha2/sha2_hasher.c | 2 +- src/libstrongswan/plugins/sha2/sha2_hasher.h | 2 +- src/libstrongswan/plugins/sha2/sha2_plugin.c | 2 +- src/libstrongswan/plugins/sha2/sha2_plugin.h | 2 +- src/libstrongswan/plugins/sqlite/sqlite_database.c | 2 +- src/libstrongswan/plugins/sqlite/sqlite_database.h | 2 +- src/libstrongswan/plugins/sqlite/sqlite_plugin.c | 8 +- src/libstrongswan/plugins/sqlite/sqlite_plugin.h | 2 +- src/libstrongswan/plugins/sshkey/sshkey_builder.c | 2 +- src/libstrongswan/plugins/sshkey/sshkey_builder.h | 2 +- src/libstrongswan/plugins/sshkey/sshkey_encoder.c | 2 +- src/libstrongswan/plugins/sshkey/sshkey_encoder.h | 2 +- src/libstrongswan/plugins/sshkey/sshkey_plugin.c | 2 +- src/libstrongswan/plugins/sshkey/sshkey_plugin.h | 2 +- .../plugins/test_vectors/test_vectors.h | 2 +- .../plugins/test_vectors/test_vectors/3des_cbc.c | 2 +- .../plugins/test_vectors/test_vectors/aes_cbc.c | 2 +- .../plugins/test_vectors/test_vectors/aes_cmac.c | 2 +- .../plugins/test_vectors/test_vectors/aes_xcbc.c | 2 +- .../plugins/test_vectors/test_vectors/blowfish.c | 2 +- .../test_vectors/test_vectors/camellia_cbc.c | 2 +- .../plugins/test_vectors/test_vectors/cast.c | 2 +- .../plugins/test_vectors/test_vectors/des.c | 2 +- .../plugins/test_vectors/test_vectors/fips_prf.c | 2 +- .../plugins/test_vectors/test_vectors/idea.c | 2 +- .../plugins/test_vectors/test_vectors/md2.c | 2 +- .../plugins/test_vectors/test_vectors/md4.c | 2 +- .../plugins/test_vectors/test_vectors/md5.c | 2 +- .../plugins/test_vectors/test_vectors/md5_hmac.c | 2 +- .../plugins/test_vectors/test_vectors/null.c | 2 +- .../plugins/test_vectors/test_vectors/rc2.c | 2 +- .../plugins/test_vectors/test_vectors/rc5.c | 2 +- .../plugins/test_vectors/test_vectors/rng.c | 2 +- .../test_vectors/test_vectors/serpent_cbc.c | 2 +- .../plugins/test_vectors/test_vectors/sha1.c | 2 +- .../plugins/test_vectors/test_vectors/sha1_hmac.c | 2 +- .../plugins/test_vectors/test_vectors/sha2.c | 2 +- .../plugins/test_vectors/test_vectors/sha2_hmac.c | 2 +- .../test_vectors/test_vectors/twofish_cbc.c | 2 +- .../plugins/test_vectors/test_vectors_plugin.c | 2 +- .../plugins/test_vectors/test_vectors_plugin.h | 2 +- src/libstrongswan/plugins/unbound/unbound_plugin.c | 2 +- src/libstrongswan/plugins/unbound/unbound_plugin.h | 2 +- .../plugins/unbound/unbound_resolver.c | 2 +- .../plugins/unbound/unbound_resolver.h | 2 +- .../plugins/unbound/unbound_response.c | 2 +- .../plugins/unbound/unbound_response.h | 2 +- src/libstrongswan/plugins/unbound/unbound_rr.c | 2 +- src/libstrongswan/plugins/unbound/unbound_rr.h | 2 +- src/libstrongswan/plugins/x509/x509_ac.h | 2 +- src/libstrongswan/plugins/x509/x509_cert.c | 12 +- src/libstrongswan/plugins/x509/x509_cert.h | 2 +- src/libstrongswan/plugins/x509/x509_crl.c | 3 +- src/libstrongswan/plugins/x509/x509_crl.h | 2 +- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 2 +- src/libstrongswan/plugins/x509/x509_ocsp_request.h | 2 +- .../plugins/x509/x509_ocsp_response.h | 2 +- src/libstrongswan/plugins/x509/x509_plugin.c | 2 +- src/libstrongswan/plugins/x509/x509_plugin.h | 2 +- src/libstrongswan/plugins/xcbc/xcbc.c | 2 +- src/libstrongswan/plugins/xcbc/xcbc.h | 2 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.c | 2 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.h | 2 +- src/libstrongswan/processing/jobs/callback_job.c | 2 +- src/libstrongswan/processing/jobs/callback_job.h | 2 +- src/libstrongswan/processing/jobs/job.h | 2 +- src/libstrongswan/processing/processor.c | 2 +- src/libstrongswan/processing/processor.h | 2 +- src/libstrongswan/processing/scheduler.c | 2 +- src/libstrongswan/processing/scheduler.h | 2 +- src/libstrongswan/resolver/resolver.h | 2 +- src/libstrongswan/resolver/resolver_manager.c | 2 +- src/libstrongswan/resolver/resolver_manager.h | 2 +- src/libstrongswan/resolver/resolver_response.h | 2 +- src/libstrongswan/resolver/rr.h | 2 +- src/libstrongswan/resolver/rr_set.c | 2 +- src/libstrongswan/resolver/rr_set.h | 2 +- src/libstrongswan/selectors/traffic_selector.c | 9 +- src/libstrongswan/selectors/traffic_selector.h | 2 +- src/libstrongswan/settings/settings.c | 2 +- src/libstrongswan/settings/settings.h | 2 +- src/libstrongswan/settings/settings_lexer.c | 366 ++++++--- src/libstrongswan/settings/settings_lexer.l | 67 +- src/libstrongswan/settings/settings_parser.c | 2 +- src/libstrongswan/settings/settings_parser.y | 2 +- src/libstrongswan/settings/settings_types.c | 2 +- src/libstrongswan/settings/settings_types.h | 2 +- src/libstrongswan/tests/suites/test_array.c | 2 +- src/libstrongswan/tests/suites/test_auth_cfg.c | 2 +- src/libstrongswan/tests/suites/test_bio_reader.c | 2 +- src/libstrongswan/tests/suites/test_bio_writer.c | 2 +- src/libstrongswan/tests/suites/test_chunk.c | 2 +- .../tests/suites/test_crypto_factory.c | 2 +- src/libstrongswan/tests/suites/test_enum.c | 2 +- src/libstrongswan/tests/suites/test_enumerator.c | 2 +- src/libstrongswan/tests/suites/test_hashtable.c | 2 +- src/libstrongswan/tests/suites/test_host.c | 2 +- src/libstrongswan/tests/suites/test_iv_gen.c | 2 +- src/libstrongswan/tests/suites/test_linked_list.c | 2 +- .../tests/suites/test_linked_list_enumerator.c | 2 +- src/libstrongswan/tests/suites/test_proposal.c | 114 +++ src/libstrongswan/tests/suites/test_settings.c | 115 ++- src/libstrongswan/tests/suites/test_threading.c | 52 +- .../tests/suites/test_traffic_selector.c | 7 +- src/libstrongswan/tests/suites/test_utils.c | 2 +- src/libstrongswan/tests/suites/test_vectors.c | 2 +- src/libstrongswan/tests/test_runner.c | 2 +- src/libstrongswan/tests/test_suite.h | 2 +- src/libstrongswan/tests/tests.h | 2 +- src/libstrongswan/threading/condvar.h | 2 +- src/libstrongswan/threading/lock_profiler.h | 2 +- src/libstrongswan/threading/mutex.c | 2 +- src/libstrongswan/threading/mutex.h | 2 +- src/libstrongswan/threading/rwlock.c | 2 +- src/libstrongswan/threading/rwlock.h | 2 +- src/libstrongswan/threading/rwlock_condvar.h | 2 +- src/libstrongswan/threading/semaphore.c | 2 +- src/libstrongswan/threading/semaphore.h | 2 +- src/libstrongswan/threading/spinlock.c | 2 +- src/libstrongswan/threading/spinlock.h | 2 +- src/libstrongswan/threading/thread.c | 4 +- src/libstrongswan/threading/thread.h | 2 +- src/libstrongswan/threading/thread_value.c | 2 +- src/libstrongswan/threading/thread_value.h | 2 +- src/libstrongswan/utils/backtrace.c | 2 +- src/libstrongswan/utils/backtrace.h | 2 +- src/libstrongswan/utils/capabilities.c | 7 +- src/libstrongswan/utils/capabilities.h | 5 +- src/libstrongswan/utils/chunk.c | 2 +- src/libstrongswan/utils/chunk.h | 2 +- src/libstrongswan/utils/compat/android.h | 2 +- src/libstrongswan/utils/debug.c | 2 +- src/libstrongswan/utils/debug.h | 2 +- src/libstrongswan/utils/enum.c | 2 +- src/libstrongswan/utils/enum.h | 4 +- src/libstrongswan/utils/identification.h | 2 +- src/libstrongswan/utils/integrity_checker.c | 2 +- src/libstrongswan/utils/integrity_checker.h | 2 +- src/libstrongswan/utils/leak_detective.c | 2 +- src/libstrongswan/utils/leak_detective.h | 2 +- src/libstrongswan/utils/lexparser.h | 2 +- src/libstrongswan/utils/optionsfrom.c | 2 +- src/libstrongswan/utils/optionsfrom.h | 2 +- src/libstrongswan/utils/parser_helper.c | 2 +- src/libstrongswan/utils/parser_helper.h | 2 +- src/libstrongswan/utils/printf_hook/printf_hook.h | 2 +- .../utils/printf_hook/printf_hook_glibc.c | 2 +- .../utils/printf_hook/printf_hook_vstr.c | 2 +- .../utils/printf_hook/printf_hook_vstr.h | 2 +- src/libstrongswan/utils/test.c | 2 +- src/libstrongswan/utils/test.h | 2 +- src/libstrongswan/utils/utils.c | 2 +- src/libstrongswan/utils/utils.h | 2 +- src/libstrongswan/utils/utils/align.c | 2 +- src/libstrongswan/utils/utils/align.h | 2 +- src/libstrongswan/utils/utils/atomics.c | 2 +- src/libstrongswan/utils/utils/atomics.h | 2 +- src/libstrongswan/utils/utils/byteorder.h | 2 +- src/libstrongswan/utils/utils/memory.c | 4 +- src/libstrongswan/utils/utils/memory.h | 2 +- src/libstrongswan/utils/utils/object.h | 2 +- src/libstrongswan/utils/utils/path.c | 2 +- src/libstrongswan/utils/utils/path.h | 2 +- src/libstrongswan/utils/utils/status.c | 2 +- src/libstrongswan/utils/utils/status.h | 2 +- src/libstrongswan/utils/utils/strerror.c | 2 +- src/libstrongswan/utils/utils/strerror.h | 2 +- src/libstrongswan/utils/utils/string.c | 2 +- src/libstrongswan/utils/utils/string.h | 2 +- src/libstrongswan/utils/utils/tty.c | 2 +- src/libstrongswan/utils/utils/tty.h | 2 +- src/libstrongswan/utils/utils/types.h | 2 +- src/libtls/tls_application.h | 2 +- .../plugins/tnc_imc/tnc_imc_bind_function.c | 4 +- src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c | 4 +- .../plugins/tnccs_11/messages/imc_imv_msg.c | 4 +- .../plugins/tnccs_11/messages/tnccs_error_msg.c | 4 +- src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c | 4 +- .../messages/tnccs_preferred_language_msg.c | 4 +- .../tnccs_11/messages/tnccs_reason_strings_msg.c | 4 +- .../tnccs_11/messages/tnccs_recommendation_msg.c | 4 +- .../messages/tnccs_tncs_contact_info_msg.c | 3 +- src/libtpmtss/plugins/tpm/tpm_cert.c | 2 +- src/libtpmtss/tpm_tss_tss2.c | 3 +- src/manager/controller/auth_controller.c | 2 +- src/manager/controller/auth_controller.h | 2 +- src/manager/controller/config_controller.c | 2 +- src/manager/controller/config_controller.h | 2 +- src/manager/controller/control_controller.c | 2 +- src/manager/controller/control_controller.h | 2 +- src/manager/controller/gateway_controller.c | 2 +- src/manager/controller/gateway_controller.h | 2 +- src/manager/controller/ikesa_controller.c | 2 +- src/manager/controller/ikesa_controller.h | 2 +- src/manager/gateway.c | 2 +- src/manager/gateway.h | 2 +- src/manager/main.c | 2 +- src/manager/manager.c | 2 +- src/manager/manager.h | 2 +- src/manager/storage.c | 2 +- src/manager/storage.h | 2 +- src/manager/xml.c | 2 +- src/manager/xml.h | 2 +- src/medsrv/controller/peer_controller.c | 2 +- src/medsrv/controller/peer_controller.h | 2 +- src/medsrv/controller/user_controller.c | 2 +- src/medsrv/controller/user_controller.h | 2 +- src/medsrv/filter/auth_filter.c | 2 +- src/medsrv/filter/auth_filter.h | 2 +- src/medsrv/main.c | 2 +- src/medsrv/user.c | 2 +- src/medsrv/user.h | 2 +- src/pki/command.c | 2 +- src/pki/command.h | 2 +- src/pki/commands/dn.c | 2 +- src/pki/commands/pkcs12.c | 2 +- src/pki/commands/verify.c | 106 ++- src/pki/man/pki---verify.1.in | 7 +- src/pool/pool_attributes.c | 2 +- src/pool/pool_attributes.h | 2 +- src/pool/pool_usage.c | 2 +- src/pool/pool_usage.h | 2 +- src/pt-tls-client/pt-tls-client.c | 6 +- src/scepclient/scep.c | 2 +- src/scepclient/scep.h | 2 +- src/scepclient/scepclient.c | 2 +- src/starter/args.c | 2 +- src/starter/args.h | 2 +- src/starter/confread.c | 2 +- src/starter/invokecharon.c | 9 +- src/starter/invokecharon.h | 9 +- src/starter/keywords.c | 2 +- src/starter/keywords.h | 2 +- src/starter/keywords.h.in | 2 +- src/starter/keywords.txt | 2 +- src/starter/parser/conf_parser.c | 2 +- src/starter/parser/conf_parser.h | 2 +- src/starter/parser/lexer.c | 2 +- src/starter/parser/lexer.l | 2 +- src/starter/parser/parser.c | 2 +- src/starter/parser/parser.y | 2 +- src/starter/starter.c | 6 +- src/starter/starterstroke.c | 2 +- src/starter/starterstroke.h | 2 +- src/starter/tests/starter_tests.c | 2 +- src/starter/tests/starter_tests.h | 2 +- src/starter/tests/suites/test_parser.c | 2 +- src/stroke/stroke.c | 2 +- src/stroke/stroke_keywords.c | 4 +- src/stroke/stroke_keywords.h | 4 +- src/stroke/stroke_keywords.h.in | 4 +- src/stroke/stroke_keywords.txt | 4 +- src/stroke/stroke_msg.h | 2 +- src/sw-collector/sw-collector.8.in | 12 +- src/sw-collector/sw-collector.c | 98 ++- src/swanctl/command.c | 2 +- src/swanctl/command.h | 2 +- src/swanctl/commands/list_algs.c | 2 +- src/swanctl/commands/redirect.c | 2 +- src/swanctl/commands/terminate.c | 9 + src/swanctl/swanctl.conf.5.main | 8 +- src/swanctl/swanctl.opt | 6 + testing/hosts/default/etc/sysctl.conf | 2 +- testing/scripts/recipes/patches/freeradius-tnc-fhh | 2 +- testing/testing.conf | 6 +- .../ikev2/alg-chacha20poly1305/description.txt | 2 +- .../tests/ikev2/alg-chacha20poly1305/evaltest.dat | 8 +- .../dhcp-dynamic/hosts/moon/etc/iptables.rules | 4 +- testing/tests/ikev2/dhcp-dynamic/posttest.dat | 3 +- .../hosts/moon/etc/iptables.rules | 4 +- .../hosts/moon/etc/strongswan.conf | 1 + .../dhcp-static-mac/hosts/moon/etc/iptables.rules | 4 +- .../ikev2/multi-level-ca-skipped/description.txt | 4 + .../ikev2/multi-level-ca-skipped/evaltest.dat | 4 + .../hosts/carol/etc/ipsec.conf | 21 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 5 + .../hosts/moon/etc/ipsec.conf | 25 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/strongswan.conf | 5 + .../ikev2/multi-level-ca-skipped/posttest.dat | 3 + .../tests/ikev2/multi-level-ca-skipped/pretest.dat | 5 + .../tests/ikev2/multi-level-ca-skipped/test.conf | 21 + testing/tests/ipv6/rw-psk-ikev2/description.txt | 2 +- .../dhcp-dynamic/hosts/moon/etc/iptables.rules | 4 +- testing/tests/swanctl/dhcp-dynamic/posttest.dat | 5 +- 1242 files changed, 5691 insertions(+), 2857 deletions(-) create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/tests.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/tests.h delete mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag delete mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/description.txt create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/posttest.dat create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/pretest.dat create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/test.conf diff --git a/Android.common.mk b/Android.common.mk index 1d3068c14..8999237d9 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.6.2" +strongswan_VERSION := "5.6.3" diff --git a/NEWS b/NEWS index 6a0ae7c4a..c136008b0 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,65 @@ +strongswan-5.6.3 +---------------- + +- Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is + used in FIPS mode and HMAC-MD5 is negotiated as PRF. + This vulnerability has been registered as CVE-2018-10811. + +- Fixed a vulnerability in the stroke plugin, which did not check the received + length before reading a message from the socket. Unless a group is configured, + root privileges are required to access that socket, so in the default + configuration this shouldn't be an issue. + This vulnerability has been registered as CVE-2018-5388. + +⁻ CRLs that are not yet valid are now ignored to avoid problems in scenarios + where expired certificates are removed from CRLs and the clock on the host + doing the revocation check is trailing behind that of the host issuing CRLs. + +- The issuer of fetched CRLs is now compared to the issuer of the checked + certificate. + +- CRL validation results other than revocation (e.g. a skipped check because + the CRL couldn't be fetched) are now stored also for intermediate CA + certificates and not only for end-entity certificates, so a strict CRL policy + can be enforced in such cases. + +- In compliance with RFC 4945, section 5.1.3.2, certificates used for IKE must + now either not contain a keyUsage extension (like the ones generated by pki) + or have at least one of the digitalSignature or nonRepudiation bits set. + +- New options for vici/swanctl allow forcing the local termination of an IKE_SA. + This might be useful in situations where it's known the other end is not + reachable anymore, or that it already removed the IKE_SA, so retransmitting a + DELETE and waiting for a response would be pointless. Waiting only a certain + amount of time for a response before destroying the IKE_SA is also possible + by additionally specifying a timeout. + +- When removing routes, the kernel-netlink plugin now checks if it tracks other + routes for the same destination and replaces the installed route instead of + just removing it. Same during installation, where existing routes previously + weren't replaced. This should allow using traps with virtual IPs on Linux. + +- The dhcp plugin only sends the client identifier option if identity_lease is + enabled. It can also send identities of up to 255 bytes length, instead of + the previous 64 bytes. If a server address is configured, DHCP requests are + now sent from port 67 instead of 68 to avoid ICMP port unreachables. + +- Roam events are now completely ignored for IKEv1 SAs. + +- ChaCha20/Poly1305 is now correctly proposed without key length. For + compatibility with older releases the chacha20poly1305compat keyword may be + included in proposals to also propose the algorithm with a key length. + +- Configuration of hardware offload of IPsec SAs is now more flexible and allows + a new mode, which automatically uses it if the kernel and device support it. + +- SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1. + +- The pki --verify tool may load CA certificates and CRLs from directories. + +- Fixed an issue with DNS servers passed to NetworkManager in charon-nm. + + strongswan-5.6.2 ---------------- @@ -2089,7 +2151,7 @@ strongswan-4.2.0 refactored to support modular credential providers, proper CERTREQ/CERT payload exchanges and extensible authorization rules. -- The framework of strongSwan Manager has envolved to the web application +- The framework of strongSwan Manager has evolved to the web application framework libfast (FastCGI Application Server w/ Templates) and is usable by other applications. diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf index b0e8c84c8..88bbe36e3 100644 --- a/conf/plugins/dhcp.conf +++ b/conf/plugins/dhcp.conf @@ -3,7 +3,8 @@ dhcp { # Always use the configured server address. # force_server_address = no - # Derive user-defined MAC address from hash of IKE identity. + # Derive user-defined MAC address from hash of IKE identity and send client + # identity DHCP option. # identity_lease = no # Interface name the plugin uses for address allocation. diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 9c7b86091..6b337bc34 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no 192.168.0.255) as server address might work. charon.plugins.dhcp.identity_lease = no - Derive user-defined MAC address from hash of IKE identity. + Derive user-defined MAC address from hash of IKE identity and send client + identity DHCP option. charon.plugins.dhcp.server = 255.255.255.255 DHCP server unicast or broadcast IP address. diff --git a/conf/plugins/kernel-pfkey.conf b/conf/plugins/kernel-pfkey.conf index 2d4733e74..f4340e7fe 100644 --- a/conf/plugins/kernel-pfkey.conf +++ b/conf/plugins/kernel-pfkey.conf @@ -7,5 +7,8 @@ kernel-pfkey { # priority of this plugin. load = yes + # Whether to use the internal or external interface in installed routes. + # route_via_internal = no + } diff --git a/conf/plugins/kernel-pfkey.opt b/conf/plugins/kernel-pfkey.opt index ec05215d3..0e347bebb 100644 --- a/conf/plugins/kernel-pfkey.opt +++ b/conf/plugins/kernel-pfkey.opt @@ -5,3 +5,13 @@ charon.plugins.kernel-pfkey.events_buffer_size = 0 Because events are received asynchronously installing e.g. lots of policies may require a larger buffer than the default on certain platforms in order to receive all messages. + +charon.plugins.kernel-pfkey.route_via_internal = no + Whether to use the internal or external interface in installed routes. + + Whether to use the internal or external interface in installed routes. + The internal interface is the one where the IP address contained in the + local traffic selector is located, the external interface is the one over + which the destination address of the IPsec tunnel can be reached. + This is not relevant if virtual IPs are used, for which a TUN device is + created that's used in the routes. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 977403e91..f83211805 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -542,7 +542,8 @@ this option to yes and configuring the local broadcast address (e.g. .TP .BR charon.plugins.dhcp.identity_lease " [no]" -Derive user\-defined MAC address from hash of IKE identity. +Derive user\-defined MAC address from hash of IKE identity and send client +identity DHCP option. .TP .BR charon.plugins.dhcp.interface " []" @@ -1106,6 +1107,15 @@ events are received asynchronously installing e.g. lots of policies may require a larger buffer than the default on certain platforms in order to receive all messages. +.TP +.BR charon.plugins.kernel-pfkey.route_via_internal " [no]" +Whether to use the internal or external interface in installed routes. The +internal interface is the one where the IP address contained in the local +traffic selector is located, the external interface is the one over which the +destination address of the IPsec tunnel can be reached. This is not relevant if +virtual IPs are used, for which a TUN device is created that's used in the +routes. + .TP .BR charon.plugins.kernel-pfroute.vip_wait " [1000]" Time in ms to wait until virtual IP addresses appear/disappear before failing. diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in index f428fc323..a93fe020a 100644 --- a/conf/strongswan.conf.5.tail.in +++ b/conf/strongswan.conf.5.tail.in @@ -93,7 +93,7 @@ Absolutely silent Very basic auditing logs, (e.g. SA up/SA down) .TP .B 1 -Generic control flow with errors, a good default to see whats going on +Generic control flow with errors, a good default to see what's going on .TP .B 2 More detailed debugging control flow diff --git a/configure b/configure index 5bee7cea9..581039dbd 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.6.2. +# Generated by GNU Autoconf 2.69 for strongSwan 5.6.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.6.2' -PACKAGE_STRING='strongSwan 5.6.2' +PACKAGE_VERSION='5.6.3' +PACKAGE_STRING='strongSwan 5.6.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -2111,7 +2111,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.6.2 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.6.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2182,7 +2182,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.6.2:";; + short | recursive ) echo "Configuration of strongSwan 5.6.3:";; esac cat <<\_ACEOF @@ -2664,7 +2664,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.6.2 +strongSwan configure 5.6.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3186,7 +3186,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.6.2, which was +It was created by strongSwan $as_me 5.6.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4049,7 +4049,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.6.2' + VERSION='5.6.3' cat >>confdefs.h <<_ACEOF @@ -26201,7 +26201,7 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp/tests/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= @@ -27582,7 +27582,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.6.2, which was +This file was extended by strongSwan $as_me 5.6.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27648,7 +27648,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.6.2 +strongSwan config.status 5.6.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -28173,6 +28173,7 @@ do "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;; "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;; "src/libcharon/plugins/eap_aka_3gpp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/Makefile" ;; + "src/libcharon/plugins/eap_aka_3gpp/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/tests/Makefile" ;; "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;; "src/libcharon/plugins/eap_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_dynamic/Makefile" ;; "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;; diff --git a/configure.ac b/configure.ac index ae04fc87c..807f06440 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.6.2]) +AC_INIT([strongSwan],[5.6.3]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -1908,6 +1908,7 @@ AC_CONFIG_FILES([ src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile + src/libcharon/plugins/eap_aka_3gpp/tests/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index bdc3e2ebc..3962896f6 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -8,7 +8,7 @@ fuzz_ldflags = ${libfuzzer} \ -Wl,-Bstatic -lgmp -Wl,-Bdynamic \ @FUZZING_LDFLAGS@ -FUZZ_TARGETS=fuzz_certs +FUZZ_TARGETS=fuzz_certs fuzz_crls all-local: $(FUZZ_TARGETS) @@ -17,6 +17,9 @@ CLEANFILES=$(FUZZ_TARGETS) fuzz_certs: fuzz_certs.c ${libfuzzer} $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags) +fuzz_crls: fuzz_crls.c ${libfuzzer} + $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags) + noinst_LIBRARIES = libFuzzerLocal.a libFuzzerLocal_a_SOURCES = libFuzzerLocal.c libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in index 31b590273..2a69eef19 100644 --- a/fuzz/Makefile.in +++ b/fuzz/Makefile.in @@ -432,7 +432,7 @@ fuzz_ldflags = ${libfuzzer} \ -Wl,-Bstatic -lgmp -Wl,-Bdynamic \ @FUZZING_LDFLAGS@ -FUZZ_TARGETS = fuzz_certs +FUZZ_TARGETS = fuzz_certs fuzz_crls CLEANFILES = $(FUZZ_TARGETS) noinst_LIBRARIES = libFuzzerLocal.a libFuzzerLocal_a_SOURCES = libFuzzerLocal.c @@ -729,6 +729,9 @@ all-local: $(FUZZ_TARGETS) fuzz_certs: fuzz_certs.c ${libfuzzer} $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags) +fuzz_crls: fuzz_crls.c ${libfuzzer} + $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags) + check: all for f in $(FUZZ_TARGETS); do \ corpus=$${f#fuzz_}; \ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index eef6efaa0..232408912 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -538,10 +538,6 @@ The value \fB%forever\fP means 'never give up'. Relevant only locally, other end need not agree on it. .TP -.B keylife -synonym for -.BR lifetime . -.TP .BR left " = | | " %any " | | " The IP address of the left participant's public-network interface or one of several magic values. @@ -1135,10 +1131,6 @@ will suppress randomization. Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY below. .TP -.B rekeymargin -synonym for -.BR margintime . -.TP .BR replay_window " = " \-1 " | " The IPsec replay window size for this connection. With the default of \-1 the value configured with diff --git a/scripts/aes-test.c b/scripts/aes-test.c index 425a4dc4f..509abe46f 100644 --- a/scripts/aes-test.c +++ b/scripts/aes-test.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/bin2array.c b/scripts/bin2array.c index b82391a12..64f752eaf 100644 --- a/scripts/bin2array.c +++ b/scripts/bin2array.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/bin2sql.c b/scripts/bin2sql.c index 88edb7f7a..17556ca7c 100644 --- a/scripts/bin2sql.c +++ b/scripts/bin2sql.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c index c2cac0260..f2f98d7af 100644 --- a/scripts/dh_speed.c +++ b/scripts/dh_speed.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/dnssec.c b/scripts/dnssec.c index 9d35c7cda..9efc79dbf 100644 --- a/scripts/dnssec.c +++ b/scripts/dnssec.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/id2sql.c b/scripts/id2sql.c index 0742c1c71..a4035cf25 100644 --- a/scripts/id2sql.c +++ b/scripts/id2sql.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c index e9a4ee692..d0cfb8e2d 100644 --- a/scripts/key2keyid.c +++ b/scripts/key2keyid.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/keyid2sql.c b/scripts/keyid2sql.c index 46257891c..a0ae28d0b 100644 --- a/scripts/keyid2sql.c +++ b/scripts/keyid2sql.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c index 2928772b8..83ab4e41b 100644 --- a/scripts/pubkey_speed.c +++ b/scripts/pubkey_speed.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/settings-test.c b/scripts/settings-test.c index 452798aee..2169552ac 100644 --- a/scripts/settings-test.c +++ b/scripts/settings-test.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/scripts/thread_analysis.c b/scripts/thread_analysis.c index 7670ce1f8..2861431ef 100644 --- a/scripts/thread_analysis.c +++ b/scripts/thread_analysis.c @@ -1,7 +1,7 @@ /* Analyzes the concurrent use of charon's threads * * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in index e549e9597..5f709637e 100644 --- a/src/_updown/_updown.in +++ b/src/_updown/_updown.in @@ -215,10 +215,6 @@ then fi fi -# resolve octal escape sequences -PLUTO_MY_ID=`printf "$PLUTO_MY_ID"` -PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"` - case "$PLUTO_VERB:$1" in up-host:) # connection to me coming up diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c index 793496451..1293ec4c0 100644 --- a/src/charon-cmd/charon-cmd.c +++ b/src/charon-cmd/charon-cmd.c @@ -3,7 +3,7 @@ * Copyright (C) 2005-2013 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 71df92f7e..1cf431ff2 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/charon-cmd/cmd/cmd_creds.c b/src/charon-cmd/cmd/cmd_creds.c index 45d008e7b..b440cf877 100644 --- a/src/charon-cmd/cmd/cmd_creds.c +++ b/src/charon-cmd/cmd/cmd_creds.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c index 5428941ff..3d734679b 100644 --- a/src/charon-cmd/cmd/cmd_options.c +++ b/src/charon-cmd/cmd/cmd_options.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h index aa13b0951..794136dfb 100644 --- a/src/charon-cmd/cmd/cmd_options.h +++ b/src/charon-cmd/cmd/cmd_options.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c index 89aa34d98..52012e24e 100644 --- a/src/charon-nm/charon-nm.c +++ b/src/charon-nm/charon-nm.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index e4845e745..75db8c6b3 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_backend.h b/src/charon-nm/nm/nm_backend.h index 89dc536f6..cbc14a091 100644 --- a/src/charon-nm/nm/nm_backend.h +++ b/src/charon-nm/nm/nm_backend.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_creds.c b/src/charon-nm/nm/nm_creds.c index e70fd9e89..2c05ab881 100644 --- a/src/charon-nm/nm/nm_creds.c +++ b/src/charon-nm/nm/nm_creds.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_creds.h b/src/charon-nm/nm/nm_creds.h index 91f645c7e..71729fef6 100644 --- a/src/charon-nm/nm/nm_creds.h +++ b/src/charon-nm/nm/nm_creds.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_handler.c b/src/charon-nm/nm/nm_handler.c index 3eb2eb13c..aa7bb5b8c 100644 --- a/src/charon-nm/nm/nm_handler.c +++ b/src/charon-nm/nm/nm_handler.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_handler.h b/src/charon-nm/nm/nm_handler.h index bb35ce767..f4103e67e 100644 --- a/src/charon-nm/nm/nm_handler.h +++ b/src/charon-nm/nm/nm_handler.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 9beac392a..a12f008a7 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -3,7 +3,7 @@ * * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -65,8 +65,7 @@ static GVariant* handler_to_variant(nm_handler_t *handler, enumerator = handler->create_enumerator(handler, type); while (enumerator->enumerate(enumerator, &chunk)) { - g_variant_builder_add (&builder, "u", - g_variant_new_uint32 (*(uint32_t*)chunk.ptr)); + g_variant_builder_add (&builder, "u", *(uint32_t*)chunk.ptr); } enumerator->destroy(enumerator); @@ -493,7 +492,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection, priv->creds->set_key_password(priv->creds, secret); } private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, - KEY_RSA, BUILD_FROM_FILE, str, BUILD_END); + KEY_ANY, BUILD_FROM_FILE, str, BUILD_END); if (!private) { g_set_error(err, NM_VPN_PLUGIN_ERROR, @@ -742,7 +741,7 @@ static gboolean do_disconnect(gpointer plugin) { id = ike_sa->get_unique_id(ike_sa); enumerator->destroy(enumerator); - charon->controller->terminate_ike(charon->controller, id, + charon->controller->terminate_ike(charon->controller, id, FALSE, controller_cb_empty, NULL, 0); return FALSE; } diff --git a/src/charon-nm/nm/nm_service.h b/src/charon-nm/nm/nm_service.h index 74ab38b03..669209935 100644 --- a/src/charon-nm/nm/nm_service.h +++ b/src/charon-nm/nm/nm_service.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c index 60e509ffb..5a1970b92 100644 --- a/src/charon-systemd/charon-systemd.c +++ b/src/charon-systemd/charon-systemd.c @@ -3,7 +3,7 @@ * Copyright (C) 2005-2014 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2014 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 7f014237a..181c6fb8a 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -193,7 +193,7 @@ static bool check_pidfile() } fclose(pidfile); pidfile = NULL; - if (pid && kill(pid, 0) == 0) + if (pid && pid != getpid() && kill(pid, 0) == 0) { DBG1(DBG_DMN, "%s already running ('%s' exists)", dmn_name, pidfile_name); diff --git a/src/charon-tkm/src/ees/ees_callbacks.c b/src/charon-tkm/src/ees/ees_callbacks.c index a36629b13..863f618bc 100644 --- a/src/charon-tkm/src/ees/ees_callbacks.c +++ b/src/charon-tkm/src/ees/ees_callbacks.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ees/ees_callbacks.h b/src/charon-tkm/src/ees/ees_callbacks.h index b73dc6cb5..6488c57ae 100644 --- a/src/charon-tkm/src/ees/ees_callbacks.h +++ b/src/charon-tkm/src/ees/ees_callbacks.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ees/esa_event_service.adb b/src/charon-tkm/src/ees/esa_event_service.adb index 6b6b3f743..323a64cb1 100644 --- a/src/charon-tkm/src/ees/esa_event_service.adb +++ b/src/charon-tkm/src/ees/esa_event_service.adb @@ -1,7 +1,7 @@ -- -- Copyright (C) 2012 Reto Buerki -- Copyright (C) 2012 Adrian-Ken Rueegsegger --- Hochschule fuer Technik Rapperswil +-- HSR Hochschule fuer Technik Rapperswil -- -- This program is free software; you can redistribute it and/or modify it -- under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ees/esa_event_service.ads b/src/charon-tkm/src/ees/esa_event_service.ads index f3630b7ac..cfcf6e2b6 100644 --- a/src/charon-tkm/src/ees/esa_event_service.ads +++ b/src/charon-tkm/src/ees/esa_event_service.ads @@ -1,7 +1,7 @@ -- -- Copyright (C) 2012 Reto Buerki -- Copyright (C) 2012 Adrian-Ken Rueegsegger --- Hochschule fuer Technik Rapperswil +-- HSR Hochschule fuer Technik Rapperswil -- -- This program is free software; you can redistribute it and/or modify it -- under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ehandler/eh_callbacks.c b/src/charon-tkm/src/ehandler/eh_callbacks.c index 7dca97c3e..f1ae15660 100644 --- a/src/charon-tkm/src/ehandler/eh_callbacks.c +++ b/src/charon-tkm/src/ehandler/eh_callbacks.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ehandler/eh_callbacks.h b/src/charon-tkm/src/ehandler/eh_callbacks.h index db325dcd2..9bc849889 100644 --- a/src/charon-tkm/src/ehandler/eh_callbacks.h +++ b/src/charon-tkm/src/ehandler/eh_callbacks.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ehandler/exception_handler.adb b/src/charon-tkm/src/ehandler/exception_handler.adb index 3f165e1cd..ff568a700 100644 --- a/src/charon-tkm/src/ehandler/exception_handler.adb +++ b/src/charon-tkm/src/ehandler/exception_handler.adb @@ -1,7 +1,7 @@ -- -- Copyright (C) 2012 Reto Buerki -- Copyright (C) 2012 Adrian-Ken Rueegsegger --- Hochschule fuer Technik Rapperswil +-- HSR Hochschule fuer Technik Rapperswil -- -- This program is free software; you can redistribute it and/or modify it -- under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/ehandler/exception_handler.ads b/src/charon-tkm/src/ehandler/exception_handler.ads index 29dd3d8f4..ec47aa72c 100644 --- a/src/charon-tkm/src/ehandler/exception_handler.ads +++ b/src/charon-tkm/src/ehandler/exception_handler.ads @@ -1,7 +1,7 @@ -- -- Copyright (C) 2012 Reto Buerki -- Copyright (C) 2012 Adrian-Ken Rueegsegger --- Hochschule fuer Technik Rapperswil +-- HSR Hochschule fuer Technik Rapperswil -- -- This program is free software; you can redistribute it and/or modify it -- under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm.c b/src/charon-tkm/src/tkm/tkm.c index 333b699a0..7ffe614cf 100644 --- a/src/charon-tkm/src/tkm/tkm.c +++ b/src/charon-tkm/src/tkm/tkm.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm.h b/src/charon-tkm/src/tkm/tkm.h index 4aed08602..70a6b806a 100644 --- a/src/charon-tkm/src/tkm/tkm.h +++ b/src/charon-tkm/src/tkm/tkm.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_chunk_map.c b/src/charon-tkm/src/tkm/tkm_chunk_map.c index 03ff22836..1d073ae45 100644 --- a/src/charon-tkm/src/tkm/tkm_chunk_map.c +++ b/src/charon-tkm/src/tkm/tkm_chunk_map.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_chunk_map.h b/src/charon-tkm/src/tkm/tkm_chunk_map.h index c183937c1..a2864f07a 100644 --- a/src/charon-tkm/src/tkm/tkm_chunk_map.h +++ b/src/charon-tkm/src/tkm/tkm_chunk_map.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_cred.c b/src/charon-tkm/src/tkm/tkm_cred.c index d9517f908..e358042fd 100644 --- a/src/charon-tkm/src/tkm/tkm_cred.c +++ b/src/charon-tkm/src/tkm/tkm_cred.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_cred.h b/src/charon-tkm/src/tkm/tkm_cred.h index 1cfb5b9c7..52cb42247 100644 --- a/src/charon-tkm/src/tkm/tkm_cred.h +++ b/src/charon-tkm/src/tkm/tkm_cred.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index 48d0001ce..41b557edc 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h index d38a414d8..19de7c874 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_encoder.c b/src/charon-tkm/src/tkm/tkm_encoder.c index d5367ea78..e5ec84e44 100644 --- a/src/charon-tkm/src/tkm/tkm_encoder.c +++ b/src/charon-tkm/src/tkm/tkm_encoder.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Reto Buerki * Copyright (C) 2013 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_encoder.h b/src/charon-tkm/src/tkm/tkm_encoder.h index 7c6a4989d..c41bea1f7 100644 --- a/src/charon-tkm/src/tkm/tkm_encoder.h +++ b/src/charon-tkm/src/tkm/tkm_encoder.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Reto Buerki * Copyright (C) 2013 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c index 9a2ede03e..76677c38c 100644 --- a/src/charon-tkm/src/tkm/tkm_id_manager.c +++ b/src/charon-tkm/src/tkm/tkm_id_manager.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.h b/src/charon-tkm/src/tkm/tkm_id_manager.h index 1c48b57f1..2c1abb9ee 100644 --- a/src/charon-tkm/src/tkm/tkm_id_manager.h +++ b/src/charon-tkm/src/tkm/tkm_id_manager.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h index 14db21266..702d8f8ab 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index acc3ff10a..9f1e96d29 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index 3d9f5f3f8..bf4a2f2be 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index ac38078d7..71ad821dd 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -2,7 +2,7 @@ * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h index ee90bead5..1aaaf0426 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.h +++ b/src/charon-tkm/src/tkm/tkm_keymat.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index 290b00e37..bb4fd2798 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_listener.h b/src/charon-tkm/src/tkm/tkm_listener.h index 1162a77be..ea8770baa 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.h +++ b/src/charon-tkm/src/tkm/tkm_listener.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c index 2b3e66d2d..ed525ee29 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.c +++ b/src/charon-tkm/src/tkm/tkm_nonceg.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.h b/src/charon-tkm/src/tkm/tkm_nonceg.h index d158551fe..0fb165ff7 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.h +++ b/src/charon-tkm/src/tkm/tkm_nonceg.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c index 891b579ee..0ef3a103c 100644 --- a/src/charon-tkm/src/tkm/tkm_private_key.c +++ b/src/charon-tkm/src/tkm/tkm_private_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2013 Reto Buerki * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_private_key.h b/src/charon-tkm/src/tkm/tkm_private_key.h index ded8300ca..db4b3fe46 100644 --- a/src/charon-tkm/src/tkm/tkm_private_key.h +++ b/src/charon-tkm/src/tkm/tkm_private_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c index 2a14a9bdd..5a49b4511 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.c +++ b/src/charon-tkm/src/tkm/tkm_public_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2013 Reto Buerki * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_public_key.h b/src/charon-tkm/src/tkm/tkm_public_key.h index 5b21287b7..c13d9e509 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.h +++ b/src/charon-tkm/src/tkm/tkm_public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2013 Reto Buerki * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c index b9ce83727..ff4d86c2e 100644 --- a/src/charon-tkm/src/tkm/tkm_spi_generator.c +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Reto Buerki * Copyright (C) 2015 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.h b/src/charon-tkm/src/tkm/tkm_spi_generator.h index 5f9ff03c6..08eff4aef 100644 --- a/src/charon-tkm/src/tkm/tkm_spi_generator.h +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Reto Buerki * Copyright (C) 2015 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_types.h b/src/charon-tkm/src/tkm/tkm_types.h index cef53deb3..46551b14e 100644 --- a/src/charon-tkm/src/tkm/tkm_types.h +++ b/src/charon-tkm/src/tkm/tkm_types.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_utils.c b/src/charon-tkm/src/tkm/tkm_utils.c index e0692b893..196e1c4fa 100644 --- a/src/charon-tkm/src/tkm/tkm_utils.c +++ b/src/charon-tkm/src/tkm/tkm_utils.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/src/tkm/tkm_utils.h b/src/charon-tkm/src/tkm/tkm_utils.h index 308c58fbb..b499dcf5b 100644 --- a/src/charon-tkm/src/tkm/tkm_utils.h +++ b/src/charon-tkm/src/tkm/tkm_utils.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/chunk_map_tests.c b/src/charon-tkm/tests/chunk_map_tests.c index 1283a787c..2a129ff08 100644 --- a/src/charon-tkm/tests/chunk_map_tests.c +++ b/src/charon-tkm/tests/chunk_map_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c index 5ef6f41ab..67313e63a 100644 --- a/src/charon-tkm/tests/diffie_hellman_tests.c +++ b/src/charon-tkm/tests/diffie_hellman_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c index fb5e56a05..2200c9898 100644 --- a/src/charon-tkm/tests/id_manager_tests.c +++ b/src/charon-tkm/tests/id_manager_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index 59ff77b68..04eeb037f 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index d4751f7d0..eea589c09 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c index 67c1635ef..bea11cc19 100644 --- a/src/charon-tkm/tests/nonceg_tests.c +++ b/src/charon-tkm/tests/nonceg_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c index 3d57599d9..150a6d437 100644 --- a/src/charon-tkm/tests/tests.c +++ b/src/charon-tkm/tests/tests.c @@ -2,7 +2,7 @@ * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/tests.h b/src/charon-tkm/tests/tests.h index fb5e96a9c..0214a413e 100644 --- a/src/charon-tkm/tests/tests.h +++ b/src/charon-tkm/tests/tests.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c index 0a4d6fbd2..a8a905272 100644 --- a/src/charon-tkm/tests/utils_tests.c +++ b/src/charon-tkm/tests/utils_tests.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/charon/charon.c b/src/charon/charon.c index f23717034..180486746 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -204,7 +204,7 @@ static bool check_pidfile() } fclose(pidfile); pidfile = NULL; - if (pid && kill(pid, 0) == 0) + if (pid && pid != getpid() && kill(pid, 0) == 0) { DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)"); return TRUE; @@ -231,9 +231,15 @@ static bool check_pidfile() DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s", strerror(errno)); } - ignore_result(fchown(fd, - lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps))); + /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise, + * directory permissions should allow pidfile to be accessed + * by the UID/GID under which the charon daemon will run. */ + if (lib->caps->check(lib->caps, CAP_CHOWN)) + { + ignore_result(fchown(fd, + lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps))); + } fprintf(pidfile, "%d\n", getpid()); fflush(pidfile); return FALSE; diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index a36014634..167b0c1c0 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/conftest/actions.c b/src/conftest/actions.c index 36c3c8e74..66e41f743 100644 --- a/src/conftest/actions.c +++ b/src/conftest/actions.c @@ -209,7 +209,8 @@ static job_requeue_t close_ike(char *config) if (id) { DBG1(DBG_CFG, "closing IKE_SA '%s'", config); - charon->controller->terminate_ike(charon->controller, id, NULL, NULL, 0); + charon->controller->terminate_ike(charon->controller, id, FALSE, NULL, + NULL, 0); } else { diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c index c76b3acda..536e27515 100644 --- a/src/dumm/bridge.c +++ b/src/dumm/bridge.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h index 9d48092df..5069cfd1b 100644 --- a/src/dumm/bridge.h +++ b/src/dumm/bridge.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c index 5332ba551..ac581fed1 100644 --- a/src/dumm/cowfs.c +++ b/src/dumm/cowfs.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2001-2007 Miklos Szeredi * * Based on example shipped with FUSE. diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h index 6869e3563..9a596de2e 100644 --- a/src/dumm/cowfs.h +++ b/src/dumm/cowfs.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c index d147b2df0..e24671330 100644 --- a/src/dumm/dumm.c +++ b/src/dumm/dumm.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h index 7c7923c46..921d2157f 100644 --- a/src/dumm/dumm.h +++ b/src/dumm/dumm.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c index b898a2564..7df72eb30 100644 --- a/src/dumm/ext/dumm.c +++ b/src/dumm/ext/dumm.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2010 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/ext/lib/dumm.rb b/src/dumm/ext/lib/dumm.rb index 959ec87df..0dd7ada10 100644 --- a/src/dumm/ext/lib/dumm.rb +++ b/src/dumm/ext/lib/dumm.rb @@ -1,6 +1,6 @@ =begin Copyright (C) 2008-2009 Tobias Brunner - Hochschule fuer Technik Rapperswil + HSR Hochschule fuer Technik Rapperswil This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the diff --git a/src/dumm/ext/lib/dumm/guest.rb b/src/dumm/ext/lib/dumm/guest.rb index 7488f1358..6978edcb3 100644 --- a/src/dumm/ext/lib/dumm/guest.rb +++ b/src/dumm/ext/lib/dumm/guest.rb @@ -1,6 +1,6 @@ =begin Copyright (C) 2008-2010 Tobias Brunner - Hochschule fuer Technik Rapperswil + HSR Hochschule fuer Technik Rapperswil This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the diff --git a/src/dumm/guest.c b/src/dumm/guest.c index 8e74ca629..327b86c63 100644 --- a/src/dumm/guest.c +++ b/src/dumm/guest.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/guest.h b/src/dumm/guest.h index 36a69681d..14c7272d0 100644 --- a/src/dumm/guest.h +++ b/src/dumm/guest.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/iface.c b/src/dumm/iface.c index 3e7b010b3..3642ed8a2 100644 --- a/src/dumm/iface.c +++ b/src/dumm/iface.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2002 Jeff Dike * * Based on the "tunctl" utility from Jeff Dike. diff --git a/src/dumm/iface.h b/src/dumm/iface.h index ae886acc3..e6e8775a0 100644 --- a/src/dumm/iface.h +++ b/src/dumm/iface.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c index 1a4235c9d..eb61da2c2 100644 --- a/src/dumm/irdumm.c +++ b/src/dumm/irdumm.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/main.c b/src/dumm/main.c index a53e1f67c..1b5bef736 100644 --- a/src/dumm/main.c +++ b/src/dumm/main.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c index 4563d6f9e..3e31bc694 100644 --- a/src/dumm/mconsole.c +++ b/src/dumm/mconsole.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2001-2004 Jeff Dike * * Based on the "uml_mconsole" utility from Jeff Dike. diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h index 9fa2755ef..2b8a1cdff 100644 --- a/src/dumm/mconsole.h +++ b/src/dumm/mconsole.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 4028096f0..3f72d52ee 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.6.2dr3" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.6.3dr1" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 25ac7972c..15ac7a6d1 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -736,4 +736,12 @@ endif if MONOLITHIC SUBDIRS += . endif + +# build unit tests +################## + SUBDIRS += tests + +if USE_EAP_AKA_3GPP + SUBDIRS += plugins/eap_aka_3gpp/tests +endif diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 6c39317fa..6cd1130f1 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -301,6 +301,7 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_151 = plugins/attr/libstrongswan-attr.la @USE_ATTR_SQL_TRUE@am__append_152 = plugins/attr_sql @MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_153 = plugins/attr_sql/libstrongswan-attr-sql.la +@USE_EAP_AKA_3GPP_TRUE@am__append_154 = plugins/eap_aka_3gpp/tests subdir = src/libcharon ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -769,7 +770,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/save_keys \ plugins/coupling plugins/radattr plugins/uci plugins/addrblock \ plugins/unity plugins/xauth_generic plugins/xauth_eap \ plugins/xauth_pam plugins/xauth_noauth plugins/resolve \ - plugins/attr plugins/attr_sql tests + plugins/attr plugins/attr_sql tests plugins/eap_aka_3gpp/tests am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -1185,6 +1186,9 @@ libcharon_la_LIBADD = \ EXTRA_DIST = Android.mk @STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c @STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c + +# build unit tests +################## @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \ @MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \ @MONOLITHIC_FALSE@ $(am__append_14) $(am__append_16) \ @@ -1220,10 +1224,14 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \ @MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) \ -@MONOLITHIC_FALSE@ $(am__append_150) $(am__append_152) tests +@MONOLITHIC_FALSE@ $(am__append_150) $(am__append_152) tests \ +@MONOLITHIC_FALSE@ $(am__append_154) # build optional plugins ######################## + +# build unit tests +################## @MONOLITHIC_TRUE@SUBDIRS = $(am__append_6) $(am__append_8) \ @MONOLITHIC_TRUE@ $(am__append_10) $(am__append_12) \ @MONOLITHIC_TRUE@ $(am__append_14) $(am__append_16) \ @@ -1259,7 +1267,8 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ @MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) \ -@MONOLITHIC_TRUE@ $(am__append_150) $(am__append_152) . tests +@MONOLITHIC_TRUE@ $(am__append_150) $(am__append_152) . tests \ +@MONOLITHIC_TRUE@ $(am__append_154) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/src/libcharon/attributes/attribute_handler.h b/src/libcharon/attributes/attribute_handler.h index 3c14323a3..cc09befe8 100644 --- a/src/libcharon/attributes/attribute_handler.h +++ b/src/libcharon/attributes/attribute_handler.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/attribute_manager.c b/src/libcharon/attributes/attribute_manager.c index 3a4a21a02..7e82c0c95 100644 --- a/src/libcharon/attributes/attribute_manager.c +++ b/src/libcharon/attributes/attribute_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/attribute_manager.h b/src/libcharon/attributes/attribute_manager.h index 6db664968..5368a8b83 100644 --- a/src/libcharon/attributes/attribute_manager.h +++ b/src/libcharon/attributes/attribute_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/attribute_provider.h b/src/libcharon/attributes/attribute_provider.h index 57453c2a0..a107a2bd0 100644 --- a/src/libcharon/attributes/attribute_provider.h +++ b/src/libcharon/attributes/attribute_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/attributes.c b/src/libcharon/attributes/attributes.c index 0f28d55fa..d31b62c26 100644 --- a/src/libcharon/attributes/attributes.c +++ b/src/libcharon/attributes/attributes.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/attributes.h b/src/libcharon/attributes/attributes.h index dd1db4fc3..119143a55 100644 --- a/src/libcharon/attributes/attributes.h +++ b/src/libcharon/attributes/attributes.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c index e1a9a6dce..6acf490be 100644 --- a/src/libcharon/attributes/mem_pool.c +++ b/src/libcharon/attributes/mem_pool.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2008-2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/attributes/mem_pool.h b/src/libcharon/attributes/mem_pool.h index 3ee1dd37d..06acbf8f8 100644 --- a/src/libcharon/attributes/mem_pool.h +++ b/src/libcharon/attributes/mem_pool.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 19943d060..f4c01c22e 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2011-2016 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -827,7 +827,8 @@ METHOD(bus_t, ike_updown, void, enumerator = ike_sa->create_child_sa_enumerator(ike_sa); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { - if (child_sa->get_state(child_sa) != CHILD_REKEYED) + if (child_sa->get_state(child_sa) != CHILD_REKEYED && + child_sa->get_state(child_sa) != CHILD_DELETED) { child_updown(this, child_sa, FALSE); } diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 1e810a499..df75683be 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index 7a53e9338..d1f180227 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h index 1bcfec150..85260b132 100644 --- a/src/libcharon/bus/listeners/file_logger.h +++ b/src/libcharon/bus/listeners/file_logger.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index be0dfbe21..06057eb73 100644 --- a/src/libcharon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2011-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/logger.h b/src/libcharon/bus/listeners/logger.h index d5432d3a8..7b5c1d21c 100644 --- a/src/libcharon/bus/listeners/logger.h +++ b/src/libcharon/bus/listeners/logger.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c index 4aeb1c048..a3968a7f9 100644 --- a/src/libcharon/bus/listeners/sys_logger.c +++ b/src/libcharon/bus/listeners/sys_logger.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/bus/listeners/sys_logger.h b/src/libcharon/bus/listeners/sys_logger.h index 9a0fee018..28afe05ee 100644 --- a/src/libcharon/bus/listeners/sys_logger.h +++ b/src/libcharon/bus/listeners/sys_logger.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/config/backend.h b/src/libcharon/config/backend.h index aca3352ba..eab7583fa 100644 --- a/src/libcharon/config/backend.h +++ b/src/libcharon/config/backend.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index 4f154df9b..02a41a5b3 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/config/backend_manager.h b/src/libcharon/config/backend_manager.h index cc8ef8785..8ec79ce28 100644 --- a/src/libcharon/config/backend_manager.h +++ b/src/libcharon/config/backend_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3d110e9a2..bc417f936 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -142,6 +142,11 @@ struct private_child_cfg_t { * anti-replay window size */ uint32_t replay_window; + + /** + * HW offload mode + */ + hw_offload_t hw_offload; }; METHOD(child_cfg_t, get_name, char*, @@ -467,6 +472,12 @@ METHOD(child_cfg_t, get_start_action, action_t, return this->start_action; } +METHOD(child_cfg_t, get_hw_offload, hw_offload_t, + private_child_cfg_t *this) +{ + return this->hw_offload; +} + METHOD(child_cfg_t, get_dpd_action, action_t, private_child_cfg_t *this) { @@ -652,6 +663,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .equals = _equals, .get_ref = _get_ref, .destroy = _destroy, + .get_hw_offload = _get_hw_offload, }, .name = strdup(name), .options = data->options, @@ -674,6 +686,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .other_ts = linked_list_create(), .replay_window = lib->settings->get_int(lib->settings, "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), + .hw_offload = data->hw_offload, ); return &this->public; diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index e2834fa8f..d566da3ec 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -182,6 +182,13 @@ struct child_cfg_t { */ action_t (*get_dpd_action) (child_cfg_t *this); + /** + * Get the HW offload mode to use for the CHILD_SA. + * + * @return hw offload mode + */ + hw_offload_t (*get_hw_offload) (child_cfg_t *this); + /** * Action to take if CHILD_SA gets closed. * @@ -305,14 +312,11 @@ enum child_cfg_option_t { /** Install outbound FWD IPsec policies to bypass drop policies */ OPT_FWD_OUT_POLICIES = (1<<4), - /** Enable hardware offload, if supported by the IPsec backend */ - OPT_HW_OFFLOAD = (1<<5), - /** Force 96-bit truncation for SHA-256 */ - OPT_SHA256_96 = (1<<6), + OPT_SHA256_96 = (1<<5), /** Set mark on inbound SAs */ - OPT_MARK_IN_SA = (1<<7), + OPT_MARK_IN_SA = (1<<6), }; /** @@ -347,6 +351,8 @@ struct child_cfg_create_t { action_t close_action; /** updown script to execute on up/down event (cloned) */ char *updown; + /** HW offload mode */ + hw_offload_t hw_offload; }; /** diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 64413204b..a73a5b5e2 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 81f2b6906..ac2deef70 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -2,7 +2,7 @@ * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 44a4d0aa8..589c536d2 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -2,7 +2,7 @@ * Copyright (C) 2011-2015 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi * Copyright (C) 2011 revosec AG - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -117,10 +117,17 @@ struct interface_listener_t { */ spinlock_t *lock; - /** - * whether to check limits - */ - bool limits; + union { + /** + * whether to check limits during initiation + */ + bool limits; + + /** + * whether to force termination + */ + bool force; + } options; }; @@ -363,7 +370,7 @@ METHOD(listener_t, child_state_change_terminate, bool, case CHILD_DESTROYING: switch (child_sa->get_state(child_sa)) { - case CHILD_DELETING: + case CHILD_DELETED: /* proper delete */ this->status = SUCCESS; break; @@ -423,7 +430,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, } peer_cfg->destroy(peer_cfg); - if (listener->limits && ike_sa->get_state(ike_sa) == IKE_CREATED) + if (listener->options.limits && ike_sa->get_state(ike_sa) == IKE_CREATED) { /* only check if we are not reusing an IKE_SA */ u_int half_open, limit_half_open, limit_job_load; @@ -508,7 +515,7 @@ METHOD(controller_t, initiate, status_t, .child_cfg = child_cfg, .peer_cfg = peer_cfg, .lock = spinlock_create(), - .limits = limits, + .options.limits = limits, }, .public = { .execute = _initiate_execute, @@ -557,8 +564,8 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, listener->ike_sa = ike_sa; listener->lock->unlock(listener->lock); - if (ike_sa->delete(ike_sa) != DESTROY_ME) - { /* delete failed */ + if (ike_sa->delete(ike_sa, listener->options.force) != DESTROY_ME) + { /* delete queued */ listener->status = FAILED; charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } @@ -575,7 +582,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, } METHOD(controller_t, terminate_ike, status_t, - controller_t *this, uint32_t unique_id, + controller_t *this, uint32_t unique_id, bool force, controller_cb_t callback, void *param, u_int timeout) { interface_job_t *job; @@ -610,13 +617,24 @@ METHOD(controller_t, terminate_ike, status_t, if (callback == NULL) { + job->listener.options.force = force; terminate_ike_execute(job); } else { + if (!timeout) + { + job->listener.options.force = force; + } if (wait_for_listener(job, timeout)) { job->listener.status = OUT_OF_RES; + + if (force) + { /* force termination once timeout is reached */ + job->listener.options.force = TRUE; + terminate_ike_execute(job); + } } } status = job->listener.status; @@ -646,17 +664,6 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, listener->ike_sa = ike_sa; listener->lock->unlock(listener->lock); - if (child_sa->get_state(child_sa) == CHILD_ROUTED) - { - DBG1(DBG_IKE, "unable to terminate, established " - "CHILD_SA with ID %d not found", id); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - listener->status = NOT_FOUND; - /* release listener */ - listener_done(listener); - return JOB_REQUEUE_NONE; - } - if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa), child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME) { diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h index 9524f53b9..af9baca01 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -102,6 +102,11 @@ struct controller_t { * until the IKE_SA is properly deleted, or the call timed out. * * @param unique_id unique id of the IKE_SA to terminate. + * @param force whether to immediately destroy the IKE_SA without + * waiting for a response or retransmitting the delete, + * if a callback is provided and timeout is > 0 the + * IKE_SA is destroyed once the timeout is reached but + * retransmits are sent until then * @param cb logging callback * @param param parameter to include in each call of cb * @param timeout timeout in ms to wait for callbacks, 0 to disable @@ -112,7 +117,7 @@ struct controller_t { * - OUT_OF_RES if timed out */ status_t (*terminate_ike)(controller_t *this, uint32_t unique_id, - controller_cb_t callback, void *param, + bool force, controller_cb_t callback, void *param, u_int timeout); /** diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index a37a3148a..db87c7093 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -3,7 +3,7 @@ * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index dee1a3f73..369519b67 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -2,7 +2,7 @@ * Copyright (C) 2011 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h index 9c7fe8979..63d55f4ee 100644 --- a/src/libcharon/encoding/generator.h +++ b/src/libcharon/encoding/generator.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 735526e3c..1b8cd76f4 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -4,7 +4,7 @@ * Copyright (C) 2010 revosec AG * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 732fd9b54..10ffbed56 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -3,7 +3,7 @@ * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index c9d6b0d8f..9169ba202 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/parser.h b/src/libcharon/encoding/parser.h index 8f073556e..140a3c4aa 100644 --- a/src/libcharon/encoding/parser.h +++ b/src/libcharon/encoding/parser.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index 9d03bb694..c7c1576bc 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h index b922d12c8..a90717df2 100644 --- a/src/libcharon/encoding/payloads/auth_payload.h +++ b/src/libcharon/encoding/payloads/auth_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index ea25ca73c..ca8c98592 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h index e134aac8d..72ce4c1c6 100644 --- a/src/libcharon/encoding/payloads/cert_payload.h +++ b/src/libcharon/encoding/payloads/cert_payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 643fbc42f..79a830881 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h index 2915decf3..fce1470ba 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.h +++ b/src/libcharon/encoding/payloads/certreq_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 32e4828ba..a23ad148e 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index 417ba731b..78dc65893 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index d86693ee2..16d72f096 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index 3e4763fb6..122dc4f83 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 3634cd36c..30faceaba 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index 06ed76c2e..c96d63740 100644 --- a/src/libcharon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index cbf74eb73..c2900aa4e 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index abaefde28..da8a9466a 100644 --- a/src/libcharon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/encodings.c b/src/libcharon/encoding/payloads/encodings.c index 62de81120..e81122e87 100644 --- a/src/libcharon/encoding/payloads/encodings.c +++ b/src/libcharon/encoding/payloads/encodings.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 9ff23753a..daa179530 100644 --- a/src/libcharon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h index 6ff61dd65..7988000e8 100644 --- a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c index a033f6081..4f4b1d1d6 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.c +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index 19c60c5be..72a256553 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index afeee72e4..63d7a6dbc 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h index f4cf89fd7..fbc97724f 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.h +++ b/src/libcharon/encoding/payloads/endpoint_notify.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c index fecd05f05..567cd4749 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.c +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h index a756601a0..fa53e04ac 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.h +++ b/src/libcharon/encoding/payloads/fragment_payload.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index ae0b19a9d..b2f1adbbc 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -3,7 +3,7 @@ * Copyright (C) 2010 revosec AG * Copyright (C) 2007-2011 Tobias Brunner * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index df1d07553..283780624 100644 --- a/src/libcharon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 61a0424e3..6a39dc892 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -2,7 +2,7 @@ * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index fa89c3939..b7694b5cb 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -2,7 +2,7 @@ * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2011 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 37f3adf88..59e8930c1 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index 96c5096a5..71fffc744 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index 52b09b663..c3816603a 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h index ee8ad17f7..89fa62f15 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.h +++ b/src/libcharon/encoding/payloads/nonce_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index ca7ef3a45..0c6f010b5 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -4,7 +4,7 @@ * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 04160bbfc..39e4c915b 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -3,7 +3,7 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 6d1894edb..e2a56f9ff 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 8ba1ef9f5..261fcf600 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2007-2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index c3f06391a..415417566 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index cad597e58..be7da840a 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 9c0b071da..5f0ffd326 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index f01c45130..d6c73009e 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index f69fee3ae..febf0c410 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h index c7a54435b..5901103ff 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 860607faf..c74bacff1 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index 2e86a409c..c2d7c5b3f 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index 11e4b462d..96aebe601 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index a9d4f9f7d..5bbc80a81 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index 0b2d4de57..2862b6acf 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h index 933245c62..8b7824849 100644 --- a/src/libcharon/encoding/payloads/ts_payload.h +++ b/src/libcharon/encoding/payloads/ts_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index adbf2c8f2..b3f82d079 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h index 09341bcc7..74c17cd87 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.h +++ b/src/libcharon/encoding/payloads/unknown_payload.h @@ -2,7 +2,7 @@ * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index 7db9a69d3..c96b62ece 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 42c31f921..92097b0e8 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c index 71121908b..006304d5e 100644 --- a/src/libcharon/kernel/kernel_handler.c +++ b/src/libcharon/kernel/kernel_handler.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/kernel/kernel_handler.h b/src/libcharon/kernel/kernel_handler.h index f1fa0bdfc..7e54f1111 100644 --- a/src/libcharon/kernel/kernel_handler.h +++ b/src/libcharon/kernel/kernel_handler.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c index 0440f11bb..0d79d228e 100644 --- a/src/libcharon/kernel/kernel_ipsec.c +++ b/src/libcharon/kernel/kernel_ipsec.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index b75304031..94b9c284b 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -91,8 +91,8 @@ struct kernel_ipsec_add_sa_t { uint16_t cpi; /** TRUE to enable UDP encapsulation for NAT traversal */ bool encap; - /** TRUE to enable hardware offloading if available */ - bool hw_offload; + /** no (disabled), yes (enabled), auto (enabled if supported) */ + hw_offload_t hw_offload; /** TRUE to use Extended Sequence Numbers */ bool esn; /** TRUE if initiator of the exchange creating the SA */ diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h index aaeb4f5b7..b790ed1ee 100644 --- a/src/libcharon/kernel/kernel_listener.h +++ b/src/libcharon/kernel/kernel_listener.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 8fb48281f..4c72b5609 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -2,7 +2,7 @@ * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/receiver.h b/src/libcharon/network/receiver.h index 58bfe4a96..25d6e1f7b 100644 --- a/src/libcharon/network/receiver.h +++ b/src/libcharon/network/receiver.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c index bed4f35ce..04cd4dc01 100644 --- a/src/libcharon/network/sender.c +++ b/src/libcharon/network/sender.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/sender.h b/src/libcharon/network/sender.h index 080559b89..bd90a4426 100644 --- a/src/libcharon/network/sender.h +++ b/src/libcharon/network/sender.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/socket.h b/src/libcharon/network/socket.h index b084d96a2..e8ee5e347 100644 --- a/src/libcharon/network/socket.h +++ b/src/libcharon/network/socket.h @@ -3,7 +3,7 @@ * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c index 564608d77..0a7ac9d11 100644 --- a/src/libcharon/network/socket_manager.c +++ b/src/libcharon/network/socket_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h index cde7859c2..38baaea91 100644 --- a/src/libcharon/network/socket_manager.h +++ b/src/libcharon/network/socket_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * diff --git a/src/libcharon/plugins/addrblock/addrblock_narrow.c b/src/libcharon/plugins/addrblock/addrblock_narrow.c index 3b3b72ff8..8dfad7da7 100644 --- a/src/libcharon/plugins/addrblock/addrblock_narrow.c +++ b/src/libcharon/plugins/addrblock/addrblock_narrow.c @@ -2,7 +2,7 @@ * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c index 78e377c2a..c5b634b02 100644 --- a/src/libcharon/plugins/addrblock/addrblock_validator.c +++ b/src/libcharon/plugins/addrblock/addrblock_validator.c @@ -1,6 +1,9 @@ /* - * Copyright (C) 2010 Martin Willi, revosec AG - * Copyright (C) 2009 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * Copyright (C) 2009 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.c b/src/libcharon/plugins/android_dns/android_dns_handler.c index 68bbaecb2..500a44667 100644 --- a/src/libcharon/plugins/android_dns/android_dns_handler.c +++ b/src/libcharon/plugins/android_dns/android_dns_handler.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010-2013 Tobias Brunner * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.h b/src/libcharon/plugins/android_dns/android_dns_handler.h index d7b089dca..7344576af 100644 --- a/src/libcharon/plugins/android_dns/android_dns_handler.h +++ b/src/libcharon/plugins/android_dns/android_dns_handler.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2010-2011 Tobias Brunner * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_dns/android_dns_plugin.c b/src/libcharon/plugins/android_dns/android_dns_plugin.c index 9b6ec0dba..083060556 100644 --- a/src/libcharon/plugins/android_dns/android_dns_plugin.c +++ b/src/libcharon/plugins/android_dns/android_dns_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_dns/android_dns_plugin.h b/src/libcharon/plugins/android_dns/android_dns_plugin.h index e9e57dc24..6716ac718 100644 --- a/src/libcharon/plugins/android_dns/android_dns_plugin.h +++ b/src/libcharon/plugins/android_dns/android_dns_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_log/android_log_logger.c b/src/libcharon/plugins/android_log/android_log_logger.c index 99eb66bb1..a771ef504 100644 --- a/src/libcharon/plugins/android_log/android_log_logger.c +++ b/src/libcharon/plugins/android_log/android_log_logger.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_log/android_log_logger.h b/src/libcharon/plugins/android_log/android_log_logger.h index ed271bf6c..8ae032d9e 100644 --- a/src/libcharon/plugins/android_log/android_log_logger.h +++ b/src/libcharon/plugins/android_log/android_log_logger.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_log/android_log_plugin.c b/src/libcharon/plugins/android_log/android_log_plugin.c index 515917a22..faab918e2 100644 --- a/src/libcharon/plugins/android_log/android_log_plugin.c +++ b/src/libcharon/plugins/android_log/android_log_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/android_log/android_log_plugin.h b/src/libcharon/plugins/android_log/android_log_plugin.h index 32c4dc10b..c5d98517e 100644 --- a/src/libcharon/plugins/android_log/android_log_plugin.h +++ b/src/libcharon/plugins/android_log/android_log_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr/attr_plugin.c b/src/libcharon/plugins/attr/attr_plugin.c index 9b15c3cc9..407a39ac7 100644 --- a/src/libcharon/plugins/attr/attr_plugin.c +++ b/src/libcharon/plugins/attr/attr_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr/attr_plugin.h b/src/libcharon/plugins/attr/attr_plugin.h index 0c6eebfa7..c9ba73893 100644 --- a/src/libcharon/plugins/attr/attr_plugin.h +++ b/src/libcharon/plugins/attr/attr_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c index 3310f79fd..7e0f1b787 100644 --- a/src/libcharon/plugins/attr/attr_provider.c +++ b/src/libcharon/plugins/attr/attr_provider.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr/attr_provider.h b/src/libcharon/plugins/attr/attr_provider.h index 17db30408..d2ee6b952 100644 --- a/src/libcharon/plugins/attr/attr_provider.h +++ b/src/libcharon/plugins/attr/attr_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr_sql/attr_sql_plugin.c b/src/libcharon/plugins/attr_sql/attr_sql_plugin.c index 908877514..eb5f018fd 100644 --- a/src/libcharon/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libcharon/plugins/attr_sql/attr_sql_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr_sql/attr_sql_plugin.h b/src/libcharon/plugins/attr_sql/attr_sql_plugin.h index b6b04ccc0..3444d33e5 100644 --- a/src/libcharon/plugins/attr_sql/attr_sql_plugin.h +++ b/src/libcharon/plugins/attr_sql/attr_sql_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr_sql/attr_sql_provider.c b/src/libcharon/plugins/attr_sql/attr_sql_provider.c index 33d9f99fc..f6e1c75e4 100644 --- a/src/libcharon/plugins/attr_sql/attr_sql_provider.c +++ b/src/libcharon/plugins/attr_sql/attr_sql_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/attr_sql/attr_sql_provider.h b/src/libcharon/plugins/attr_sql/attr_sql_provider.h index a9b037bf5..43eb70951 100644 --- a/src/libcharon/plugins/attr_sql/attr_sql_provider.h +++ b/src/libcharon/plugins/attr_sql/attr_sql_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/connmark/connmark_listener.c b/src/libcharon/plugins/connmark/connmark_listener.c index 29f7cac42..7d23f1a23 100644 --- a/src/libcharon/plugins/connmark/connmark_listener.c +++ b/src/libcharon/plugins/connmark/connmark_listener.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c index 642e28afc..976de6b54 100644 --- a/src/libcharon/plugins/dhcp/dhcp_plugin.c +++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 7541c3b49..c26fcc920 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2012-2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -157,7 +160,7 @@ typedef struct __attribute__((packed)) { } dhcp_option_t; /** - * DHCP message format, with a maximum size options buffer + * DHCP message format, with a minimum size options buffer */ typedef struct __attribute__((packed)) { uint8_t opcode; @@ -176,9 +179,19 @@ typedef struct __attribute__((packed)) { char server_hostname[64]; char boot_filename[128]; uint32_t magic_cookie; - u_char options[252]; + u_char options[308]; } dhcp_t; +/** + * Check if the given address equals the broadcast address + */ +static inline bool is_broadcast(host_t *host) +{ + chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); + + return chunk_equals(broadcast, host->get_address(host)); +} + /** * Prepare a DHCP message for a given transaction */ @@ -186,10 +199,10 @@ static int prepare_dhcp(private_dhcp_socket_t *this, dhcp_transaction_t *transaction, dhcp_message_type_t type, dhcp_t *dhcp) { - chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); + chunk_t chunk; identification_t *identity; dhcp_option_t *option; - int optlen = 0; + int optlen = 0, remaining; host_t *src; uint32_t id; @@ -198,7 +211,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this, dhcp->hw_type = ARPHRD_ETHER; dhcp->hw_addr_len = 6; dhcp->transaction_id = transaction->get_id(transaction); - if (chunk_equals(broadcast, this->dst->get_address(this->dst))) + if (is_broadcast(this->dst)) { /* Set broadcast flag to get broadcasted replies, as we actually * do not own the MAC we request an address for. */ @@ -241,21 +254,29 @@ static int prepare_dhcp(private_dhcp_socket_t *this, option->data[0] = type; optlen += sizeof(dhcp_option_t) + option->len; + /* the REQUEST message has the most static overhead in the 'options' field + * with 17 bytes */ + remaining = sizeof(dhcp->options) - optlen - 17; + if (identity->get_type(identity) == ID_FQDN) { option = (dhcp_option_t*)&dhcp->options[optlen]; option->type = DHCP_HOST_NAME; - option->len = min(chunk.len, 64); + option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); memcpy(option->data, chunk.ptr, option->len); optlen += sizeof(dhcp_option_t) + option->len; + remaining -= sizeof(dhcp_option_t) + option->len; } - option = (dhcp_option_t*)&dhcp->options[optlen]; - option->type = DHCP_CLIENT_ID; - option->len = min(chunk.len, 64); - memcpy(option->data, chunk.ptr, option->len); - optlen += sizeof(dhcp_option_t) + option->len; - + if (this->identity_lease && + remaining >= sizeof(dhcp_option_t) + 2) + { + option = (dhcp_option_t*)&dhcp->options[optlen]; + option->type = DHCP_CLIENT_ID; + option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); + memcpy(option->data, chunk.ptr, option->len); + optlen += sizeof(dhcp_option_t) + option->len; + } return optlen; } @@ -273,7 +294,7 @@ static bool send_dhcp(private_dhcp_socket_t *this, { dst = this->dst; } - len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64); + len = offsetof(dhcp_t, magic_cookie) + optlen + 4; return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst), *dst->get_sockaddr_len(dst)) == len; } @@ -675,7 +696,7 @@ dhcp_socket_t *dhcp_socket_create() }, }; char *iface; - int on = 1; + int on = 1, rcvbuf = 0; struct sock_filter dhcp_filter_code[] = { BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(struct iphdr, protocol)), @@ -685,9 +706,9 @@ dhcp_socket_t *dhcp_socket_create() BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14), BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + offsetof(struct udphdr, dest)), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 2), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 1), - BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 10), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0), + BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0), BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + sizeof(struct udphdr) + offsetof(dhcp_t, opcode)), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8), @@ -766,6 +787,30 @@ dhcp_socket_t *dhcp_socket_create() destroy(this); return NULL; } + /* we won't read any data from this socket, so reduce the buffer to save + * some memory (there is some minimum, still try 0, though). + * note that we might steal some packets from other processes if e.g. a DHCP + * client (or server) is running on the same host, but by reducing the + * buffer size the impact should be minimized */ + if (setsockopt(this->send, SOL_SOCKET, SO_RCVBUF, &rcvbuf, + sizeof(rcvbuf)) == -1) + { + DBG1(DBG_CFG, "unable to reduce receive buffer on DHCP send socket: %s", + strerror(errno)); + destroy(this); + return NULL; + } + if (!is_broadcast(this->dst)) + { + /* when setting giaddr (which we do when we don't broadcast), the server + * should respond to the server port on that IP, according to RFC 2131, + * section 4.1. while we do receive such messages via raw socket, the + * kernel will respond with an ICMP port unreachable if there is no + * socket bound to that port, which might be problematic with certain + * DHCP servers. instead of opening an additional socket, that we don't + * actually use, we can also just send our requests from port 67 */ + src.sin_port = htons(DHCP_SERVER_PORT); + } if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) { DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno)); diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h index 0c614f7b1..61fee2a8e 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.h +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h @@ -33,7 +33,7 @@ typedef struct dhcp_transaction_t dhcp_transaction_t; struct dhcp_transaction_t { /** - * Get the DCHP transaction ID. + * Get the DHCP transaction ID. * * @return DHCP transaction identifier */ @@ -61,7 +61,7 @@ struct dhcp_transaction_t { host_t* (*get_address)(dhcp_transaction_t *this); /** - * Set the DCHP server address discovered. + * Set the DHCP server address discovered. * * @param server DHCP server address */ @@ -75,7 +75,7 @@ struct dhcp_transaction_t { host_t* (*get_server)(dhcp_transaction_t *this); /** - * An an additional attribute to serve to peer. + * Add an additional attribute to serve to peer. * * @param type type of attribute * @param data attribute data diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c index 533bd5be4..54d25e11b 100644 --- a/src/libcharon/plugins/dnscert/dnscert_cred.c +++ b/src/libcharon/plugins/dnscert/dnscert_cred.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/dnscert/dnscert_plugin.c b/src/libcharon/plugins/dnscert/dnscert_plugin.c index 1b93480cf..6eed698b9 100644 --- a/src/libcharon/plugins/dnscert/dnscert_plugin.c +++ b/src/libcharon/plugins/dnscert/dnscert_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index 3ab053ba6..fa4dd37af 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.h b/src/libcharon/plugins/eap_aka/eap_aka_peer.h index b6ab5cdc5..35d15187a 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c index 83805d727..126667d50 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_plugin.h b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h index 8d4fbadfa..b1603e3f4 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_plugin.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index 1ede56757..e6175267c 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.h b/src/libcharon/plugins/eap_aka/eap_aka_server.h index 5c95180ac..d4c4053e9 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am index 5e230ea3b..97de388c3 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am @@ -6,17 +6,24 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ $(PLUGIN_CFLAGS) -libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version +# these files are also used by the tests, we can't directly refer to them +# because of the subdirectory, which would cause distclean to fail +noinst_LTLIBRARIES = libeap_aka_3gpp.la +libeap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + +libstrongswan_eap_aka_3gpp_la_LIBADD = libeap_aka_3gpp.la if MONOLITHIC -noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +noinst_LTLIBRARIES += libstrongswan-eap-aka-3gpp.la else plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la -libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_3gpp_la_LIBADD += $(top_builddir)/src/libsimaka/libsimaka.la endif libstrongswan_eap_aka_3gpp_la_SOURCES = \ eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ - eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ - eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c + +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in index 2f3d0b83e..d8515c05b 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in @@ -88,6 +88,8 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +@MONOLITHIC_TRUE@am__append_1 = libstrongswan-eap-aka-3gpp.la +@MONOLITHIC_FALSE@am__append_2 = $(top_builddir)/src/libsimaka/libsimaka.la subdir = src/libcharon/plugins/eap_aka_3gpp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -136,17 +138,19 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_DEPENDENCIES = \ -@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la -am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \ - eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo \ - eap_aka_3gpp_functions.lo -libstrongswan_eap_aka_3gpp_la_OBJECTS = \ - $(am_libstrongswan_eap_aka_3gpp_la_OBJECTS) +libeap_aka_3gpp_la_LIBADD = +am_libeap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_functions.lo +libeap_aka_3gpp_la_OBJECTS = $(am_libeap_aka_3gpp_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = +libstrongswan_eap_aka_3gpp_la_DEPENDENCIES = libeap_aka_3gpp.la \ + $(am__append_2) +am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \ + eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo +libstrongswan_eap_aka_3gpp_la_OBJECTS = \ + $(am_libstrongswan_eap_aka_3gpp_la_OBJECTS) libstrongswan_eap_aka_3gpp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ @@ -188,8 +192,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) +SOURCES = $(libeap_aka_3gpp_la_SOURCES) \ + $(libstrongswan_eap_aka_3gpp_la_SOURCES) +DIST_SOURCES = $(libeap_aka_3gpp_la_SOURCES) \ + $(libstrongswan_eap_aka_3gpp_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -462,16 +468,22 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ $(PLUGIN_CFLAGS) -libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la + +# these files are also used by the tests, we can't directly refer to them +# because of the subdirectory, which would cause distclean to fail +noinst_LTLIBRARIES = libeap_aka_3gpp.la $(am__append_1) +libeap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + +libstrongswan_eap_aka_3gpp_la_LIBADD = libeap_aka_3gpp.la \ + $(am__append_2) @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la -@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la libstrongswan_eap_aka_3gpp_la_SOURCES = \ eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ - eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ - eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -552,6 +564,9 @@ clean-pluginLTLIBRARIES: rm -f $${locs}; \ } +libeap_aka_3gpp.la: $(libeap_aka_3gpp_la_OBJECTS) $(libeap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libeap_aka_3gpp_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libeap_aka_3gpp_la_OBJECTS) $(libeap_aka_3gpp_la_LIBADD) $(LIBS) + libstrongswan-eap-aka-3gpp.la: $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) $(AM_V_CCLD)$(libstrongswan_eap_aka_3gpp_la_LINK) $(am_libstrongswan_eap_aka_3gpp_la_rpath) $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_LIBADD) $(LIBS) diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c index 22c1181ad..e77c75149 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h index 0ef90681f..48a3f5055 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h index c089cd385..c9fb1a983 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c index 650af86d9..061961fcf 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h index e101f4be6..ea2461fcc 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c index d5112d390..1486b6279 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h index 6af8b4b4f..e75763027 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am new file mode 100644 index 000000000..5887898b6 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am @@ -0,0 +1,24 @@ +TESTS = eap_aka_3gpp_tests + +check_PROGRAMS = $(TESTS) + +eap_aka_3gpp_tests_SOURCES = \ + tests.h tests.c \ + suites/test_vectors.c + +eap_aka_3gpp_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka \ + -I$(top_srcdir)/src/libcharon/plugins/eap_aka_3gpp \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +eap_aka_3gpp_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +eap_aka_3gpp_tests_LDADD = \ + ../libeap_aka_3gpp.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in new file mode 100644 index 000000000..65b86199c --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in @@ -0,0 +1,899 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +TESTS = eap_aka_3gpp_tests$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) +subdir = src/libcharon/plugins/eap_aka_3gpp/tests +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = eap_aka_3gpp_tests$(EXEEXT) +am__dirstamp = $(am__leading_dot)dirstamp +am_eap_aka_3gpp_tests_OBJECTS = eap_aka_3gpp_tests-tests.$(OBJEXT) \ + suites/eap_aka_3gpp_tests-test_vectors.$(OBJEXT) +eap_aka_3gpp_tests_OBJECTS = $(am_eap_aka_3gpp_tests_OBJECTS) +eap_aka_3gpp_tests_DEPENDENCIES = ../libeap_aka_3gpp.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +eap_aka_3gpp_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) \ + $(eap_aka_3gpp_tests_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(eap_aka_3gpp_tests_SOURCES) +DIST_SOURCES = $(eap_aka_3gpp_tests_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +eap_aka_3gpp_tests_SOURCES = \ + tests.h tests.c \ + suites/test_vectors.c + +eap_aka_3gpp_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka \ + -I$(top_srcdir)/src/libcharon/plugins/eap_aka_3gpp \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +eap_aka_3gpp_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +eap_aka_3gpp_tests_LDADD = \ + ../libeap_aka_3gpp.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/tests/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +suites/$(am__dirstamp): + @$(MKDIR_P) suites + @: > suites/$(am__dirstamp) +suites/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) suites/$(DEPDIR) + @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/eap_aka_3gpp_tests-test_vectors.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) + +eap_aka_3gpp_tests$(EXEEXT): $(eap_aka_3gpp_tests_OBJECTS) $(eap_aka_3gpp_tests_DEPENDENCIES) $(EXTRA_eap_aka_3gpp_tests_DEPENDENCIES) + @rm -f eap_aka_3gpp_tests$(EXEEXT) + $(AM_V_CCLD)$(eap_aka_3gpp_tests_LINK) $(eap_aka_3gpp_tests_OBJECTS) $(eap_aka_3gpp_tests_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f suites/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_tests-tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +eap_aka_3gpp_tests-tests.o: tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT eap_aka_3gpp_tests-tests.o -MD -MP -MF $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo -c -o eap_aka_3gpp_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo $(DEPDIR)/eap_aka_3gpp_tests-tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='eap_aka_3gpp_tests-tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o eap_aka_3gpp_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c + +eap_aka_3gpp_tests-tests.obj: tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT eap_aka_3gpp_tests-tests.obj -MD -MP -MF $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo -c -o eap_aka_3gpp_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo $(DEPDIR)/eap_aka_3gpp_tests-tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='eap_aka_3gpp_tests-tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o eap_aka_3gpp_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi` + +suites/eap_aka_3gpp_tests-test_vectors.o: suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT suites/eap_aka_3gpp_tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo -c -o suites/eap_aka_3gpp_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/eap_aka_3gpp_tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o suites/eap_aka_3gpp_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c + +suites/eap_aka_3gpp_tests-test_vectors.obj: suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT suites/eap_aka_3gpp_tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo -c -o suites/eap_aka_3gpp_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/eap_aka_3gpp_tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o suites/eap_aka_3gpp_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f suites/$(DEPDIR)/$(am__dirstamp) + -rm -f suites/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c b/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c new file mode 100644 index 000000000..681e99a6b --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c @@ -0,0 +1,210 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "../eap_aka_3gpp_functions.h" + +static eap_aka_3gpp_functions_t *functions; + +START_SETUP(functions_setup) +{ + functions = eap_aka_3gpp_functions_create(); + ck_assert(functions); +} +END_SETUP + +START_TEARDOWN(functions_teardown) +{ + functions->destroy(functions); +} +END_TEARDOWN + +/** + * Test vectors from 3GPP TS 35.207 + */ +static struct { + uint8_t k[AKA_K_LEN]; + uint8_t rand[AKA_RAND_LEN]; + uint8_t sqn[AKA_SQN_LEN]; + uint8_t amf[AKA_AMF_LEN]; + uint8_t opc[AKA_OPC_LEN]; + uint8_t f1[AKA_MAC_LEN]; + uint8_t f1star[AKA_MAC_LEN]; + uint8_t f2[AKA_RES_LEN]; + uint8_t f3[AKA_CK_LEN]; + uint8_t f4[AKA_IK_LEN]; + uint8_t f5[AKA_AK_LEN]; + uint8_t f5star[AKA_AK_LEN]; +} test_data[] = { + { + .k = {0x46,0x5b,0x5c,0xe8,0xb1,0x99,0xb4,0x9f,0xaa,0x5f,0x0a,0x2e,0xe2,0x38,0xa6,0xbc}, + .rand = {0x23,0x55,0x3c,0xbe,0x96,0x37,0xa8,0x9d,0x21,0x8a,0xe6,0x4d,0xae,0x47,0xbf,0x35}, + .sqn = {0xff,0x9b,0xb4,0xd0,0xb6,0x07}, + .amf = {0xb9,0xb9}, + .opc = {0xcd,0x63,0xcb,0x71,0x95,0x4a,0x9f,0x4e,0x48,0xa5,0x99,0x4e,0x37,0xa0,0x2b,0xaf}, + .f1 = {0x4a,0x9f,0xfa,0xc3,0x54,0xdf,0xaf,0xb3}, + .f1star = {0x01,0xcf,0xaf,0x9e,0xc4,0xe8,0x71,0xe9}, + .f2 = {0xa5,0x42,0x11,0xd5,0xe3,0xba,0x50,0xbf}, + .f3 = {0xb4,0x0b,0xa9,0xa3,0xc5,0x8b,0x2a,0x05,0xbb,0xf0,0xd9,0x87,0xb2,0x1b,0xf8,0xcb}, + .f4 = {0xf7,0x69,0xbc,0xd7,0x51,0x04,0x46,0x04,0x12,0x76,0x72,0x71,0x1c,0x6d,0x34,0x41}, + .f5 = {0xaa,0x68,0x9c,0x64,0x83,0x70}, + .f5star = {0x45,0x1e,0x8b,0xec,0xa4,0x3b}, + }, + { + .k = {0x03,0x96,0xeb,0x31,0x7b,0x6d,0x1c,0x36,0xf1,0x9c,0x1c,0x84,0xcd,0x6f,0xfd,0x16}, + .rand = {0xc0,0x0d,0x60,0x31,0x03,0xdc,0xee,0x52,0xc4,0x47,0x81,0x19,0x49,0x42,0x02,0xe8}, + .sqn = {0xfd,0x8e,0xef,0x40,0xdf,0x7d}, + .amf = {0xaf,0x17}, + .opc = {0x53,0xc1,0x56,0x71,0xc6,0x0a,0x4b,0x73,0x1c,0x55,0xb4,0xa4,0x41,0xc0,0xbd,0xe2}, + .f1 = {0x5d,0xf5,0xb3,0x18,0x07,0xe2,0x58,0xb0}, + .f1star = {0xa8,0xc0,0x16,0xe5,0x1e,0xf4,0xa3,0x43}, + .f2 = {0xd3,0xa6,0x28,0xed,0x98,0x86,0x20,0xf0}, + .f3 = {0x58,0xc4,0x33,0xff,0x7a,0x70,0x82,0xac,0xd4,0x24,0x22,0x0f,0x2b,0x67,0xc5,0x56}, + .f4 = {0x21,0xa8,0xc1,0xf9,0x29,0x70,0x2a,0xdb,0x3e,0x73,0x84,0x88,0xb9,0xf5,0xc5,0xda}, + .f5 = {0xc4,0x77,0x83,0x99,0x5f,0x72}, + .f5star = {0x30,0xf1,0x19,0x70,0x61,0xc1}, + }, + { + .k = {0xfe,0xc8,0x6b,0xa6,0xeb,0x70,0x7e,0xd0,0x89,0x05,0x75,0x7b,0x1b,0xb4,0x4b,0x8f}, + .rand = {0x9f,0x7c,0x8d,0x02,0x1a,0xcc,0xf4,0xdb,0x21,0x3c,0xcf,0xf0,0xc7,0xf7,0x1a,0x6a}, + .sqn = {0x9d,0x02,0x77,0x59,0x5f,0xfc}, + .amf = {0x72,0x5c}, + .opc = {0x10,0x06,0x02,0x0f,0x0a,0x47,0x8b,0xf6,0xb6,0x99,0xf1,0x5c,0x06,0x2e,0x42,0xb3}, + .f1 = {0x9c,0xab,0xc3,0xe9,0x9b,0xaf,0x72,0x81}, + .f1star = {0x95,0x81,0x4b,0xa2,0xb3,0x04,0x43,0x24}, + .f2 = {0x80,0x11,0xc4,0x8c,0x0c,0x21,0x4e,0xd2}, + .f3 = {0x5d,0xbd,0xbb,0x29,0x54,0xe8,0xf3,0xcd,0xe6,0x65,0xb0,0x46,0x17,0x9a,0x50,0x98}, + .f4 = {0x59,0xa9,0x2d,0x3b,0x47,0x6a,0x04,0x43,0x48,0x70,0x55,0xcf,0x88,0xb2,0x30,0x7b}, + .f5 = {0x33,0x48,0x4d,0xc2,0x13,0x6b}, + .f5star = {0xde,0xac,0xdd,0x84,0x8c,0xc6}, + }, + { + .k = {0x9e,0x59,0x44,0xae,0xa9,0x4b,0x81,0x16,0x5c,0x82,0xfb,0xf9,0xf3,0x2d,0xb7,0x51}, + .rand = {0xce,0x83,0xdb,0xc5,0x4a,0xc0,0x27,0x4a,0x15,0x7c,0x17,0xf8,0x0d,0x01,0x7b,0xd6}, + .sqn = {0x0b,0x60,0x4a,0x81,0xec,0xa8}, + .amf = {0x9e,0x09}, + .opc = {0xa6,0x4a,0x50,0x7a,0xe1,0xa2,0xa9,0x8b,0xb8,0x8e,0xb4,0x21,0x01,0x35,0xdc,0x87}, + .f1 = {0x74,0xa5,0x82,0x20,0xcb,0xa8,0x4c,0x49}, + .f1star = {0xac,0x2c,0xc7,0x4a,0x96,0x87,0x18,0x37}, + .f2 = {0xf3,0x65,0xcd,0x68,0x3c,0xd9,0x2e,0x96}, + .f3 = {0xe2,0x03,0xed,0xb3,0x97,0x15,0x74,0xf5,0xa9,0x4b,0x0d,0x61,0xb8,0x16,0x34,0x5d}, + .f4 = {0x0c,0x45,0x24,0xad,0xea,0xc0,0x41,0xc4,0xdd,0x83,0x0d,0x20,0x85,0x4f,0xc4,0x6b}, + .f5 = {0xf0,0xb9,0xc0,0x8a,0xd0,0x2e}, + .f5star = {0x60,0x85,0xa8,0x6c,0x6f,0x63}, + }, + { + .k = {0x4a,0xb1,0xde,0xb0,0x5c,0xa6,0xce,0xb0,0x51,0xfc,0x98,0xe7,0x7d,0x02,0x6a,0x84}, + .rand = {0x74,0xb0,0xcd,0x60,0x31,0xa1,0xc8,0x33,0x9b,0x2b,0x6c,0xe2,0xb8,0xc4,0xa1,0x86}, + .sqn = {0xe8,0x80,0xa1,0xb5,0x80,0xb6}, + .amf = {0x9f,0x07}, + .opc = {0xdc,0xf0,0x7c,0xbd,0x51,0x85,0x52,0x90,0xb9,0x2a,0x07,0xa9,0x89,0x1e,0x52,0x3e}, + .f1 = {0x49,0xe7,0x85,0xdd,0x12,0x62,0x6e,0xf2}, + .f1star = {0x9e,0x85,0x79,0x03,0x36,0xbb,0x3f,0xa2}, + .f2 = {0x58,0x60,0xfc,0x1b,0xce,0x35,0x1e,0x7e}, + .f3 = {0x76,0x57,0x76,0x6b,0x37,0x3d,0x1c,0x21,0x38,0xf3,0x07,0xe3,0xde,0x92,0x42,0xf9}, + .f4 = {0x1c,0x42,0xe9,0x60,0xd8,0x9b,0x8f,0xa9,0x9f,0x27,0x44,0xe0,0x70,0x8c,0xcb,0x53}, + .f5 = {0x31,0xe1,0x1a,0x60,0x91,0x18}, + .f5star = {0xfe,0x25,0x55,0xe5,0x4a,0xa9}, + }, + { + .k = {0x6c,0x38,0xa1,0x16,0xac,0x28,0x0c,0x45,0x4f,0x59,0x33,0x2e,0xe3,0x5c,0x8c,0x4f}, + .rand = {0xee,0x64,0x66,0xbc,0x96,0x20,0x2c,0x5a,0x55,0x7a,0xbb,0xef,0xf8,0xba,0xbf,0x63}, + .sqn = {0x41,0x4b,0x98,0x22,0x21,0x81}, + .amf = {0x44,0x64}, + .opc = {0x38,0x03,0xef,0x53,0x63,0xb9,0x47,0xc6,0xaa,0xa2,0x25,0xe5,0x8f,0xae,0x39,0x34}, + .f1 = {0x07,0x8a,0xdf,0xb4,0x88,0x24,0x1a,0x57}, + .f1star = {0x80,0x24,0x6b,0x8d,0x01,0x86,0xbc,0xf1}, + .f2 = {0x16,0xc8,0x23,0x3f,0x05,0xa0,0xac,0x28}, + .f3 = {0x3f,0x8c,0x75,0x87,0xfe,0x8e,0x4b,0x23,0x3a,0xf6,0x76,0xae,0xde,0x30,0xba,0x3b}, + .f4 = {0xa7,0x46,0x6c,0xc1,0xe6,0xb2,0xa1,0x33,0x7d,0x49,0xd3,0xb6,0x6e,0x95,0xd7,0xb4}, + .f5 = {0x45,0xb0,0xf6,0x9a,0xb0,0x6c}, + .f5star = {0x1f,0x53,0xcd,0x2b,0x11,0x13}, + }, +}; + +START_TEST(test_f1) +{ + uint8_t mac[AKA_MAC_LEN]; + + ck_assert(functions->f1(functions, test_data[_i].k, test_data[_i].opc, + test_data[_i].rand, test_data[_i].sqn, + test_data[_i].amf, mac)); + ck_assert(memeq(test_data[_i].f1, mac, sizeof(mac))); +} +END_TEST + +START_TEST(test_f1star) +{ + uint8_t mac[AKA_MAC_LEN]; + + ck_assert(functions->f1star(functions, test_data[_i].k, + test_data[_i].opc, test_data[_i].rand, + test_data[_i].sqn, test_data[_i].amf, mac)); + ck_assert(memeq(test_data[_i].f1star, mac, sizeof(mac))); +} +END_TEST + +START_TEST(test_f2345) +{ + uint8_t res[AKA_RES_LEN], ck[AKA_CK_LEN], ik[AKA_IK_LEN], ak[AKA_AK_LEN]; + + ck_assert(functions->f2345(functions, test_data[_i].k, + test_data[_i].opc, test_data[_i].rand, + res, ck, ik, ak)); + + ck_assert(memeq(test_data[_i].f2, res, sizeof(res))); + ck_assert(memeq(test_data[_i].f3, ck, sizeof(ck))); + ck_assert(memeq(test_data[_i].f4, ik, sizeof(ik))); + ck_assert(memeq(test_data[_i].f5, ak, sizeof(ak))); +} +END_TEST + +START_TEST(test_f5star) +{ + uint8_t ak[AKA_AK_LEN]; + + ck_assert(functions->f5star(functions, test_data[_i].k, + test_data[_i].opc, test_data[_i].rand, ak)); + + ck_assert(memeq(test_data[_i].f5star, ak, sizeof(ak))); +} +END_TEST + +Suite *test_vectors_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("eap-aka-3gpp"); + + tc = tcase_create("f1, f1*"); + tcase_add_checked_fixture(tc, functions_setup, functions_teardown); + tcase_add_loop_test(tc, test_f1, 0, countof(test_data)); + tcase_add_loop_test(tc, test_f1star, 0, countof(test_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("f2, f3, f4 and f5"); + tcase_add_checked_fixture(tc, functions_setup, functions_teardown); + tcase_add_loop_test(tc, test_f2345, 0, countof(test_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("f5*"); + tcase_add_checked_fixture(tc, functions_setup, functions_teardown); + tcase_add_loop_test(tc, test_f5star, 0, countof(test_data)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c new file mode 100644 index 000000000..17a2c0771 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x) +#include "tests.h" +#undef TEST_SUITE +#undef TEST_SUITE_DEPEND + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#define TEST_SUITE_DEPEND(x, type, ...) \ + { .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) }, +#include "tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + char *plugins, *plugindir; + + plugins = getenv("TESTS_PLUGINS") ?: + lib->settings->get_str(lib->settings, + "tests.load", PLUGINS); + plugindir = lib->settings->get_str(lib->settings, + "tests.plugindir", PLUGINDIR); + plugin_loader_add_plugindirs(plugindir, plugins); + if (!lib->plugins->load(lib->plugins, plugins)) + { + return FALSE; + } + } + else + { + lib->processor->set_threads(lib->processor, 0); + lib->processor->cancel(lib->processor); + lib->plugins->unload(lib->plugins); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("eap-aka-3gpp", tests, test_runner_init); +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h new file mode 100644 index 000000000..858571121 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h @@ -0,0 +1,16 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE_DEPEND(test_vectors_suite_create, CRYPTER, ENCR_AES_CBC, 16) diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c index e38ee5b70..08f1e35cf 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h index eb6b1f75f..b0ef5a6e9 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c index cfe6407b0..a9371a095 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h index 2706da349..ce7ec3b4c 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c index 3f9db71c6..d12a61d58 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h index 2ac450a7d..3a845ab2c 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c index f272e1ec8..478ae48f5 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h index 0e1af8554..6b7d5a9f0 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index 204fb317d..32d21982b 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.h b/src/libcharon/plugins/eap_dynamic/eap_dynamic.h index 35db4fa26..c8be21288 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.h +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c index d6f38b666..5812929fd 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h index 9b124d8d2..30330c869 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index 6f5c38edd..3434ef17b 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2007-2012 Martin Willi * Copyright (C) 2012 revosec AG - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.h b/src/libcharon/plugins/eap_gtc/eap_gtc.h index 4dac53cfb..19d2ed917 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.h +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c index d579eaa5a..c3122148e 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h index 9c4052a6d..5c25bba9b 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h +++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c index 7d6dc4add..598956130 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity.c +++ b/src/libcharon/plugins/eap_identity/eap_identity.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_identity/eap_identity.h b/src/libcharon/plugins/eap_identity/eap_identity.h index 4e7f6fd9d..82d70b511 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity.h +++ b/src/libcharon/plugins/eap_identity/eap_identity.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c index b09e51568..828a06b65 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_identity/eap_identity_plugin.h b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h index 274156a1b..bbf743518 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity_plugin.h +++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index 2cb0db466..ab5f7ff6a 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_md5/eap_md5.h b/src/libcharon/plugins/eap_md5/eap_md5.h index 5396535e1..a5e3544d8 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.h +++ b/src/libcharon/plugins/eap_md5/eap_md5.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c index d045e02bf..9239d9c1d 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_md5/eap_md5_plugin.h b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h index e5e1a6e94..166cca31b 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5_plugin.h +++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 12f61f7f8..f864037a1 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009-2015 Tobias Brunner * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h index 0e7abc397..715fd5e84 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index 6fd96708a..627c20e46 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h index f250a9d47..6e7a610ab 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c index 4778a0977..073af8dc0 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap.c +++ b/src/libcharon/plugins/eap_peap/eap_peap.c @@ -1,6 +1,9 @@ /* - * Copyright (C) 2010 Martin Willi, revosec AG - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap.h b/src/libcharon/plugins/eap_peap/eap_peap.h index 2756ad3e6..f8131b4bd 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap.h +++ b/src/libcharon/plugins/eap_peap/eap_peap.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c index d5ce5fbc1..4318c166e 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h index cc5930b62..622a35adc 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c index 2668ac432..41d13b646 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.h b/src/libcharon/plugins/eap_peap/eap_peap_peer.h index 196d4e2c4..4eda660b1 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.c b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c index e8deee9e1..523eeeeee 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_plugin.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.h b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h index 0c3c571ef..bbfafaffd 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_plugin.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index d51d0d090..e5c7becf9 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.h b/src/libcharon/plugins/eap_peap/eap_peap_server.h index 4585a622a..12c5b78f4 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Andreas Steffen - * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h index ce583ac44..0f0078e71 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.h +++ b/src/libcharon/plugins/eap_radius/eap_radius.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.h b/src/libcharon/plugins/eap_radius/eap_radius_forward.h index 2c1dbf7a8..fc50d0d1a 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.h @@ -58,7 +58,7 @@ void eap_radius_forward_from_ike(radius_message_t *request); /** * Forward RADIUS attributes from a RADIUS response to IKE notifies. * - * @param response RADIUS respose to read notifies from + * @param response RADIUS response to read notifies from */ void eap_radius_forward_to_ike(radius_message_t *response); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index 4fe982849..947681768 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h index 80fa209d6..86c23992f 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -34,7 +34,7 @@ typedef struct eap_radius_plugin_t eap_radius_plugin_t; /** * EAP RADIUS proxy plugin. * - * This plugin provides not a single EAP method, but a proxy to forwared + * This plugin provides not a single EAP method, but a proxy to forward * EAP packets to a RADIUS server. It only provides server implementations. */ struct eap_radius_plugin_t { diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index 37f8a879e..cff8de217 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h index 38315b75a..e6c9f72cb 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c index 5bc0af6bd..ceddc6fe2 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h index 0c71ca548..1a67290f0 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index 3b413cfc6..e463512ff 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h index 84408c43c..457ea526f 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c index 0a6aec083..70a4275ce 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h index 45b0e51db..9004e328e 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c index eae76729c..684b49bf2 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h index f5083c72f..df93d1e68 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c index 4ca1eb93f..3fb722633 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h index 577345dbf..91331cbc4 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c index 03a60cfb1..1901f3a40 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h index 3fa0ea381..c5b649ac6 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h index 6c73a8cb9..d9adb9c25 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c index e2cc0e84f..069645f79 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h index 1992b2482..016fbe5b4 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c index 3c63e82a9..17cb43d0c 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h index 2dea516c3..4bd00b297 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c index 153ec0f0d..0e3713336 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h index 683de7559..8c6413bc3 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c index ab3ab2f4d..409f0c9ee 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h index 80c8a1037..a0392831f 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c index 543b5579b..dd33de96f 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h index bc6376d53..c95474e71 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.h b/src/libcharon/plugins/eap_tnc/eap_tnc.h index d7ea9f4bb..b4c5dccff 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.h +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2012 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c index d0f79fa43..8d2f24be9 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h index 97298eb5c..231188ff1 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h +++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index 9987c43d4..97dbe1890 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -1,6 +1,9 @@ /* - * Copyright (C) 2010 Martin Willi, revosec AG - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.h b/src/libcharon/plugins/eap_ttls/eap_ttls.h index 84b1a2d19..3d1de3639 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.h +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c index f75e3e0a6..d228012b9 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h index e56d92fc2..3a7f8597e 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index be6a0812e..e06f5577f 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h index 31fc0d9db..88819d960 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c index 7ccbc9381..cfcb76fa7 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h index ca84ad7bb..379d08ef1 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.h b/src/libcharon/plugins/eap_ttls/eap_ttls_server.h index a66a813ec..aa35ed8ed 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.h +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c index 4585731de..b928cad35 100644 --- a/src/libcharon/plugins/forecast/forecast_listener.c +++ b/src/libcharon/plugins/forecast/forecast_listener.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010-2014 Martin Willi * Copyright (C) 2010-2014 revosec AG diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index 8c9f66aa7..47a26592a 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_child.h b/src/libcharon/plugins/ha/ha_child.h index 56cd769ba..9ee1af38f 100644 --- a/src/libcharon/plugins/ha/ha_child.h +++ b/src/libcharon/plugins/ha/ha_child.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c index 54302e852..2bb6073bc 100644 --- a/src/libcharon/plugins/ha/ha_ctl.c +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_ctl.h b/src/libcharon/plugins/ha/ha_ctl.h index 1e717832a..af69865d1 100644 --- a/src/libcharon/plugins/ha/ha_ctl.h +++ b/src/libcharon/plugins/ha/ha_ctl.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 7d22257c6..4e3803892 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_dispatcher.h b/src/libcharon/plugins/ha/ha_dispatcher.h index 105a40473..60d71a825 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.h +++ b/src/libcharon/plugins/ha/ha_dispatcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c index fb8d22915..2854ab76d 100644 --- a/src/libcharon/plugins/ha/ha_ike.c +++ b/src/libcharon/plugins/ha/ha_ike.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_ike.h b/src/libcharon/plugins/ha/ha_ike.h index b22cd6250..7f500414f 100644 --- a/src/libcharon/plugins/ha/ha_ike.h +++ b/src/libcharon/plugins/ha/ha_ike.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c index 061741eb7..7fdcfef28 100644 --- a/src/libcharon/plugins/ha/ha_kernel.c +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h index bd0a3825b..269a871db 100644 --- a/src/libcharon/plugins/ha/ha_kernel.h +++ b/src/libcharon/plugins/ha/ha_kernel.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c index 5f73b7156..7891b1654 100644 --- a/src/libcharon/plugins/ha/ha_message.c +++ b/src/libcharon/plugins/ha/ha_message.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -320,7 +320,7 @@ METHOD(ha_message_t, add_attribute, void, * Attribute enumerator implementation */ typedef struct { - /** implementes enumerator_t */ + /** implements enumerator_t */ enumerator_t public; /** position in message */ chunk_t buf; diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h index 630c8af8f..3e43dc8dc 100644 --- a/src/libcharon/plugins/ha/ha_message.h +++ b/src/libcharon/plugins/ha/ha_message.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index 037b69bac..986e611ab 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_plugin.h b/src/libcharon/plugins/ha/ha_plugin.h index d4d746f91..98a1440f4 100644 --- a/src/libcharon/plugins/ha/ha_plugin.h +++ b/src/libcharon/plugins/ha/ha_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index fc7d7a8b4..0a407f9ef 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h index 31d47e371..10d5812c6 100644 --- a/src/libcharon/plugins/ha/ha_segments.h +++ b/src/libcharon/plugins/ha/ha_segments.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_socket.h b/src/libcharon/plugins/ha/ha_socket.h index a4789a51d..96547a563 100644 --- a/src/libcharon/plugins/ha/ha_socket.h +++ b/src/libcharon/plugins/ha/ha_socket.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 1a6108ed9..cfa896e93 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -20,6 +20,8 @@ #include #include +#define HA_CFG_NAME "ha" + typedef struct private_ha_tunnel_t private_ha_tunnel_t; typedef struct ha_backend_t ha_backend_t; typedef struct ha_creds_t ha_creds_t; @@ -225,7 +227,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create("ha", ike_cfg, &peer); + peer_cfg = peer_cfg_create(HA_CFG_NAME, ike_cfg, &peer); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); @@ -239,7 +241,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, identification_create_from_string(remote)); peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); - child_cfg = child_cfg_create("ha", &child); + child_cfg = child_cfg_create(HA_CFG_NAME, &child); ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); @@ -260,7 +262,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, charon->backends->add_backend(charon->backends, &this->backend.public); /* install an acquiring trap */ - this->trap = charon->traps->install(charon->traps, peer_cfg, child_cfg, 0); + charon->traps->install(charon->traps, peer_cfg, child_cfg); } METHOD(ha_tunnel_t, destroy, void, @@ -278,10 +280,7 @@ METHOD(ha_tunnel_t, destroy, void, } this->creds.local->destroy(this->creds.local); this->creds.remote->destroy(this->creds.remote); - if (this->trap) - { - charon->traps->uninstall(charon->traps, this->trap); - } + charon->traps->uninstall(charon->traps, HA_CFG_NAME, HA_CFG_NAME); free(this); } diff --git a/src/libcharon/plugins/ha/ha_tunnel.h b/src/libcharon/plugins/ha/ha_tunnel.h index 549e33055..ded15f107 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.h +++ b/src/libcharon/plugins/ha/ha_tunnel.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c index 5ca1e27bc..9f85e036d 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.c +++ b/src/libcharon/plugins/ipseckey/ipseckey.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h index b19ec8920..c47921dd4 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.h +++ b/src/libcharon/plugins/ipseckey/ipseckey.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index b3ac2b328..d9f84e93a 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.h b/src/libcharon/plugins/ipseckey/ipseckey_cred.h index f0f52fd6a..05a2d2d66 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.h +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c index 9f00abe8b..ce973daae 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.h b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h index 95acc79dd..f53b3459c 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.h +++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index d4832e233..6c2d22304 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h index 0a4936706..2f726f8dd 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c index e3b688dd6..ba6be052f 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h index a14426b4e..f5bf0c254 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c index 66141ad56..684d282ac 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h index 7b2f3c6c5..9a82a8ff6 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 4e79dfced..4926c3de8 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2017 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008-2016 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser @@ -17,16 +17,40 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ +/* + * Copyright (C) 2018 Mellanox Technologies. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ #define _GNU_SOURCE #include #include +#include #include #include #include #include #include #include +#include +#include #include #include #include @@ -236,6 +260,27 @@ static kernel_algorithm_t compression_algs[] = { {IPCOMP_LZJH, "lzjh" }, }; +/** + * IPsec HW offload state in kernel + */ +typedef enum { + NL_OFFLOAD_UNKNOWN, + NL_OFFLOAD_UNSUPPORTED, + NL_OFFLOAD_SUPPORTED +} nl_offload_state_t; + +/** + * Global metadata used for IPsec HW offload + */ +static struct { + /** bit in feature set */ + u_int bit; + /** total number of device feature blocks */ + u_int total_blocks; + /** determined HW offload state */ + nl_offload_state_t state; +} netlink_hw_offload; + /** * Look up a kernel algorithm name and its key size */ @@ -1290,6 +1335,193 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) return TRUE; } +/** + * Check if kernel supports HW offload + */ +static void netlink_find_offload_feature(const char *ifname, int query_socket) +{ + struct ethtool_sset_info *sset_info; + struct ethtool_gstrings *cmd = NULL; + struct ifreq ifr; + uint32_t sset_len, i; + char *str; + int err; + + netlink_hw_offload.state = NL_OFFLOAD_UNSUPPORTED; + + /* determine number of device features */ + INIT_EXTRA(sset_info, sizeof(uint32_t), + .cmd = ETHTOOL_GSSET_INFO, + .sset_mask = 1ULL << ETH_SS_FEATURES, + ); + strncpy(ifr.ifr_name, ifname, IFNAMSIZ); + ifr.ifr_name[IFNAMSIZ-1] = '\0'; + ifr.ifr_data = (void*)sset_info; + + err = ioctl(query_socket, SIOCETHTOOL, &ifr); + if (err || sset_info->sset_mask != 1ULL << ETH_SS_FEATURES) + { + goto out; + } + sset_len = sset_info->data[0]; + + /* retrieve names of device features */ + INIT_EXTRA(cmd, ETH_GSTRING_LEN * sset_len, + .cmd = ETHTOOL_GSTRINGS, + .string_set = ETH_SS_FEATURES, + ); + strncpy(ifr.ifr_name, ifname, IFNAMSIZ); + ifr.ifr_name[IFNAMSIZ-1] = '\0'; + ifr.ifr_data = (void*)cmd; + + err = ioctl(query_socket, SIOCETHTOOL, &ifr); + if (err) + { + goto out; + } + + /* look for the ESP_HW feature bit */ + str = (char*)cmd->data; + for (i = 0; i < cmd->len; i++) + { + if (strneq(str, "esp-hw-offload", ETH_GSTRING_LEN)) + { + netlink_hw_offload.bit = i; + netlink_hw_offload.total_blocks = (sset_len + 31) / 32; + netlink_hw_offload.state = NL_OFFLOAD_SUPPORTED; + break; + } + str += ETH_GSTRING_LEN; + } + +out: + free(sset_info); + free(cmd); +} + +/** + * Check if interface supported HW offload + */ +static bool netlink_detect_offload(const char *ifname) +{ + struct ethtool_gfeatures *cmd; + uint32_t feature_bit; + struct ifreq ifr; + int query_socket; + int block; + bool ret = FALSE; + + query_socket = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM); + if (query_socket < 0) + { + return FALSE; + } + + /* kernel requires a real interface in order to query the kernel-wide + * capability, so we do it here on first invocation. + */ + if (netlink_hw_offload.state == NL_OFFLOAD_UNKNOWN) + { + netlink_find_offload_feature(ifname, query_socket); + } + if (netlink_hw_offload.state == NL_OFFLOAD_UNSUPPORTED) + { + DBG1(DBG_KNL, "HW offload is not supported by kernel"); + goto out; + } + + /* feature is supported by kernel, query device features */ + INIT_EXTRA(cmd, sizeof(cmd->features[0]) * netlink_hw_offload.total_blocks, + .cmd = ETHTOOL_GFEATURES, + .size = netlink_hw_offload.total_blocks, + ); + strncpy(ifr.ifr_name, ifname, IFNAMSIZ); + ifr.ifr_name[IFNAMSIZ-1] = '\0'; + ifr.ifr_data = (void*)cmd; + + if (ioctl(query_socket, SIOCETHTOOL, &ifr)) + { + goto out_free; + } + + block = netlink_hw_offload.bit / 32; + feature_bit = 1U << (netlink_hw_offload.bit % 32); + if (cmd->features[block].active & feature_bit) + { + ret = TRUE; + } + +out_free: + free(cmd); + if (!ret) + { + DBG1(DBG_KNL, "HW offload is not supported by device"); + } +out: + close(query_socket); + return ret; +} + +/** + * There are 3 HW offload configuration values: + * 1. HW_OFFLOAD_NO : Do not configure HW offload. + * 2. HW_OFFLOAD_YES : Configure HW offload. + * Fail SA addition if offload is not supported. + * 3. HW_OFFLOAD_AUTO : Configure HW offload if supported by the kernel + * and device. + * Do not fail SA addition otherwise. + */ +static bool config_hw_offload(kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data, struct nlmsghdr *hdr, + int buflen) +{ + host_t *local = data->inbound ? id->dst : id->src; + struct xfrm_user_offload *offload; + bool hw_offload_yes, ret = FALSE; + char *ifname; + + /* do Ipsec configuration without offload */ + if (data->hw_offload == HW_OFFLOAD_NO) + { + return TRUE; + } + + hw_offload_yes = (data->hw_offload == HW_OFFLOAD_YES); + + if (!charon->kernel->get_interface(charon->kernel, local, &ifname)) + { + return !hw_offload_yes; + } + + /* check if interface supports hw_offload */ + if (!netlink_detect_offload(ifname)) + { + ret = !hw_offload_yes; + goto out; + } + + /* activate HW offload */ + offload = netlink_reserve(hdr, buflen, + XFRMA_OFFLOAD_DEV, sizeof(*offload)); + if (!offload) + { + ret = !hw_offload_yes; + goto out; + } + offload->ifindex = if_nametoindex(ifname); + if (local->get_family(local) == AF_INET6) + { + offload->flags |= XFRM_OFFLOAD_IPV6; + } + offload->flags |= data->inbound ? XFRM_OFFLOAD_INBOUND : 0; + + ret = TRUE; + +out: + free(ifname); + return ret; +} + METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, kernel_ipsec_add_sa_t *data) @@ -1650,30 +1882,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, data->replay_window); sa->replay_window = data->replay_window; } - if (data->hw_offload) - { - host_t *local = data->inbound ? id->dst : id->src; - char *ifname; - if (charon->kernel->get_interface(charon->kernel, local, &ifname)) - { - struct xfrm_user_offload *offload; - - offload = netlink_reserve(hdr, sizeof(request), - XFRMA_OFFLOAD_DEV, sizeof(*offload)); - if (!offload) - { - free(ifname); - goto failed; - } - offload->ifindex = if_nametoindex(ifname); - if (local->get_family(local) == AF_INET6) - { - offload->flags |= XFRM_OFFLOAD_IPV6; - } - offload->flags |= data->inbound ? XFRM_OFFLOAD_INBOUND : 0; - free(ifname); - } + DBG2(DBG_KNL, " HW offload: %N", hw_offload_names, data->hw_offload); + if (!config_hw_offload(id, data, hdr, sizeof(request))) + { + DBG1(DBG_KNL, "failed to configure HW offload"); + goto failed; } } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h index 3a45cce06..bafdea0b9 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index c3f92f500..b6eb54370 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1797,7 +1797,7 @@ static void rt_entry_destroy(rt_entry_t *this) /** * Check if the route received with RTM_NEWROUTE is usable based on its type. */ -static bool route_usable(struct nlmsghdr *hdr) +static bool route_usable(struct nlmsghdr *hdr, bool allow_local) { struct rtmsg *msg; @@ -1809,6 +1809,8 @@ static bool route_usable(struct nlmsghdr *hdr) case RTN_PROHIBIT: case RTN_THROW: return FALSE; + case RTN_LOCAL: + return allow_local; default: return TRUE; } @@ -1832,15 +1834,11 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) if (route) { - route->gtw = chunk_empty; - route->pref_src = chunk_empty; - route->dst = chunk_empty; - route->dst_len = msg->rtm_dst_len; - route->src = chunk_empty; - route->src_len = msg->rtm_src_len; - route->table = msg->rtm_table; - route->oif = 0; - route->priority = 0; + *route = (rt_entry_t){ + .dst_len = msg->rtm_dst_len, + .src_len = msg->rtm_src_len, + .table = msg->rtm_table, + }; } else { @@ -1988,7 +1986,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, rt_entry_t *other; uintptr_t table; - if (!route_usable(current)) + if (!route_usable(current, TRUE)) { continue; } @@ -2260,49 +2258,31 @@ METHOD(enumerator_t, enumerate_subnets, bool, break; case RTM_NEWROUTE: { - struct rtmsg *msg; - struct rtattr *rta; - size_t rtasize; - chunk_t dst = chunk_empty; - uint32_t oif = 0; + rt_entry_t route; - msg = NLMSG_DATA(this->current); - - if (!route_usable(this->current)) + if (!route_usable(this->current, FALSE)) { break; } - else if (msg->rtm_table && ( - msg->rtm_table == RT_TABLE_LOCAL || - msg->rtm_table == this->private->routing_table)) + parse_route(this->current, &route); + + if (route.table && ( + route.table == RT_TABLE_LOCAL || + route.table == this->private->routing_table)) { /* ignore our own and the local routing tables */ break; } - - rta = RTM_RTA(msg); - rtasize = RTM_PAYLOAD(this->current); - while (RTA_OK(rta, rtasize)) - { - switch (rta->rta_type) - { - case RTA_DST: - dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); - break; - case RTA_OIF: - if (RTA_PAYLOAD(rta) == sizeof(oif)) - { - oif = *(uint32_t*)RTA_DATA(rta); - } - break; - } - rta = RTA_NEXT(rta, rtasize); + else if (route.gtw.ptr) + { /* ignore routes via gateway/next hop */ + break; } - if (dst.ptr && oif && if_indextoname(oif, this->ifname)) + if (route.dst.ptr && route.oif && + if_indextoname(route.oif, this->ifname)) { - this->net = host_create_from_chunk(msg->rtm_family, dst, 0); + this->net = host_create_from_chunk(AF_UNSPEC, route.dst, 0); *net = this->net; - *mask = msg->rtm_dst_len; + *mask = route.dst_len; *ifname = this->ifname; return TRUE; } @@ -2669,31 +2649,89 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, return this->socket->send_ack(this->socket, hdr); } +/** + * Helper struct used to check routes + */ +typedef struct { + /** the entry we look for */ + route_entry_t route; + /** kernel interface */ + private_kernel_netlink_net_t *this; +} route_entry_lookup_t; + +/** + * Check if a matching route entry has a VIP associated + */ +static bool route_with_vip(route_entry_lookup_t *a, route_entry_t *b) +{ + if (chunk_equals(a->route.dst_net, b->dst_net) && + a->route.prefixlen == b->prefixlen && + is_known_vip(a->this, b->src_ip)) + { + return TRUE; + } + return FALSE; +} + +/** + * Check if there is any route entry with a matching destination + */ +static bool route_with_dst(route_entry_lookup_t *a, route_entry_t *b) +{ + if (chunk_equals(a->route.dst_net, b->dst_net) && + a->route.prefixlen == b->prefixlen) + { + return TRUE; + } + return FALSE; +} + METHOD(kernel_net_t, add_route, status_t, private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; - route_entry_t *found, route = { - .dst_net = dst_net, - .prefixlen = prefixlen, - .gateway = gateway, - .src_ip = src_ip, - .if_name = if_name, + route_entry_t *found; + route_entry_lookup_t lookup = { + .route = { + .dst_net = dst_net, + .prefixlen = prefixlen, + .gateway = gateway, + .src_ip = src_ip, + .if_name = if_name, + }, + .this = this, }; this->routes_lock->lock(this->routes_lock); - found = this->routes->get(this->routes, &route); + found = this->routes->get(this->routes, &lookup.route); if (found) { this->routes_lock->unlock(this->routes_lock); return ALREADY_DONE; } - status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, - dst_net, prefixlen, gateway, src_ip, if_name); + + /* don't replace the route if we already have one with a VIP installed, + * but keep track of it in case that other route is uninstalled */ + this->lock->read_lock(this->lock); + if (!is_known_vip(this, src_ip)) + { + found = this->routes->get_match(this->routes, &lookup, + (void*)route_with_vip); + } + this->lock->unlock(this->lock); + if (found) + { + status = SUCCESS; + } + else + { + status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE|NLM_F_REPLACE, + dst_net, prefixlen, gateway, src_ip, if_name); + } if (status == SUCCESS) { - found = route_entry_clone(&route); + found = route_entry_clone(&lookup.route); this->routes->put(this->routes, found, found); } this->routes_lock->unlock(this->routes_lock); @@ -2705,25 +2743,49 @@ METHOD(kernel_net_t, del_route, status_t, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; - route_entry_t *found, route = { - .dst_net = dst_net, - .prefixlen = prefixlen, - .gateway = gateway, - .src_ip = src_ip, - .if_name = if_name, + route_entry_t *found; + route_entry_lookup_t lookup = { + .route = { + .dst_net = dst_net, + .prefixlen = prefixlen, + .gateway = gateway, + .src_ip = src_ip, + .if_name = if_name, + }, + .this = this, }; this->routes_lock->lock(this->routes_lock); - found = this->routes->get(this->routes, &route); + found = this->routes->remove(this->routes, &lookup.route); if (!found) { this->routes_lock->unlock(this->routes_lock); return NOT_FOUND; } - this->routes->remove(this->routes, found); route_entry_destroy(found); - status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen, - gateway, src_ip, if_name); + + /* check if there are any other routes for the same destination and if + * so update the route, otherwise uninstall it */ + this->lock->read_lock(this->lock); + found = this->routes->get_match(this->routes, &lookup, + (void*)route_with_vip); + this->lock->unlock(this->lock); + if (!found) + { + found = this->routes->get_match(this->routes, &lookup, + (void*)route_with_dst); + } + if (found) + { + status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE|NLM_F_REPLACE, + found->dst_net, found->prefixlen, found->gateway, + found->src_ip, found->if_name); + } + else + { + status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen, + gateway, src_ip, if_name); + } this->routes_lock->unlock(this->routes_lock); return status; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h index ff9831d3c..862059c2b 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c index 58350028f..5ab8924f4 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h index 74c9ae24f..f3b4ad785 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index f3b5b1d4a..441c0c482 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -2,7 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h index b034326d7..7056e6ccc 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -32,7 +32,7 @@ /** * General purpose netlink buffer. * - * Some platforms require an enforced aligment to four bytes (e.g. ARM). + * Some platforms require an enforced alignment to four bytes (e.g. ARM). */ typedef union { struct nlmsghdr hdr; diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 79abe587a..80c484b47 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -219,6 +219,11 @@ struct private_kernel_pfkey_ipsec_t */ bool install_routes; + /** + * whether to install the route via internal interface + */ + bool route_via_internal; + /** * mutex to lock access to the PF_KEY socket */ @@ -2361,7 +2366,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ - if (is_virtual) + if (is_virtual || this->route_via_internal) { free(route->if_name); route->if_name = NULL; @@ -3164,6 +3169,9 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() .install_routes = lib->settings->get_bool(lib->settings, "%s.install_routes", TRUE, lib->ns), + .route_via_internal = lib->settings->get_bool(lib->settings, + "%s.plugins.kernel-pfkey.route_via_internal", + FALSE, lib->ns), ); if (streq(lib->ns, "starter")) diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h index 649f93733..f52337eb7 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c index d49fe2422..d860a7d12 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h index ecccc6303..dd43f78f3 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index e1f10e93f..0bbdb1bc3 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h index 10c3c9eb7..16638ddd4 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c index acd834ba3..b3852e57f 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h index 50642a572..6202a114f 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 28421c212..78be45f68 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -937,7 +937,6 @@ load_tester_config_t *load_tester_config_create() .leases = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 256), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), - .num = 1, .unique_port = UNIQUE_PORT_START, ); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.h b/src/libcharon/plugins/load_tester/load_tester_config.h index cfa4b1edc..f1cff7801 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.h +++ b/src/libcharon/plugins/load_tester/load_tester_config.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index 2cedd130e..29a2b83c8 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.h b/src/libcharon/plugins/load_tester/load_tester_creds.h index fb3541164..4007fcd6f 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.h +++ b/src/libcharon/plugins/load_tester/load_tester_creds.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c index e1c7c0e0b..65378993c 100644 --- a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c +++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h index 672157fb8..3be436944 100644 --- a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 4e20c8f3a..63ff92b10 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.h b/src/libcharon/plugins/load_tester/load_tester_ipsec.h index 1e1bff84a..ceb373757 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.h +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c index 068020ef7..e8763b90c 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.c +++ b/src/libcharon/plugins/load_tester/load_tester_listener.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h index eba4afcf1..8c8562894 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.h +++ b/src/libcharon/plugins/load_tester/load_tester_listener.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 6cf3a909c..961c10406 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.h b/src/libcharon/plugins/load_tester/load_tester_plugin.h index 15f2d1127..69e9764e7 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.h +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index f34990176..789c01bae 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_config.h b/src/libcharon/plugins/medcli/medcli_config.h index 36c20adf7..e946737de 100644 --- a/src/libcharon/plugins/medcli/medcli_config.h +++ b/src/libcharon/plugins/medcli/medcli_config.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c index 528fc004d..cde148e4f 100644 --- a/src/libcharon/plugins/medcli/medcli_creds.c +++ b/src/libcharon/plugins/medcli/medcli_creds.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h index ec17955a2..b4dec76d1 100644 --- a/src/libcharon/plugins/medcli/medcli_creds.h +++ b/src/libcharon/plugins/medcli/medcli_creds.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_listener.c b/src/libcharon/plugins/medcli/medcli_listener.c index ba6b3d9d6..789e1ab2d 100644 --- a/src/libcharon/plugins/medcli/medcli_listener.c +++ b/src/libcharon/plugins/medcli/medcli_listener.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h index 860dcdc60..96f9e61e5 100644 --- a/src/libcharon/plugins/medcli/medcli_listener.h +++ b/src/libcharon/plugins/medcli/medcli_listener.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c index e6a8a8981..87cacedb6 100644 --- a/src/libcharon/plugins/medcli/medcli_plugin.c +++ b/src/libcharon/plugins/medcli/medcli_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medcli/medcli_plugin.h b/src/libcharon/plugins/medcli/medcli_plugin.h index 44e7bb525..dd5a2ba0f 100644 --- a/src/libcharon/plugins/medcli/medcli_plugin.h +++ b/src/libcharon/plugins/medcli/medcli_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index be7f481b6..6068022b1 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h index 03a41a7ce..45b298050 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.h +++ b/src/libcharon/plugins/medsrv/medsrv_config.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c index 16d4bd7f3..5a0ae5928 100644 --- a/src/libcharon/plugins/medsrv/medsrv_creds.c +++ b/src/libcharon/plugins/medsrv/medsrv_creds.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h index 08ecaa3f2..f09e704f3 100644 --- a/src/libcharon/plugins/medsrv/medsrv_creds.h +++ b/src/libcharon/plugins/medsrv/medsrv_creds.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c index fcc8502f8..7e08d3b9c 100644 --- a/src/libcharon/plugins/medsrv/medsrv_plugin.c +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h index 179fa3b3a..eebda2768 100644 --- a/src/libcharon/plugins/medsrv/medsrv_plugin.h +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/p_cscf/p_cscf_handler.c b/src/libcharon/plugins/p_cscf/p_cscf_handler.c index cdf266054..2cfa95441 100644 --- a/src/libcharon/plugins/p_cscf/p_cscf_handler.c +++ b/src/libcharon/plugins/p_cscf/p_cscf_handler.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/p_cscf/p_cscf_handler.h b/src/libcharon/plugins/p_cscf/p_cscf_handler.h index ad4f1acce..ce03ba90f 100644 --- a/src/libcharon/plugins/p_cscf/p_cscf_handler.h +++ b/src/libcharon/plugins/p_cscf/p_cscf_handler.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/p_cscf/p_cscf_plugin.c b/src/libcharon/plugins/p_cscf/p_cscf_plugin.c index 8e2bc727e..a541d12a8 100644 --- a/src/libcharon/plugins/p_cscf/p_cscf_plugin.c +++ b/src/libcharon/plugins/p_cscf/p_cscf_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/p_cscf/p_cscf_plugin.h b/src/libcharon/plugins/p_cscf/p_cscf_plugin.h index 51b17674d..6ed076b61 100644 --- a/src/libcharon/plugins/p_cscf/p_cscf_plugin.h +++ b/src/libcharon/plugins/p_cscf/p_cscf_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/resolve/resolve_handler.h b/src/libcharon/plugins/resolve/resolve_handler.h index 77bf9781c..c2db84ff1 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.h +++ b/src/libcharon/plugins/resolve/resolve_handler.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/resolve/resolve_plugin.c b/src/libcharon/plugins/resolve/resolve_plugin.c index 193c5b602..f10ae7540 100644 --- a/src/libcharon/plugins/resolve/resolve_plugin.c +++ b/src/libcharon/plugins/resolve/resolve_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/resolve/resolve_plugin.h b/src/libcharon/plugins/resolve/resolve_plugin.h index 0148b10d7..e23bb3c2e 100644 --- a/src/libcharon/plugins/resolve/resolve_plugin.h +++ b/src/libcharon/plugins/resolve/resolve_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 56891b263..86296443d 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -415,7 +415,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, if (ike) { status = charon->controller->terminate_ike( - charon->controller, id, + charon->controller, id, FALSE, (controller_cb_t)xml_callback, writer, 0); } else diff --git a/src/libcharon/plugins/smp/smp.h b/src/libcharon/plugins/smp/smp.h index 74c85fb5f..f3916c8b9 100644 --- a/src/libcharon/plugins/smp/smp.h +++ b/src/libcharon/plugins/smp/smp.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c index e89b74279..09b8faa0a 100644 --- a/src/libcharon/plugins/socket_default/socket_default_plugin.c +++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 109b3fe9b..57e092968 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -3,7 +3,7 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c index fdc9a7cf9..c5825dcf1 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index ba92e10f2..f6ed615a7 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -3,7 +3,7 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 86728515f..bb1ba71db 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2006-2008 Martin Willi * Copyright (C) 2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_config.h b/src/libcharon/plugins/sql/sql_config.h index 700d00a97..e385ed88f 100644 --- a/src/libcharon/plugins/sql/sql_config.h +++ b/src/libcharon/plugins/sql/sql_config.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 9ba0bf1c9..02608d1dc 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_cred.h b/src/libcharon/plugins/sql/sql_cred.h index 7f387398e..697c981b2 100644 --- a/src/libcharon/plugins/sql/sql_cred.h +++ b/src/libcharon/plugins/sql/sql_cred.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c index 46a894028..3b8d84987 100644 --- a/src/libcharon/plugins/sql/sql_logger.c +++ b/src/libcharon/plugins/sql/sql_logger.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_logger.h b/src/libcharon/plugins/sql/sql_logger.h index 62dc3f361..a43d726a8 100644 --- a/src/libcharon/plugins/sql/sql_logger.h +++ b/src/libcharon/plugins/sql/sql_logger.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index c5dd6e8b3..ba6091c5e 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/sql/sql_plugin.h b/src/libcharon/plugins/sql/sql_plugin.h index c6f9ba905..175a0a16b 100644 --- a/src/libcharon/plugins/sql/sql_plugin.h +++ b/src/libcharon/plugins/sql/sql_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c index 7835031c2..fff6a438f 100644 --- a/src/libcharon/plugins/stroke/stroke_attribute.c +++ b/src/libcharon/plugins/stroke/stroke_attribute.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_attribute.h b/src/libcharon/plugins/stroke/stroke_attribute.h index f1b9d135b..8c0ca2f32 100644 --- a/src/libcharon/plugins/stroke/stroke_attribute.h +++ b/src/libcharon/plugins/stroke/stroke_attribute.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 4593e9bdc..0432ee573 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h index 2740006e2..064a7edec 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.h +++ b/src/libcharon/plugins/stroke/stroke_ca.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index ca22c7f82..8cdb5ef48 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_config.h b/src/libcharon/plugins/stroke/stroke_config.h index 894e03ce4..fe02c9ac4 100644 --- a/src/libcharon/plugins/stroke/stroke_config.h +++ b/src/libcharon/plugins/stroke/stroke_config.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index ee8306772..8d84b934e 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -316,7 +316,8 @@ static void charon_terminate(private_stroke_control_t *this, uint32_t id, else { status = charon->controller->terminate_ike(charon->controller, id, - (controller_cb_t)stroke_log, &info, this->timeout); + FALSE, (controller_cb_t)stroke_log, &info, + this->timeout); } report_terminate_status(this, status, out, id, child); } @@ -327,7 +328,7 @@ static void charon_terminate(private_stroke_control_t *this, uint32_t id, } else { - charon->controller->terminate_ike(charon->controller, id, + charon->controller->terminate_ike(charon->controller, id, FALSE, NULL, NULL, 0); } } @@ -588,47 +589,6 @@ METHOD(stroke_control_t, purge_ike, void, list->destroy(list); } -/** - * Find an existing CHILD_SA/reqid - */ -static uint32_t find_reqid(child_cfg_t *child_cfg) -{ - enumerator_t *enumerator, *children; - child_sa_t *child_sa; - ike_sa_t *ike_sa; - char *name; - uint32_t reqid; - - reqid = charon->traps->find_reqid(charon->traps, child_cfg); - if (reqid) - { /* already trapped */ - return reqid; - } - - name = child_cfg->get_name(child_cfg); - enumerator = charon->controller->create_ike_sa_enumerator( - charon->controller, TRUE); - while (enumerator->enumerate(enumerator, &ike_sa)) - { - children = ike_sa->create_child_sa_enumerator(ike_sa); - while (children->enumerate(children, (void**)&child_sa)) - { - if (streq(name, child_sa->get_name(child_sa))) - { - reqid = child_sa->get_reqid(child_sa); - break; - } - } - children->destroy(children); - if (reqid) - { - break; - } - } - enumerator->destroy(enumerator); - return reqid; -} - /** * call charon to install a shunt or trap */ @@ -636,7 +596,6 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, char *name, FILE *out) { ipsec_mode_t mode; - uint32_t reqid; mode = child_cfg->get_mode(child_cfg); if (mode == MODE_PASS || mode == MODE_DROP) @@ -655,8 +614,7 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, } else { - reqid = find_reqid(child_cfg); - if (charon->traps->install(charon->traps, peer_cfg, child_cfg, reqid)) + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) { fprintf(out, "'%s' routed\n", name); } @@ -730,46 +688,13 @@ METHOD(stroke_control_t, route, void, METHOD(stroke_control_t, unroute, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { - child_cfg_t *child_cfg; - child_sa_t *child_sa; - enumerator_t *enumerator; - char *ns, *found = NULL; - uint32_t id = 0; - - enumerator = charon->shunts->create_enumerator(charon->shunts); - while (enumerator->enumerate(enumerator, &ns, &child_cfg)) - { - if (ns && streq(msg->unroute.name, child_cfg->get_name(child_cfg))) - { - found = strdup(ns); - break; - } - } - enumerator->destroy(enumerator); - if (found && charon->shunts->uninstall(charon->shunts, found, - msg->unroute.name)) + if (charon->shunts->uninstall(charon->shunts, NULL, msg->unroute.name)) { - free(found); fprintf(out, "shunt policy '%s' uninstalled\n", msg->unroute.name); - return; - } - free(found); - - enumerator = charon->traps->create_enumerator(charon->traps); - while (enumerator->enumerate(enumerator, NULL, &child_sa)) - { - if (streq(msg->unroute.name, child_sa->get_name(child_sa))) - { - id = child_sa->get_reqid(child_sa); - break; - } } - enumerator->destroy(enumerator); - - if (id) + else if (charon->traps->uninstall(charon->traps, NULL, msg->unroute.name)) { - charon->traps->uninstall(charon->traps, id); - fprintf(out, "configuration '%s' unrouted\n", msg->unroute.name); + fprintf(out, "trap policy '%s' unrouted\n", msg->unroute.name); } else { diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h index 869aab3d3..78f1f7594 100644 --- a/src/libcharon/plugins/stroke/stroke_control.h +++ b/src/libcharon/plugins/stroke/stroke_control.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h index 33a0e3531..43801b206 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.h +++ b/src/libcharon/plugins/stroke/stroke_cred.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 2bed420be..d1bf139c2 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil diff --git a/src/libcharon/plugins/stroke/stroke_list.h b/src/libcharon/plugins/stroke/stroke_list.h index a0d2d18cc..bf96e9969 100644 --- a/src/libcharon/plugins/stroke/stroke_list.h +++ b/src/libcharon/plugins/stroke/stroke_list.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 0a34fb458..6249c73f2 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_plugin.h b/src/libcharon/plugins/stroke/stroke_plugin.h index 464979910..9068b691c 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.h +++ b/src/libcharon/plugins/stroke/stroke_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index c568440b7..1e7f210e9 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) } return FALSE; } + if (len < offsetof(stroke_msg_t, buffer)) + { + DBG1(DBG_CFG, "invalid stroke message length %d", len); + return FALSE; + } /* read message (we need an additional byte to terminate the buffer) */ msg = malloc(len + 1); diff --git a/src/libcharon/plugins/stroke/stroke_socket.h b/src/libcharon/plugins/stroke/stroke_socket.h index 2aac8be9b..881d4f4e5 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.h +++ b/src/libcharon/plugins/stroke/stroke_socket.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index dcd4ae348..5654fc51e 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -2,7 +2,7 @@ * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_config.h b/src/libcharon/plugins/uci/uci_config.h index 130f15d85..497c45357 100644 --- a/src/libcharon/plugins/uci/uci_config.h +++ b/src/libcharon/plugins/uci/uci_config.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c index a7d26e67d..b6cfda082 100644 --- a/src/libcharon/plugins/uci/uci_control.c +++ b/src/libcharon/plugins/uci/uci_control.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -180,7 +180,7 @@ static void terminate(private_uci_control_t *this, char *name) { id = ike_sa->get_unique_id(ike_sa); enumerator->destroy(enumerator); - charon->controller->terminate_ike(charon->controller, id, + charon->controller->terminate_ike(charon->controller, id, FALSE, controller_cb_empty, NULL, 0); write_fifo(this, "connection '%s' terminated\n", name); return; diff --git a/src/libcharon/plugins/uci/uci_control.h b/src/libcharon/plugins/uci/uci_control.h index 794220aa1..8e98b57f8 100644 --- a/src/libcharon/plugins/uci/uci_control.h +++ b/src/libcharon/plugins/uci/uci_control.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c index 404a3e39f..d73c94e0d 100644 --- a/src/libcharon/plugins/uci/uci_creds.c +++ b/src/libcharon/plugins/uci/uci_creds.c @@ -2,7 +2,7 @@ * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_creds.h b/src/libcharon/plugins/uci/uci_creds.h index a283ed9f5..597def002 100644 --- a/src/libcharon/plugins/uci/uci_creds.h +++ b/src/libcharon/plugins/uci/uci_creds.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c index 283d93928..9fef34dad 100644 --- a/src/libcharon/plugins/uci/uci_parser.c +++ b/src/libcharon/plugins/uci/uci_parser.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_parser.h b/src/libcharon/plugins/uci/uci_parser.h index 230c35e86..810690d72 100644 --- a/src/libcharon/plugins/uci/uci_parser.h +++ b/src/libcharon/plugins/uci/uci_parser.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c index cc0836b7a..daac4304c 100644 --- a/src/libcharon/plugins/uci/uci_plugin.c +++ b/src/libcharon/plugins/uci/uci_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Thomas Kallenberg - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/uci/uci_plugin.h b/src/libcharon/plugins/uci/uci_plugin.h index 980ab26fd..9c6e4397f 100644 --- a/src/libcharon/plugins/uci/uci_plugin.h +++ b/src/libcharon/plugins/uci/uci_plugin.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index 4a1478c6d..dcafb483b 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 227d24be8..05ae8d504 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index b6a55648e..b52ffeeb1 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libcharon/plugins/updown/updown_listener.h b/src/libcharon/plugins/updown/updown_listener.h index 2d9b56ade..a25b77283 100644 --- a/src/libcharon/plugins/updown/updown_listener.h +++ b/src/libcharon/plugins/updown/updown_listener.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c index 60ecfcce6..672b99c0f 100644 --- a/src/libcharon/plugins/updown/updown_plugin.c +++ b/src/libcharon/plugins/updown/updown_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/updown/updown_plugin.h b/src/libcharon/plugins/updown/updown_plugin.h index abcb953a0..27fe0e77b 100644 --- a/src/libcharon/plugins/updown/updown_plugin.h +++ b/src/libcharon/plugins/updown/updown_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 49cce379d..0038f0844 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -279,7 +279,9 @@ Terminates an SA while streaming _control-log_ events. ike = child-id = ike-id = - timeout = + force = + timeout = loglevel = } => { success = diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm index 6524bf76d..b0a7b6285 100644 --- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm @@ -22,12 +22,27 @@ sub send { sub receive { my $self = shift; my $packet_header; - my $data; - $self->{'Socket'}->recv($packet_header, 4); + $packet_header = $self->_recv_all(4); my $packet_len = unpack('N', $packet_header); - $self->{'Socket'}->recv($data, $packet_len); - return $data; + return $self->_recv_all($packet_len); +} + +sub _recv_all { + my ($self, $len) = @_; + my $data; + + while ($len) + { + my $buf; + unless (defined $self->{'Socket'}->recv($buf, $len)) + { + die "error reading from socket\n"; + } + $len -= length($buf); + $data .= $buf; + } + return $data; } 1; diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index 6d29988db..ff4e07d2d 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -476,8 +476,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@install-data-local: @RUBY_GEMS_INSTALL_FALSE@uninstall-local: +@RUBY_GEMS_INSTALL_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c index 73bba239b..1a4af9005 100644 --- a/src/libcharon/plugins/vici/suites/test_message.c +++ b/src/libcharon/plugins/vici/suites/test_message.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index ab765fa14..4d174253d 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -249,7 +249,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips) { end = chunk_clone(start); - /* mem_pool is currenty limited to 2^31 addresses, so 32-bit + /* mem_pool is currently limited to 2^31 addresses, so 32-bit * calculations should be sufficient. */ size = untoh32(start.ptr + start.len - sizeof(size)); htoun32(end.ptr + end.len - sizeof(size), size + pool->get_size(pool)); diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index e0e2955e2..f4e9e33ee 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -112,7 +112,7 @@ struct private_vici_config_t { rwlock_t *lock; /** - * Condvar used to snyc running actions + * Condvar used to sync running actions */ rwlock_condvar_t *condvar; @@ -533,7 +533,7 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " proposals = %#P", data->proposals); DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); - DBG2(DBG_CFG, " hw_offload = %u", has_opt(OPT_HW_OFFLOAD)); + DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload); DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96)); } @@ -892,14 +892,6 @@ CALLBACK(parse_opt_ipcomp, bool, return parse_option(out, OPT_IPCOMP, v); } -/** - * Parse OPT_HW_OFFLOAD option - */ -CALLBACK(parse_opt_hw_offl, bool, - child_cfg_option_t *out, chunk_t v) -{ - return parse_option(out, OPT_HW_OFFLOAD, v); -} /** * Parse OPT_SHA256_96 option @@ -943,6 +935,27 @@ CALLBACK(parse_action, bool, return FALSE; } +/** + * Parse an hw_offload_t + */ +CALLBACK(parse_hw_offload, bool, + action_t *out, chunk_t v) +{ + enum_map_t map[] = { + { "no", HW_OFFLOAD_NO }, + { "yes", HW_OFFLOAD_YES }, + { "auto", HW_OFFLOAD_AUTO }, + }; + int d; + + if (parse_map(map, countof(map), &d, v)) + { + *out = d; + return TRUE; + } + return FALSE; +} + /** * Parse a uint32_t with the given base */ @@ -1578,7 +1591,7 @@ CALLBACK(child_kv, bool, { "tfc_padding", parse_tfc, &child->cfg.tfc }, { "priority", parse_uint32, &child->cfg.priority }, { "interface", parse_string, &child->cfg.interface }, - { "hw_offload", parse_opt_hw_offl, &child->cfg.options }, + { "hw_offload", parse_hw_offload, &child->cfg.hw_offload }, { "sha256_96", parse_opt_sha256_96,&child->cfg.options }, }; @@ -1953,41 +1966,6 @@ CALLBACK(peer_sn, bool, return FALSE; } -/** - * Find reqid of an existing CHILD_SA - */ -static uint32_t find_reqid(child_cfg_t *cfg) -{ - enumerator_t *enumerator, *children; - child_sa_t *child_sa; - ike_sa_t *ike_sa; - uint32_t reqid; - - reqid = charon->traps->find_reqid(charon->traps, cfg); - if (reqid) - { /* already trapped */ - return reqid; - } - - enumerator = charon->controller->create_ike_sa_enumerator( - charon->controller, TRUE); - while (!reqid && enumerator->enumerate(enumerator, &ike_sa)) - { - children = ike_sa->create_child_sa_enumerator(ike_sa); - while (children->enumerate(children, &child_sa)) - { - if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa))) - { - reqid = child_sa->get_reqid(child_sa); - break; - } - } - children->destroy(children); - } - enumerator->destroy(enumerator); - return reqid; -} - /** * Perform start actions associated with a child config */ @@ -2012,8 +1990,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, peer_cfg->get_name(peer_cfg), child_cfg); break; default: - charon->traps->install(charon->traps, peer_cfg, child_cfg, - find_reqid(child_cfg)); + charon->traps->install(charon->traps, peer_cfg, child_cfg); break; } break; @@ -2030,7 +2007,6 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, { enumerator_t *enumerator, *children; child_sa_t *child_sa; - peer_cfg_t *peer_cfg; ike_sa_t *ike_sa; uint32_t id = 0, others; array_t *ids = NULL, *ikeids = NULL; @@ -2053,7 +2029,8 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, children = ike_sa->create_child_sa_enumerator(ike_sa); while (children->enumerate(children, &child_sa)) { - if (child_sa->get_state(child_sa) != CHILD_DELETING) + if (child_sa->get_state(child_sa) != CHILD_DELETING && + child_sa->get_state(child_sa) != CHILD_DELETED) { if (streq(name, child_sa->get_name(child_sa))) { @@ -2106,7 +2083,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, while (array_remove(ikeids, ARRAY_HEAD, &id)) { DBG1(DBG_CFG, "closing IKE_SA #%u", id); - charon->controller->terminate_ike(charon->controller, + charon->controller->terminate_ike(charon->controller, FALSE, id, NULL, NULL, 0); } array_destroy(ikeids); @@ -2121,22 +2098,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, charon->shunts->uninstall(charon->shunts, peer_name, name); break; default: - enumerator = charon->traps->create_enumerator(charon->traps); - while (enumerator->enumerate(enumerator, &peer_cfg, - &child_sa)) - { - if (streq(peer_name, peer_cfg->get_name(peer_cfg)) && - streq(name, child_sa->get_name(child_sa))) - { - id = child_sa->get_reqid(child_sa); - break; - } - } - enumerator->destroy(enumerator); - if (id) - { - charon->traps->uninstall(charon->traps, id); - } + charon->traps->uninstall(charon->traps, peer_name, name); break; } break; diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index afee649f7..ce19608dc 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -225,6 +225,7 @@ CALLBACK(terminate, vici_message_t*, enumerator_t *enumerator, *isas, *csas; char *child, *ike, *errmsg = NULL; u_int child_id, ike_id, current, *del, done = 0; + bool force; int timeout; ike_sa_t *ike_sa; child_sa_t *child_sa; @@ -240,6 +241,7 @@ CALLBACK(terminate, vici_message_t*, ike = request->get_str(request, NULL, "ike"); child_id = request->get_int(request, 0, "child-id"); ike_id = request->get_int(request, 0, "ike-id"); + force = request->get_bool(request, FALSE, "force"); timeout = request->get_int(request, 0, "timeout"); log.level = request->get_int(request, 1, "loglevel"); @@ -326,7 +328,7 @@ CALLBACK(terminate, vici_message_t*, } else { - if (charon->controller->terminate_ike(charon->controller, *del, + if (charon->controller->terminate_ike(charon->controller, *del, force, log_cb, &log, timeout) == SUCCESS) { done++; @@ -601,41 +603,6 @@ CALLBACK(redirect, vici_message_t*, return builder->finalize(builder); } -/** - * Find reqid of an existing CHILD_SA - */ -static uint32_t find_reqid(child_cfg_t *cfg) -{ - enumerator_t *enumerator, *children; - child_sa_t *child_sa; - ike_sa_t *ike_sa; - uint32_t reqid; - - reqid = charon->traps->find_reqid(charon->traps, cfg); - if (reqid) - { /* already trapped */ - return reqid; - } - - enumerator = charon->controller->create_ike_sa_enumerator( - charon->controller, TRUE); - while (!reqid && enumerator->enumerate(enumerator, &ike_sa)) - { - children = ike_sa->create_child_sa_enumerator(ike_sa); - while (children->enumerate(children, &child_sa)) - { - if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa))) - { - reqid = child_sa->get_reqid(child_sa); - break; - } - } - children->destroy(children); - } - enumerator->destroy(enumerator); - return reqid; -} - CALLBACK(install, vici_message_t*, private_vici_control_t *this, char *name, u_int id, vici_message_t *request) { @@ -666,8 +633,7 @@ CALLBACK(install, vici_message_t*, peer_cfg->get_name(peer_cfg), child_cfg); break; default: - ok = charon->traps->install(charon->traps, peer_cfg, child_cfg, - find_reqid(child_cfg)); + ok = charon->traps->install(charon->traps, peer_cfg, child_cfg); break; } peer_cfg->destroy(peer_cfg); @@ -679,12 +645,7 @@ CALLBACK(install, vici_message_t*, CALLBACK(uninstall, vici_message_t*, private_vici_control_t *this, char *name, u_int id, vici_message_t *request) { - peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg; - child_sa_t *child_sa; - enumerator_t *enumerator; - uint32_t reqid = 0; - char *child, *ike, *ns; + char *child, *ike; child = request->get_str(request, NULL, "child"); ike = request->get_str(request, NULL, "ike"); @@ -695,53 +656,13 @@ CALLBACK(uninstall, vici_message_t*, DBG1(DBG_CFG, "vici uninstall '%s'", child); - if (!ike) - { - enumerator = charon->shunts->create_enumerator(charon->shunts); - while (enumerator->enumerate(enumerator, &ns, &child_cfg)) - { - if (ns && streq(child, child_cfg->get_name(child_cfg))) - { - ike = strdup(ns); - break; - } - } - enumerator->destroy(enumerator); - if (ike) - { - if (charon->shunts->uninstall(charon->shunts, ike, child)) - { - free(ike); - return send_reply(this, NULL); - } - free(ike); - return send_reply(this, "uninstalling policy '%s' failed", child); - } - } - else if (charon->shunts->uninstall(charon->shunts, ike, child)) + if (charon->shunts->uninstall(charon->shunts, ike, child)) { return send_reply(this, NULL); } - - enumerator = charon->traps->create_enumerator(charon->traps); - while (enumerator->enumerate(enumerator, &peer_cfg, &child_sa)) + else if (charon->traps->uninstall(charon->traps, ike, child)) { - if ((!ike || streq(ike, peer_cfg->get_name(peer_cfg))) && - streq(child, child_sa->get_name(child_sa))) - { - reqid = child_sa->get_reqid(child_sa); - break; - } - } - enumerator->destroy(enumerator); - - if (reqid) - { - if (charon->traps->uninstall(charon->traps, reqid)) - { - return send_reply(this, NULL); - } - return send_reply(this, "uninstalling policy '%s' failed", child); + return send_reply(this, NULL); } return send_reply(this, "policy '%s' not found", child); } diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index 91d344994..13761f59d 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG diff --git a/src/libcharon/plugins/vici/vici_message.h b/src/libcharon/plugins/vici/vici_message.h index d47e7a0f9..1e1a2a463 100644 --- a/src/libcharon/plugins/vici/vici_message.h +++ b/src/libcharon/plugins/vici/vici_message.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c index e65d1a1fe..66422bab6 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic.c +++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.h b/src/libcharon/plugins/xauth_generic/xauth_generic.h index 52744d0a6..94aedf108 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic.h +++ b/src/libcharon/plugins/xauth_generic/xauth_generic.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c index a87084e20..e8303754b 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c +++ b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h index 426f806a7..ac1eac3e5 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h +++ b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c index 4b8ad8ecd..8d8f2fd5b 100644 --- a/src/libcharon/plugins/xauth_noauth/xauth_noauth.c +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h index 2ac358ee0..8719dcfeb 100644 --- a/src/libcharon/plugins/xauth_noauth/xauth_noauth.h +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c index e7ee4dfe3..63c8b6853 100644 --- a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h index d174ac29c..123d5a3f8 100644 --- a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index cd4a4ca89..c92c03f8f 100644 --- a/src/libcharon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h index 4d31f0569..d45f72b46 100644 --- a/src/libcharon/processing/jobs/acquire_job.h +++ b/src/libcharon/processing/jobs/acquire_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c index ff8e78b6b..998af0d3f 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.c +++ b/src/libcharon/processing/jobs/adopt_children_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index 53a170510..acc439ccd 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -64,7 +64,7 @@ METHOD(job_t, execute, job_requeue_t, } if (this->delete_if_established) { - if (ike_sa->delete(ike_sa) == DESTROY_ME) + if (ike_sa->delete(ike_sa, FALSE) == DESTROY_ME) { charon->ike_sa_manager->checkin_and_destroy( charon->ike_sa_manager, ike_sa); diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h index ae06b9cfc..d3241f9ff 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.h +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index bf16e51b5..7f0b29b6d 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -101,7 +101,7 @@ METHOD(job_t, execute, job_requeue_t, { DBG1(DBG_JOB, "deleting IKE_SA after %d seconds " "of CHILD_SA inactivity", this->timeout); - status = ike_sa->delete(ike_sa); + status = ike_sa->delete(ike_sa, FALSE); } else { diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h index 240782fa8..814d606f7 100644 --- a/src/libcharon/processing/jobs/inactivity_job.h +++ b/src/libcharon/processing/jobs/inactivity_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c index 1082eae0b..6a72499d3 100644 --- a/src/libcharon/processing/jobs/initiate_mediation_job.c +++ b/src/libcharon/processing/jobs/initiate_mediation_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h index d105de2b9..577bb62e0 100644 --- a/src/libcharon/processing/jobs/initiate_mediation_job.h +++ b/src/libcharon/processing/jobs/initiate_mediation_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c index 759aad003..d210da5d7 100644 --- a/src/libcharon/processing/jobs/mediation_job.c +++ b/src/libcharon/processing/jobs/mediation_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h index 6a1475102..c1e72cb08 100644 --- a/src/libcharon/processing/jobs/mediation_job.h +++ b/src/libcharon/processing/jobs/mediation_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 461ba11d1..574d715a7 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h index 140635bed..bf9146b55 100644 --- a/src/libcharon/processing/jobs/migrate_job.h +++ b/src/libcharon/processing/jobs/migrate_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index 31f048db6..c1ff9cb24 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h index 2c42aa577..6b6bdeb60 100644 --- a/src/libcharon/processing/jobs/process_message_job.h +++ b/src/libcharon/processing/jobs/process_message_job.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/redirect_job.c b/src/libcharon/processing/jobs/redirect_job.c index e1af662c9..5bc66b560 100644 --- a/src/libcharon/processing/jobs/redirect_job.c +++ b/src/libcharon/processing/jobs/redirect_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/redirect_job.h b/src/libcharon/processing/jobs/redirect_job.h index fe4b34ee9..ed44da65e 100644 --- a/src/libcharon/processing/jobs/redirect_job.h +++ b/src/libcharon/processing/jobs/redirect_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index d76f4f65b..aa21717fa 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h index 1c9d9b400..0d64260eb 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index 148db2f92..c9ea0be3f 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h index 3e3e13d00..c96aa5781 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index 4daa41868..c87442e5e 100644 --- a/src/libcharon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h index 595513cef..018e86805 100644 --- a/src/libcharon/processing/jobs/retransmit_job.h +++ b/src/libcharon/processing/jobs/retransmit_job.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/retry_initiate_job.c b/src/libcharon/processing/jobs/retry_initiate_job.c index 1cdc3058a..4715cf0a1 100644 --- a/src/libcharon/processing/jobs/retry_initiate_job.c +++ b/src/libcharon/processing/jobs/retry_initiate_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/retry_initiate_job.h b/src/libcharon/processing/jobs/retry_initiate_job.h index 29f79f23b..711746096 100644 --- a/src/libcharon/processing/jobs/retry_initiate_job.h +++ b/src/libcharon/processing/jobs/retry_initiate_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c index 0af4c6c39..27fb618df 100644 --- a/src/libcharon/processing/jobs/roam_job.c +++ b/src/libcharon/processing/jobs/roam_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h index acfb8bed8..6468557dc 100644 --- a/src/libcharon/processing/jobs/roam_job.h +++ b/src/libcharon/processing/jobs/roam_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c index d2f38b803..be9569f25 100644 --- a/src/libcharon/processing/jobs/send_dpd_job.c +++ b/src/libcharon/processing/jobs/send_dpd_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h index bd2728b9a..14c5380da 100644 --- a/src/libcharon/processing/jobs/send_dpd_job.h +++ b/src/libcharon/processing/jobs/send_dpd_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c index e06eae3d3..8a2e917b6 100644 --- a/src/libcharon/processing/jobs/send_keepalive_job.c +++ b/src/libcharon/processing/jobs/send_keepalive_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h index acf6d11aa..c88d981ba 100644 --- a/src/libcharon/processing/jobs/send_keepalive_job.h +++ b/src/libcharon/processing/jobs/send_keepalive_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c index 654ec6abe..3a0ed879f 100644 --- a/src/libcharon/processing/jobs/start_action_job.c +++ b/src/libcharon/processing/jobs/start_action_job.c @@ -75,7 +75,7 @@ METHOD(job_t, execute, job_requeue_t, else { charon->traps->install(charon->traps, peer_cfg, - child_cfg, 0); + child_cfg); } break; case ACTION_NONE: diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 3360b7dc5..dfb85f690 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h index 17beb68b6..fbb36f13c 100644 --- a/src/libcharon/processing/jobs/update_sa_job.h +++ b/src/libcharon/processing/jobs/update_sa_job.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c index 6c3681a2d..b77c19d00 100644 --- a/src/libcharon/sa/authenticator.c +++ b/src/libcharon/sa/authenticator.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h index 97c042e71..42d9ce32e 100644 --- a/src/libcharon/sa/authenticator.h +++ b/src/libcharon/sa/authenticator.h @@ -2,7 +2,7 @@ * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index a01ee9e4d..7eeb578f3 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -37,6 +37,7 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, "REKEYED", "RETRYING", "DELETING", + "DELETED", "DESTROYING", ); @@ -888,7 +889,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, .ipcomp = this->ipcomp, .cpi = cpi, .encap = this->encap, - .hw_offload = this->config->has_option(this->config, OPT_HW_OFFLOAD), + .hw_offload = this->config->get_hw_offload(this->config), .esn = esn, .initiator = initiator, .inbound = inbound, @@ -1060,16 +1061,17 @@ static status_t install_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, ipsec_sa_cfg_t *other_sa, policy_type_t type, - policy_priority_t priority, uint32_t manual_prio) + policy_priority_t priority, uint32_t manual_prio, bool outbound) { status_t status = SUCCESS; status |= install_policies_inbound(this, my_addr, other_addr, my_ts, - other_ts, my_sa, other_sa, type, - priority, manual_prio); - status |= install_policies_outbound(this, my_addr, other_addr, my_ts, - other_ts, my_sa, other_sa, type, - priority, manual_prio); + other_ts, my_sa, other_sa, type, priority, manual_prio); + if (outbound) + { + status |= install_policies_outbound(this, my_addr, other_addr, my_ts, + other_ts, my_sa, other_sa, type, priority, manual_prio); + } return status; } @@ -1153,12 +1155,15 @@ static void del_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, ipsec_sa_cfg_t *other_sa, policy_type_t type, - policy_priority_t priority, uint32_t manual_prio) + policy_priority_t priority, uint32_t manual_prio, bool outbound) { - del_policies_outbound(this, my_addr, other_addr, my_ts, other_ts, my_sa, - other_sa, type, priority, manual_prio); + if (outbound) + { + del_policies_outbound(this, my_addr, other_addr, my_ts, other_ts, my_sa, + other_sa, type, priority, manual_prio); + } del_policies_inbound(this, my_addr, other_addr, my_ts, other_ts, my_sa, - other_sa, type, priority, manual_prio); + other_sa, type, priority, manual_prio); } METHOD(child_sa_t, set_policies, void, @@ -1249,18 +1254,10 @@ METHOD(child_sa_t, install_policies, status_t, enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - status |= install_policies_inbound(this, this->my_addr, - this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, - priority, manual_prio); - - if (install_outbound) - { - status |= install_policies_outbound(this, this->my_addr, + status |= install_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, - priority, manual_prio); - } + &my_sa, &other_sa, POLICY_IPSEC, priority, + manual_prio, install_outbound); if (status != SUCCESS) { break; @@ -1463,7 +1460,7 @@ static status_t update_sas(private_child_sa_t *this, host_t *me, host_t *other, } /* update his (responder) SA */ - if (this->other_spi) + if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA)) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -1517,22 +1514,26 @@ METHOD(child_sa_t, update, status_t, traffic_selector_t *my_ts, *other_ts; uint32_t manual_prio; status_t state; + bool outbound; prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); + outbound = (this->outbound_state & CHILD_OUTBOUND_POLICIES); enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { /* install drop policy to avoid traffic leaks, acquires etc. */ - install_policies_outbound(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_DEFAULT, manual_prio); - + if (outbound) + { + install_policies_outbound(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_DEFAULT, manual_prio); + } /* remove old policies */ del_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT, manual_prio); + POLICY_PRIORITY_DEFAULT, manual_prio, outbound); } enumerator->destroy(enumerator); @@ -1548,8 +1549,8 @@ METHOD(child_sa_t, update, status_t, if (state == NOT_SUPPORTED) { install_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, manual_prio); + my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio, outbound); } else { @@ -1573,15 +1574,17 @@ METHOD(child_sa_t, update, status_t, /* reinstall updated policies */ install_policies_internal(this, me, other, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT, manual_prio); + &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio, outbound); } /* remove the drop policy */ - del_policies_outbound(this, this->my_addr, this->other_addr, - old_my_ts ?: my_ts, - old_other_ts ?: other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_DEFAULT, 0); + if (outbound) + { + del_policies_outbound(this, this->my_addr, this->other_addr, + old_my_ts ?: my_ts, old_other_ts ?: other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_DEFAULT, 0); + } DESTROY_IF(old_my_ts); DESTROY_IF(old_other_ts); @@ -1651,16 +1654,9 @@ METHOD(child_sa_t, destroy, void, enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - if (del_outbound) - { - del_policies_outbound(this, this->my_addr, - this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, - priority, manual_prio); - } - del_policies_inbound(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_IPSEC, priority, manual_prio); + del_policies_internal(this, this->my_addr, + this->other_addr, my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, priority, manual_prio, del_outbound); } enumerator->destroy(enumerator); } @@ -1754,7 +1750,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) * Described in header. */ child_sa_t * child_sa_create(host_t *me, host_t* other, - child_cfg_t *config, uint32_t rekey, bool encap, + child_cfg_t *config, uint32_t reqid, bool encap, u_int mark_in, u_int mark_out) { private_child_sa_t *this; @@ -1865,21 +1861,15 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, if (!this->reqid) { - /* reuse old reqid if we are rekeying an existing CHILD_SA. While the - * reqid cache would find the same reqid for our selectors, this does - * not work in a special case: If an SA is triggered by a trap policy, - * but the negotiated SA gets narrowed, we still must reuse the same - * reqid to successfully "trigger" the SA on the kernel level. Rekeying - * such an SA requires an explicit reqid, as the cache currently knows - * the original selectors only for that reqid. */ - if (rekey) - { - this->reqid = rekey; - } - else - { - this->reqid = charon->traps->find_reqid(charon->traps, config); - } + /* reuse old reqid if we are rekeying an existing CHILD_SA and when + * initiating a trap policy. While the reqid cache would find the same + * reqid for our selectors, this does not work in a special case: If an + * SA is triggered by a trap policy, but the negotiated TS get + * narrowed, we still must reuse the same reqid to successfully + * replace the temporary SA on the kernel level. Rekeying such an SA + * requires an explicit reqid, as the cache currently knows the original + * selectors only for that reqid. */ + this->reqid = reqid; } else { diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index 49175ca01..183033f46 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -83,6 +83,11 @@ enum child_sa_state_t { */ CHILD_DELETING, + /** + * CHILD_SA has been deleted, but not yet destroyed + */ + CHILD_DELETED, + /** * CHILD_SA object gets destroyed */ diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c index b2a57ccfb..2a9e0d06d 100644 --- a/src/libcharon/sa/eap/eap_manager.c +++ b/src/libcharon/sa/eap/eap_manager.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h index 391c906e9..73aa76329 100644 --- a/src/libcharon/sa/eap/eap_manager.h +++ b/src/libcharon/sa/eap/eap_manager.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/eap/eap_method.c b/src/libcharon/sa/eap/eap_method.c index 9ce6ecf00..0a3c454e1 100644 --- a/src/libcharon/sa/eap/eap_method.c +++ b/src/libcharon/sa/eap/eap_method.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h index 840779727..34041e347 100644 --- a/src/libcharon/sa/eap/eap_method.h +++ b/src/libcharon/sa/eap/eap_method.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index e1f4ec95a..f39fed6f0 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2017 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -1053,17 +1053,19 @@ METHOD(ike_sa_t, has_mapping_changed, bool, METHOD(ike_sa_t, float_ports, void, private_ike_sa_t *this) { - /* do not switch if we have a custom port from MOBIKE/NAT */ + /* even if the remote port is not 500 (e.g. because the response was natted) + * we switch the remote port if we used port 500 */ + if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT || + this->my_host->get_port(this->my_host) == IKEV2_UDP_PORT) + { + this->other_host->set_port(this->other_host, IKEV2_NATT_PORT); + } if (this->my_host->get_port(this->my_host) == charon->socket->get_port(charon->socket, FALSE)) { this->my_host->set_port(this->my_host, charon->socket->get_port(charon->socket, TRUE)); } - if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT) - { - this->other_host->set_port(this->other_host, IKEV2_NATT_PORT); - } } METHOD(ike_sa_t, update_hosts, void, @@ -1791,8 +1793,10 @@ METHOD(ike_sa_t, destroy_child_sa, status_t, } METHOD(ike_sa_t, delete_, status_t, - private_ike_sa_t *this) + private_ike_sa_t *this, bool force) { + status_t status = DESTROY_ME; + switch (this->state) { case IKE_ESTABLISHED: @@ -1804,19 +1808,38 @@ METHOD(ike_sa_t, delete_, status_t, charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED); } this->task_manager->queue_ike_delete(this->task_manager); - return this->task_manager->initiate(this->task_manager); + status = this->task_manager->initiate(this->task_manager); + break; case IKE_CREATED: DBG1(DBG_IKE, "deleting unestablished IKE_SA"); break; case IKE_PASSIVE: break; default: - DBG1(DBG_IKE, "destroying IKE_SA in state %N " - "without notification", ike_sa_state_names, this->state); - charon->bus->ike_updown(charon->bus, &this->public, FALSE); + DBG1(DBG_IKE, "destroying IKE_SA in state %N without notification", + ike_sa_state_names, this->state); + force = TRUE; break; } - return DESTROY_ME; + + if (force) + { + status = DESTROY_ME; + + if (this->version == IKEV2) + { /* for IKEv1 we trigger this in the ISAKMP delete task */ + switch (this->state) + { + case IKE_ESTABLISHED: + case IKE_REKEYING: + case IKE_DELETING: + charon->bus->ike_updown(charon->bus, &this->public, FALSE); + default: + break; + } + } + } + return status; } METHOD(ike_sa_t, rekey, status_t, @@ -1926,23 +1949,18 @@ static status_t reestablish_children(private_ike_sa_t *this, ike_sa_t *new, enumerator = create_child_sa_enumerator(this); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { + switch (child_sa->get_state(child_sa)) + { + case CHILD_REKEYED: + case CHILD_DELETED: + /* ignore CHILD_SAs in these states */ + continue; + default: + break; + } if (force) { - switch (child_sa->get_state(child_sa)) - { - case CHILD_ROUTED: - { /* move routed child directly */ - remove_child_sa(this, enumerator); - new->add_child_sa(new, child_sa); - action = ACTION_NONE; - break; - } - default: - { /* initiate/queue all other CHILD_SAs */ - action = ACTION_RESTART; - break; - } - } + action = ACTION_RESTART; } else { /* only restart CHILD_SAs that are configured accordingly */ @@ -2020,6 +2038,15 @@ METHOD(ike_sa_t, reestablish, status_t, enumerator = array_create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { + switch (child_sa->get_state(child_sa)) + { + case CHILD_REKEYED: + case CHILD_DELETED: + /* ignore CHILD_SAs in these states */ + continue; + default: + break; + } if (this->state == IKE_DELETING) { action = child_sa->get_close_action(child_sa); @@ -2035,8 +2062,7 @@ METHOD(ike_sa_t, reestablish, status_t, break; case ACTION_ROUTE: charon->traps->install(charon->traps, this->peer_cfg, - child_sa->get_config(child_sa), - child_sa->get_reqid(child_sa)); + child_sa->get_config(child_sa)); break; default: break; @@ -2348,6 +2374,31 @@ METHOD(ike_sa_t, retransmit, status_t, return this->task_manager->initiate(this->task_manager); } DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding"); + + if (this->version == IKEV1 && array_count(this->child_sas)) + { + enumerator_t *enumerator; + child_sa_t *child_sa; + + /* if reauthenticating an IKEv1 SA failed (assumed for an SA + * in this state with CHILD_SAs), try again from scratch */ + DBG1(DBG_IKE, "reauthentication failed, trying to " + "reestablish IKE_SA"); + reestablish(this); + /* trigger down events for the CHILD_SAs, as no down event + * is triggered below for IKE SAs in this state */ + enumerator = array_create_enumerator(this->child_sas); + while (enumerator->enumerate(enumerator, &child_sa)) + { + if (child_sa->get_state(child_sa) != CHILD_REKEYED && + child_sa->get_state(child_sa) != CHILD_DELETED) + { + charon->bus->child_updown(charon->bus, child_sa, + FALSE); + } + } + enumerator->destroy(enumerator); + } break; } case IKE_DELETING: @@ -2552,10 +2603,15 @@ METHOD(ike_sa_t, roam, status_t, * without config assigned */ return SUCCESS; } + if (this->version == IKEV1) + { /* ignore roam events for IKEv1 where we don't have MOBIKE and would + * have to reestablish from scratch (reauth is not enough) */ + return SUCCESS; + } /* ignore roam events if MOBIKE is not supported/enabled and the local * address is statically configured */ - if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) && + if (!supports_extension(this, EXT_MOBIKE) && ike_cfg_has_address(this->ike_cfg, this->my_host, TRUE)) { DBG2(DBG_IKE, "keeping statically configured path %H - %H", diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index b4fbc56d7..316b713ee 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2017 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -776,15 +776,18 @@ struct ike_sa_t { * * Sends a delete message to the remote peer and waits for * its response. If the response comes in, or a timeout occurs, - * the IKE SA gets deleted. + * the IKE SA gets destroyed, unless force is TRUE then the IKE_SA is + * destroyed immediately without waiting for a response. * + * @param force whether to immediately destroy the IKE_SA afterwards + * without waiting for a response * @return * - SUCCESS if deletion is initialized - * - DESTROY_ME, if the IKE_SA is not in - * an established state and can not be - * deleted (but destroyed). + * - DESTROY_ME, if destroying is forced, or the IKE_SA + * is not in an established state and can not be + * deleted (but destroyed) */ - status_t (*delete) (ike_sa_t *this); + status_t (*delete) (ike_sa_t *this, bool force); /** * Update IKE_SAs after network interfaces have changed. diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c index b4e66ed73..515b3cfd3 100644 --- a/src/libcharon/sa/ike_sa_id.c +++ b/src/libcharon/sa/ike_sa_id.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h index b3a9ef61f..266b62380 100644 --- a/src/libcharon/sa/ike_sa_id.h +++ b/src/libcharon/sa/ike_sa_id.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 101d98678..2a499db40 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -2021,7 +2021,7 @@ static status_t enforce_replace(private_ike_sa_manager_t *this, } DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer '%Y' due to " "uniqueness policy", other); - return duplicate->delete(duplicate); + return duplicate->delete(duplicate, FALSE); } METHOD(ike_sa_manager_t, check_uniqueness, bool, @@ -2266,20 +2266,7 @@ METHOD(ike_sa_manager_t, flush, void, while (enumerator->enumerate(enumerator, &entry, &segment)) { charon->bus->set_sa(charon->bus, entry->ike_sa); - if (entry->ike_sa->get_version(entry->ike_sa) == IKEV2) - { /* as the delete never gets processed, fire down events */ - switch (entry->ike_sa->get_state(entry->ike_sa)) - { - case IKE_ESTABLISHED: - case IKE_REKEYING: - case IKE_DELETING: - charon->bus->ike_updown(charon->bus, entry->ike_sa, FALSE); - break; - default: - break; - } - } - entry->ike_sa->delete(entry->ike_sa); + entry->ike_sa->delete(entry->ike_sa, TRUE); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c index 41be15a08..9e5833efc 100644 --- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c @@ -18,6 +18,7 @@ #include #include #include +#include typedef struct private_pubkey_v1_authenticator_t private_pubkey_v1_authenticator_t; @@ -130,6 +131,29 @@ METHOD(authenticator_t, build, status_t, return status; } +/** + * Check if the end-entity certificate, if any, is compliant with RFC 4945 + */ +static bool is_compliant_cert(auth_cfg_t *auth) +{ + certificate_t *cert; + x509_t *x509; + + cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); + if (!cert || cert->get_type(cert) != CERT_X509) + { + return TRUE; + } + x509 = (x509_t*)cert; + if (x509->get_flags(x509) & X509_IKE_COMPLIANT) + { + return TRUE; + } + DBG1(DBG_IKE, "rejecting certificate without digitalSignature or " + "nonRepudiation keyUsage flags"); + return FALSE; +} + METHOD(authenticator_t, process, status_t, private_pubkey_v1_authenticator_t *this, message_t *message) { @@ -176,7 +200,8 @@ METHOD(authenticator_t, process, status_t, id, auth, TRUE); while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { - if (public->verify(public, scheme, NULL, hash, sig)) + if (public->verify(public, scheme, NULL, hash, sig) && + is_compliant_cert(current_auth)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id, signature_scheme_names, scheme); diff --git a/src/libcharon/sa/ikev1/iv_manager.c b/src/libcharon/sa/ikev1/iv_manager.c index 2a6e5c04f..c48a0deb1 100644 --- a/src/libcharon/sa/ikev1/iv_manager.c +++ b/src/libcharon/sa/ikev1/iv_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/iv_manager.h b/src/libcharon/sa/ikev1/iv_manager.h index c5273fed9..cae4f3508 100644 --- a/src/libcharon/sa/ikev1/iv_manager.h +++ b/src/libcharon/sa/ikev1/iv_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 673a7a131..1de05b4ec 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h index ada5bdb04..269816a59 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.h +++ b/src/libcharon/sa/ikev1/keymat_v1.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 9b5f676a3..82d647a6c 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index df0293d4f..e4379cabf 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index d17948cd0..81e63740e 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -2,7 +2,7 @@ * Copyright (C) 2006-2011 Tobias Brunner, * Copyright (C) 2006-2007 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.h b/src/libcharon/sa/ikev1/tasks/isakmp_natd.h index 63947fc73..aec8f85bf 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.h +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index dc86fc504..6a296f221 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2013 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 4c16adba3..1f764e547 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index 66ef50811..0191a45a8 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -135,6 +135,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, my_ts->destroy(my_ts); other_ts->destroy(other_ts); + child_sa->set_state(child_sa, CHILD_DELETED); if (!rekeyed) { charon->bus->child_updown(charon->bus, child_sa, FALSE); @@ -154,7 +155,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, case ACTION_ROUTE: charon->traps->install(charon->traps, this->ike_sa->get_peer_cfg(this->ike_sa), - child_cfg, child_sa->get_reqid(child_sa)); + child_cfg); break; default: break; diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 77592e59a..5e5b61e7f 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG @@ -1005,14 +1005,25 @@ static bool has_notify_errors(private_quick_mode_t *this, message_t *message) /** * Check if this is a rekey for an existing CHILD_SA, reuse reqid if so */ -static void check_for_rekeyed_child(private_quick_mode_t *this) +static void check_for_rekeyed_child(private_quick_mode_t *this, bool responder) { enumerator_t *enumerator, *policies; - traffic_selector_t *local, *remote; + traffic_selector_t *local, *remote, *my_ts, *other_ts; child_sa_t *child_sa; proposal_t *proposal; char *name; + if (responder) + { + my_ts = this->tsr; + other_ts = this->tsi; + } + else + { + my_ts = this->tsi; + other_ts = this->tsr; + } + name = this->config->get_name(this->config); enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (this->reqid == 0 && enumerator->enumerate(enumerator, &child_sa)) @@ -1026,8 +1037,8 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) case CHILD_REKEYING: policies = child_sa->create_policy_enumerator(child_sa); if (policies->enumerate(policies, &local, &remote) && - local->equals(local, this->tsr) && - remote->equals(remote, this->tsi) && + local->equals(local, my_ts) && + remote->equals(remote, other_ts) && this->proposal->equals(this->proposal, proposal)) { this->reqid = child_sa->get_reqid(child_sa); @@ -1165,7 +1176,7 @@ METHOD(task_t, process_r, status_t, } } - check_for_rekeyed_child(this); + check_for_rekeyed_child(this, TRUE); this->child_sa = child_sa_create( this->ike_sa->get_my_host(this->ike_sa), @@ -1366,6 +1377,7 @@ METHOD(task_t, process_i, status_t, { return send_notify(this, INVALID_PAYLOAD_TYPE); } + check_for_rekeyed_child(this, FALSE); if (!install(this)) { return send_notify(this, NO_PROPOSAL_CHOSEN); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h index fe684568a..0d4c5b47c 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.h +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index 3ab59fada..bcf262725 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h index d81ebd562..859a21431 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c index 535581068..c1decb130 100644 --- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h index 91c534145..7ae86b664 100644 --- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h +++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 65baf8771..652b837fe 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -23,6 +23,7 @@ #include #include #include +#include typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t; @@ -164,7 +165,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, signature_scheme_t schemes[] = { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_256, - }, contained; + }; bool found; int i, j; @@ -174,8 +175,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, found = FALSE; for (j = 0; j < array_count(selected); j++) { - array_get(selected, j, &contained); - if (scheme == contained) + array_get(selected, j, &config); + if (scheme == config->scheme) { found = TRUE; break; @@ -414,6 +415,29 @@ METHOD(authenticator_t, build, status_t, return status; } +/** + * Check if the end-entity certificate, if any, is compliant with RFC 4945 + */ +static bool is_compliant_cert(auth_cfg_t *auth) +{ + certificate_t *cert; + x509_t *x509; + + cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); + if (!cert || cert->get_type(cert) != CERT_X509) + { + return TRUE; + } + x509 = (x509_t*)cert; + if (x509->get_flags(x509) & X509_IKE_COMPLIANT) + { + return TRUE; + } + DBG1(DBG_IKE, "rejecting certificate without digitalSignature or " + "nonRepudiation keyUsage flags"); + return FALSE; +} + METHOD(authenticator_t, process, status_t, private_pubkey_authenticator_t *this, message_t *message) { @@ -479,7 +503,8 @@ METHOD(authenticator_t, process, status_t, while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { if (public->verify(public, params->scheme, params->params, octets, - auth_data)) + auth_data) && + is_compliant_cert(current_auth)) { if (auth_method != AUTH_DS) { diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h index 82bfea23b..c98e97eb9 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index 35856788c..ba602fc4a 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/connect_manager.h b/src/libcharon/sa/ikev2/connect_manager.h index e667e1f70..bac261b35 100644 --- a/src/libcharon/sa/ikev2/connect_manager.h +++ b/src/libcharon/sa/ikev2/connect_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 0c41c68d0..f8b23b66e 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; - chunk_t spi_i, spi_r; + chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; + chunk_t prf_plus_seed, spi_i, spi_r; prf_plus_t *prf_plus = NULL; uint16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h index 084ed40f0..5dc9cda38 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.h +++ b/src/libcharon/sa/ikev2/keymat_v2.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/mediation_manager.c b/src/libcharon/sa/ikev2/mediation_manager.c index bf5b2f4b3..ffb566591 100644 --- a/src/libcharon/sa/ikev2/mediation_manager.c +++ b/src/libcharon/sa/ikev2/mediation_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/mediation_manager.h b/src/libcharon/sa/ikev2/mediation_manager.h index 5212bdb86..640b55eee 100644 --- a/src/libcharon/sa/ikev2/mediation_manager.h +++ b/src/libcharon/sa/ikev2/mediation_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index 5c0ec49f0..fff567233 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1794,9 +1794,25 @@ static void trigger_mbb_reauth(private_task_manager_t *this) enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (enumerator->enumerate(enumerator, &child_sa)) { + child_create_t *child_create; + + switch (child_sa->get_state(child_sa)) + { + case CHILD_REKEYED: + case CHILD_DELETED: + /* ignore CHILD_SAs in these states */ + continue; + default: + break; + } cfg = child_sa->get_config(child_sa); - new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg), - FALSE, NULL, NULL)->task); + child_create = child_create_create(new, cfg->get_ref(cfg), + FALSE, NULL, NULL); + child_create->use_reqid(child_create, child_sa->get_reqid(child_sa)); + child_create->use_marks(child_create, + child_sa->get_mark(child_sa, TRUE).value, + child_sa->get_mark(child_sa, FALSE).value); + new->queue_task(new, &child_create->task); children = TRUE; } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 85dac6d59..c90af23b9 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -277,13 +277,11 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host) } /** - * Allocate SPIs and update proposals, we also promote the selected DH group + * Allocate local SPI */ static bool allocate_spi(private_child_create_t *this) { - enumerator_t *enumerator; proposal_t *proposal; - linked_list_t *other_dh_groups; if (this->initiator) { @@ -301,41 +299,51 @@ static bool allocate_spi(private_child_create_t *this) this->proto = this->proposal->get_protocol(this->proposal); } this->my_spi = this->child_sa->alloc_spi(this->child_sa, this->proto); - if (this->my_spi) + return this->my_spi != 0; +} + +/** + * Update the proposals with the allocated SPIs as initiator and check the DH + * group and promote it if necessary + */ +static bool update_and_check_proposals(private_child_create_t *this) +{ + enumerator_t *enumerator; + proposal_t *proposal; + linked_list_t *other_dh_groups; + bool found = FALSE; + + other_dh_groups = linked_list_create(); + enumerator = this->proposals->create_enumerator(this->proposals); + while (enumerator->enumerate(enumerator, &proposal)) { - if (this->initiator) - { - other_dh_groups = linked_list_create(); - enumerator = this->proposals->create_enumerator(this->proposals); - while (enumerator->enumerate(enumerator, &proposal)) + proposal->set_spi(proposal, this->my_spi); + + /* move the selected DH group to the front, if any */ + if (this->dh_group != MODP_NONE) + { /* proposals that don't contain the selected group are + * moved to the back */ + if (!proposal->promote_dh_group(proposal, this->dh_group)) { - proposal->set_spi(proposal, this->my_spi); - - /* move the selected DH group to the front, if any */ - if (this->dh_group != MODP_NONE && - !proposal->promote_dh_group(proposal, this->dh_group)) - { /* proposals that don't contain the selected group are - * moved to the back */ - this->proposals->remove_at(this->proposals, enumerator); - other_dh_groups->insert_last(other_dh_groups, proposal); - } + this->proposals->remove_at(this->proposals, enumerator); + other_dh_groups->insert_last(other_dh_groups, proposal); } - enumerator->destroy(enumerator); - enumerator = other_dh_groups->create_enumerator(other_dh_groups); - while (enumerator->enumerate(enumerator, (void**)&proposal)) - { /* no need to remove from the list as we destroy it anyway*/ - this->proposals->insert_last(this->proposals, proposal); + else + { + found = TRUE; } - enumerator->destroy(enumerator); - other_dh_groups->destroy(other_dh_groups); - } - else - { - this->proposal->set_spi(this->proposal, this->my_spi); } - return TRUE; } - return FALSE; + enumerator->destroy(enumerator); + enumerator = other_dh_groups->create_enumerator(other_dh_groups); + while (enumerator->enumerate(enumerator, (void**)&proposal)) + { /* no need to remove from the list as we destroy it anyway*/ + this->proposals->insert_last(this->proposals, proposal); + } + enumerator->destroy(enumerator); + other_dh_groups->destroy(other_dh_groups); + + return this->dh_group == MODP_NONE || found; } /** @@ -532,10 +540,15 @@ static status_t select_and_install(private_child_create_t *this, } this->other_spi = this->proposal->get_spi(this->proposal); - if (!this->initiator && !allocate_spi(this)) - { /* responder has no SPI allocated yet */ - DBG1(DBG_IKE, "allocating SPI failed"); - return FAILED; + if (!this->initiator) + { + if (!allocate_spi(this)) + { + /* responder has no SPI allocated yet */ + DBG1(DBG_IKE, "allocating SPI failed"); + return FAILED; + } + this->proposal->set_spi(this->proposal, this->my_spi); } this->child_sa->set_proposal(this->child_sa, this->proposal); @@ -981,7 +994,12 @@ static void process_payloads(private_child_create_t *this, message_t *message) this->dh = this->keymat->keymat.create_dh( &this->keymat->keymat, this->dh_group); } - if (this->dh) + else if (this->dh) + { + this->dh_failed = this->dh->get_dh_group(this->dh) != + ke_payload->get_dh_group_number(ke_payload); + } + if (this->dh && !this->dh_failed) { this->dh_failed = !this->dh->set_other_public_value(this->dh, ke_payload->get_key_exchange_data(ke_payload)); @@ -1111,6 +1129,14 @@ METHOD(task_t, build_i, status_t, return FAILED; } + if (!update_and_check_proposals(this)) + { + DBG1(DBG_IKE, "requested DH group %N not contained in any of our " + "proposals", + diffie_hellman_group_names, this->dh_group); + return FAILED; + } + if (this->dh_group != MODP_NONE) { this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, @@ -1544,6 +1570,15 @@ METHOD(task_t, process_i, status_t, memcpy(&group, data.ptr, data.len); group = ntohs(group); } + if (this->retry) + { + DBG1(DBG_IKE, "already retried with DH group %N, ignore" + "requested %N", diffie_hellman_group_names, + this->dh_group, diffie_hellman_group_names, group); + handle_child_sa_failure(this, message); + /* an error in CHILD_SA creation is not critical */ + return SUCCESS; + } DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, this->dh_group, diffie_hellman_group_names, group); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 164f8fc03..6c8b29018 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -265,6 +265,8 @@ static void process_payloads(private_child_delete_t *this, message_t *message) case CHILD_REKEYED: entry->rekeyed = TRUE; break; + case CHILD_DELETED: + /* already deleted but not yet destroyed, ignore */ case CHILD_DELETING: /* we don't send back a delete if we already initiated * a delete ourself */ @@ -324,6 +326,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) while (enumerator->enumerate(enumerator, (void**)&entry)) { child_sa = entry->child_sa; + child_sa->set_state(child_sa, CHILD_DELETED); /* signal child down event if we weren't rekeying */ protocol = child_sa->get_protocol(child_sa); if (!entry->rekeyed) @@ -374,8 +377,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) break; case ACTION_ROUTE: charon->traps->install(charon->traps, - this->ike_sa->get_peer_cfg(this->ike_sa), child_cfg, - reqid); + this->ike_sa->get_peer_cfg(this->ike_sa), + child_cfg); break; default: break; @@ -456,7 +459,7 @@ METHOD(task_t, build_i, status_t, this->spi = child_sa->get_spi(child_sa, TRUE); } - if (child_sa->get_state(child_sa) == CHILD_DELETING) + if (child_sa->get_state(child_sa) == CHILD_DELETED) { /* DELETEs for this CHILD_SA were already exchanged, but it was not yet * destroyed to allow delayed packets to get processed */ this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h index 1e9b2d2f7..6b0006e6e 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.h +++ b/src/libcharon/sa/ikev2/tasks/child_delete.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index f90056658..d5188c0bc 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -145,8 +145,7 @@ static void find_child(private_child_rekey_t *this, message_t *message) child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE); if (child_sa && - child_sa->get_state(child_sa) == CHILD_DELETING && - child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE) + child_sa->get_state(child_sa) == CHILD_DELETED) { /* ignore rekeyed CHILD_SAs we keep around */ return; } @@ -213,7 +212,8 @@ METHOD(task_t, build_i, status_t, message) != NEED_MORE) { schedule_delayed_rekey(this); - return FAILED; + message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED); + return SUCCESS; } if (message->get_exchange_type(message) == CREATE_CHILD_SA) { diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index aeaa701c9..6b63197d5 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.h b/src/libcharon/sa/ikev2/tasks/ike_auth.h index ca864a710..c9e42ff54 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.h +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c index 47b0a3ed1..495a353c5 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h index 4d5087ff5..f6862ca27 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h +++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c index 5a9e08de2..68af6e35b 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h index 34606b1e8..fb1614b43 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c index ca17494de..284e59bb1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h index c1f8635ce..8542497bc 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c index 6c42b81a6..4a8acb97e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.c +++ b/src/libcharon/sa/ikev2/tasks/ike_config.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2007 Martin Willi * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.h b/src/libcharon/sa/ikev2/tasks/ike_config.h index e35457645..9bf666c81 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.h +++ b/src/libcharon/sa/ikev2/tasks/ike_config.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.h b/src/libcharon/sa/ikev2/tasks/ike_delete.h index 2d5d7cb3a..5d571f769 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_delete.h +++ b/src/libcharon/sa/ikev2/tasks/ike_delete.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.c b/src/libcharon/sa/ikev2/tasks/ike_dpd.c index 7a33f7938..d025a046d 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_dpd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.h b/src/libcharon/sa/ikev2/tasks/ike_dpd.h index 026871610..7b30bdc9c 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_dpd.h +++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.h b/src/libcharon/sa/ikev2/tasks/ike_init.h index ab169954d..d40d447c1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.h +++ b/src/libcharon/sa/ikev2/tasks/ike_init.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c index f077ccfb5..8023da1fc 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.c +++ b/src/libcharon/sa/ikev2/tasks/ike_me.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.h b/src/libcharon/sa/ikev2/tasks/ike_me.h index 44a4ce69c..9e5405b61 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.h +++ b/src/libcharon/sa/ikev2/tasks/ike_me.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h index bb2318c9c..288b87178 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -63,7 +63,7 @@ struct ike_mobike_t { void (*dpd)(ike_mobike_t *this); /** - * Transmision hook, called by task manager. + * Transmission hook, called by task manager. * * The task manager calls this hook whenever it transmits a packet. It * allows the mobike task to send the packet on multiple paths to do path diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index f3f32d7af..8ea903ec8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2006-2007 Martin Willi * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.h b/src/libcharon/sa/ikev2/tasks/ike_natd.h index 9c571b8e6..3e5af5bcf 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.h +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.c b/src/libcharon/sa/ikev2/tasks/ike_reauth.c index 6f90339ea..b9f6c02a8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_reauth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.h b/src/libcharon/sa/ikev2/tasks/ike_reauth.h index e2e48f0d4..3733f21c8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_reauth.h +++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.c b/src/libcharon/sa/ikev2/tasks/ike_redirect.c index f82c80f71..2c565c43a 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_redirect.c +++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.h b/src/libcharon/sa/ikev2/tasks/ike_redirect.h index afa00ce5d..5abc9acde 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_redirect.h +++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index 2f0552a33..11123b415 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -363,7 +363,7 @@ METHOD(task_t, process_i, status_t, /* IKE_SAs in state IKE_REKEYED are silently deleted, so we use * IKE_REKEYING */ this->new_sa->set_state(this->new_sa, IKE_REKEYING); - if (this->new_sa->delete(this->new_sa) == DESTROY_ME) + if (this->new_sa->delete(this->new_sa, FALSE) == DESTROY_ME) { this->new_sa->destroy(this->new_sa); } diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index f72fbc437..8d8969ea0 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.h b/src/libcharon/sa/ikev2/tasks/ike_vendor.h index 86c711636..29832cbe9 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.h +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c index 069d51d00..941b43023 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c +++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h index 3d9aae0b3..0e48562eb 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h +++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c index d1f6a1bdc..70521b5dc 100644 --- a/src/libcharon/sa/keymat.c +++ b/src/libcharon/sa/keymat.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -65,6 +65,7 @@ int keymat_get_keylen_encr(encryption_algorithm_t alg) keylen_entry_t map[] = { {ENCR_DES, 64}, {ENCR_3DES, 192}, + {ENCR_CHACHA20_POLY1305, 256}, }; int i; diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h index 17d2efe37..3fbb75880 100644 --- a/src/libcharon/sa/keymat.h +++ b/src/libcharon/sa/keymat.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c index 45b7e79df..75bba3639 100644 --- a/src/libcharon/sa/redirect_manager.c +++ b/src/libcharon/sa/redirect_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/redirect_manager.h b/src/libcharon/sa/redirect_manager.h index e8753265c..2bd134c7d 100644 --- a/src/libcharon/sa/redirect_manager.h +++ b/src/libcharon/sa/redirect_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/redirect_provider.h b/src/libcharon/sa/redirect_provider.h index ef2288ffc..75d421227 100644 --- a/src/libcharon/sa/redirect_provider.h +++ b/src/libcharon/sa/redirect_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index 3a254cea5..a83da0480 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015-2016 Tobias Brunner + * Copyright (C) 2015-2017 Tobias Brunner * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -198,6 +198,13 @@ METHOD(shunt_manager_t, install, bool, entry_t *entry; bool found = FALSE, success; + if (!ns) + { + DBG1(DBG_CFG, "missing namespace for shunt policy '%s'", + cfg->get_name(cfg)); + return FALSE; + } + /* check if not already installed */ this->lock->write_lock(this->lock); if (this->installing == INSTALL_DISABLED) @@ -224,7 +231,7 @@ METHOD(shunt_manager_t, install, bool, return TRUE; } INIT(entry, - .ns = strdupnull(ns), + .ns = strdup(ns), .cfg = cfg->get_ref(cfg), ); this->shunts->insert_last(this->shunts, entry); @@ -369,7 +376,7 @@ METHOD(shunt_manager_t, uninstall, bool, enumerator = this->shunts->create_enumerator(this->shunts); while (enumerator->enumerate(enumerator, &entry)) { - if (streq(ns, entry->ns) && + if ((!ns || streq(ns, entry->ns)) && streq(name, entry->cfg->get_name(entry->cfg))) { this->shunts->remove_at(this->shunts, enumerator); diff --git a/src/libcharon/sa/shunt_manager.h b/src/libcharon/sa/shunt_manager.h index f2b721032..3d9848c93 100644 --- a/src/libcharon/sa/shunt_manager.h +++ b/src/libcharon/sa/shunt_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015-2016 Tobias Brunner + * Copyright (C) 2015-2017 Tobias Brunner * Copyright (C) 2011 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -36,8 +36,7 @@ struct shunt_manager_t { /** * Install a policy as a shunt. * - * @param ns optional namespace (e.g. name of a connection or - * plugin), cloned + * @param ns namespace (e.g. name of a connection or plugin), cloned * @param child child configuration to install as a shunt * @return TRUE if installed successfully */ @@ -46,7 +45,10 @@ struct shunt_manager_t { /** * Uninstall a shunt policy. * - * @param ns namespace (same as given during installation) + * If no namespace is given the first matching child configuration is + * removed. + * + * @param ns namespace (same as given during installation) or NULL * @param name name of child configuration to uninstall as a shunt * @return TRUE if uninstalled successfully */ diff --git a/src/libcharon/sa/task.c b/src/libcharon/sa/task.c index 30de08c9b..660d0eb92 100644 --- a/src/libcharon/sa/task.c +++ b/src/libcharon/sa/task.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/task.h b/src/libcharon/sa/task.h index 5f77149ba..1a0a1acfa 100644 --- a/src/libcharon/sa/task.h +++ b/src/libcharon/sa/task.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2007-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index bd1191406..e1c8d23b4 100644 --- a/src/libcharon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 6436a2549..979f9290a 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2011-2015 Tobias Brunner + * Copyright (C) 2011-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -183,9 +183,8 @@ static bool dynamic_remote_ts(child_cfg_t *child) return found; } -METHOD(trap_manager_t, install, uint32_t, - private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child, - uint32_t reqid) +METHOD(trap_manager_t, install, bool, + private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child) { entry_t *entry, *found = NULL; ike_cfg_t *ike_cfg; @@ -197,7 +196,7 @@ METHOD(trap_manager_t, install, uint32_t, linked_list_t *proposals; proposal_t *proposal; protocol_id_t proto = PROTO_ESP; - bool wildcard = FALSE; + bool result = FALSE, wildcard = FALSE; /* try to resolve addresses */ ike_cfg = peer->get_ike_cfg(peer); @@ -213,7 +212,7 @@ METHOD(trap_manager_t, install, uint32_t, { other->destroy(other); DBG1(DBG_CFG, "installing trap failed, remote address unknown"); - return 0; + return FALSE; } else { /* depending on the traffic selectors we don't really need a remote @@ -223,7 +222,7 @@ METHOD(trap_manager_t, install, uint32_t, * which is probably not what users expect*/ DBG1(DBG_CFG, "installing trap failed, remote address unknown with " "dynamic traffic selector"); - return 0; + return FALSE; } me = ike_cfg->resolve_me(ike_cfg, other ? other->get_family(other) : AF_UNSPEC); @@ -250,12 +249,14 @@ METHOD(trap_manager_t, install, uint32_t, this->lock->unlock(this->lock); other->destroy(other); me->destroy(me); - return 0; + return FALSE; } enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (streq(entry->name, child->get_name(child))) + if (streq(entry->name, child->get_name(child)) && + streq(entry->peer_cfg->get_name(entry->peer_cfg), + peer->get_name(peer))) { found = entry; if (entry->child_sa) @@ -275,11 +276,10 @@ METHOD(trap_manager_t, install, uint32_t, this->lock->unlock(this->lock); other->destroy(other); me->destroy(me); - return 0; + return FALSE; } /* config might have changed so update everything */ DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", found->name); - reqid = found->child_sa->get_reqid(found->child_sa); } INIT(entry, @@ -293,7 +293,7 @@ METHOD(trap_manager_t, install, uint32_t, this->lock->unlock(this->lock); /* create and route CHILD_SA */ - child_sa = child_sa_create(me, other, child, reqid, FALSE, 0, 0); + child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0); list = linked_list_create_with_items(me, NULL); my_ts = child->get_traffic_selectors(child, TRUE, NULL, list); @@ -325,14 +325,13 @@ METHOD(trap_manager_t, install, uint32_t, this->lock->unlock(this->lock); entry->child_sa = child_sa; destroy_entry(entry); - reqid = 0; } else { - reqid = child_sa->get_reqid(child_sa); this->lock->write_lock(this->lock); entry->child_sa = child_sa; this->lock->unlock(this->lock); + result = TRUE; } if (found) { @@ -343,11 +342,11 @@ METHOD(trap_manager_t, install, uint32_t, this->installing--; this->condvar->signal(this->condvar); this->lock->unlock(this->lock); - return reqid; + return result; } METHOD(trap_manager_t, uninstall, bool, - private_trap_manager_t *this, uint32_t reqid) + private_trap_manager_t *this, char *peer, char *child) { enumerator_t *enumerator; entry_t *entry, *found = NULL; @@ -356,8 +355,8 @@ METHOD(trap_manager_t, uninstall, bool, enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->child_sa && - entry->child_sa->get_reqid(entry->child_sa) == reqid) + if (streq(entry->name, child) && + (!peer || streq(peer, entry->peer_cfg->get_name(entry->peer_cfg)))) { this->traps->remove_at(this->traps, enumerator); found = entry; @@ -369,7 +368,6 @@ METHOD(trap_manager_t, uninstall, bool, if (!found) { - DBG1(DBG_CFG, "trap %d not found to uninstall", reqid); return FALSE; } destroy_entry(found); @@ -413,31 +411,6 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*, (void*)this->lock->unlock); } -METHOD(trap_manager_t, find_reqid, uint32_t, - private_trap_manager_t *this, child_cfg_t *child) -{ - enumerator_t *enumerator; - entry_t *entry; - uint32_t reqid = 0; - - this->lock->read_lock(this->lock); - enumerator = this->traps->create_enumerator(this->traps); - while (enumerator->enumerate(enumerator, &entry)) - { - if (streq(entry->name, child->get_name(child))) - { - if (entry->child_sa) - { - reqid = entry->child_sa->get_reqid(entry->child_sa); - } - break; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - return reqid; -} - METHOD(trap_manager_t, acquire, void, private_trap_manager_t *this, uint32_t reqid, traffic_selector_t *src, traffic_selector_t *dst) @@ -693,7 +666,6 @@ trap_manager_t *trap_manager_create(void) .install = _install, .uninstall = _uninstall, .create_enumerator = _create_enumerator, - .find_reqid = _find_reqid, .acquire = _acquire, .flush = _flush, .destroy = _destroy, diff --git a/src/libcharon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h index 083ea3dbf..1b67ff82f 100644 --- a/src/libcharon/sa/trap_manager.h +++ b/src/libcharon/sa/trap_manager.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2013-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -37,19 +38,21 @@ struct trap_manager_t { * * @param peer peer configuration to initiate on trap * @param child child configuration to install as a trap - * @param reqid optional reqid to use - * @return reqid of installed CHILD_SA, 0 if failed + * @return TRUE if successfully installed */ - uint32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, - child_cfg_t *child, uint32_t reqid); + bool (*install)(trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child); /** * Uninstall a trap policy. * - * @param id reqid of CHILD_SA to uninstall, returned by install() + * If no peer configuration name is given the first matching child + * configuration is uninstalled. + * + * @param peer peer configuration name or NULL + * @param child child configuration name * @return TRUE if uninstalled successfully */ - bool (*uninstall)(trap_manager_t *this, uint32_t reqid); + bool (*uninstall)(trap_manager_t *this, char *peer, char *child); /** * Create an enumerator over all installed traps. @@ -58,14 +61,6 @@ struct trap_manager_t { */ enumerator_t* (*create_enumerator)(trap_manager_t *this); - /** - * Find the reqid of a child config installed as a trap. - * - * @param child CHILD_SA config to get the reqid for - * @return reqid of trap, 0 if not found - */ - uint32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child); - /** * Acquire an SA triggered by an installed trap. * diff --git a/src/libcharon/sa/xauth/xauth_method.c b/src/libcharon/sa/xauth/xauth_method.c index 838822d1e..8f34a275d 100644 --- a/src/libcharon/sa/xauth/xauth_method.c +++ b/src/libcharon/sa/xauth/xauth_method.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/sa/xauth/xauth_method.h b/src/libcharon/sa/xauth/xauth_method.h index c0c2024e0..134e72b06 100644 --- a/src/libcharon/sa/xauth/xauth_method.h +++ b/src/libcharon/sa/xauth/xauth_method.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c index 437e919c7..8660d7291 100644 --- a/src/libcharon/tests/suites/test_child_delete.c +++ b/src/libcharon/tests/suites/test_child_delete.c @@ -290,7 +290,7 @@ START_TEST(test_collision_ike_delete) } call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE); assert_child_sa_state(a, spi_a, CHILD_DELETING); - call_ikesa(b, delete); + call_ikesa(b, delete, FALSE); assert_ike_sa_state(b, IKE_DELETING); /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index 44d004ab7..51d577cd8 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -41,7 +41,7 @@ assert_hook_not_called(child_updown); \ assert_hook_not_called(child_rekey); \ assert_no_jobs_scheduled(); \ - assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \ + assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \ call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \ assert_child_sa_not_exists(sa, spi); \ assert_scheduler(); \ @@ -97,7 +97,7 @@ START_TEST(test_regular) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, spi_b, 3, 4); @@ -108,7 +108,7 @@ START_TEST(test_regular) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, spi_a, 3, 4); @@ -205,7 +205,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, spi_b, 5, 6); @@ -214,7 +214,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, spi_a, 5, 6); @@ -259,7 +259,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 6, 7, 8); @@ -269,7 +269,7 @@ START_TEST(test_regular_ke_invalid) assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 7, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 5, 7, 8); @@ -336,7 +336,7 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 3, 4); @@ -345,7 +345,7 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 3, 4); @@ -431,7 +431,7 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 3, 4); @@ -440,7 +440,7 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 3, 4); @@ -591,7 +591,7 @@ START_TEST(test_collision) assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -611,7 +611,7 @@ START_TEST(test_collision) assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -628,9 +628,9 @@ START_TEST(test_collision) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -641,9 +641,9 @@ START_TEST(test_collision) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -781,7 +781,7 @@ START_TEST(test_collision_delayed_response) exchange_test_helper->process_message(exchange_test_helper, a, NULL); if (data[_i].spi_del_b == 2) { - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_ipsec_sas_installed(a, 1, 4, 6); @@ -789,7 +789,7 @@ START_TEST(test_collision_delayed_response) else { assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_ipsec_sas_installed(a, 1, 2, 6); } @@ -814,7 +814,7 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_count(b, 3); assert_scheduler(); @@ -839,7 +839,7 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_ipsec_sas_installed(a, 1, 3, 4, 6); } - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -850,9 +850,9 @@ START_TEST(test_collision_delayed_response) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -863,9 +863,9 @@ START_TEST(test_collision_delayed_response) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -972,7 +972,7 @@ START_TEST(test_collision_delayed_request) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -981,7 +981,7 @@ START_TEST(test_collision_delayed_request) /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -990,7 +990,7 @@ START_TEST(test_collision_delayed_request) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); @@ -1089,7 +1089,7 @@ START_TEST(test_collision_delayed_request_more) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -1097,7 +1097,7 @@ START_TEST(test_collision_delayed_request_more) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); @@ -1106,14 +1106,14 @@ START_TEST(test_collision_delayed_request_more) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ assert_single_notify(OUT, CHILD_SA_NOT_FOUND); exchange_test_helper->process_message(exchange_test_helper, b, msg); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_ipsec_sas_installed(b, 2, 4, 5); /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_ipsec_sas_installed(a, 1, 4, 5); @@ -1299,7 +1299,7 @@ START_TEST(test_collision_ke_invalid) assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1311,7 +1311,7 @@ START_TEST(test_collision_ke_invalid) assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED : CHILD_OUTBOUND_REGISTERED); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1320,9 +1320,9 @@ START_TEST(test_collision_ke_invalid) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1331,9 +1331,9 @@ START_TEST(test_collision_ke_invalid) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED, CHILD_OUTBOUND_NONE); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); @@ -1475,7 +1475,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_scheduler(); @@ -1483,7 +1483,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 2); assert_scheduler(); @@ -1491,7 +1491,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* INFORMATIONAL { D } --> */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 2); assert_scheduler(); @@ -1906,7 +1906,7 @@ START_TEST(test_collision_ike_delete) &a, &b, NULL); } initiate_rekey(a, spi_a); - call_ikesa(b, delete); + call_ikesa(b, delete, FALSE); assert_ike_sa_state(b, IKE_DELETING); /* this should never get called as there is no successful rekeying on diff --git a/src/libcharon/tests/suites/test_ike_cfg.c b/src/libcharon/tests/suites/test_ike_cfg.c index 8062179b9..9bbc064f7 100644 --- a/src/libcharon/tests/suites/test_ike_cfg.c +++ b/src/libcharon/tests/suites/test_ike_cfg.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/tests/suites/test_ike_delete.c b/src/libcharon/tests/suites/test_ike_delete.c index d79f9bc50..7633718d4 100644 --- a/src/libcharon/tests/suites/test_ike_delete.c +++ b/src/libcharon/tests/suites/test_ike_delete.c @@ -40,7 +40,7 @@ START_TEST(test_regular) } assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); - call_ikesa(a, delete); + call_ikesa(a, delete, FALSE); assert_ike_sa_state(a, IKE_DELETING); assert_hook(); assert_hook(); @@ -81,9 +81,9 @@ START_TEST(test_collision) assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); - call_ikesa(a, delete); + call_ikesa(a, delete, FALSE); assert_ike_sa_state(a, IKE_DELETING); - call_ikesa(b, delete); + call_ikesa(b, delete, FALSE); assert_ike_sa_state(b, IKE_DELETING); assert_hook(); assert_hook(); diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c index e22a0c288..b6a015445 100644 --- a/src/libcharon/tests/suites/test_ike_rekey.c +++ b/src/libcharon/tests/suites/test_ike_rekey.c @@ -1319,7 +1319,7 @@ START_TEST(test_collision_delete) assert_hook_not_called(ike_rekey); initiate_rekey(a); - call_ikesa(b, delete); + call_ikesa(b, delete, FALSE); assert_ike_sa_state(b, IKE_DELETING); /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that @@ -1401,7 +1401,7 @@ START_TEST(test_collision_delete_drop_delete) assert_hook_not_called(ike_rekey); initiate_rekey(a); - call_ikesa(b, delete); + call_ikesa(b, delete, FALSE); assert_ike_sa_state(b, IKE_DELETING); /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that diff --git a/src/libcharon/tests/suites/test_mem_pool.c b/src/libcharon/tests/suites/test_mem_pool.c index 4204d4bab..e509228d9 100644 --- a/src/libcharon/tests/suites/test_mem_pool.c +++ b/src/libcharon/tests/suites/test_mem_pool.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_context.h b/src/libfast/fast_context.h index 4922703ca..7113b1bac 100644 --- a/src/libfast/fast_context.h +++ b/src/libfast/fast_context.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_controller.h b/src/libfast/fast_controller.h index bbd0214fc..a8a56b872 100644 --- a/src/libfast/fast_controller.h +++ b/src/libfast/fast_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c index 4b422f077..70ff40466 100644 --- a/src/libfast/fast_dispatcher.c +++ b/src/libfast/fast_dispatcher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h index 21708a744..ffa49d9db 100644 --- a/src/libfast/fast_dispatcher.h +++ b/src/libfast/fast_dispatcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -24,7 +24,7 @@ * * The application has a global context and a session context. The global * context is accessed from all sessions simultaneously and therefore - * needs to be threadsave. Often a database wrapper is the global context. + * needs to be threadsafe. Often a database wrapper is the global context. * The session context is instantiated per session. Sessions are managed * automatically through session cookies. The session context is kept alive * until the session times out. It must implement the context_t interface and diff --git a/src/libfast/fast_filter.h b/src/libfast/fast_filter.h index 57367bd5a..53aa0e827 100644 --- a/src/libfast/fast_filter.h +++ b/src/libfast/fast_filter.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_request.c b/src/libfast/fast_request.c index a56a59167..0543215cb 100644 --- a/src/libfast/fast_request.c +++ b/src/libfast/fast_request.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -75,7 +75,7 @@ struct private_fast_request_t { }; /** - * ClearSilver cgiwrap is not threadsave, so we use a private + * ClearSilver cgiwrap is not threadsafe, so we use a private * context for each thread. */ static thread_value_t *thread_this; diff --git a/src/libfast/fast_request.h b/src/libfast/fast_request.h index 678cf54d5..85cbc2062 100644 --- a/src/libfast/fast_request.h +++ b/src/libfast/fast_request.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_session.c b/src/libfast/fast_session.c index 56d4a0443..eb6fc638b 100644 --- a/src/libfast/fast_session.c +++ b/src/libfast/fast_session.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libfast/fast_session.h b/src/libfast/fast_session.h index 3fca3673e..4c7127c8d 100644 --- a/src/libfast/fast_session.h +++ b/src/libfast/fast_session.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h index 0f44d8f6f..a5eebd536 100644 --- a/src/libimcv/imcv.h +++ b/src/libimcv/imcv.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 40a0f5eeb..860573c31 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -544,6 +544,18 @@ INSERT INTO products ( /* 91 */ 'Debian 8.9 x86_64' ); +INSERT INTO products ( /* 92 */ + name +) VALUES ( + 'Debian 8.10 i686' +); + +INSERT INTO products ( /* 93 */ + name +) VALUES ( + 'Debian 8.10 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -1102,6 +1114,12 @@ INSERT INTO groups_product_defaults ( 4, 90 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 4, 92 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( @@ -1210,6 +1228,12 @@ INSERT INTO groups_product_defaults ( 5, 91 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 5, 93 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c index 0a18cd71b..b444abdbb 100644 --- a/src/libimcv/imv/imv_database.c +++ b/src/libimcv/imv/imv_database.c @@ -130,8 +130,9 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) if (!did) { this->db->execute(this->db, &did, - "INSERT INTO devices (value, product) VALUES (?, ?)", - DB_TEXT, device, DB_INT, pid); + "INSERT INTO devices " + "(value, description, product, trusted, inactive) " + "VALUES (?, '', ?, 0, 0)", DB_TEXT, device, DB_INT, pid); } free(device); diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index 1988873e9..a0e8595ed 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -113,7 +113,7 @@ static bool iterate_enforcements(database_t *db, int device_id, int session_id, if (latest_success) { /*skipping enforcement */ - printf("skipping enforcment %d\n", id); + printf("skipping enforcement %d\n", id); continue; } diff --git a/src/libimcv/imv/tables-mysql.sql b/src/libimcv/imv/tables-mysql.sql index cf50742c3..3e23950a3 100644 --- a/src/libimcv/imv/tables-mysql.sql +++ b/src/libimcv/imv/tables-mysql.sql @@ -182,7 +182,9 @@ CREATE TABLE `devices` ( `description` VARCHAR(100) DEFAULT "", `value` VARCHAR(256) NOT NULL, `product` INTEGER REFERENCES `products`(`id`), - `created` INTEGER + `trusted` INTEGER DEFAULT 0, + `created` INTEGER, + `inactive` INTEGER DEFAULT 0 ); DROP TABLE IF EXISTS `identities`; diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql index b50c6ed12..631969ce7 100644 --- a/src/libimcv/imv/tables.sql +++ b/src/libimcv/imv/tables.sql @@ -204,7 +204,8 @@ CREATE TABLE devices ( value TEXT NOT NULL, product INTEGER REFERENCES products(id), trusted INTEGER DEFAULT 0, - created INTEGER + created INTEGER, + inactive INTEGER DEFAULT 0 ); DROP INDEX IF EXISTS devices_id; CREATE INDEX devices_value ON devices ( diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index b0907789e..8c364d26c 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -29,7 +29,7 @@ typedef struct private_ita_attr_settings_t private_ita_attr_settings_t; typedef struct entry_t entry_t; /** - * Contains a settins name/value pair + * Contains a settings name/value pair */ struct entry_t { char *name; diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.h b/src/libimcv/plugins/imc_scanner/imc_scanner_state.h index 3b40575e3..5fa685024 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.h +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h index c2719d21b..c658549c8 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.h +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2013 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag deleted file mode 100644 index bb4d300a9..000000000 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag +++ /dev/null @@ -1,11 +0,0 @@ - - - - diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag new file mode 100644 index 000000000..4ce168623 --- /dev/null +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag deleted file mode 100644 index bb4d300a9..000000000 --- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag +++ /dev/null @@ -1,11 +0,0 @@ - - - - diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag new file mode 100644 index 000000000..4ce168623 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_test/imc_test_state.h b/src/libimcv/plugins/imc_test/imc_test_state.h index 365caff7c..330881932 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.h +++ b/src/libimcv/plugins/imc_test/imc_test_state.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/plugins/imv_test/imv_test_state.h b/src/libimcv/plugins/imv_test/imv_test_state.h index 2de5b6ffc..3e9b69521 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.h +++ b/src/libimcv/plugins/imv_test/imv_test_state.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 09ffd7160..3cf439f35 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -734,7 +734,7 @@ METHOD(pts_t, verify_quote_signature, bool, scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384; break; case HASH_SHA3_512: - scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512; + scheme = SIGN_RSA_EMSA_PKCS1_SHA3_512; break; default: scheme = SIGN_UNKNOWN; diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index c014e683a..394133d04 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2013 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/esp_context.h b/src/libipsec/esp_context.h index 322dab97f..a830202f2 100644 --- a/src/libipsec/esp_context.h +++ b/src/libipsec/esp_context.h @@ -2,7 +2,7 @@ * Copyright (C) 2012-2013 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index 2c521775c..d1140e252 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2013 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h index c42acba43..7b179f46c 100644 --- a/src/libipsec/esp_packet.h +++ b/src/libipsec/esp_packet.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 904f118fd..fee70c195 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -527,7 +527,7 @@ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, case AF_INET6: { struct ip6_hdr ip = { - .ip6_flow = htonl(6), + .ip6_flow = htonl(6 << 28), .ip6_plen = htons(data.len), .ip6_nxt = next_header, .ip6_hlim = 0x80, diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h index 1e1d619a2..25a8aa144 100644 --- a/src/libipsec/ip_packet.h +++ b/src/libipsec/ip_packet.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c index 6c9a26acf..21cd8f094 100644 --- a/src/libipsec/ipsec.c +++ b/src/libipsec/ipsec.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec.h b/src/libipsec/ipsec.h index 7ee49432a..73b56583b 100644 --- a/src/libipsec/ipsec.h +++ b/src/libipsec/ipsec.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_event_listener.h b/src/libipsec/ipsec_event_listener.h index e784cedb3..0195ee27a 100644 --- a/src/libipsec/ipsec_event_listener.h +++ b/src/libipsec/ipsec_event_listener.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c index 94cc6527f..4d33fb7b8 100644 --- a/src/libipsec/ipsec_event_relay.c +++ b/src/libipsec/ipsec_event_relay.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_event_relay.h b/src/libipsec/ipsec_event_relay.h index 056352e84..43ca075dc 100644 --- a/src/libipsec/ipsec_event_relay.h +++ b/src/libipsec/ipsec_event_relay.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c index 98201b843..521610eab 100644 --- a/src/libipsec/ipsec_policy.c +++ b/src/libipsec/ipsec_policy.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h index 6d67a602e..9a4ffbfa8 100644 --- a/src/libipsec/ipsec_policy.h +++ b/src/libipsec/ipsec_policy.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c index 8570e07a8..9062ff7e6 100644 --- a/src/libipsec/ipsec_policy_mgr.c +++ b/src/libipsec/ipsec_policy_mgr.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h index 97e147e40..59f97e9ee 100644 --- a/src/libipsec/ipsec_policy_mgr.h +++ b/src/libipsec/ipsec_policy_mgr.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c index 23b8ad21e..c96b61364 100644 --- a/src/libipsec/ipsec_processor.c +++ b/src/libipsec/ipsec_processor.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_processor.h b/src/libipsec/ipsec_processor.h index 0a409828b..7aa88ffa6 100644 --- a/src/libipsec/ipsec_processor.h +++ b/src/libipsec/ipsec_processor.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c index ba020658b..a21245edf 100644 --- a/src/libipsec/ipsec_sa.c +++ b/src/libipsec/ipsec_sa.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h index 36fe48379..80dbd9353 100644 --- a/src/libipsec/ipsec_sa.h +++ b/src/libipsec/ipsec_sa.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index 44d35244a..66c3e67b1 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -2,7 +2,7 @@ * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h index 708af1fda..6ab6285ad 100644 --- a/src/libipsec/ipsec_sa_mgr.h +++ b/src/libipsec/ipsec_sa_mgr.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libradius/radius_client.c b/src/libradius/radius_client.c index d44c5a2e3..f7d600421 100644 --- a/src/libradius/radius_client.c +++ b/src/libradius/radius_client.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libradius/radius_client.h b/src/libradius/radius_client.h index 2f6c8a43a..691cdaabc 100644 --- a/src/libradius/radius_client.h +++ b/src/libradius/radius_client.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 51135fbea..b5a03b361 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index eb14bf08e..e7ffe9357 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_card.h b/src/libsimaka/simaka_card.h index b705923f6..e32e70d4d 100644 --- a/src/libsimaka/simaka_card.h +++ b/src/libsimaka/simaka_card.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c index e60c02a1a..e5662ac20 100644 --- a/src/libsimaka/simaka_crypto.c +++ b/src/libsimaka/simaka_crypto.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h index c07755865..9881c53ee 100644 --- a/src/libsimaka/simaka_crypto.h +++ b/src/libsimaka/simaka_crypto.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_hooks.h b/src/libsimaka/simaka_hooks.h index ffe1c25b6..f4abef222 100644 --- a/src/libsimaka/simaka_hooks.h +++ b/src/libsimaka/simaka_hooks.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c index 47f1f6f8a..a78121f7d 100644 --- a/src/libsimaka/simaka_manager.c +++ b/src/libsimaka/simaka_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h index 9f6810f8f..ff3bf14d1 100644 --- a/src/libsimaka/simaka_manager.h +++ b/src/libsimaka/simaka_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 8f5812a76..80391756c 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h index 2393d3450..3555612f5 100644 --- a/src/libsimaka/simaka_message.h +++ b/src/libsimaka/simaka_message.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libsimaka/simaka_provider.h b/src/libsimaka/simaka_provider.h index ef1c73908..59a8c21df 100644 --- a/src/libsimaka/simaka_provider.h +++ b/src/libsimaka/simaka_provider.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 3f3a5c587..79cb17ed1 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -2,7 +2,7 @@ * Copyright (C) 2006 Martin Will * Copyright (C) 2000-2016 Andreas Steffen * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 3c7389e5c..767dfaeee 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -100,7 +100,7 @@ extern const chunk_t ASN1_INTEGER_2; chunk_t asn1_algorithmIdentifier(int oid); /** - * Build an algorithmIdentifier from a known OID and the given prameters. + * Build an algorithmIdentifier from a known OID and the given parameters. * * @param oid known OID index * @param params parameters to encode in the algorithmIdentifier (adopted) diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index a70aafdd9..3ea373521 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -80,7 +80,7 @@ const oid_t oid_names[] = { { 0x36, 68, 0, 2, "inhibitAnyPolicy" }, /* 67 */ { 0x37, 69, 0, 2, "targetInformation" }, /* 68 */ { 0x38, 0, 0, 2, "noRevAvail" }, /* 69 */ - {0x2A, 195, 1, 0, "" }, /* 70 */ + {0x2A, 202, 1, 0, "" }, /* 70 */ { 0x83, 83, 1, 1, "" }, /* 71 */ { 0x08, 0, 1, 2, "jp" }, /* 72 */ { 0x8C, 0, 1, 3, "" }, /* 73 */ @@ -95,7 +95,7 @@ const oid_t oid_names[] = { { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 82 */ { 0x86, 0, 1, 1, "" }, /* 83 */ { 0x48, 0, 1, 2, "us" }, /* 84 */ - { 0x86, 154, 1, 3, "" }, /* 85 */ + { 0x86, 161, 1, 3, "" }, /* 85 */ { 0xF6, 91, 1, 4, "" }, /* 86 */ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 87 */ { 0x07, 0, 1, 6, "Entrust" }, /* 88 */ @@ -159,352 +159,359 @@ const oid_t oid_names[] = { { 0x04, 147, 0, 10, "crlBag" }, /* 146 */ { 0x05, 148, 0, 10, "secretBag" }, /* 147 */ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 148 */ - { 0x02, 152, 1, 6, "digestAlgorithm" }, /* 149 */ + { 0x02, 159, 1, 6, "digestAlgorithm" }, /* 149 */ { 0x02, 151, 0, 7, "md2" }, /* 150 */ - { 0x05, 0, 0, 7, "md5" }, /* 151 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 152 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 153 */ - { 0xCE, 0, 1, 3, "" }, /* 154 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 155 */ - { 0x02, 158, 1, 5, "id-publicKeyType" }, /* 156 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 157 */ - { 0x03, 188, 1, 5, "ellipticCurve" }, /* 158 */ - { 0x00, 180, 1, 6, "c-TwoCurve" }, /* 159 */ - { 0x01, 161, 0, 7, "c2pnb163v1" }, /* 160 */ - { 0x02, 162, 0, 7, "c2pnb163v2" }, /* 161 */ - { 0x03, 163, 0, 7, "c2pnb163v3" }, /* 162 */ - { 0x04, 164, 0, 7, "c2pnb176w1" }, /* 163 */ - { 0x05, 165, 0, 7, "c2tnb191v1" }, /* 164 */ - { 0x06, 166, 0, 7, "c2tnb191v2" }, /* 165 */ - { 0x07, 167, 0, 7, "c2tnb191v3" }, /* 166 */ - { 0x08, 168, 0, 7, "c2onb191v4" }, /* 167 */ - { 0x09, 169, 0, 7, "c2onb191v5" }, /* 168 */ - { 0x0A, 170, 0, 7, "c2pnb208w1" }, /* 169 */ - { 0x0B, 171, 0, 7, "c2tnb239v1" }, /* 170 */ - { 0x0C, 172, 0, 7, "c2tnb239v2" }, /* 171 */ - { 0x0D, 173, 0, 7, "c2tnb239v3" }, /* 172 */ - { 0x0E, 174, 0, 7, "c2onb239v4" }, /* 173 */ - { 0x0F, 175, 0, 7, "c2onb239v5" }, /* 174 */ - { 0x10, 176, 0, 7, "c2pnb272w1" }, /* 175 */ - { 0x11, 177, 0, 7, "c2pnb304w1" }, /* 176 */ - { 0x12, 178, 0, 7, "c2tnb359v1" }, /* 177 */ - { 0x13, 179, 0, 7, "c2pnb368w1" }, /* 178 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 179 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 180 */ - { 0x01, 182, 0, 7, "prime192v1" }, /* 181 */ - { 0x02, 183, 0, 7, "prime192v2" }, /* 182 */ - { 0x03, 184, 0, 7, "prime192v3" }, /* 183 */ - { 0x04, 185, 0, 7, "prime239v1" }, /* 184 */ - { 0x05, 186, 0, 7, "prime239v2" }, /* 185 */ - { 0x06, 187, 0, 7, "prime239v3" }, /* 186 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 187 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 188 */ - { 0x01, 190, 0, 6, "ecdsa-with-SHA1" }, /* 189 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 190 */ - { 0x01, 192, 0, 7, "ecdsa-with-SHA224" }, /* 191 */ - { 0x02, 193, 0, 7, "ecdsa-with-SHA256" }, /* 192 */ - { 0x03, 194, 0, 7, "ecdsa-with-SHA384" }, /* 193 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 194 */ - {0x2B, 426, 1, 0, "" }, /* 195 */ - { 0x06, 337, 1, 1, "dod" }, /* 196 */ - { 0x01, 0, 1, 2, "internet" }, /* 197 */ - { 0x04, 287, 1, 3, "private" }, /* 198 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 199 */ - { 0x82, 237, 1, 5, "" }, /* 200 */ - { 0x37, 213, 1, 6, "Microsoft" }, /* 201 */ - { 0x0A, 206, 1, 7, "" }, /* 202 */ - { 0x03, 0, 1, 8, "" }, /* 203 */ - { 0x03, 205, 0, 9, "msSGC" }, /* 204 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 205 */ - { 0x14, 210, 1, 7, "msEnrollmentInfrastructure" }, /* 206 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 207 */ - { 0x02, 209, 0, 9, "msSmartcardLogon" }, /* 208 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 209 */ - { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 210 */ - { 0x07, 212, 0, 8, "msCertTemplate" }, /* 211 */ - { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 212 */ - { 0xA0, 0, 1, 6, "" }, /* 213 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 214 */ - { 0x01, 216, 0, 8, "strongSwan" }, /* 215 */ - { 0x02, 217, 0, 8, "cps" }, /* 216 */ - { 0x03, 218, 0, 8, "e-voting" }, /* 217 */ - { 0x05, 0, 1, 8, "BLISS" }, /* 218 */ - { 0x01, 221, 1, 9, "keyType" }, /* 219 */ - { 0x01, 0, 0, 10, "blissPublicKey" }, /* 220 */ - { 0x02, 230, 1, 9, "parameters" }, /* 221 */ - { 0x01, 223, 0, 10, "BLISS-I" }, /* 222 */ - { 0x02, 224, 0, 10, "BLISS-II" }, /* 223 */ - { 0x03, 225, 0, 10, "BLISS-III" }, /* 224 */ - { 0x04, 226, 0, 10, "BLISS-IV" }, /* 225 */ - { 0x05, 227, 0, 10, "BLISS-B-I" }, /* 226 */ - { 0x06, 228, 0, 10, "BLISS-B-II" }, /* 227 */ - { 0x07, 229, 0, 10, "BLISS-B-III" }, /* 228 */ - { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 229 */ - { 0x03, 0, 1, 9, "blissSigType" }, /* 230 */ - { 0x01, 232, 0, 10, "BLISS-with-SHA2-512" }, /* 231 */ - { 0x02, 233, 0, 10, "BLISS-with-SHA2-384" }, /* 232 */ - { 0x03, 234, 0, 10, "BLISS-with-SHA2-256" }, /* 233 */ - { 0x04, 235, 0, 10, "BLISS-with-SHA3-512" }, /* 234 */ - { 0x05, 236, 0, 10, "BLISS-with-SHA3-384" }, /* 235 */ - { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 236 */ - { 0x89, 244, 1, 5, "" }, /* 237 */ - { 0x31, 0, 1, 6, "" }, /* 238 */ - { 0x01, 0, 1, 7, "" }, /* 239 */ - { 0x01, 0, 1, 8, "" }, /* 240 */ - { 0x02, 0, 1, 9, "" }, /* 241 */ - { 0x02, 0, 1, 10, "" }, /* 242 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 243 */ - { 0x97, 248, 1, 5, "" }, /* 244 */ - { 0x55, 0, 1, 6, "" }, /* 245 */ + { 0x05, 152, 0, 7, "md5" }, /* 151 */ + { 0x07, 153, 0, 7, "hmacWithSHA1" }, /* 152 */ + { 0x08, 154, 0, 7, "hmacWithSHA224" }, /* 153 */ + { 0x09, 155, 0, 7, "hmacWithSHA256" }, /* 154 */ + { 0x0A, 156, 0, 7, "hmacWithSHA384" }, /* 155 */ + { 0x0B, 157, 0, 7, "hmacWithSHA512" }, /* 156 */ + { 0x0C, 158, 0, 7, "hmacWithSHA512-224" }, /* 157 */ + { 0x0D, 0, 0, 7, "hmacWithSHA512-256" }, /* 158 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 159 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 160 */ + { 0xCE, 0, 1, 3, "" }, /* 161 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 162 */ + { 0x02, 165, 1, 5, "id-publicKeyType" }, /* 163 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 164 */ + { 0x03, 195, 1, 5, "ellipticCurve" }, /* 165 */ + { 0x00, 187, 1, 6, "c-TwoCurve" }, /* 166 */ + { 0x01, 168, 0, 7, "c2pnb163v1" }, /* 167 */ + { 0x02, 169, 0, 7, "c2pnb163v2" }, /* 168 */ + { 0x03, 170, 0, 7, "c2pnb163v3" }, /* 169 */ + { 0x04, 171, 0, 7, "c2pnb176w1" }, /* 170 */ + { 0x05, 172, 0, 7, "c2tnb191v1" }, /* 171 */ + { 0x06, 173, 0, 7, "c2tnb191v2" }, /* 172 */ + { 0x07, 174, 0, 7, "c2tnb191v3" }, /* 173 */ + { 0x08, 175, 0, 7, "c2onb191v4" }, /* 174 */ + { 0x09, 176, 0, 7, "c2onb191v5" }, /* 175 */ + { 0x0A, 177, 0, 7, "c2pnb208w1" }, /* 176 */ + { 0x0B, 178, 0, 7, "c2tnb239v1" }, /* 177 */ + { 0x0C, 179, 0, 7, "c2tnb239v2" }, /* 178 */ + { 0x0D, 180, 0, 7, "c2tnb239v3" }, /* 179 */ + { 0x0E, 181, 0, 7, "c2onb239v4" }, /* 180 */ + { 0x0F, 182, 0, 7, "c2onb239v5" }, /* 181 */ + { 0x10, 183, 0, 7, "c2pnb272w1" }, /* 182 */ + { 0x11, 184, 0, 7, "c2pnb304w1" }, /* 183 */ + { 0x12, 185, 0, 7, "c2tnb359v1" }, /* 184 */ + { 0x13, 186, 0, 7, "c2pnb368w1" }, /* 185 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 186 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 187 */ + { 0x01, 189, 0, 7, "prime192v1" }, /* 188 */ + { 0x02, 190, 0, 7, "prime192v2" }, /* 189 */ + { 0x03, 191, 0, 7, "prime192v3" }, /* 190 */ + { 0x04, 192, 0, 7, "prime239v1" }, /* 191 */ + { 0x05, 193, 0, 7, "prime239v2" }, /* 192 */ + { 0x06, 194, 0, 7, "prime239v3" }, /* 193 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 194 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 195 */ + { 0x01, 197, 0, 6, "ecdsa-with-SHA1" }, /* 196 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 197 */ + { 0x01, 199, 0, 7, "ecdsa-with-SHA224" }, /* 198 */ + { 0x02, 200, 0, 7, "ecdsa-with-SHA256" }, /* 199 */ + { 0x03, 201, 0, 7, "ecdsa-with-SHA384" }, /* 200 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 201 */ + {0x2B, 433, 1, 0, "" }, /* 202 */ + { 0x06, 344, 1, 1, "dod" }, /* 203 */ + { 0x01, 0, 1, 2, "internet" }, /* 204 */ + { 0x04, 294, 1, 3, "private" }, /* 205 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 206 */ + { 0x82, 244, 1, 5, "" }, /* 207 */ + { 0x37, 220, 1, 6, "Microsoft" }, /* 208 */ + { 0x0A, 213, 1, 7, "" }, /* 209 */ + { 0x03, 0, 1, 8, "" }, /* 210 */ + { 0x03, 212, 0, 9, "msSGC" }, /* 211 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 212 */ + { 0x14, 217, 1, 7, "msEnrollmentInfrastructure" }, /* 213 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 214 */ + { 0x02, 216, 0, 9, "msSmartcardLogon" }, /* 215 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 216 */ + { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 217 */ + { 0x07, 219, 0, 8, "msCertTemplate" }, /* 218 */ + { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 219 */ + { 0xA0, 0, 1, 6, "" }, /* 220 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 221 */ + { 0x01, 223, 0, 8, "strongSwan" }, /* 222 */ + { 0x02, 224, 0, 8, "cps" }, /* 223 */ + { 0x03, 225, 0, 8, "e-voting" }, /* 224 */ + { 0x05, 0, 1, 8, "BLISS" }, /* 225 */ + { 0x01, 228, 1, 9, "keyType" }, /* 226 */ + { 0x01, 0, 0, 10, "blissPublicKey" }, /* 227 */ + { 0x02, 237, 1, 9, "parameters" }, /* 228 */ + { 0x01, 230, 0, 10, "BLISS-I" }, /* 229 */ + { 0x02, 231, 0, 10, "BLISS-II" }, /* 230 */ + { 0x03, 232, 0, 10, "BLISS-III" }, /* 231 */ + { 0x04, 233, 0, 10, "BLISS-IV" }, /* 232 */ + { 0x05, 234, 0, 10, "BLISS-B-I" }, /* 233 */ + { 0x06, 235, 0, 10, "BLISS-B-II" }, /* 234 */ + { 0x07, 236, 0, 10, "BLISS-B-III" }, /* 235 */ + { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 236 */ + { 0x03, 0, 1, 9, "blissSigType" }, /* 237 */ + { 0x01, 239, 0, 10, "BLISS-with-SHA2-512" }, /* 238 */ + { 0x02, 240, 0, 10, "BLISS-with-SHA2-384" }, /* 239 */ + { 0x03, 241, 0, 10, "BLISS-with-SHA2-256" }, /* 240 */ + { 0x04, 242, 0, 10, "BLISS-with-SHA3-512" }, /* 241 */ + { 0x05, 243, 0, 10, "BLISS-with-SHA3-384" }, /* 242 */ + { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 243 */ + { 0x89, 251, 1, 5, "" }, /* 244 */ + { 0x31, 0, 1, 6, "" }, /* 245 */ { 0x01, 0, 1, 7, "" }, /* 246 */ - { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 247 */ - { 0xC1, 0, 1, 5, "" }, /* 248 */ - { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 249 */ - { 0x01, 0, 1, 7, "eess" }, /* 250 */ - { 0x01, 0, 1, 8, "eess1" }, /* 251 */ - { 0x01, 256, 1, 9, "eess1-algs" }, /* 252 */ - { 0x01, 254, 0, 10, "ntru-EESS1v1-SVES" }, /* 253 */ - { 0x02, 255, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 254 */ - { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 255 */ - { 0x02, 286, 1, 9, "eess1-params" }, /* 256 */ - { 0x01, 258, 0, 10, "ees251ep1" }, /* 257 */ - { 0x02, 259, 0, 10, "ees347ep1" }, /* 258 */ - { 0x03, 260, 0, 10, "ees503ep1" }, /* 259 */ - { 0x07, 261, 0, 10, "ees251sp2" }, /* 260 */ - { 0x0C, 262, 0, 10, "ees251ep4" }, /* 261 */ - { 0x0D, 263, 0, 10, "ees251ep5" }, /* 262 */ - { 0x0E, 264, 0, 10, "ees251sp3" }, /* 263 */ - { 0x0F, 265, 0, 10, "ees251sp4" }, /* 264 */ - { 0x10, 266, 0, 10, "ees251sp5" }, /* 265 */ - { 0x11, 267, 0, 10, "ees251sp6" }, /* 266 */ - { 0x12, 268, 0, 10, "ees251sp7" }, /* 267 */ - { 0x13, 269, 0, 10, "ees251sp8" }, /* 268 */ - { 0x14, 270, 0, 10, "ees251sp9" }, /* 269 */ - { 0x22, 271, 0, 10, "ees401ep1" }, /* 270 */ - { 0x23, 272, 0, 10, "ees449ep1" }, /* 271 */ - { 0x24, 273, 0, 10, "ees677ep1" }, /* 272 */ - { 0x25, 274, 0, 10, "ees1087ep2" }, /* 273 */ - { 0x26, 275, 0, 10, "ees541ep1" }, /* 274 */ - { 0x27, 276, 0, 10, "ees613ep1" }, /* 275 */ - { 0x28, 277, 0, 10, "ees887ep1" }, /* 276 */ - { 0x29, 278, 0, 10, "ees1171ep1" }, /* 277 */ - { 0x2A, 279, 0, 10, "ees659ep1" }, /* 278 */ - { 0x2B, 280, 0, 10, "ees761ep1" }, /* 279 */ - { 0x2C, 281, 0, 10, "ees1087ep1" }, /* 280 */ - { 0x2D, 282, 0, 10, "ees1499ep1" }, /* 281 */ - { 0x2E, 283, 0, 10, "ees401ep2" }, /* 282 */ - { 0x2F, 284, 0, 10, "ees439ep1" }, /* 283 */ - { 0x30, 285, 0, 10, "ees593ep1" }, /* 284 */ - { 0x31, 0, 0, 10, "ees743ep1" }, /* 285 */ - { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 286 */ - { 0x05, 0, 1, 3, "security" }, /* 287 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 288 */ - { 0x07, 334, 1, 5, "id-pkix" }, /* 289 */ - { 0x01, 295, 1, 6, "id-pe" }, /* 290 */ - { 0x01, 292, 0, 7, "authorityInfoAccess" }, /* 291 */ - { 0x03, 293, 0, 7, "qcStatements" }, /* 292 */ - { 0x07, 294, 0, 7, "ipAddrBlocks" }, /* 293 */ - { 0x18, 0, 0, 7, "tlsfeature" }, /* 294 */ - { 0x02, 298, 1, 6, "id-qt" }, /* 295 */ - { 0x01, 297, 0, 7, "cps" }, /* 296 */ - { 0x02, 0, 0, 7, "unotice" }, /* 297 */ - { 0x03, 308, 1, 6, "id-kp" }, /* 298 */ - { 0x01, 300, 0, 7, "serverAuth" }, /* 299 */ - { 0x02, 301, 0, 7, "clientAuth" }, /* 300 */ - { 0x03, 302, 0, 7, "codeSigning" }, /* 301 */ - { 0x04, 303, 0, 7, "emailProtection" }, /* 302 */ - { 0x05, 304, 0, 7, "ipsecEndSystem" }, /* 303 */ - { 0x06, 305, 0, 7, "ipsecTunnel" }, /* 304 */ - { 0x07, 306, 0, 7, "ipsecUser" }, /* 305 */ - { 0x08, 307, 0, 7, "timeStamping" }, /* 306 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 307 */ - { 0x08, 316, 1, 6, "id-otherNames" }, /* 308 */ - { 0x01, 310, 0, 7, "personalData" }, /* 309 */ - { 0x02, 311, 0, 7, "userGroup" }, /* 310 */ - { 0x03, 312, 0, 7, "id-on-permanentIdentifier" }, /* 311 */ - { 0x04, 313, 0, 7, "id-on-hardwareModuleName" }, /* 312 */ - { 0x05, 314, 0, 7, "xmppAddr" }, /* 313 */ - { 0x06, 315, 0, 7, "id-on-SIM" }, /* 314 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 315 */ - { 0x0A, 321, 1, 6, "id-aca" }, /* 316 */ - { 0x01, 318, 0, 7, "authenticationInfo" }, /* 317 */ - { 0x02, 319, 0, 7, "accessIdentity" }, /* 318 */ - { 0x03, 320, 0, 7, "chargingIdentity" }, /* 319 */ - { 0x04, 0, 0, 7, "group" }, /* 320 */ - { 0x0B, 322, 0, 6, "subjectInfoAccess" }, /* 321 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 322 */ - { 0x01, 331, 1, 7, "ocsp" }, /* 323 */ - { 0x01, 325, 0, 8, "basic" }, /* 324 */ - { 0x02, 326, 0, 8, "nonce" }, /* 325 */ - { 0x03, 327, 0, 8, "crl" }, /* 326 */ - { 0x04, 328, 0, 8, "response" }, /* 327 */ - { 0x05, 329, 0, 8, "noCheck" }, /* 328 */ - { 0x06, 330, 0, 8, "archiveCutoff" }, /* 329 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 330 */ - { 0x02, 332, 0, 7, "caIssuers" }, /* 331 */ - { 0x03, 333, 0, 7, "timeStamping" }, /* 332 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 333 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 334 */ - { 0x02, 0, 1, 6, "certificate" }, /* 335 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 336 */ - { 0x0E, 343, 1, 1, "oiw" }, /* 337 */ - { 0x03, 0, 1, 2, "secsig" }, /* 338 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 339 */ - { 0x07, 341, 0, 4, "des-cbc" }, /* 340 */ - { 0x1A, 342, 0, 4, "sha-1" }, /* 341 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 342 */ - { 0x24, 389, 1, 1, "TeleTrusT" }, /* 343 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 344 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 345 */ - { 0x01, 350, 1, 4, "rsaSignature" }, /* 346 */ - { 0x02, 348, 0, 5, "rsaSigWithripemd160" }, /* 347 */ - { 0x03, 349, 0, 5, "rsaSigWithripemd128" }, /* 348 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 349 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 350 */ - { 0x01, 352, 0, 5, "ecSignWithsha1" }, /* 351 */ - { 0x02, 353, 0, 5, "ecSignWithripemd160" }, /* 352 */ - { 0x03, 354, 0, 5, "ecSignWithmd2" }, /* 353 */ - { 0x04, 355, 0, 5, "ecSignWithmd5" }, /* 354 */ - { 0x05, 372, 1, 5, "ttt-ecg" }, /* 355 */ - { 0x01, 360, 1, 6, "fieldType" }, /* 356 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 357 */ - { 0x01, 0, 1, 8, "basisType" }, /* 358 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 359 */ - { 0x02, 362, 1, 6, "keyType" }, /* 360 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 361 */ - { 0x03, 363, 0, 6, "curve" }, /* 362 */ - { 0x04, 370, 1, 6, "signatures" }, /* 363 */ - { 0x01, 365, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 364 */ - { 0x02, 366, 0, 7, "ecgdsa-with-SHA1" }, /* 365 */ - { 0x03, 367, 0, 7, "ecgdsa-with-SHA224" }, /* 366 */ - { 0x04, 368, 0, 7, "ecgdsa-with-SHA256" }, /* 367 */ - { 0x05, 369, 0, 7, "ecgdsa-with-SHA384" }, /* 368 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 369 */ - { 0x05, 0, 1, 6, "module" }, /* 370 */ - { 0x01, 0, 0, 7, "1" }, /* 371 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 372 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 373 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 374 */ - { 0x01, 376, 0, 8, "brainpoolP160r1" }, /* 375 */ - { 0x02, 377, 0, 8, "brainpoolP160t1" }, /* 376 */ - { 0x03, 378, 0, 8, "brainpoolP192r1" }, /* 377 */ - { 0x04, 379, 0, 8, "brainpoolP192t1" }, /* 378 */ - { 0x05, 380, 0, 8, "brainpoolP224r1" }, /* 379 */ - { 0x06, 381, 0, 8, "brainpoolP224t1" }, /* 380 */ - { 0x07, 382, 0, 8, "brainpoolP256r1" }, /* 381 */ - { 0x08, 383, 0, 8, "brainpoolP256t1" }, /* 382 */ - { 0x09, 384, 0, 8, "brainpoolP320r1" }, /* 383 */ - { 0x0A, 385, 0, 8, "brainpoolP320t1" }, /* 384 */ - { 0x0B, 386, 0, 8, "brainpoolP384r1" }, /* 385 */ - { 0x0C, 387, 0, 8, "brainpoolP384t1" }, /* 386 */ - { 0x0D, 388, 0, 8, "brainpoolP512r1" }, /* 387 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 388 */ - { 0x65, 392, 1, 1, "Thawte" }, /* 389 */ - { 0x70, 391, 0, 2, "id-Ed25519" }, /* 390 */ - { 0x71, 0, 0, 2, "id-Ed448" }, /* 391 */ - { 0x81, 0, 1, 1, "" }, /* 392 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 393 */ - { 0x00, 0, 1, 3, "curve" }, /* 394 */ - { 0x01, 396, 0, 4, "sect163k1" }, /* 395 */ - { 0x02, 397, 0, 4, "sect163r1" }, /* 396 */ - { 0x03, 398, 0, 4, "sect239k1" }, /* 397 */ - { 0x04, 399, 0, 4, "sect113r1" }, /* 398 */ - { 0x05, 400, 0, 4, "sect113r2" }, /* 399 */ - { 0x06, 401, 0, 4, "secp112r1" }, /* 400 */ - { 0x07, 402, 0, 4, "secp112r2" }, /* 401 */ - { 0x08, 403, 0, 4, "secp160r1" }, /* 402 */ - { 0x09, 404, 0, 4, "secp160k1" }, /* 403 */ - { 0x0A, 405, 0, 4, "secp256k1" }, /* 404 */ - { 0x0F, 406, 0, 4, "sect163r2" }, /* 405 */ - { 0x10, 407, 0, 4, "sect283k1" }, /* 406 */ - { 0x11, 408, 0, 4, "sect283r1" }, /* 407 */ - { 0x16, 409, 0, 4, "sect131r1" }, /* 408 */ - { 0x17, 410, 0, 4, "sect131r2" }, /* 409 */ - { 0x18, 411, 0, 4, "sect193r1" }, /* 410 */ - { 0x19, 412, 0, 4, "sect193r2" }, /* 411 */ - { 0x1A, 413, 0, 4, "sect233k1" }, /* 412 */ - { 0x1B, 414, 0, 4, "sect233r1" }, /* 413 */ - { 0x1C, 415, 0, 4, "secp128r1" }, /* 414 */ - { 0x1D, 416, 0, 4, "secp128r2" }, /* 415 */ - { 0x1E, 417, 0, 4, "secp160r2" }, /* 416 */ - { 0x1F, 418, 0, 4, "secp192k1" }, /* 417 */ - { 0x20, 419, 0, 4, "secp224k1" }, /* 418 */ - { 0x21, 420, 0, 4, "secp224r1" }, /* 419 */ - { 0x22, 421, 0, 4, "secp384r1" }, /* 420 */ - { 0x23, 422, 0, 4, "secp521r1" }, /* 421 */ - { 0x24, 423, 0, 4, "sect409k1" }, /* 422 */ - { 0x25, 424, 0, 4, "sect409r1" }, /* 423 */ - { 0x26, 425, 0, 4, "sect571k1" }, /* 424 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 425 */ - {0x60, 489, 1, 0, "" }, /* 426 */ - { 0x86, 0, 1, 1, "" }, /* 427 */ - { 0x48, 0, 1, 2, "" }, /* 428 */ - { 0x01, 0, 1, 3, "organization" }, /* 429 */ - { 0x65, 465, 1, 4, "gov" }, /* 430 */ - { 0x03, 0, 1, 5, "csor" }, /* 431 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 432 */ - { 0x01, 443, 1, 7, "aes" }, /* 433 */ - { 0x02, 435, 0, 8, "id-aes128-CBC" }, /* 434 */ - { 0x06, 436, 0, 8, "id-aes128-GCM" }, /* 435 */ - { 0x07, 437, 0, 8, "id-aes128-CCM" }, /* 436 */ - { 0x16, 438, 0, 8, "id-aes192-CBC" }, /* 437 */ - { 0x1A, 439, 0, 8, "id-aes192-GCM" }, /* 438 */ - { 0x1B, 440, 0, 8, "id-aes192-CCM" }, /* 439 */ - { 0x2A, 441, 0, 8, "id-aes256-CBC" }, /* 440 */ - { 0x2E, 442, 0, 8, "id-aes256-GCM" }, /* 441 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 442 */ - { 0x02, 456, 1, 7, "hashAlgs" }, /* 443 */ - { 0x01, 445, 0, 8, "id-sha256" }, /* 444 */ - { 0x02, 446, 0, 8, "id-sha384" }, /* 445 */ - { 0x03, 447, 0, 8, "id-sha512" }, /* 446 */ - { 0x04, 448, 0, 8, "id-sha224" }, /* 447 */ - { 0x05, 449, 0, 8, "id-sha512-224" }, /* 448 */ - { 0x06, 450, 0, 8, "id-sha512-256" }, /* 449 */ - { 0x07, 451, 0, 8, "id-sha3-224" }, /* 450 */ - { 0x08, 452, 0, 8, "id-sha3-256" }, /* 451 */ - { 0x09, 453, 0, 8, "id-sha3-384" }, /* 452 */ - { 0x0A, 454, 0, 8, "id-sha3-512" }, /* 453 */ - { 0x0B, 455, 0, 8, "id-shake128" }, /* 454 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 455 */ - { 0x03, 0, 1, 7, "sigAlgs" }, /* 456 */ - { 0x09, 458, 0, 8, "id-ecdsa-with-sha3-224" }, /* 457 */ - { 0x0A, 459, 0, 8, "id-ecdsa-with-sha3-256" }, /* 458 */ - { 0x0B, 460, 0, 8, "id-ecdsa-with-sha3-384" }, /* 459 */ - { 0x0C, 461, 0, 8, "id-ecdsa-with-sha3-512" }, /* 460 */ - { 0x0D, 462, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 461 */ - { 0x0E, 463, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 462 */ - { 0x0F, 464, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 463 */ - { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 464 */ - { 0x86, 0, 1, 4, "" }, /* 465 */ - { 0xf8, 0, 1, 5, "" }, /* 466 */ - { 0x42, 479, 1, 6, "netscape" }, /* 467 */ - { 0x01, 474, 1, 7, "" }, /* 468 */ - { 0x01, 470, 0, 8, "nsCertType" }, /* 469 */ - { 0x03, 471, 0, 8, "nsRevocationUrl" }, /* 470 */ - { 0x04, 472, 0, 8, "nsCaRevocationUrl" }, /* 471 */ - { 0x08, 473, 0, 8, "nsCaPolicyUrl" }, /* 472 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 473 */ - { 0x03, 477, 1, 7, "directory" }, /* 474 */ - { 0x01, 0, 1, 8, "" }, /* 475 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 476 */ - { 0x04, 0, 1, 7, "policy" }, /* 477 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 478 */ - { 0x45, 0, 1, 6, "verisign" }, /* 479 */ - { 0x01, 0, 1, 7, "pki" }, /* 480 */ - { 0x09, 0, 1, 8, "attributes" }, /* 481 */ - { 0x02, 483, 0, 9, "messageType" }, /* 482 */ - { 0x03, 484, 0, 9, "pkiStatus" }, /* 483 */ - { 0x04, 485, 0, 9, "failInfo" }, /* 484 */ - { 0x05, 486, 0, 9, "senderNonce" }, /* 485 */ - { 0x06, 487, 0, 9, "recipientNonce" }, /* 486 */ - { 0x07, 488, 0, 9, "transID" }, /* 487 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 488 */ - {0x67, 0, 1, 0, "" }, /* 489 */ - { 0x81, 0, 1, 1, "" }, /* 490 */ - { 0x05, 0, 1, 2, "" }, /* 491 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 492 */ - { 0x01, 494, 0, 4, "tcg-at-tpmManufacturer" }, /* 493 */ - { 0x02, 495, 0, 4, "tcg-at-tpmModel" }, /* 494 */ - { 0x03, 496, 0, 4, "tcg-at-tpmVersion" }, /* 495 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 496 */ + { 0x01, 0, 1, 8, "" }, /* 247 */ + { 0x02, 0, 1, 9, "" }, /* 248 */ + { 0x02, 0, 1, 10, "" }, /* 249 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 250 */ + { 0x97, 255, 1, 5, "" }, /* 251 */ + { 0x55, 0, 1, 6, "" }, /* 252 */ + { 0x01, 0, 1, 7, "" }, /* 253 */ + { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 254 */ + { 0xC1, 0, 1, 5, "" }, /* 255 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 256 */ + { 0x01, 0, 1, 7, "eess" }, /* 257 */ + { 0x01, 0, 1, 8, "eess1" }, /* 258 */ + { 0x01, 263, 1, 9, "eess1-algs" }, /* 259 */ + { 0x01, 261, 0, 10, "ntru-EESS1v1-SVES" }, /* 260 */ + { 0x02, 262, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 261 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 262 */ + { 0x02, 293, 1, 9, "eess1-params" }, /* 263 */ + { 0x01, 265, 0, 10, "ees251ep1" }, /* 264 */ + { 0x02, 266, 0, 10, "ees347ep1" }, /* 265 */ + { 0x03, 267, 0, 10, "ees503ep1" }, /* 266 */ + { 0x07, 268, 0, 10, "ees251sp2" }, /* 267 */ + { 0x0C, 269, 0, 10, "ees251ep4" }, /* 268 */ + { 0x0D, 270, 0, 10, "ees251ep5" }, /* 269 */ + { 0x0E, 271, 0, 10, "ees251sp3" }, /* 270 */ + { 0x0F, 272, 0, 10, "ees251sp4" }, /* 271 */ + { 0x10, 273, 0, 10, "ees251sp5" }, /* 272 */ + { 0x11, 274, 0, 10, "ees251sp6" }, /* 273 */ + { 0x12, 275, 0, 10, "ees251sp7" }, /* 274 */ + { 0x13, 276, 0, 10, "ees251sp8" }, /* 275 */ + { 0x14, 277, 0, 10, "ees251sp9" }, /* 276 */ + { 0x22, 278, 0, 10, "ees401ep1" }, /* 277 */ + { 0x23, 279, 0, 10, "ees449ep1" }, /* 278 */ + { 0x24, 280, 0, 10, "ees677ep1" }, /* 279 */ + { 0x25, 281, 0, 10, "ees1087ep2" }, /* 280 */ + { 0x26, 282, 0, 10, "ees541ep1" }, /* 281 */ + { 0x27, 283, 0, 10, "ees613ep1" }, /* 282 */ + { 0x28, 284, 0, 10, "ees887ep1" }, /* 283 */ + { 0x29, 285, 0, 10, "ees1171ep1" }, /* 284 */ + { 0x2A, 286, 0, 10, "ees659ep1" }, /* 285 */ + { 0x2B, 287, 0, 10, "ees761ep1" }, /* 286 */ + { 0x2C, 288, 0, 10, "ees1087ep1" }, /* 287 */ + { 0x2D, 289, 0, 10, "ees1499ep1" }, /* 288 */ + { 0x2E, 290, 0, 10, "ees401ep2" }, /* 289 */ + { 0x2F, 291, 0, 10, "ees439ep1" }, /* 290 */ + { 0x30, 292, 0, 10, "ees593ep1" }, /* 291 */ + { 0x31, 0, 0, 10, "ees743ep1" }, /* 292 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 293 */ + { 0x05, 0, 1, 3, "security" }, /* 294 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 295 */ + { 0x07, 341, 1, 5, "id-pkix" }, /* 296 */ + { 0x01, 302, 1, 6, "id-pe" }, /* 297 */ + { 0x01, 299, 0, 7, "authorityInfoAccess" }, /* 298 */ + { 0x03, 300, 0, 7, "qcStatements" }, /* 299 */ + { 0x07, 301, 0, 7, "ipAddrBlocks" }, /* 300 */ + { 0x18, 0, 0, 7, "tlsfeature" }, /* 301 */ + { 0x02, 305, 1, 6, "id-qt" }, /* 302 */ + { 0x01, 304, 0, 7, "cps" }, /* 303 */ + { 0x02, 0, 0, 7, "unotice" }, /* 304 */ + { 0x03, 315, 1, 6, "id-kp" }, /* 305 */ + { 0x01, 307, 0, 7, "serverAuth" }, /* 306 */ + { 0x02, 308, 0, 7, "clientAuth" }, /* 307 */ + { 0x03, 309, 0, 7, "codeSigning" }, /* 308 */ + { 0x04, 310, 0, 7, "emailProtection" }, /* 309 */ + { 0x05, 311, 0, 7, "ipsecEndSystem" }, /* 310 */ + { 0x06, 312, 0, 7, "ipsecTunnel" }, /* 311 */ + { 0x07, 313, 0, 7, "ipsecUser" }, /* 312 */ + { 0x08, 314, 0, 7, "timeStamping" }, /* 313 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 314 */ + { 0x08, 323, 1, 6, "id-otherNames" }, /* 315 */ + { 0x01, 317, 0, 7, "personalData" }, /* 316 */ + { 0x02, 318, 0, 7, "userGroup" }, /* 317 */ + { 0x03, 319, 0, 7, "id-on-permanentIdentifier" }, /* 318 */ + { 0x04, 320, 0, 7, "id-on-hardwareModuleName" }, /* 319 */ + { 0x05, 321, 0, 7, "xmppAddr" }, /* 320 */ + { 0x06, 322, 0, 7, "id-on-SIM" }, /* 321 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 322 */ + { 0x0A, 328, 1, 6, "id-aca" }, /* 323 */ + { 0x01, 325, 0, 7, "authenticationInfo" }, /* 324 */ + { 0x02, 326, 0, 7, "accessIdentity" }, /* 325 */ + { 0x03, 327, 0, 7, "chargingIdentity" }, /* 326 */ + { 0x04, 0, 0, 7, "group" }, /* 327 */ + { 0x0B, 329, 0, 6, "subjectInfoAccess" }, /* 328 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 329 */ + { 0x01, 338, 1, 7, "ocsp" }, /* 330 */ + { 0x01, 332, 0, 8, "basic" }, /* 331 */ + { 0x02, 333, 0, 8, "nonce" }, /* 332 */ + { 0x03, 334, 0, 8, "crl" }, /* 333 */ + { 0x04, 335, 0, 8, "response" }, /* 334 */ + { 0x05, 336, 0, 8, "noCheck" }, /* 335 */ + { 0x06, 337, 0, 8, "archiveCutoff" }, /* 336 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 337 */ + { 0x02, 339, 0, 7, "caIssuers" }, /* 338 */ + { 0x03, 340, 0, 7, "timeStamping" }, /* 339 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 340 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 341 */ + { 0x02, 0, 1, 6, "certificate" }, /* 342 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 343 */ + { 0x0E, 350, 1, 1, "oiw" }, /* 344 */ + { 0x03, 0, 1, 2, "secsig" }, /* 345 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 346 */ + { 0x07, 348, 0, 4, "des-cbc" }, /* 347 */ + { 0x1A, 349, 0, 4, "sha-1" }, /* 348 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 349 */ + { 0x24, 396, 1, 1, "TeleTrusT" }, /* 350 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 351 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 352 */ + { 0x01, 357, 1, 4, "rsaSignature" }, /* 353 */ + { 0x02, 355, 0, 5, "rsaSigWithripemd160" }, /* 354 */ + { 0x03, 356, 0, 5, "rsaSigWithripemd128" }, /* 355 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 356 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 357 */ + { 0x01, 359, 0, 5, "ecSignWithsha1" }, /* 358 */ + { 0x02, 360, 0, 5, "ecSignWithripemd160" }, /* 359 */ + { 0x03, 361, 0, 5, "ecSignWithmd2" }, /* 360 */ + { 0x04, 362, 0, 5, "ecSignWithmd5" }, /* 361 */ + { 0x05, 379, 1, 5, "ttt-ecg" }, /* 362 */ + { 0x01, 367, 1, 6, "fieldType" }, /* 363 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 364 */ + { 0x01, 0, 1, 8, "basisType" }, /* 365 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 366 */ + { 0x02, 369, 1, 6, "keyType" }, /* 367 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 368 */ + { 0x03, 370, 0, 6, "curve" }, /* 369 */ + { 0x04, 377, 1, 6, "signatures" }, /* 370 */ + { 0x01, 372, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 371 */ + { 0x02, 373, 0, 7, "ecgdsa-with-SHA1" }, /* 372 */ + { 0x03, 374, 0, 7, "ecgdsa-with-SHA224" }, /* 373 */ + { 0x04, 375, 0, 7, "ecgdsa-with-SHA256" }, /* 374 */ + { 0x05, 376, 0, 7, "ecgdsa-with-SHA384" }, /* 375 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 376 */ + { 0x05, 0, 1, 6, "module" }, /* 377 */ + { 0x01, 0, 0, 7, "1" }, /* 378 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 379 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 380 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 381 */ + { 0x01, 383, 0, 8, "brainpoolP160r1" }, /* 382 */ + { 0x02, 384, 0, 8, "brainpoolP160t1" }, /* 383 */ + { 0x03, 385, 0, 8, "brainpoolP192r1" }, /* 384 */ + { 0x04, 386, 0, 8, "brainpoolP192t1" }, /* 385 */ + { 0x05, 387, 0, 8, "brainpoolP224r1" }, /* 386 */ + { 0x06, 388, 0, 8, "brainpoolP224t1" }, /* 387 */ + { 0x07, 389, 0, 8, "brainpoolP256r1" }, /* 388 */ + { 0x08, 390, 0, 8, "brainpoolP256t1" }, /* 389 */ + { 0x09, 391, 0, 8, "brainpoolP320r1" }, /* 390 */ + { 0x0A, 392, 0, 8, "brainpoolP320t1" }, /* 391 */ + { 0x0B, 393, 0, 8, "brainpoolP384r1" }, /* 392 */ + { 0x0C, 394, 0, 8, "brainpoolP384t1" }, /* 393 */ + { 0x0D, 395, 0, 8, "brainpoolP512r1" }, /* 394 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 395 */ + { 0x65, 399, 1, 1, "Thawte" }, /* 396 */ + { 0x70, 398, 0, 2, "id-Ed25519" }, /* 397 */ + { 0x71, 0, 0, 2, "id-Ed448" }, /* 398 */ + { 0x81, 0, 1, 1, "" }, /* 399 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 400 */ + { 0x00, 0, 1, 3, "curve" }, /* 401 */ + { 0x01, 403, 0, 4, "sect163k1" }, /* 402 */ + { 0x02, 404, 0, 4, "sect163r1" }, /* 403 */ + { 0x03, 405, 0, 4, "sect239k1" }, /* 404 */ + { 0x04, 406, 0, 4, "sect113r1" }, /* 405 */ + { 0x05, 407, 0, 4, "sect113r2" }, /* 406 */ + { 0x06, 408, 0, 4, "secp112r1" }, /* 407 */ + { 0x07, 409, 0, 4, "secp112r2" }, /* 408 */ + { 0x08, 410, 0, 4, "secp160r1" }, /* 409 */ + { 0x09, 411, 0, 4, "secp160k1" }, /* 410 */ + { 0x0A, 412, 0, 4, "secp256k1" }, /* 411 */ + { 0x0F, 413, 0, 4, "sect163r2" }, /* 412 */ + { 0x10, 414, 0, 4, "sect283k1" }, /* 413 */ + { 0x11, 415, 0, 4, "sect283r1" }, /* 414 */ + { 0x16, 416, 0, 4, "sect131r1" }, /* 415 */ + { 0x17, 417, 0, 4, "sect131r2" }, /* 416 */ + { 0x18, 418, 0, 4, "sect193r1" }, /* 417 */ + { 0x19, 419, 0, 4, "sect193r2" }, /* 418 */ + { 0x1A, 420, 0, 4, "sect233k1" }, /* 419 */ + { 0x1B, 421, 0, 4, "sect233r1" }, /* 420 */ + { 0x1C, 422, 0, 4, "secp128r1" }, /* 421 */ + { 0x1D, 423, 0, 4, "secp128r2" }, /* 422 */ + { 0x1E, 424, 0, 4, "secp160r2" }, /* 423 */ + { 0x1F, 425, 0, 4, "secp192k1" }, /* 424 */ + { 0x20, 426, 0, 4, "secp224k1" }, /* 425 */ + { 0x21, 427, 0, 4, "secp224r1" }, /* 426 */ + { 0x22, 428, 0, 4, "secp384r1" }, /* 427 */ + { 0x23, 429, 0, 4, "secp521r1" }, /* 428 */ + { 0x24, 430, 0, 4, "sect409k1" }, /* 429 */ + { 0x25, 431, 0, 4, "sect409r1" }, /* 430 */ + { 0x26, 432, 0, 4, "sect571k1" }, /* 431 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 432 */ + {0x60, 496, 1, 0, "" }, /* 433 */ + { 0x86, 0, 1, 1, "" }, /* 434 */ + { 0x48, 0, 1, 2, "" }, /* 435 */ + { 0x01, 0, 1, 3, "organization" }, /* 436 */ + { 0x65, 472, 1, 4, "gov" }, /* 437 */ + { 0x03, 0, 1, 5, "csor" }, /* 438 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 439 */ + { 0x01, 450, 1, 7, "aes" }, /* 440 */ + { 0x02, 442, 0, 8, "id-aes128-CBC" }, /* 441 */ + { 0x06, 443, 0, 8, "id-aes128-GCM" }, /* 442 */ + { 0x07, 444, 0, 8, "id-aes128-CCM" }, /* 443 */ + { 0x16, 445, 0, 8, "id-aes192-CBC" }, /* 444 */ + { 0x1A, 446, 0, 8, "id-aes192-GCM" }, /* 445 */ + { 0x1B, 447, 0, 8, "id-aes192-CCM" }, /* 446 */ + { 0x2A, 448, 0, 8, "id-aes256-CBC" }, /* 447 */ + { 0x2E, 449, 0, 8, "id-aes256-GCM" }, /* 448 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 449 */ + { 0x02, 463, 1, 7, "hashAlgs" }, /* 450 */ + { 0x01, 452, 0, 8, "id-sha256" }, /* 451 */ + { 0x02, 453, 0, 8, "id-sha384" }, /* 452 */ + { 0x03, 454, 0, 8, "id-sha512" }, /* 453 */ + { 0x04, 455, 0, 8, "id-sha224" }, /* 454 */ + { 0x05, 456, 0, 8, "id-sha512-224" }, /* 455 */ + { 0x06, 457, 0, 8, "id-sha512-256" }, /* 456 */ + { 0x07, 458, 0, 8, "id-sha3-224" }, /* 457 */ + { 0x08, 459, 0, 8, "id-sha3-256" }, /* 458 */ + { 0x09, 460, 0, 8, "id-sha3-384" }, /* 459 */ + { 0x0A, 461, 0, 8, "id-sha3-512" }, /* 460 */ + { 0x0B, 462, 0, 8, "id-shake128" }, /* 461 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 462 */ + { 0x03, 0, 1, 7, "sigAlgs" }, /* 463 */ + { 0x09, 465, 0, 8, "id-ecdsa-with-sha3-224" }, /* 464 */ + { 0x0A, 466, 0, 8, "id-ecdsa-with-sha3-256" }, /* 465 */ + { 0x0B, 467, 0, 8, "id-ecdsa-with-sha3-384" }, /* 466 */ + { 0x0C, 468, 0, 8, "id-ecdsa-with-sha3-512" }, /* 467 */ + { 0x0D, 469, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 468 */ + { 0x0E, 470, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 469 */ + { 0x0F, 471, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 470 */ + { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 471 */ + { 0x86, 0, 1, 4, "" }, /* 472 */ + { 0xf8, 0, 1, 5, "" }, /* 473 */ + { 0x42, 486, 1, 6, "netscape" }, /* 474 */ + { 0x01, 481, 1, 7, "" }, /* 475 */ + { 0x01, 477, 0, 8, "nsCertType" }, /* 476 */ + { 0x03, 478, 0, 8, "nsRevocationUrl" }, /* 477 */ + { 0x04, 479, 0, 8, "nsCaRevocationUrl" }, /* 478 */ + { 0x08, 480, 0, 8, "nsCaPolicyUrl" }, /* 479 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 480 */ + { 0x03, 484, 1, 7, "directory" }, /* 481 */ + { 0x01, 0, 1, 8, "" }, /* 482 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 483 */ + { 0x04, 0, 1, 7, "policy" }, /* 484 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 485 */ + { 0x45, 0, 1, 6, "verisign" }, /* 486 */ + { 0x01, 0, 1, 7, "pki" }, /* 487 */ + { 0x09, 0, 1, 8, "attributes" }, /* 488 */ + { 0x02, 490, 0, 9, "messageType" }, /* 489 */ + { 0x03, 491, 0, 9, "pkiStatus" }, /* 490 */ + { 0x04, 492, 0, 9, "failInfo" }, /* 491 */ + { 0x05, 493, 0, 9, "senderNonce" }, /* 492 */ + { 0x06, 494, 0, 9, "recipientNonce" }, /* 493 */ + { 0x07, 495, 0, 9, "transID" }, /* 494 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 495 */ + {0x67, 0, 1, 0, "" }, /* 496 */ + { 0x81, 0, 1, 1, "" }, /* 497 */ + { 0x05, 0, 1, 2, "" }, /* 498 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 499 */ + { 0x01, 501, 0, 4, "tcg-at-tpmManufacturer" }, /* 500 */ + { 0x02, 502, 0, 4, "tcg-at-tpmModel" }, /* 501 */ + { 0x03, 503, 0, 4, "tcg-at-tpmVersion" }, /* 502 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 503 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 230fe2f87..99cf77854 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -111,166 +111,173 @@ extern const oid_t oid_names[]; #define OID_P12_CRL_BAG 146 #define OID_MD2 150 #define OID_MD5 151 -#define OID_3DES_EDE_CBC 153 -#define OID_EC_PUBLICKEY 157 -#define OID_C2PNB163V1 160 -#define OID_C2PNB163V2 161 -#define OID_C2PNB163V3 162 -#define OID_C2PNB176W1 163 -#define OID_C2PNB191V1 164 -#define OID_C2PNB191V2 165 -#define OID_C2PNB191V3 166 -#define OID_C2PNB191V4 167 -#define OID_C2PNB191V5 168 -#define OID_C2PNB208W1 169 -#define OID_C2PNB239V1 170 -#define OID_C2PNB239V2 171 -#define OID_C2PNB239V3 172 -#define OID_C2PNB239V4 173 -#define OID_C2PNB239V5 174 -#define OID_C2PNB272W1 175 -#define OID_C2PNB304W1 176 -#define OID_C2PNB359V1 177 -#define OID_C2PNB368W1 178 -#define OID_C2PNB431R1 179 -#define OID_PRIME192V1 181 -#define OID_PRIME192V2 182 -#define OID_PRIME192V3 183 -#define OID_PRIME239V1 184 -#define OID_PRIME239V2 185 -#define OID_PRIME239V3 186 -#define OID_PRIME256V1 187 -#define OID_ECDSA_WITH_SHA1 189 -#define OID_ECDSA_WITH_SHA224 191 -#define OID_ECDSA_WITH_SHA256 192 -#define OID_ECDSA_WITH_SHA384 193 -#define OID_ECDSA_WITH_SHA512 194 -#define OID_MS_SMARTCARD_LOGON 208 -#define OID_USER_PRINCIPAL_NAME 209 -#define OID_STRONGSWAN 215 -#define OID_BLISS_PUBLICKEY 220 -#define OID_BLISS_I 222 -#define OID_BLISS_II 223 -#define OID_BLISS_III 224 -#define OID_BLISS_IV 225 -#define OID_BLISS_B_I 226 -#define OID_BLISS_B_II 227 -#define OID_BLISS_B_III 228 -#define OID_BLISS_B_IV 229 -#define OID_BLISS_WITH_SHA2_512 231 -#define OID_BLISS_WITH_SHA2_384 232 -#define OID_BLISS_WITH_SHA2_256 233 -#define OID_BLISS_WITH_SHA3_512 234 -#define OID_BLISS_WITH_SHA3_384 235 -#define OID_BLISS_WITH_SHA3_256 236 -#define OID_TCGID 243 -#define OID_BLOWFISH_CBC 247 -#define OID_AUTHORITY_INFO_ACCESS 291 -#define OID_IP_ADDR_BLOCKS 293 -#define OID_POLICY_QUALIFIER_CPS 296 -#define OID_POLICY_QUALIFIER_UNOTICE 297 -#define OID_SERVER_AUTH 299 -#define OID_CLIENT_AUTH 300 -#define OID_OCSP_SIGNING 307 -#define OID_XMPP_ADDR 313 -#define OID_AUTHENTICATION_INFO 317 -#define OID_ACCESS_IDENTITY 318 -#define OID_CHARGING_IDENTITY 319 -#define OID_GROUP 320 -#define OID_OCSP 323 -#define OID_BASIC 324 -#define OID_NONCE 325 -#define OID_CRL 326 -#define OID_RESPONSE 327 -#define OID_NO_CHECK 328 -#define OID_ARCHIVE_CUTOFF 329 -#define OID_SERVICE_LOCATOR 330 -#define OID_CA_ISSUERS 331 -#define OID_IKE_INTERMEDIATE 336 -#define OID_DES_CBC 340 -#define OID_SHA1 341 -#define OID_SHA1_WITH_RSA_OIW 342 -#define OID_ECGDSA_PUBKEY 361 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 364 -#define OID_ECGDSA_SIG_WITH_SHA1 365 -#define OID_ECGDSA_SIG_WITH_SHA224 366 -#define OID_ECGDSA_SIG_WITH_SHA256 367 -#define OID_ECGDSA_SIG_WITH_SHA384 368 -#define OID_ECGDSA_SIG_WITH_SHA512 369 -#define OID_ED25519 390 -#define OID_ED448 391 -#define OID_SECT163K1 395 -#define OID_SECT163R1 396 -#define OID_SECT239K1 397 -#define OID_SECT113R1 398 -#define OID_SECT113R2 399 -#define OID_SECT112R1 400 -#define OID_SECT112R2 401 -#define OID_SECT160R1 402 -#define OID_SECT160K1 403 -#define OID_SECT256K1 404 -#define OID_SECT163R2 405 -#define OID_SECT283K1 406 -#define OID_SECT283R1 407 -#define OID_SECT131R1 408 -#define OID_SECT131R2 409 -#define OID_SECT193R1 410 -#define OID_SECT193R2 411 -#define OID_SECT233K1 412 -#define OID_SECT233R1 413 -#define OID_SECT128R1 414 -#define OID_SECT128R2 415 -#define OID_SECT160R2 416 -#define OID_SECT192K1 417 -#define OID_SECT224K1 418 -#define OID_SECT224R1 419 -#define OID_SECT384R1 420 -#define OID_SECT521R1 421 -#define OID_SECT409K1 422 -#define OID_SECT409R1 423 -#define OID_SECT571K1 424 -#define OID_SECT571R1 425 -#define OID_AES128_CBC 434 -#define OID_AES128_GCM 435 -#define OID_AES128_CCM 436 -#define OID_AES192_CBC 437 -#define OID_AES192_GCM 438 -#define OID_AES192_CCM 439 -#define OID_AES256_CBC 440 -#define OID_AES256_GCM 441 -#define OID_AES256_CCM 442 -#define OID_SHA256 444 -#define OID_SHA384 445 -#define OID_SHA512 446 -#define OID_SHA224 447 -#define OID_SHA3_224 450 -#define OID_SHA3_256 451 -#define OID_SHA3_384 452 -#define OID_SHA3_512 453 -#define OID_ECDSA_WITH_SHA3_224 457 -#define OID_ECDSA_WITH_SHA3_256 458 -#define OID_ECDSA_WITH_SHA3_384 459 -#define OID_ECDSA_WITH_SHA3_512 460 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 461 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 462 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 463 -#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 464 -#define OID_NS_REVOCATION_URL 470 -#define OID_NS_CA_REVOCATION_URL 471 -#define OID_NS_CA_POLICY_URL 472 -#define OID_NS_COMMENT 473 -#define OID_EMPLOYEE_NUMBER 476 -#define OID_PKI_MESSAGE_TYPE 482 -#define OID_PKI_STATUS 483 -#define OID_PKI_FAIL_INFO 484 -#define OID_PKI_SENDER_NONCE 485 -#define OID_PKI_RECIPIENT_NONCE 486 -#define OID_PKI_TRANS_ID 487 -#define OID_TPM_MANUFACTURER 493 -#define OID_TPM_MODEL 494 -#define OID_TPM_VERSION 495 -#define OID_TPM_ID_LABEL 496 +#define OID_HMAC_SHA1 152 +#define OID_HMAC_SHA224 153 +#define OID_HMAC_SHA256 154 +#define OID_HMAC_SHA384 155 +#define OID_HMAC_SHA512 156 +#define OID_HMAC_SHA512_224 157 +#define OID_HMAC_SHA512_256 158 +#define OID_3DES_EDE_CBC 160 +#define OID_EC_PUBLICKEY 164 +#define OID_C2PNB163V1 167 +#define OID_C2PNB163V2 168 +#define OID_C2PNB163V3 169 +#define OID_C2PNB176W1 170 +#define OID_C2PNB191V1 171 +#define OID_C2PNB191V2 172 +#define OID_C2PNB191V3 173 +#define OID_C2PNB191V4 174 +#define OID_C2PNB191V5 175 +#define OID_C2PNB208W1 176 +#define OID_C2PNB239V1 177 +#define OID_C2PNB239V2 178 +#define OID_C2PNB239V3 179 +#define OID_C2PNB239V4 180 +#define OID_C2PNB239V5 181 +#define OID_C2PNB272W1 182 +#define OID_C2PNB304W1 183 +#define OID_C2PNB359V1 184 +#define OID_C2PNB368W1 185 +#define OID_C2PNB431R1 186 +#define OID_PRIME192V1 188 +#define OID_PRIME192V2 189 +#define OID_PRIME192V3 190 +#define OID_PRIME239V1 191 +#define OID_PRIME239V2 192 +#define OID_PRIME239V3 193 +#define OID_PRIME256V1 194 +#define OID_ECDSA_WITH_SHA1 196 +#define OID_ECDSA_WITH_SHA224 198 +#define OID_ECDSA_WITH_SHA256 199 +#define OID_ECDSA_WITH_SHA384 200 +#define OID_ECDSA_WITH_SHA512 201 +#define OID_MS_SMARTCARD_LOGON 215 +#define OID_USER_PRINCIPAL_NAME 216 +#define OID_STRONGSWAN 222 +#define OID_BLISS_PUBLICKEY 227 +#define OID_BLISS_I 229 +#define OID_BLISS_II 230 +#define OID_BLISS_III 231 +#define OID_BLISS_IV 232 +#define OID_BLISS_B_I 233 +#define OID_BLISS_B_II 234 +#define OID_BLISS_B_III 235 +#define OID_BLISS_B_IV 236 +#define OID_BLISS_WITH_SHA2_512 238 +#define OID_BLISS_WITH_SHA2_384 239 +#define OID_BLISS_WITH_SHA2_256 240 +#define OID_BLISS_WITH_SHA3_512 241 +#define OID_BLISS_WITH_SHA3_384 242 +#define OID_BLISS_WITH_SHA3_256 243 +#define OID_TCGID 250 +#define OID_BLOWFISH_CBC 254 +#define OID_AUTHORITY_INFO_ACCESS 298 +#define OID_IP_ADDR_BLOCKS 300 +#define OID_POLICY_QUALIFIER_CPS 303 +#define OID_POLICY_QUALIFIER_UNOTICE 304 +#define OID_SERVER_AUTH 306 +#define OID_CLIENT_AUTH 307 +#define OID_OCSP_SIGNING 314 +#define OID_XMPP_ADDR 320 +#define OID_AUTHENTICATION_INFO 324 +#define OID_ACCESS_IDENTITY 325 +#define OID_CHARGING_IDENTITY 326 +#define OID_GROUP 327 +#define OID_OCSP 330 +#define OID_BASIC 331 +#define OID_NONCE 332 +#define OID_CRL 333 +#define OID_RESPONSE 334 +#define OID_NO_CHECK 335 +#define OID_ARCHIVE_CUTOFF 336 +#define OID_SERVICE_LOCATOR 337 +#define OID_CA_ISSUERS 338 +#define OID_IKE_INTERMEDIATE 343 +#define OID_DES_CBC 347 +#define OID_SHA1 348 +#define OID_SHA1_WITH_RSA_OIW 349 +#define OID_ECGDSA_PUBKEY 368 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 371 +#define OID_ECGDSA_SIG_WITH_SHA1 372 +#define OID_ECGDSA_SIG_WITH_SHA224 373 +#define OID_ECGDSA_SIG_WITH_SHA256 374 +#define OID_ECGDSA_SIG_WITH_SHA384 375 +#define OID_ECGDSA_SIG_WITH_SHA512 376 +#define OID_ED25519 397 +#define OID_ED448 398 +#define OID_SECT163K1 402 +#define OID_SECT163R1 403 +#define OID_SECT239K1 404 +#define OID_SECT113R1 405 +#define OID_SECT113R2 406 +#define OID_SECT112R1 407 +#define OID_SECT112R2 408 +#define OID_SECT160R1 409 +#define OID_SECT160K1 410 +#define OID_SECT256K1 411 +#define OID_SECT163R2 412 +#define OID_SECT283K1 413 +#define OID_SECT283R1 414 +#define OID_SECT131R1 415 +#define OID_SECT131R2 416 +#define OID_SECT193R1 417 +#define OID_SECT193R2 418 +#define OID_SECT233K1 419 +#define OID_SECT233R1 420 +#define OID_SECT128R1 421 +#define OID_SECT128R2 422 +#define OID_SECT160R2 423 +#define OID_SECT192K1 424 +#define OID_SECT224K1 425 +#define OID_SECT224R1 426 +#define OID_SECT384R1 427 +#define OID_SECT521R1 428 +#define OID_SECT409K1 429 +#define OID_SECT409R1 430 +#define OID_SECT571K1 431 +#define OID_SECT571R1 432 +#define OID_AES128_CBC 441 +#define OID_AES128_GCM 442 +#define OID_AES128_CCM 443 +#define OID_AES192_CBC 444 +#define OID_AES192_GCM 445 +#define OID_AES192_CCM 446 +#define OID_AES256_CBC 447 +#define OID_AES256_GCM 448 +#define OID_AES256_CCM 449 +#define OID_SHA256 451 +#define OID_SHA384 452 +#define OID_SHA512 453 +#define OID_SHA224 454 +#define OID_SHA3_224 457 +#define OID_SHA3_256 458 +#define OID_SHA3_384 459 +#define OID_SHA3_512 460 +#define OID_ECDSA_WITH_SHA3_224 464 +#define OID_ECDSA_WITH_SHA3_256 465 +#define OID_ECDSA_WITH_SHA3_384 466 +#define OID_ECDSA_WITH_SHA3_512 467 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 468 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 469 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 470 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 471 +#define OID_NS_REVOCATION_URL 477 +#define OID_NS_CA_REVOCATION_URL 478 +#define OID_NS_CA_POLICY_URL 479 +#define OID_NS_COMMENT 480 +#define OID_EMPLOYEE_NUMBER 483 +#define OID_PKI_MESSAGE_TYPE 489 +#define OID_PKI_STATUS 490 +#define OID_PKI_FAIL_INFO 491 +#define OID_PKI_SENDER_NONCE 492 +#define OID_PKI_RECIPIENT_NONCE 493 +#define OID_PKI_TRANS_ID 494 +#define OID_TPM_MANUFACTURER 500 +#define OID_TPM_MODEL 501 +#define OID_TPM_VERSION 502 +#define OID_TPM_ID_LABEL 503 -#define OID_MAX 497 +#define OID_MAX 504 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl index c45077a3f..f77e14b04 100644 --- a/src/libstrongswan/asn1/oid.pl +++ b/src/libstrongswan/asn1/oid.pl @@ -2,7 +2,7 @@ # Generates oid.h and oid.c out of oid.txt # # Copyright (C) 2003-2008 Andreas Steffen -# Hochschule fuer Technik Rapperswil +# HSR Hochschule fuer Technik Rapperswil # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 369f6f899..723cb36fc 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -150,6 +150,13 @@ 0x02 "digestAlgorithm" 0x02 "md2" OID_MD2 0x05 "md5" OID_MD5 + 0x07 "hmacWithSHA1" OID_HMAC_SHA1 + 0x08 "hmacWithSHA224" OID_HMAC_SHA224 + 0x09 "hmacWithSHA256" OID_HMAC_SHA256 + 0x0A "hmacWithSHA384" OID_HMAC_SHA384 + 0x0B "hmacWithSHA512" OID_HMAC_SHA512 + 0x0C "hmacWithSHA512-224" OID_HMAC_SHA512_224 + 0x0D "hmacWithSHA512-256" OID_HMAC_SHA512_256 0x03 "encryptionAlgorithm" 0x07 "3des-ede-cbc" OID_3DES_EDE_CBC 0xCE "" diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c index 6e35999ce..82e405002 100644 --- a/src/libstrongswan/bio/bio_reader.c +++ b/src/libstrongswan/bio/bio_reader.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h index 358993c4f..fbca8bdf5 100644 --- a/src/libstrongswan/bio/bio_reader.h +++ b/src/libstrongswan/bio/bio_reader.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c index a21b376cf..348702071 100644 --- a/src/libstrongswan/bio/bio_writer.c +++ b/src/libstrongswan/bio/bio_writer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h index b6e3db730..88f365e9f 100644 --- a/src/libstrongswan/bio/bio_writer.h +++ b/src/libstrongswan/bio/bio_writer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index c3dd6e0e9..fea28cedb 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index d8a16b5df..792dc7677 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/libstrongswan/collections/blocking_queue.c b/src/libstrongswan/collections/blocking_queue.c index da3356970..40f65a930 100644 --- a/src/libstrongswan/collections/blocking_queue.c +++ b/src/libstrongswan/collections/blocking_queue.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/blocking_queue.h b/src/libstrongswan/collections/blocking_queue.h index 9b014f719..d902c3245 100644 --- a/src/libstrongswan/collections/blocking_queue.h +++ b/src/libstrongswan/collections/blocking_queue.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/dictionary.h b/src/libstrongswan/collections/dictionary.h index 679e41d2d..74f218e79 100644 --- a/src/libstrongswan/collections/dictionary.h +++ b/src/libstrongswan/collections/dictionary.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/enumerator.c b/src/libstrongswan/collections/enumerator.c index 52c9e1cd5..21aa9f66b 100644 --- a/src/libstrongswan/collections/enumerator.c +++ b/src/libstrongswan/collections/enumerator.c @@ -291,7 +291,7 @@ typedef struct { char *string; /** current position */ char *pos; - /** separater chars */ + /** separator chars */ const char *sep; /** trim chars */ const char *trim; diff --git a/src/libstrongswan/collections/hashtable.c b/src/libstrongswan/collections/hashtable.c index b0eda9e6a..64f154c4e 100644 --- a/src/libstrongswan/collections/hashtable.c +++ b/src/libstrongswan/collections/hashtable.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/hashtable.h b/src/libstrongswan/collections/hashtable.h index f60564a42..1bc674c6c 100644 --- a/src/libstrongswan/collections/hashtable.h +++ b/src/libstrongswan/collections/hashtable.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c index f877be5a6..5ad7360d6 100644 --- a/src/libstrongswan/collections/linked_list.c +++ b/src/libstrongswan/collections/linked_list.c @@ -2,7 +2,7 @@ * Copyright (C) 2007-2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h index c99cb836b..a9cb7f0d4 100644 --- a/src/libstrongswan/collections/linked_list.h +++ b/src/libstrongswan/collections/linked_list.h @@ -2,7 +2,7 @@ * Copyright (C) 2007-2017 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 2eb448546..b473223e4 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index 6dc5c7694..bed55f8b8 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c index 09fd0bfc8..ba3bda561 100644 --- a/src/libstrongswan/credentials/certificates/crl.c +++ b/src/libstrongswan/credentials/certificates/crl.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 8a48bd7ff..224585fb2 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h index 730d95d70..508a65f3e 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_request.h +++ b/src/libstrongswan/credentials/certificates/ocsp_request.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.c b/src/libstrongswan/credentials/certificates/ocsp_response.c index c4a39e28d..bf4f11334 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_response.c +++ b/src/libstrongswan/credentials/certificates/ocsp_response.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h index c6a4c1277..9e699aef6 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_response.h +++ b/src/libstrongswan/credentials/certificates/ocsp_response.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/pgp_certificate.h b/src/libstrongswan/credentials/certificates/pgp_certificate.h index 94a31e14d..c49a39d66 100644 --- a/src/libstrongswan/credentials/certificates/pgp_certificate.h +++ b/src/libstrongswan/credentials/certificates/pgp_certificate.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 2c640e2da..46feca619 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -62,6 +62,9 @@ enum x509_flag_t { X509_IKE_INTERMEDIATE = (1<<8), /** cert has Microsoft Smartcard Logon usage */ X509_MS_SMARTCARD_LOGON = (1<<9), + /** cert either lacks keyUsage bits, or includes either digitalSignature + * or nonRepudiation as per RFC 4945, section 5.1.3.2. */ + X509_IKE_COMPLIANT = (1<<10), }; extern enum_name_t *x509_flag_names; diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h index ee329881d..627cda374 100644 --- a/src/libstrongswan/credentials/containers/container.h +++ b/src/libstrongswan/credentials/containers/container.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 8cc6a6c63..323198a19 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h index fc4fb39ce..e75dc2e9f 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.h +++ b/src/libstrongswan/credentials/containers/pkcs12.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index d6523821e..ce59a6a2d 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h index 1129357ba..08dd97c7a 100644 --- a/src/libstrongswan/credentials/cred_encoding.h +++ b/src/libstrongswan/credentials/cred_encoding.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index 07e6ea343..fd3ecb8fa 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index 55b669529..a03dd1abc 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 21b23f543..15f3f7b1b 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h index d99f29b85..a9947dcbc 100644 --- a/src/libstrongswan/credentials/credential_manager.h +++ b/src/libstrongswan/credentials/credential_manager.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/credential_set.h b/src/libstrongswan/credentials/credential_set.h index 8673c484f..d0b2c574d 100644 --- a/src/libstrongswan/credentials/credential_set.h +++ b/src/libstrongswan/credentials/credential_set.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c index 8292af495..0b83eba89 100644 --- a/src/libstrongswan/credentials/keys/private_key.c +++ b/src/libstrongswan/credentials/keys/private_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index 1c2d31167..2294eaff7 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index 900c6613e..d97139de2 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 1cd4b9d03..4b59fa23f 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h index 3a4b197ac..1489289d4 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h index 2235bc30d..3d764c9f5 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.h +++ b/src/libstrongswan/credentials/sets/cert_cache.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 4d594e439..b0f77be98 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2016 Tobias Brunner - * HSR Hochschule fuer Technik Rapperwsil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c index 12d3f8156..e12d04534 100644 --- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h index dc4b451df..97f4efdc8 100644 --- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index d50bd4d22..f3c5abed6 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index 9d1b8df55..cb21d3ca7 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c index 3e33765b1..9bde663d1 100644 --- a/src/libstrongswan/crypto/crypters/crypter.c +++ b/src/libstrongswan/crypto/crypters/crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h index 19ba55d83..5ffcac253 100644 --- a/src/libstrongswan/crypto/crypters/crypter.h +++ b/src/libstrongswan/crypto/crypters/crypter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index e86e7ae76..f0f64ce42 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 1b02cb469..430929595 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 820b8d1d8..efcfdbc74 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -2,7 +2,7 @@ * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -66,11 +66,9 @@ static struct { diffie_hellman_params_t public; /* The group identifier as specified in IKEv2 */ diffie_hellman_group_t group; - /* Optimal length of the exponent (in bytes), as specified in RFC 3526. */ - size_t opt_exp; } dh_params[] = { { - .group = MODP_768_BIT, .opt_exp = 32, .public = { + .group = MODP_768_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -82,7 +80,7 @@ static struct { 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1024_BIT, .opt_exp = 32, .public = { + .group = MODP_1024_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -96,7 +94,7 @@ static struct { 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1536_BIT, .opt_exp = 32, .public = { + .group = MODP_1536_BIT, .public = { .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -114,7 +112,7 @@ static struct { 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_2048_BIT, .opt_exp = 48, .public = { + .group = MODP_2048_BIT, .public = { .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -136,7 +134,7 @@ static struct { 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_3072_BIT, .opt_exp = 48, .public = { + .group = MODP_3072_BIT, .public = { .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -166,7 +164,7 @@ static struct { 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_4096_BIT, .opt_exp = 64, .public = { + .group = MODP_4096_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -204,7 +202,7 @@ static struct { 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_6144_BIT, .opt_exp = 64, .public = { + .group = MODP_6144_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -258,7 +256,7 @@ static struct { 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_8192_BIT, .opt_exp = 64, .public = { + .group = MODP_8192_BIT, .public = { .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( @@ -328,7 +326,7 @@ static struct { 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), }, },{ - .group = MODP_1024_160, .opt_exp = 20, .public = { + .group = MODP_1024_160, .public = { .exp_len = 20, .subgroup = chunk_from_chars( 0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D, @@ -353,7 +351,7 @@ static struct { 0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71), }, }, { - .group = MODP_2048_224, .opt_exp = 28, .public = { + .group = MODP_2048_224, .public = { .exp_len = 28, .subgroup = chunk_from_chars( 0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A, @@ -394,7 +392,7 @@ static struct { 0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F) }, },{ - .group = MODP_2048_256, .opt_exp = 32, .public = { + .group = MODP_2048_256, .public = { .exp_len = 32, .subgroup = chunk_from_chars( 0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2, @@ -444,11 +442,19 @@ void diffie_hellman_init() { int i; + /* the default exponent size set above is based on the optimal length + * according to RFC 3526 */ if (lib->settings->get_bool(lib->settings, "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) { for (i = 0; i < countof(dh_params); i++) { + /* according to RFC 5114 the size of the exponent for these DH + * groups should equal the size of their prime order subgroup */ + if (dh_params[i].public.subgroup.len) + { + continue; + } dh_params[i].public.exp_len = dh_params[i].public.prime.len; } } @@ -465,19 +471,6 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) { if (dh_params[i].group == group) { - if (!dh_params[i].public.exp_len) - { - if (!dh_params[i].public.subgroup.len && - lib->settings->get_bool(lib->settings, - "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) - { - dh_params[i].public.exp_len = dh_params[i].public.prime.len; - } - else - { - dh_params[i].public.exp_len = dh_params[i].opt_exp; - } - } return &dh_params[i].public; } } diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 1a8110abb..ce01bb346 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -2,7 +2,7 @@ * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c index 4087fe1d9..800bd0df7 100644 --- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c +++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h index 00e90cc2e..e02ba8c4e 100644 --- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h +++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c index c70627723..c6efe08d0 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.c +++ b/src/libstrongswan/crypto/iv/iv_gen.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2015 Martin Willi * Copyright (C) 2015 revosec AG diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h index 292fc329f..0808e24d5 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.h +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c index 3b8f93986..cb4a397f9 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.c +++ b/src/libstrongswan/crypto/iv/iv_gen_null.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.h b/src/libstrongswan/crypto/iv/iv_gen_null.h index b63f0c3e9..960327c14 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.h +++ b/src/libstrongswan/crypto/iv/iv_gen_null.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c index 1474b3a12..66dcff767 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.c +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.h b/src/libstrongswan/crypto/iv/iv_gen_rand.h index 62d76ed21..edd449c1c 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.h +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index 56620291c..42644e516 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.h b/src/libstrongswan/crypto/iv/iv_gen_seq.h index 43ff4f65e..daf7ec203 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.h +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h index f23c6750f..50dc4c73a 100644 --- a/src/libstrongswan/crypto/mac.h +++ b/src/libstrongswan/crypto/mac.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h index 98d159e12..4bdcb9403 100644 --- a/src/libstrongswan/crypto/nonce_gen.h +++ b/src/libstrongswan/crypto/nonce_gen.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c index 8a1452425..e7677a9c1 100644 --- a/src/libstrongswan/crypto/pkcs5.c +++ b/src/libstrongswan/crypto/pkcs5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -422,7 +422,9 @@ static bool parse_pbes1_params(private_pkcs5_t *this, chunk_t blob, int level0) /** * ASN.1 definition of a PBKDF2-params structure * The salt is actually a CHOICE and could be an AlgorithmIdentifier from - * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions). + * PBKDF2-SaltSources (but as per RFC 8018 that's for future versions). + * The PRF algorithm is actually defined as DEFAULT and not OPTIONAL, but the + * parser can't handle ASN1_DEF with SEQUENCEs. */ static const asn1Object_t pbkdf2ParamsObjects[] = { { 0, "PBKDF2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -430,7 +432,8 @@ static const asn1Object_t pbkdf2ParamsObjects[] = { { 1, "iterationCount",ASN1_INTEGER, ASN1_BODY }, /* 2 */ { 1, "keyLength", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 3 */ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "prf", ASN1_EOC, ASN1_DEF|ASN1_RAW }, /* 5 */ + { 1, "prf", ASN1_SEQUENCE, ASN1_OPT|ASN1_RAW }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PBKDF2_SALT 1 @@ -446,13 +449,15 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) asn1_parser_t *parser; chunk_t object; int objectID; - bool success; + bool success = FALSE; parser = asn1_parser_create(pbkdf2ParamsObjects, blob); parser->set_top_level(parser, level0); /* keylen is optional */ this->keylen = 0; + /* defaults to id-hmacWithSHA1 */ + this->data.pbes2.prf_alg = PRF_HMAC_SHA1; while (parser->iterate(parser, &objectID, &object)) { @@ -474,13 +479,22 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) break; } case PBKDF2_PRF: - { /* defaults to id-hmacWithSHA1, no other is currently defined */ - this->data.pbes2.prf_alg = PRF_HMAC_SHA1; + { + int oid; + + oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, NULL); + this->data.pbes2.prf_alg = pseudo_random_function_from_oid(oid); + if (this->data.pbes2.prf_alg == PRF_UNDEFINED) + { /* unsupported PRF algorithm */ + goto end; + } break; } } } success = parser->success(parser); +end: parser->destroy(parser); return success; } diff --git a/src/libstrongswan/crypto/pkcs5.h b/src/libstrongswan/crypto/pkcs5.h index b16d3736e..fd781fb00 100644 --- a/src/libstrongswan/crypto/pkcs5.h +++ b/src/libstrongswan/crypto/pkcs5.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index a26010aae..7d2b5217c 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index 2c4b8852d..41fdfbb86 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c index 3f8eb7e5c..8db21df36 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.c +++ b/src/libstrongswan/crypto/prfs/mac_prf.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/mac_prf.h b/src/libstrongswan/crypto/prfs/mac_prf.h index 4ff925b04..0c1dda6f5 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.h +++ b/src/libstrongswan/crypto/prfs/mac_prf.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c index 12e13ef57..eee09535d 100644 --- a/src/libstrongswan/crypto/prfs/prf.c +++ b/src/libstrongswan/crypto/prfs/prf.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -16,6 +17,8 @@ #include "prf.h" +#include + ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_CAMELLIA128_XCBC, "PRF_UNDEFINED", "PRF_FIPS_SHA1_160", @@ -33,3 +36,25 @@ ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_CAMEL "PRF_AES128_CMAC"); ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC); +/* + * Described in header. + */ +pseudo_random_function_t pseudo_random_function_from_oid(int oid) +{ + switch (oid) + { + case OID_HMAC_SHA1: + return PRF_HMAC_SHA1; + case OID_HMAC_SHA256: + return PRF_HMAC_SHA2_256; + case OID_HMAC_SHA384: + return PRF_HMAC_SHA2_384; + case OID_HMAC_SHA512: + return PRF_HMAC_SHA2_512; + case OID_HMAC_SHA224: + case OID_HMAC_SHA512_224: + case OID_HMAC_SHA512_256: + default: + return PRF_UNDEFINED; + } +} diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index fe9ffc2dd..a91de1ddc 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -1,7 +1,8 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -125,4 +126,12 @@ struct prf_t { void (*destroy)(prf_t *this); }; +/** + * Conversion of ASN.1 OID to PRF algorithm. + * + * @param oid ASN.1 OID + * @return encryption algorithm, PRF_UNDEFINED if OID unsupported + */ +pseudo_random_function_t pseudo_random_function_from_oid(int oid); + #endif /** PRF_H_ @}*/ diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index bb0a02b59..d671879c0 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -57,6 +57,11 @@ struct private_proposal_t { */ array_t *transforms; + /** + * Types of transforms contained, as transform_type_t + */ + array_t *types; + /** * senders SPI */ @@ -68,6 +73,101 @@ struct private_proposal_t { u_int number; }; +/** + * This is a hack to not change the previous order when printing proposals + */ +static transform_type_t type_for_sort(const void *type) +{ + const transform_type_t *t = type; + + switch (*t) + { + case PSEUDO_RANDOM_FUNCTION: + return INTEGRITY_ALGORITHM; + case INTEGRITY_ALGORITHM: + return PSEUDO_RANDOM_FUNCTION; + default: + return *t; + } +} + +/** + * Sort transform types + */ +static int type_sort(const void *a, const void *b, void *user) +{ + transform_type_t ta = type_for_sort(a), tb = type_for_sort(b); + return ta - tb; +} + +/** + * Find a transform type + */ +static int type_find(const void *a, const void *b) +{ + return type_sort(a, b, NULL); +} + +/** + * Check if the given transform type is already in the set + */ +static bool contains_type(array_t *types, transform_type_t type) +{ + return array_bsearch(types, &type, type_find, NULL) != -1; +} + +/** + * Add the given transform type to the set + */ +static void add_type(array_t *types, transform_type_t type) +{ + if (!contains_type(types, type)) + { + array_insert(types, ARRAY_TAIL, &type); + array_sort(types, type_sort, NULL); + } +} + +/** + * Merge two sets of transform types into a new array + */ +static array_t *merge_types(private_proposal_t *this, private_proposal_t *other) +{ + array_t *types; + transform_type_t type; + int i, count; + + count = max(array_count(this->types), array_count(other->types)); + types = array_create(sizeof(transform_type_t), count); + + for (i = 0; i < count; i++) + { + if (array_get(this->types, i, &type)) + { + add_type(types, type); + } + if (array_get(other->types, i, &type)) + { + add_type(types, type); + } + } + return types; +} + +/** + * Remove the given transform type from the set + */ +static void remove_type(private_proposal_t *this, transform_type_t type) +{ + int i; + + i = array_bsearch(this->types, &type, type_find, NULL); + if (i >= 0) + { + array_remove(this->types, i, NULL); + } +} + /** * Struct used to store different kinds of algorithms. */ @@ -91,6 +191,7 @@ METHOD(proposal_t, add_algorithm, void, }; array_insert(this->transforms, ARRAY_TAIL, &entry); + add_type(this->types, type); } CALLBACK(alg_filter, bool, @@ -206,17 +307,31 @@ METHOD(proposal_t, strip_dh, void, { enumerator_t *enumerator; entry_t *entry; + bool found = FALSE; enumerator = array_create_enumerator(this->transforms); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->type == DIFFIE_HELLMAN_GROUP && - entry->alg != keep) + if (entry->type == DIFFIE_HELLMAN_GROUP) { - array_remove_at(this->transforms, enumerator); + if (entry->alg != keep) + { + array_remove_at(this->transforms, enumerator); + } + else + { + found = TRUE; + } } } enumerator->destroy(enumerator); + array_compress(this->transforms); + + if (keep == MODP_NONE || !found) + { + remove_type(this, DIFFIE_HELLMAN_GROUP); + array_compress(this->types); + } } /** @@ -310,6 +425,9 @@ METHOD(proposal_t, select_proposal, proposal_t*, bool private) { proposal_t *selected; + transform_type_t type; + array_t *types; + int i; DBG2(DBG_CFG, "selecting proposal:"); @@ -328,18 +446,20 @@ METHOD(proposal_t, select_proposal, proposal_t*, { selected = proposal_create(this->protocol, this->number); selected->set_spi(selected, this->spi); - } - if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || - !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || - !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) || - !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) || - !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private)) + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) { - selected->destroy(selected); - return NULL; + array_get(types, i, &type); + if (!select_algo(this, other, selected, type, private)) + { + selected->destroy(selected); + array_destroy(types); + return NULL; + } } + array_destroy(types); DBG2(DBG_CFG, " proposal matches"); return selected; @@ -409,16 +529,27 @@ METHOD(proposal_t, get_number, u_int, METHOD(proposal_t, equals, bool, private_proposal_t *this, proposal_t *other) { + transform_type_t type; + array_t *types; + int i; + if (&this->public == other) { return TRUE; } - return ( - algo_list_equals(this, other, ENCRYPTION_ALGORITHM) && - algo_list_equals(this, other, INTEGRITY_ALGORITHM) && - algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) && - algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) && - algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS)); + + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) + { + array_get(types, i, &type); + if (!algo_list_equals(this, other, type)) + { + array_destroy(types); + return FALSE; + } + } + array_destroy(types); + return TRUE; } METHOD(proposal_t, clone_, proposal_t*, @@ -427,6 +558,7 @@ METHOD(proposal_t, clone_, proposal_t*, private_proposal_t *clone; enumerator_t *enumerator; entry_t *entry; + transform_type_t *type; clone = (private_proposal_t*)proposal_create(this->protocol, 0); @@ -436,6 +568,12 @@ METHOD(proposal_t, clone_, proposal_t*, array_insert(clone->transforms, ARRAY_TAIL, entry); } enumerator->destroy(enumerator); + enumerator = array_create_enumerator(this->types); + while (enumerator->enumerate(enumerator, &type)) + { + array_insert(clone->types, ARRAY_TAIL, type); + } + enumerator->destroy(enumerator); clone->spi = this->spi; clone->number = this->number; @@ -479,6 +617,7 @@ static void remove_transform(private_proposal_t *this, transform_type_t type) } } e->destroy(e); + remove_type(this, type); } /** @@ -571,6 +710,14 @@ static bool check_proposal(private_proposal_t *this) * we MUST NOT propose any integrity algorithms */ remove_transform(this, INTEGRITY_ALGORITHM); } + else if (this->protocol == PROTO_IKE && + !get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) + { + DBG1(DBG_CFG, "an integrity algorithm is mandatory in %N proposals " + "with classic (non-AEAD) encryption algorithms", + protocol_id_names, this->protocol); + return FALSE; + } } else { /* AES-GMAC is parsed as encryption algorithm, so we map that to the @@ -605,6 +752,7 @@ static bool check_proposal(private_proposal_t *this) } } e->destroy(e); + remove_type(this, ENCRYPTION_ALGORITHM); if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) { @@ -623,6 +771,7 @@ static bool check_proposal(private_proposal_t *this) } array_compress(this->transforms); + array_compress(this->types); return TRUE; } @@ -646,30 +795,44 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) } /** - * print all algorithms of a kind to buffer + * Print all algorithms of the given type */ static int print_alg(private_proposal_t *this, printf_hook_data_t *data, - u_int kind, void *names, bool *first) + transform_type_t type, bool *first) { enumerator_t *enumerator; size_t written = 0; - uint16_t alg, size; + entry_t *entry; + enum_name_t *names; + + names = transform_get_enum_names(type); - enumerator = create_enumerator(this, kind); - while (enumerator->enumerate(enumerator, &alg, &size)) + enumerator = array_create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, &entry)) { + char *prefix = "/"; + + if (type != entry->type) + { + continue; + } if (*first) { - written += print_in_hook(data, "%N", names, alg); + prefix = ""; *first = FALSE; } + if (names) + { + written += print_in_hook(data, "%s%N", prefix, names, entry->alg); + } else { - written += print_in_hook(data, "/%N", names, alg); + written += print_in_hook(data, "%sUNKNOWN_%u_%u", prefix, + entry->type, entry->alg); } - if (size) + if (entry->key_size) { - written += print_in_hook(data, "_%u", size); + written += print_in_hook(data, "_%u", entry->key_size); } } enumerator->destroy(enumerator); @@ -685,6 +848,7 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, private_proposal_t *this = *((private_proposal_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); enumerator_t *enumerator; + transform_type_t *type; size_t written = 0; bool first = TRUE; @@ -713,16 +877,12 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, } written = print_in_hook(data, "%N:", protocol_id_names, this->protocol); - written += print_alg(this, data, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, &first); - written += print_alg(this, data, INTEGRITY_ALGORITHM, - integrity_algorithm_names, &first); - written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION, - pseudo_random_function_names, &first); - written += print_alg(this, data, DIFFIE_HELLMAN_GROUP, - diffie_hellman_group_names, &first); - written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS, - extended_sequence_numbers_names, &first); + enumerator = array_create_enumerator(this->types); + while (enumerator->enumerate(enumerator, &type)) + { + written += print_alg(this, data, *type, &first); + } + enumerator->destroy(enumerator); return written; } @@ -730,6 +890,7 @@ METHOD(proposal_t, destroy, void, private_proposal_t *this) { array_destroy(this->transforms); + array_destroy(this->types); free(this); } @@ -760,6 +921,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number) .protocol = protocol, .number = number, .transforms = array_create(sizeof(entry_t), 0), + .types = array_create(sizeof(transform_type_t), 0), ); return &this->public; @@ -794,7 +956,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); break; case ENCR_CHACHA20_POLY1305: - add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256); + add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0); break; default: break; diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index cd4e5763c..e83e18829 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index b062221e5..585377a6b 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index 420a66d7c..cad94aa82 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea /* * Copyright (C) 2009-2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -59,12 +59,12 @@ struct proposal_token { uint16_t keysize; }; -#define TOTAL_KEYWORDS 143 +#define TOTAL_KEYWORDS 144 #define MIN_WORD_LENGTH 3 -#define MAX_WORD_LENGTH 17 +#define MAX_WORD_LENGTH 22 #define MIN_HASH_VALUE 7 -#define MAX_HASH_VALUE 259 -/* maximum key range = 253, duplicates = 0 */ +#define MAX_HASH_VALUE 250 +/* maximum key range = 244, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -78,34 +78,34 @@ hash (str, len) register const char *str; register unsigned int len; { - static const unsigned short asso_values[] = + static const unsigned char asso_values[] = { - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 73, 2, - 16, 40, 30, 26, 8, 15, 3, 1, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 106, 260, 2, 2, 16, - 46, 75, 1, 78, 2, 4, 260, 260, 1, 18, - 7, 2, 164, 5, 94, 116, 23, 41, 260, 260, - 1, 2, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260 + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 73, 2, + 16, 47, 30, 26, 8, 6, 3, 1, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 98, 251, 2, 2, 16, + 46, 75, 1, 78, 6, 4, 251, 251, 1, 4, + 7, 2, 124, 1, 94, 116, 23, 64, 251, 251, + 1, 2, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251 }; register int hval = len; @@ -154,15 +154,16 @@ static const struct proposal_token wordlist[] = {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, @@ -175,11 +176,9 @@ static const struct proposal_token wordlist[] = {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, @@ -201,24 +200,25 @@ static const struct proposal_token wordlist[] = {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, @@ -236,6 +236,7 @@ static const struct proposal_token wordlist[] = {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, @@ -247,46 +248,46 @@ static const struct proposal_token wordlist[] = {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"curve25519", DIFFIE_HELLMAN_GROUP, CURVE_25519, 0}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0}, + {"chacha20poly1305compat", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, - {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, - {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0} + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = @@ -294,29 +295,29 @@ static const short lookup[] = -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 1, 2, -1, -1, -1, -1, -1, -1, -1, 3, 4, -1, -1, -1, -1, -1, 5, 6, 7, - 8, -1, -1, 9, -1, -1, 10, 11, 12, -1, - 13, 14, 15, 16, 17, 18, -1, -1, -1, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, - 40, 41, 42, 43, 44, 45, -1, 46, 47, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, -1, 64, 65, -1, 66, - 67, 68, 69, 70, 71, -1, 72, 73, -1, 74, + 8, -1, -1, 9, 10, -1, 11, 12, 13, -1, + 14, 15, 16, -1, 17, 18, -1, 19, -1, 20, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, -1, 32, 33, 34, -1, 35, 36, 37, 38, + 39, 40, 41, 42, 43, 44, -1, 45, 46, 47, + 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, + 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, 69, 70, 71, 72, 73, 74, -1, -1, -1, -1, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, -1, -1, -1, 86, 87, 88, -1, - 89, 90, 91, -1, 92, 93, 94, 95, 96, 97, - 98, 99, -1, 100, 101, -1, 102, 103, 104, -1, - 105, 106, -1, -1, 107, 108, 109, -1, 110, 111, - -1, 112, 113, 114, -1, 115, -1, 116, -1, -1, - 117, -1, 118, -1, -1, 119, 120, -1, -1, 121, - 122, 123, 124, 125, 126, 127, 128, 129, -1, 130, - -1, 131, -1, 132, 133, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 134, -1, -1, 135, 136, - 137, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 138, 139, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 140, + 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, + 99, 100, -1, 101, 102, -1, 103, -1, 104, -1, + 105, 106, -1, 107, 108, 109, 110, 111, 112, -1, + -1, 113, 114, 115, -1, 116, -1, 117, 118, 119, + 120, -1, 121, 122, -1, 123, 124, -1, -1, 125, + -1, 126, 127, 128, 129, 130, 131, 132, -1, -1, + 133, -1, -1, -1, 134, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, 136, -1, -1, 137, + -1, -1, 138, -1, -1, -1, 139, -1, -1, 140, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 141, -1, -1, 142, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 141, -1, -1, -1, -1, 142 + 143 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h index e28f46513..1345f36bb 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in index ee9f7b9da..be77410ab 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index c44ed96a0..b214a9edf 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2009-2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -78,7 +78,8 @@ aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128 aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192 aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256 -chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256 +chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0 +chacha20poly1305compat, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256 blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192 diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c index 1f39dedb8..d2e34d9f3 100644 --- a/src/libstrongswan/crypto/rngs/rng.c +++ b/src/libstrongswan/crypto/rngs/rng.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index 0ca2cb114..11473030e 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c index 4426782b4..d2b484424 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.c +++ b/src/libstrongswan/crypto/signers/mac_signer.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/mac_signer.h b/src/libstrongswan/crypto/signers/mac_signer.h index a50c8cadf..7fcdac909 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.h +++ b/src/libstrongswan/crypto/signers/mac_signer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c index 522b4e29d..2ba38ad7f 100644 --- a/src/libstrongswan/crypto/signers/signer.c +++ b/src/libstrongswan/crypto/signers/signer.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 8958e66e9..f0d6667ff 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index 808cb996e..77a57f527 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,21 +17,20 @@ #include #include -ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION, - "UNDEFINED_TRANSFORM_TYPE", - "HASH_ALGORITHM", - "RANDOM_NUMBER_GENERATOR", - "AEAD_ALGORITHM", - "COMPRESSION_ALGORITHM", - "EXTENDED OUTPUT FUNCTION"); -ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, - EXTENDED_OUTPUT_FUNCTION, +ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, "ENCRYPTION_ALGORITHM", "PSEUDO_RANDOM_FUNCTION", "INTEGRITY_ALGORITHM", "DIFFIE_HELLMAN_GROUP", "EXTENDED_SEQUENCE_NUMBERS"); -ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); +ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION, + EXTENDED_SEQUENCE_NUMBERS, + "HASH_ALGORITHM", + "RANDOM_NUMBER_GENERATOR", + "AEAD_ALGORITHM", + "COMPRESSION_ALGORITHM", + "EXTENDED OUTPUT FUNCTION"); +ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION); ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, @@ -64,7 +63,6 @@ enum_name_t* transform_get_enum_names(transform_type_t type) return extended_sequence_numbers_names; case EXTENDED_OUTPUT_FUNCTION: return ext_out_function_names; - case UNDEFINED_TRANSFORM_TYPE: case COMPRESSION_ALGORITHM: break; } diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index e043e605c..63881b373 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -29,17 +29,16 @@ typedef enum transform_type_t transform_type_t; * Type of a transform, as in IKEv2 RFC 3.3.2. */ enum transform_type_t { - UNDEFINED_TRANSFORM_TYPE = 241, - HASH_ALGORITHM = 242, - RANDOM_NUMBER_GENERATOR = 243, - AEAD_ALGORITHM = 244, - COMPRESSION_ALGORITHM = 245, - EXTENDED_OUTPUT_FUNCTION = 246, ENCRYPTION_ALGORITHM = 1, PSEUDO_RANDOM_FUNCTION = 2, INTEGRITY_ALGORITHM = 3, DIFFIE_HELLMAN_GROUP = 4, - EXTENDED_SEQUENCE_NUMBERS = 5 + EXTENDED_SEQUENCE_NUMBERS = 5, + HASH_ALGORITHM = 256, + RANDOM_NUMBER_GENERATOR = 257, + AEAD_ALGORITHM = 258, + COMPRESSION_ALGORITHM = 259, + EXTENDED_OUTPUT_FUNCTION = 260, }; /** diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h index ad5ccf95e..dc6ed1315 100644 --- a/src/libstrongswan/database/database.h +++ b/src/libstrongswan/database/database.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/database/database_factory.c b/src/libstrongswan/database/database_factory.c index 6c714ba51..e34aa9f6b 100644 --- a/src/libstrongswan/database/database_factory.c +++ b/src/libstrongswan/database/database_factory.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/database/database_factory.h b/src/libstrongswan/database/database_factory.h index 3213e1a08..18561fd2a 100644 --- a/src/libstrongswan/database/database_factory.h +++ b/src/libstrongswan/database/database_factory.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index 2b7295e3d..68f304006 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index 2d4a238cd..b3c441900 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h index 6043dac2e..953bf11b9 100644 --- a/src/libstrongswan/fetcher/fetcher.h +++ b/src/libstrongswan/fetcher/fetcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2011 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index f36cfcf82..356270f28 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index 449f284f7..725fc613b 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index c992eb5ad..16dbf8d41 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -37,6 +37,12 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH, "IPCOMP_LZJH" ); +ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO, + "no", + "yes", + "auto", +); + /* * See header */ diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index 1db78ba6f..4e6e2d9dc 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,6 +26,7 @@ typedef enum policy_dir_t policy_dir_t; typedef enum policy_type_t policy_type_t; typedef enum policy_priority_t policy_priority_t; typedef enum ipcomp_transform_t ipcomp_transform_t; +typedef enum hw_offload_t hw_offload_t; typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t; typedef struct lifetime_cfg_t lifetime_cfg_t; typedef struct mark_t mark_t; @@ -116,6 +117,20 @@ enum ipcomp_transform_t { */ extern enum_name_t *ipcomp_transform_names; +/** + * HW offload mode options + */ +enum hw_offload_t { + HW_OFFLOAD_NO = 0, + HW_OFFLOAD_YES = 1, + HW_OFFLOAD_AUTO = 2, +}; + +/** + * enum names for hw_offload_t. + */ +extern enum_name_t *hw_offload_names; + /** * This struct contains details about IPsec SA(s) tied to a policy. */ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index dbdf5cfe9..86b275dad 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 08316fd13..53f371c51 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2010-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c index 953720498..110ece894 100644 --- a/src/libstrongswan/networking/host.c +++ b/src/libstrongswan/networking/host.c @@ -3,7 +3,7 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h index a777f9f97..29283af8e 100644 --- a/src/libstrongswan/networking/host.h +++ b/src/libstrongswan/networking/host.h @@ -3,7 +3,7 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c index bad87e434..580931e1f 100644 --- a/src/libstrongswan/networking/host_resolver.c +++ b/src/libstrongswan/networking/host_resolver.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/host_resolver.h b/src/libstrongswan/networking/host_resolver.h index f944a9cdf..d28f3bb27 100644 --- a/src/libstrongswan/networking/host_resolver.h +++ b/src/libstrongswan/networking/host_resolver.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/packet.c b/src/libstrongswan/networking/packet.c index f76a85a4b..00993f92b 100644 --- a/src/libstrongswan/networking/packet.c +++ b/src/libstrongswan/networking/packet.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h index 8699d4abe..806337ba0 100644 --- a/src/libstrongswan/networking/packet.h +++ b/src/libstrongswan/networking/packet.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c index 1ed27c499..a9b71d6fd 100644 --- a/src/libstrongswan/networking/streams/stream_service_unix.c +++ b/src/libstrongswan/networking/streams/stream_service_unix.c @@ -39,8 +39,9 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog) } if (!lib->caps->check(lib->caps, CAP_CHOWN)) { /* required to chown(2) service socket */ - DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); - return NULL; + DBG1(DBG_NET, "cannot change ownership of socket '%s' without " + "CAP_CHOWN capability. socket directory should be accessible to " + "UID/GID under which the daemon will run", uri); } fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) @@ -58,7 +59,9 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog) return NULL; } umask(old); - if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + /* only attempt to chown() socket if we have CAP_CHOWN */ + if (lib->caps->check(lib->caps, CAP_CHOWN) && + chown(addr.sun_path, lib->caps->get_uid(lib->caps), lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index 86951f1e7..3ebeb10ef 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2012 Martin Willi * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h index 4f9eacb07..798e3275d 100644 --- a/src/libstrongswan/networking/tun_device.h +++ b/src/libstrongswan/networking/tun_device.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index 8829ba162..243a14296 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -2,7 +2,7 @@ * Copyright (C) 2001 Dr B. R. Gladman * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h index 473772f04..d3e51ba75 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.h +++ b/src/libstrongswan/plugins/aes/aes_crypter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 1e84a7c86..bfb356e58 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h index f0f0e8154..0fc42e4ec 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.h +++ b/src/libstrongswan/plugins/aes/aes_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/aesni/aesni_cmac.c b/src/libstrongswan/plugins/aesni/aesni_cmac.c index 07580c822..a232ef0e0 100644 --- a/src/libstrongswan/plugins/aesni/aesni_cmac.c +++ b/src/libstrongswan/plugins/aesni/aesni_cmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2015 Martin Willi * Copyright (C) 2015 revosec AG * diff --git a/src/libstrongswan/plugins/aesni/aesni_xcbc.c b/src/libstrongswan/plugins/aesni/aesni_xcbc.c index 974c5fedc..55276f62c 100644 --- a/src/libstrongswan/plugins/aesni/aesni_xcbc.c +++ b/src/libstrongswan/plugins/aesni/aesni_xcbc.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2015 Martin Willi * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2015 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index dc6adc457..c381dfeb3 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h index d352c305c..79d99b206 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.h +++ b/src/libstrongswan/plugins/agent/agent_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index cf2c5ea85..77c29916c 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h index 0623f2bb9..32c129ec4 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.h +++ b/src/libstrongswan/plugins/agent/agent_private_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 964edcd93..a5b11d4ab 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -782,7 +782,7 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa) for (i = 0; i < n; i++) { wrap(t, n, i, t_wrapped); - qsort(t_wrapped, n, sizeof(int16_t), (__compar_fn_t)compare); + qsort(t_wrapped, n, sizeof(int16_t), (void*)compare); max_kappa[i] = 0; for (j = 1; j <= kappa; j++) @@ -790,7 +790,7 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa) max_kappa[i] += t_wrapped[n - j]; } } - qsort(max_kappa, n, sizeof(int16_t), (__compar_fn_t)compare); + qsort(max_kappa, n, sizeof(int16_t), (void*)compare); for (i = 1; i <= kappa; i++) { diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c index f9591c1a4..7c32e3fbb 100644 --- a/src/libstrongswan/plugins/blowfish/bf_enc.c +++ b/src/libstrongswan/plugins/blowfish/bf_enc.c @@ -50,7 +50,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h index e5f49280b..ad8deed80 100644 --- a/src/libstrongswan/plugins/blowfish/bf_locl.h +++ b/src/libstrongswan/plugins/blowfish/bf_locl.h @@ -50,7 +50,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h index 86c2ef366..650783192 100644 --- a/src/libstrongswan/plugins/blowfish/bf_pi.h +++ b/src/libstrongswan/plugins/blowfish/bf_pi.h @@ -50,7 +50,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c index 52a051890..f44b72383 100644 --- a/src/libstrongswan/plugins/blowfish/bf_skey.c +++ b/src/libstrongswan/plugins/blowfish/bf_skey.c @@ -50,7 +50,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h index 3c8f77a0f..771afcf15 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish.h +++ b/src/libstrongswan/plugins/blowfish/blowfish.h @@ -50,7 +50,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 6d8d1d709..6ef60c883 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -49,7 +49,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h index 70dcae66e..4d30c92e4 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 7494c52c3..b7748df90 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Andreas Steffen * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h index 6a87f42ee..9d1c88f08 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c index 22f077f58..28a3228dd 100644 --- a/src/libstrongswan/plugins/cmac/cmac.c +++ b/src/libstrongswan/plugins/cmac/cmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h index dc85e3bc3..fb3871588 100644 --- a/src/libstrongswan/plugins/cmac/cmac.h +++ b/src/libstrongswan/plugins/cmac/cmac.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c index 694e598a5..d5efdabf5 100644 --- a/src/libstrongswan/plugins/cmac/cmac_plugin.c +++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h index a31e1077d..89c450259 100644 --- a/src/libstrongswan/plugins/cmac/cmac_plugin.h +++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index b52b35ba0..51ed89595 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2007 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h index 6b9cad657..b6467c979 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.h +++ b/src/libstrongswan/plugins/curl/curl_fetcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 42ae9cdd2..94da81c6a 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h index ae17285c2..31ecdd672 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.h +++ b/src/libstrongswan/plugins/curl/curl_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index cb5064d90..159c3872a 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Derived from Plutos DES library by Eric Young. * @@ -52,7 +52,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * The licence and distribution terms for any publically available version or + * The licence and distribution terms for any publicly available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h index 07215d0c5..4493fddcb 100644 --- a/src/libstrongswan/plugins/des/des_crypter.h +++ b/src/libstrongswan/plugins/des/des_crypter.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index be2587679..1b6a633af 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h index cfff420c0..d98052c05 100644 --- a/src/libstrongswan/plugins/des/des_plugin.h +++ b/src/libstrongswan/plugins/des/des_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c index fd2471a48..ecad31d05 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.h b/src/libstrongswan/plugins/dnskey/dnskey_builder.h index 16eff3269..f6a6a642a 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_builder.h +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 9a4f6252f..a879b1117 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h index 8b49bd6cb..fabd452f5 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/files/files_fetcher.c b/src/libstrongswan/plugins/files/files_fetcher.c index e0b7cbdb6..90a60a1e6 100644 --- a/src/libstrongswan/plugins/files/files_fetcher.c +++ b/src/libstrongswan/plugins/files/files_fetcher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/files/files_fetcher.h b/src/libstrongswan/plugins/files/files_fetcher.h index 7fc4ec98e..d0ee51b96 100644 --- a/src/libstrongswan/plugins/files/files_fetcher.h +++ b/src/libstrongswan/plugins/files/files_fetcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/files/files_plugin.c b/src/libstrongswan/plugins/files/files_plugin.c index 6ab735dab..df22af69c 100644 --- a/src/libstrongswan/plugins/files/files_plugin.c +++ b/src/libstrongswan/plugins/files/files_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/files/files_plugin.h b/src/libstrongswan/plugins/files/files_plugin.h index c121b9652..6e51690f9 100644 --- a/src/libstrongswan/plugins/files/files_plugin.h +++ b/src/libstrongswan/plugins/files/files_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 47676b32f..a51cfe105 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h index 514e3c5d9..3c66f7576 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 68b6bacb2..b3526a636 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h index 3bd26ad45..7b5c40946 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index 80a8dc90d..4bee5b704 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h index e565e28c7..4bc34ea5e 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 5519125ba..f59144a86 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h index c6259f7ac..822ffe205 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 199c1d6c9..564828e53 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h index a7542bcdd..f37ab42c1 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 8a3de1e01..45fba242b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h index 05e5e7014..6cf87bf59 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index bf11758b1..9a8424915 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h index a0cc12369..57fb0b9ad 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h index 0f3d66b80..3a8b7eec4 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h index ca0a284a2..d92c64f44 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index b01adfe01..f07dd36cc 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -4,7 +4,7 @@ * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index a8cde7bca..dfc8560e2 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index 700e29bf6..b0ae2d81d 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h index e4a87c8e2..6ffa485bb 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.h +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index 32e1f292c..1e7d15218 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2005-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index 14dd71e0b..fb6288754 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index c777b47cd..63c294b32 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h index bf66dd4aa..d0993653a 100644 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ b/src/libstrongswan/plugins/hmac/hmac.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 43d5a0364..68eb7d91a 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h index 03d1d1cf9..c73687d7b 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.h +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index 635d5fc0e..23c1dbe2b 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2007 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.h b/src/libstrongswan/plugins/ldap/ldap_fetcher.h index 30a141bae..d12c5a4fd 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.h +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 210d33a93..dd0ccad6b 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h index e4fcebaa3..06da5a842 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.h +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index ada6c05da..c008d0188 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990. * All rights reserved. * diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h index aeb68f718..7960a1337 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.h +++ b/src/libstrongswan/plugins/md4/md4_hasher.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index baa44b7f5..7847415bd 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h index 9fde665e6..8718ea65e 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.h +++ b/src/libstrongswan/plugins/md4/md4_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index d14c10ae5..ed78a9859 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. * All rights reserved. * diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h index 7f29a9621..7bf21c2d4 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.h +++ b/src/libstrongswan/plugins/md5/md5_hasher.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index 4a61af618..c6219e1b7 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h index c4ca619dc..0a4ec916d 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.h +++ b/src/libstrongswan/plugins/md5/md5_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 211eba704..d7e35d9fd 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h index bbf6a33e9..d948a1c09 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.h +++ b/src/libstrongswan/plugins/mysql/mysql_database.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 23d709739..cb4425cf8 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h index d1f21870c..49f5c1e7d 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.h +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c index 22c161df6..5f4162ed9 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.h b/src/libstrongswan/plugins/nonce/nonce_nonceg.h index 2ae0c97de..a4953c54e 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.h +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.c b/src/libstrongswan/plugins/nonce/nonce_plugin.c index 90f2e8fac..724162193 100644 --- a/src/libstrongswan/plugins/nonce/nonce_plugin.c +++ b/src/libstrongswan/plugins/nonce/nonce_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.h b/src/libstrongswan/plugins/nonce/nonce_plugin.h index f4be1c3a8..d349145be 100644 --- a/src/libstrongswan/plugins/nonce/nonce_plugin.h +++ b/src/libstrongswan/plugins/nonce/nonce_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c index 844c8baf3..642a35ca5 100644 --- a/src/libstrongswan/plugins/ntru/ntru_private_key.c +++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c @@ -276,7 +276,7 @@ METHOD(ntru_private_key_t, decrypt, bool, } if (!msg_rep_good) { - DBG1(DBG_LIB, "decryption failed due to unsufficient minimum weight"); + DBG1(DBG_LIB, "decryption failed due to insufficient minimum weight"); success = FALSE; } diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 88f7a67c2..bb5f20dcf 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -358,7 +358,7 @@ METHOD(certificate_t, get_validity, bool, { *not_after = this->nextUpdate; } - return t <= this->nextUpdate; + return (t >= this->thisUpdate && t <= this->nextUpdate); } METHOD(certificate_t, get_encoding, bool, diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index b9085f9aa..74beb762e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h index b12e7a6ab..2c5ef0b28 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.h +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index 8e9c1183f..a567f5f4f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2010 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h index 5de5520b5..43d1f3fa8 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 11185e0c7..19de540b6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h index fd60732b9..2f58c976d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index faa940839..ba41c508f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h index 8094083a7..00c82aced 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 5ef885b16..4b096f049 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.h b/src/libstrongswan/plugins/openssl/openssl_gcm.h index 4ae268bd6..a64c90129 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.h +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c index 16e707116..e3f44defa 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hmac.c +++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.h b/src/libstrongswan/plugins/openssl/openssl_hmac.h index 95ab6bfc3..f77e9acfb 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hmac.h +++ b/src/libstrongswan/plugins/openssl/openssl_hmac.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c index bbd400cac..c59c77b5b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h index 5c3e5933d..3d6b5cb68 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h index 0762c37b9..a9c220a03 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.h +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h index 021257d3c..5654bcb58 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index 3a6d2f193..8371bc17f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h index 384e328e2..49db884ad 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index 6580e1c7d..b7f969f73 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 7c5c367f7..80e557fa8 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 60c08770b..fae2d678f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -668,6 +668,9 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this, { ASN1_BIT_STRING *usage; + /* to be compliant with RFC 4945 specific KUs have to be included */ + this->flags &= ~X509_IKE_COMPLIANT; + usage = X509V3_EXT_d2i(ext); if (usage) { @@ -682,6 +685,11 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this, { this->flags |= X509_CRL_SIGN; } + if (flags & X509v3_KU_DIGITAL_SIGNATURE || + flags & X509v3_KU_NON_REPUDIATION) + { + this->flags |= X509_IKE_COMPLIANT; + } if (flags & X509v3_KU_KEY_CERT_SIGN) { /* we use the caBasicContraint, MUST be set */ @@ -988,6 +996,9 @@ static bool parse_extensions(private_openssl_x509_t *this) STACK_OF(X509_EXTENSION) *extensions; int i, num; + /* unless we see a keyUsage extension we are compliant with RFC 4945 */ + this->flags |= X509_IKE_COMPLIANT; + extensions = X509_get0_extensions(this->x509); if (extensions) { diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index b5060de0a..2969f21d9 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h index 1c804860c..dc3182481 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index 9ce210961..a92f32d3c 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h index d99d4db0f..6f3926021 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.h +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 6b337d82c..3153cf1bd 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h index 776be8937..a1e22113e 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.h +++ b/src/libstrongswan/plugins/padlock/padlock_rng.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 30040da39..764227a4e 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h index bb45d7b4f..6373c4cad 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index ec90fb084..e9d464fe5 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -2,7 +2,7 @@ * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2009 Martin Willi * Copyright (C) 2001-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h index b1bfc6d4d..bf64762b1 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.h +++ b/src/libstrongswan/plugins/pem/pem_builder.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pem/pem_encoder.h b/src/libstrongswan/plugins/pem/pem_encoder.h index d8f05dd73..e779acb75 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.h +++ b/src/libstrongswan/plugins/pem/pem_encoder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index 662b0fe8e..eb9e420ff 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h index 944a3fc85..c9ee761d0 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.h +++ b/src/libstrongswan/plugins/pem/pem_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index e8f5c5ddf..64e1a4c96 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Martin Willi * Copyright (C) 2002-2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.h b/src/libstrongswan/plugins/pgp/pgp_builder.h index 1168babd6..5fbf7c784 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.h +++ b/src/libstrongswan/plugins/pgp/pgp_builder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 392ef5440..47271e1af 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h index 4db795ddc..e0c6795ff 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.h +++ b/src/libstrongswan/plugins/pgp/pgp_cert.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c index eba936b83..3b5b19d12 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.c +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.h b/src/libstrongswan/plugins/pgp/pgp_encoder.h index b5bc2af44..79130bb60 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.h +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index a2cf403dc..2b5b7e098 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h index 8a0ab89d6..bbfba2d4a 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.h +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c index 283bf8c36..5dbc03ad0 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.c +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h index 180292a7a..36eed5866 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.h +++ b/src/libstrongswan/plugins/pgp/pgp_utils.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h index 9f251833e..68c49e431 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c index 905f14c88..8bcf6e866 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h index 2eec736f1..7bd6c69c1 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h index 588bde559..a28827cc4 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c index b0fa41b6a..3d3df57fd 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h index 1ad58e7a1..3f68c62ec 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 89ae1969e..b42632fdb 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -899,8 +899,8 @@ METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*, return enumerator_create_empty(); } enumerator->mechs = malloc(sizeof(CK_MECHANISM_TYPE) * enumerator->count); - enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs, - &enumerator->count); + rv = enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs, + &enumerator->count); if (rv != CKR_OK) { DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index b8b4ff746..4038b7e8f 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index bd2a2c114..d6bf4de42 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 6158f6d25..77cc9bd44 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h index 6d3a9556e..b3bf911c2 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index 36029fa30..ed450a6c7 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c index 753835187..847309b38 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h index 998631f7e..1e4b6224b 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c index 82fc0c0b9..a20c05e91 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h index e2998968f..5369b9e50 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c index 902d2971b..5c2c8b4c4 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h index 3bd7f2df3..c05c261eb 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -9,7 +9,7 @@ * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPSE. See the GNU General Public License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c index efcd2b30a..445dedcf7 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h index d5f6156a1..f82ef6016 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c index 2c414c391..0eb57619c 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h index b685557fc..ea67ebb2d 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c index 5cd0d8f93..82d113dec 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c @@ -4,7 +4,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2002-2008 Andreas Steffen * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c index 24d7cd848..9c3680190 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c @@ -4,7 +4,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2002-2008 Andreas Steffen * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h b/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h index 3d582c7c6..57c8cf0c1 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h @@ -9,7 +9,7 @@ * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPSE. See the GNU General Public License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c index 6cd5da4fd..22b7829a4 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h index b07f2d927..b78a532b3 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c index fcd8f119e..b1c48f7ff 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h index 03ca950a3..6ada49209 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -9,7 +9,7 @@ * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPSE. See the GNU General Public License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 7bfbdf1d4..0b67aa979 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 39d86c82a..844698bd2 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h index 8cc6277eb..d3c2df7f7 100644 --- a/src/libstrongswan/plugins/plugin_feature.h +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2011 Martin Willi * Copyright (C) 2011 revosec AG diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 7d0cc88ed..121248bbe 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 156bd8656..c5a16fef3 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 81dad65b7..a7bf87e5b 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h index 06e4e0fa3..039111f87 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index a898bbfcc..c79be9093 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h index db71bddc0..8f649c828 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index e159751be..9292de2cf 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index ff79bef0c..302bf3086 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 3760630ab..45dd0dfdc 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h index 4e6f3afb2..5fcf33d15 100644 --- a/src/libstrongswan/plugins/random/random_rng.h +++ b/src/libstrongswan/plugins/random/random_rng.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.c b/src/libstrongswan/plugins/rc2/rc2_crypter.c index d9681e834..de76580fc 100644 --- a/src/libstrongswan/plugins/rc2/rc2_crypter.c +++ b/src/libstrongswan/plugins/rc2/rc2_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.h b/src/libstrongswan/plugins/rc2/rc2_crypter.h index d478762a6..21f540dc4 100644 --- a/src/libstrongswan/plugins/rc2/rc2_crypter.h +++ b/src/libstrongswan/plugins/rc2/rc2_crypter.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/rc2/rc2_plugin.c b/src/libstrongswan/plugins/rc2/rc2_plugin.c index 6c6fa76d6..4365befd5 100644 --- a/src/libstrongswan/plugins/rc2/rc2_plugin.c +++ b/src/libstrongswan/plugins/rc2/rc2_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/rc2/rc2_plugin.h b/src/libstrongswan/plugins/rc2/rc2_plugin.h index cbbac51af..a387e0cc8 100644 --- a/src/libstrongswan/plugins/rc2/rc2_plugin.h +++ b/src/libstrongswan/plugins/rc2/rc2_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 1b68320df..f8e78ac0c 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -1,8 +1,9 @@ /* + * Copyright (C) 2015-2018 Tobias Brunner * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,6 +16,8 @@ * for more details. */ +#include + #include "revocation_validator.h" #include @@ -56,7 +59,7 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, certificate_t *issuer) { certificate_t *request, *response; - chunk_t send, receive; + chunk_t send, receive = chunk_empty; /* TODO: requestor name, signature */ request = lib->creds->create(lib->creds, @@ -84,6 +87,7 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, FETCH_END) != SUCCESS) { DBG1(DBG_CFG, "ocsp request to %s failed", url); + chunk_free(&receive); chunk_free(&send); return NULL; } @@ -351,13 +355,10 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, { valid = VALIDATION_FAILED; } - if (auth) - { - auth->add(auth, AUTH_RULE_OCSP_VALIDATION, valid); - if (valid == VALIDATION_GOOD) - { /* successful OCSP check fulfills also CRL constraint */ - auth->add(auth, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD); - } + auth->add(auth, AUTH_RULE_OCSP_VALIDATION, valid); + if (valid == VALIDATION_GOOD) + { /* successful OCSP check fulfills also CRL constraint */ + auth->add(auth, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD); } DESTROY_IF(best); return valid; @@ -369,12 +370,13 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, static certificate_t* fetch_crl(char *url) { certificate_t *crl; - chunk_t chunk; + chunk_t chunk = chunk_empty; DBG1(DBG_CFG, " fetching crl from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS) { DBG1(DBG_CFG, "crl fetching failed"); + chunk_free(&chunk); return NULL; } crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -417,11 +419,11 @@ static bool verify_crl(certificate_t *crl) /** * Report the given CRL's validity and cache it if valid and requested */ -static bool is_crl_valid(certificate_t *crl, bool cache) +static bool is_crl_valid(certificate_t *crl, time_t now, bool cache) { time_t valid_until; - if (crl->get_validity(crl, NULL, NULL, &valid_until)) + if (crl->get_validity(crl, &now, NULL, &valid_until)) { DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE); if (cache) @@ -434,6 +436,25 @@ static bool is_crl_valid(certificate_t *crl, bool cache) return FALSE; } +/** + * Check if the CRL should be used yet + */ +static bool is_crl_not_valid_yet(certificate_t *crl, time_t now) +{ + time_t this_update; + + if (!crl->get_validity(crl, &now, &this_update, NULL)) + { + if (this_update > now) + { + DBG1(DBG_CFG, " crl is not valid: until %T", &this_update, FALSE); + return TRUE; + } + /* we accept stale CRLs */ + } + return FALSE; +} + /** * Get the better of two CRLs, and check for usable CRL info */ @@ -442,7 +463,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, bool cache, crl_t *base) { enumerator_t *enumerator; - time_t revocation; + time_t now, revocation; crl_reason_t reason; chunk_t subject_serial, serial; crl_t *crl = (crl_t*)cand; @@ -472,6 +493,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, cand->destroy(cand); return best; } + now = time(NULL); + if (is_crl_not_valid_yet(cand, now)) + { + cand->destroy(cand); + return best; + } subject_serial = chunk_skip_zero(subject->get_serial(subject)); enumerator = crl->create_enumerator(crl); @@ -488,7 +515,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* if the cert is on hold, a newer CRL might not contain it */ *valid = VALIDATION_ON_HOLD; } - is_crl_valid(cand, cache); + is_crl_valid(cand, now, cache); DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", &revocation, TRUE, crl_reason_names, reason); enumerator->destroy(enumerator); @@ -503,7 +530,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, { DESTROY_IF(best); best = cand; - if (is_crl_valid(best, cache)) + if (is_crl_valid(best, now, cache)) { *valid = VALIDATION_GOOD; } @@ -578,6 +605,31 @@ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer, return valid; } +/** + * Check if the issuer of the given CRL matches + */ +static bool check_issuer(certificate_t *crl, x509_t *issuer, x509_cdp_t *cdp) +{ + certificate_t *cissuer = (certificate_t*)issuer; + identification_t *id; + chunk_t chunk; + bool matches = FALSE; + + if (cdp->issuer) + { + return crl->has_issuer(crl, cdp->issuer); + } + /* check SKI/AKI first, but fall back to DN matching */ + chunk = issuer->get_subjectKeyIdentifier(issuer); + if (chunk.len) + { + id = identification_create_from_encoding(ID_KEY_ID, chunk); + matches = crl->has_issuer(crl, id); + id->destroy(id); + } + return matches || crl->has_issuer(crl, cissuer->get_subject(cissuer)); +} + /** * Look for a delta CRL for a given base CRL */ @@ -585,7 +637,7 @@ static cert_validation_t check_delta_crl(x509_t *subject, x509_t *issuer, crl_t *base, cert_validation_t base_valid) { cert_validation_t valid = VALIDATION_SKIPPED; - certificate_t *best = NULL, *current; + certificate_t *best = NULL, *current, *cissuer = (certificate_t*)issuer; enumerator_t *enumerator; identification_t *id; x509_cdp_t *cdp; @@ -621,11 +673,12 @@ static cert_validation_t check_delta_crl(x509_t *subject, x509_t *issuer, current = fetch_crl(cdp->uri); if (current) { - if (cdp->issuer && !current->has_issuer(current, cdp->issuer)) + if (!check_issuer(current, issuer, cdp)) { DBG1(DBG_CFG, "issuer of fetched delta CRL '%Y' does not match " - "certificates CRL issuer '%Y'", - current->get_issuer(current), cdp->issuer); + "certificate's %sissuer '%Y'", + current->get_issuer(current), cdp->issuer ? "CRL " : "", + cdp->issuer ?: cissuer->get_subject(cissuer)); current->destroy(current); continue; } @@ -653,7 +706,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, auth_cfg_t *auth) { cert_validation_t valid = VALIDATION_SKIPPED; - certificate_t *best = NULL; + certificate_t *best = NULL, *cissuer = (certificate_t*)issuer; identification_t *id; x509_cdp_t *cdp; bool uri_found = FALSE; @@ -692,11 +745,12 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, current = fetch_crl(cdp->uri); if (current) { - if (cdp->issuer && !current->has_issuer(current, cdp->issuer)) + if (!check_issuer(current, issuer, cdp)) { DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match " - "certificates CRL issuer '%Y'", - current->get_issuer(current), cdp->issuer); + "certificate's %sissuer '%Y'", + current->get_issuer(current), cdp->issuer ? "CRL " : "", + cdp->issuer ?: cissuer->get_subject(cissuer)); current->destroy(current); continue; } @@ -722,18 +776,15 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, { valid = VALIDATION_FAILED; } - if (auth) + if (valid == VALIDATION_SKIPPED) + { /* if we skipped CRL validation, we use the result of OCSP for + * constraint checking */ + auth->add(auth, AUTH_RULE_CRL_VALIDATION, + auth->get(auth, AUTH_RULE_OCSP_VALIDATION)); + } + else { - if (valid == VALIDATION_SKIPPED) - { /* if we skipped CRL validation, we use the result of OCSP for - * constraint checking */ - auth->add(auth, AUTH_RULE_CRL_VALIDATION, - auth->get(auth, AUTH_RULE_OCSP_VALIDATION)); - } - else - { - auth->add(auth, AUTH_RULE_CRL_VALIDATION, valid); - } + auth->add(auth, AUTH_RULE_CRL_VALIDATION, valid); } DESTROY_IF(best); return valid; @@ -753,8 +804,7 @@ METHOD(cert_validator_t, validate, bool, if (this->enable_ocsp) { - switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, - pathlen ? NULL : auth)) + switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -776,11 +826,14 @@ METHOD(cert_validator_t, validate, bool, break; } } + else + { + auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED); + } if (this->enable_crl) { - switch (check_crl((x509_t*)subject, (x509_t*)issuer, - pathlen ? NULL : auth)) + switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -800,6 +853,11 @@ METHOD(cert_validator_t, validate, bool, break; } } + else + { + auth->add(auth, AUTH_RULE_CRL_VALIDATION, + auth->get(auth, AUTH_RULE_OCSP_VALIDATION)); + } lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED, subject); diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index fca65dfa2..4094175ab 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Ported from Steve Reid's implementation * "SHA1 in C" found in strongSwan. diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h index 7fa6f1bc0..7b409e2af 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.h +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index 66c80b292..dc3663495 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h index cd1ff615d..43dc19d59 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.h +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index 464f4c9ec..c404b8eac 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h index 1ab4cbc24..f3454a12b 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.h +++ b/src/libstrongswan/plugins/sha1/sha1_prf.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 2c56a2f1b..083b11de3 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2001 Jari Ruusu. * * Ported from strongSwans implementation written by Jari Ruusu. diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h index ed57ae0bd..0a69a971b 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.h +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index 94a7ccd61..86d48f0aa 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h index 48ee2d94c..d7b98a03c 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.h +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 9f874212e..8cd08563c 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.h b/src/libstrongswan/plugins/sqlite/sqlite_database.h index 75f89a7ed..504b74963 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.h +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index 7f46aced7..56fe3001c 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -61,7 +61,7 @@ METHOD(plugin_t, destroy, void, plugin_t *sqlite_plugin_create() { private_sqlite_plugin_t *this; - int threadsave = 0; + int threadsafe = 0; INIT(this, .public = { @@ -74,10 +74,10 @@ plugin_t *sqlite_plugin_create() ); #if SQLITE_VERSION_NUMBER >= 3005000 - threadsave = sqlite3_threadsafe(); + threadsafe = sqlite3_threadsafe(); #endif DBG2(DBG_LIB, "using SQLite %s, thread safety %d", - sqlite3_libversion(), threadsave); + sqlite3_libversion(), threadsafe); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h index dbc461cf4..2cc00aba6 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c index 4a9f5b849..eab6559b3 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.h b/src/libstrongswan/plugins/sshkey/sshkey_builder.h index 20979c283..8a2a5841a 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_builder.h +++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c index d423671bd..9f5f8bd1f 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.h b/src/libstrongswan/plugins/sshkey/sshkey_encoder.h index bdd31a6c8..f96778d64 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.h +++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c index 1fde0c6e9..49838df57 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/sshkey/sshkey_plugin.h b/src/libstrongswan/plugins/sshkey/sshkey_plugin.h index 2b9095a98..23c4b77f4 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_plugin.h +++ b/src/libstrongswan/plugins/sshkey/sshkey_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index a68f43647..9bbe701ee 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c index de5658da7..715608291 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c index 26aadb444..38aa94180 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c index cc4121424..b38a23c8e 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c index 56d12f036..86f2bfd1b 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c index a4e06180a..9e71d2e66 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c @@ -2,7 +2,7 @@ * Copyright (C) 2009 Martin Willi * Copyright (C) 2009 Andreas Steffen * Copyright (C) JuanJo Ciarlante - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c index 28c038878..75789fc91 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c index a33a219ed..3e0920bf5 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c index b4bf1fe6a..76dadc9a4 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c index 74e000419..b6e873bfa 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c index 4856a480f..50c890414 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c index 3348e12d3..364a2f4de 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c index ef9406f5f..5b428c6ee 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c index c7b213674..e0c613f79 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c index 5221d530c..c7b992304 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/null.c b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c index c4f5d41b3..cd352ef31 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/null.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c index b03d12038..42e168970 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c index 458f63aa9..8d45e3c75 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c index 3316c364d..8cb28e746 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c index 256a59603..ec7b67df0 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c index 669adf8c6..aec6bbe04 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c index 8d6f66373..1cc068fda 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c index 4679c26b3..424451e23 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c index 536eba8f6..da01f9ec1 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c index 9c3ca20cc..1d00f4cde 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index c4d71848d..96faa561e 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h index 661529295..3ee55837a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_plugin.c b/src/libstrongswan/plugins/unbound/unbound_plugin.c index f727cdaae..f719a8b40 100644 --- a/src/libstrongswan/plugins/unbound/unbound_plugin.c +++ b/src/libstrongswan/plugins/unbound/unbound_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_plugin.h b/src/libstrongswan/plugins/unbound/unbound_plugin.h index 1f0d36454..b8f7ea64f 100644 --- a/src/libstrongswan/plugins/unbound/unbound_plugin.h +++ b/src/libstrongswan/plugins/unbound/unbound_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c index 745e59d5b..a53e974f1 100644 --- a/src/libstrongswan/plugins/unbound/unbound_resolver.c +++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.h b/src/libstrongswan/plugins/unbound/unbound_resolver.h index 818a717b8..caec42ba7 100644 --- a/src/libstrongswan/plugins/unbound/unbound_resolver.h +++ b/src/libstrongswan/plugins/unbound/unbound_resolver.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_response.c b/src/libstrongswan/plugins/unbound/unbound_response.c index 950df344c..e0e65c015 100644 --- a/src/libstrongswan/plugins/unbound/unbound_response.c +++ b/src/libstrongswan/plugins/unbound/unbound_response.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_response.h b/src/libstrongswan/plugins/unbound/unbound_response.h index c82f39d45..da4ea4bcd 100644 --- a/src/libstrongswan/plugins/unbound/unbound_response.h +++ b/src/libstrongswan/plugins/unbound/unbound_response.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.c b/src/libstrongswan/plugins/unbound/unbound_rr.c index 91b5cdb33..a149aa500 100644 --- a/src/libstrongswan/plugins/unbound/unbound_rr.c +++ b/src/libstrongswan/plugins/unbound/unbound_rr.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.h b/src/libstrongswan/plugins/unbound/unbound_rr.h index d7c114f86..ec13b6ba5 100644 --- a/src/libstrongswan/plugins/unbound/unbound_rr.h +++ b/src/libstrongswan/plugins/unbound/unbound_rr.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h index da0988c6e..5e74fb80c 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.h +++ b/src/libstrongswan/plugins/x509/x509_ac.h @@ -4,7 +4,7 @@ * Copyright (C) 2002-2008 Andreas Steffen * Copyright (C) 2009 Martin Willi * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index d1f9d9aac..bc3a44346 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -704,6 +704,9 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) KU_DECIPHER_ONLY = 8, }; + /* to be compliant with RFC 4945 specific KUs have to be included */ + this->flags &= ~X509_IKE_COMPLIANT; + if (asn1_unwrap(&blob, &blob) == ASN1_BIT_STRING && blob.len) { int bit, byte, unused = blob.ptr[0]; @@ -724,10 +727,12 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) case KU_CRL_SIGN: this->flags |= X509_CRL_SIGN; break; - case KU_KEY_CERT_SIGN: - /* we use the caBasicConstraint, MUST be set */ case KU_DIGITAL_SIGNATURE: case KU_NON_REPUDIATION: + this->flags |= X509_IKE_COMPLIANT; + break; + case KU_KEY_CERT_SIGN: + /* we use the caBasicConstraint, MUST be set */ case KU_KEY_ENCIPHERMENT: case KU_DATA_ENCIPHERMENT: case KU_KEY_AGREEMENT: @@ -1381,6 +1386,9 @@ static bool parse_certificate(private_x509_cert_t *this) parser = asn1_parser_create(certObjects, this->encoding); + /* unless we see a keyUsage extension we are compliant with RFC 4945 */ + this->flags |= X509_IKE_COMPLIANT; + while (parser->iterate(parser, &objectID, &object)) { u_int level = parser->get_level(parser)+1; diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h index 772117f1c..355b75fcf 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.h +++ b/src/libstrongswan/plugins/x509/x509_cert.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 699ac5a39..95cb11cf4 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -302,6 +302,7 @@ static bool parse(private_x509_crl_t *this) } break; case OID_AUTHORITY_KEY_ID: + chunk_free(&this->authKeyIdentifier); this->authKeyIdentifier = x509_parse_authorityKeyIdentifier( object, level, &this->authKeySerialNumber); @@ -545,7 +546,7 @@ METHOD(certificate_t, get_validity, bool, { *not_after = this->nextUpdate; } - return (t <= this->nextUpdate); + return (t >= this->thisUpdate && t <= this->nextUpdate); } METHOD(certificate_t, get_encoding, bool, diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h index e8fe74e81..301b1544b 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.h +++ b/src/libstrongswan/plugins/x509/x509_crl.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index de22ab6be..50e3c6160 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007-2014 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h index 4c0e4b8f2..ca552b9ba 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h index 7a525626e..90efabe2b 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 54bef7357..1eb56cf00 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h index e3f959ffa..3857ee313 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.h +++ b/src/libstrongswan/plugins/x509/x509_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index 820298e27..3dbcda75e 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h index a36069a17..1fb6cffa9 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.h +++ b/src/libstrongswan/plugins/xcbc/xcbc.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 4706a9574..659741c13 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h index 9824088c6..bf34b05af 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c index 8258ccb33..99464586c 100644 --- a/src/libstrongswan/processing/jobs/callback_job.c +++ b/src/libstrongswan/processing/jobs/callback_job.c @@ -2,7 +2,7 @@ * Copyright (C) 2009-2012 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi * Copyright (C) 2011 revosec AG - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h index 6f2e39eb8..e5cfdd405 100644 --- a/src/libstrongswan/processing/jobs/callback_job.h +++ b/src/libstrongswan/processing/jobs/callback_job.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi * Copyright (C) 2011 revosec AG - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h index 5b3a8a30b..d5d180392 100644 --- a/src/libstrongswan/processing/jobs/job.h +++ b/src/libstrongswan/processing/jobs/job.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index bd8d534a5..0634368da 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -3,7 +3,7 @@ * Copyright (C) 2011 revosec AG * Copyright (C) 2008-2013 Tobias Brunner * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/processor.h b/src/libstrongswan/processing/processor.h index ee08870fb..4d5aa9bc8 100644 --- a/src/libstrongswan/processing/processor.h +++ b/src/libstrongswan/processing/processor.h @@ -2,7 +2,7 @@ * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index 374742939..92713fea8 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -2,7 +2,7 @@ * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h index 239487dae..77dd0f354 100644 --- a/src/libstrongswan/processing/scheduler.h +++ b/src/libstrongswan/processing/scheduler.h @@ -2,7 +2,7 @@ * Copyright (C) 2009-2015 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/resolver.h b/src/libstrongswan/resolver/resolver.h index 5be52b8b1..a802226ba 100644 --- a/src/libstrongswan/resolver/resolver.h +++ b/src/libstrongswan/resolver/resolver.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/resolver_manager.c b/src/libstrongswan/resolver/resolver_manager.c index 55531e157..06d435d5b 100644 --- a/src/libstrongswan/resolver/resolver_manager.c +++ b/src/libstrongswan/resolver/resolver_manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/resolver_manager.h b/src/libstrongswan/resolver/resolver_manager.h index 6ea22aa24..5f6044f75 100644 --- a/src/libstrongswan/resolver/resolver_manager.h +++ b/src/libstrongswan/resolver/resolver_manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/resolver_response.h b/src/libstrongswan/resolver/resolver_response.h index e45fb6401..a30c06e91 100644 --- a/src/libstrongswan/resolver/resolver_response.h +++ b/src/libstrongswan/resolver/resolver_response.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/rr.h b/src/libstrongswan/resolver/rr.h index 109ec5135..73b760abf 100644 --- a/src/libstrongswan/resolver/rr.h +++ b/src/libstrongswan/resolver/rr.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/rr_set.c b/src/libstrongswan/resolver/rr_set.c index dea5c4086..f0a8ed85e 100644 --- a/src/libstrongswan/resolver/rr_set.c +++ b/src/libstrongswan/resolver/rr_set.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/resolver/rr_set.h b/src/libstrongswan/resolver/rr_set.h index 5a1737a05..bef363889 100644 --- a/src/libstrongswan/resolver/rr_set.h +++ b/src/libstrongswan/resolver/rr_set.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Reto Guadagnini - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index 12f160224..cfd2b029d 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -2,7 +2,7 @@ * Copyright (C) 2007-2017 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -293,15 +293,16 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, written += print_in_hook(data, "%d", this->protocol); } } - - if (has_proto && has_ports) + else { - written += print_in_hook(data, "/"); + written += print_in_hook(data, "0"); } /* build port string */ if (has_ports) { + written += print_in_hook(data, "/"); + if (this->from_port == this->to_port) { struct servent *serv; diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index a9f78303c..dd9ad7e1b 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -2,7 +2,7 @@ * Copyright (C) 2007-2017 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index c618d8837..a4c5060fa 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index 28cde4876..e25c9da38 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c index 2151e930b..b13ff8009 100644 --- a/src/libstrongswan/settings/settings_lexer.c +++ b/src/libstrongswan/settings/settings_lexer.c @@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); yyg->yy_c_buf_p = yy_cp; /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ -#define YY_NUM_RULES 23 -#define YY_END_OF_BUFFER 24 +#define YY_NUM_RULES 30 +#define YY_END_OF_BUFFER 31 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -477,13 +477,15 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[49] = +static yyconst flex_int16_t yy_accept[63] = { 0, - 0, 0, 0, 0, 0, 0, 24, 9, 2, 3, - 8, 1, 6, 9, 4, 5, 14, 10, 11, 12, - 22, 15, 16, 9, 2, 1, 1, 3, 9, 14, - 13, 22, 21, 20, 21, 17, 18, 19, 1, 9, - 9, 9, 9, 9, 0, 7, 7, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 31, 9, + 2, 3, 2, 8, 1, 6, 9, 4, 5, 14, + 11, 12, 10, 13, 20, 16, 15, 17, 18, 29, + 21, 22, 23, 9, 2, 2, 1, 1, 3, 0, + 9, 14, 11, 20, 19, 29, 28, 27, 28, 24, + 25, 26, 1, 9, 9, 9, 9, 9, 0, 7, + 7, 0 } ; static yyconst YY_CHAR yy_ec[256] = @@ -520,89 +522,111 @@ static yyconst YY_CHAR yy_ec[256] = static yyconst YY_CHAR yy_meta[21] = { 0, - 1, 2, 3, 1, 4, 5, 4, 6, 7, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 8, 9 + 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 10, 7 } ; -static yyconst flex_uint16_t yy_base[60] = +static yyconst flex_uint16_t yy_base[77] = { 0, - 0, 0, 19, 38, 21, 23, 55, 0, 47, 161, - 161, 50, 161, 37, 161, 161, 0, 161, 161, 0, - 0, 161, 56, 0, 44, 0, 47, 161, 39, 0, - 161, 0, 161, 161, 45, 161, 161, 161, 0, 32, - 24, 26, 11, 29, 31, 161, 33, 161, 73, 82, - 91, 97, 101, 110, 115, 124, 133, 142, 151 + 0, 0, 19, 38, 57, 76, 23, 24, 70, 0, + 95, 244, 0, 244, 31, 244, 54, 244, 244, 0, + 44, 244, 244, 244, 0, 244, 244, 244, 0, 0, + 244, 244, 100, 0, 0, 0, 0, 33, 244, 65, + 57, 0, 45, 0, 244, 0, 244, 244, 62, 244, + 244, 244, 0, 43, 36, 27, 19, 46, 50, 244, + 51, 244, 117, 127, 137, 147, 155, 160, 170, 180, + 186, 193, 203, 213, 223, 233 } ; -static yyconst flex_int16_t yy_def[60] = +static yyconst flex_int16_t yy_def[77] = { 0, - 48, 1, 49, 49, 50, 50, 48, 51, 52, 48, - 48, 53, 48, 51, 48, 48, 54, 48, 48, 55, - 56, 48, 57, 51, 52, 58, 53, 48, 51, 54, - 48, 56, 48, 48, 48, 48, 48, 48, 58, 51, - 51, 51, 51, 51, 59, 48, 59, 0, 48, 48, - 48, 48, 48, 48, 48, 48, 48, 48, 48 + 62, 1, 63, 63, 64, 64, 65, 65, 62, 66, + 62, 62, 67, 62, 68, 62, 66, 62, 62, 69, + 62, 62, 62, 62, 70, 62, 62, 62, 71, 72, + 62, 62, 73, 66, 11, 67, 74, 68, 62, 75, + 66, 69, 62, 70, 62, 72, 62, 62, 62, 62, + 62, 62, 74, 66, 66, 66, 66, 66, 76, 62, + 76, 0, 62, 62, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62, 62, 62 } ; -static yyconst flex_uint16_t yy_nxt[182] = +static yyconst flex_uint16_t yy_nxt[265] = { 0, - 8, 9, 10, 8, 9, 11, 12, 13, 8, 8, - 8, 8, 14, 8, 8, 8, 8, 8, 15, 16, - 18, 18, 44, 18, 19, 18, 22, 20, 22, 23, - 45, 23, 47, 45, 47, 47, 43, 47, 18, 18, - 18, 42, 18, 19, 18, 41, 20, 34, 40, 28, - 26, 29, 28, 26, 48, 48, 48, 18, 34, 35, - 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, - 36, 37, 38, 17, 17, 17, 17, 17, 17, 17, - 17, 17, 21, 21, 21, 21, 21, 21, 21, 21, - 21, 24, 48, 48, 48, 48, 48, 24, 25, 48, - - 25, 27, 27, 27, 27, 27, 27, 27, 27, 27, - 30, 48, 48, 48, 48, 30, 48, 30, 31, 31, - 48, 48, 48, 31, 32, 32, 32, 32, 48, 32, - 48, 32, 32, 33, 33, 33, 33, 33, 33, 33, - 33, 33, 39, 39, 48, 39, 39, 39, 39, 39, - 39, 46, 46, 46, 46, 46, 48, 46, 46, 46, - 7, 48, 48, 48, 48, 48, 48, 48, 48, 48, - 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, - 48 + 10, 11, 12, 13, 11, 14, 15, 16, 10, 10, + 10, 10, 17, 10, 10, 10, 10, 10, 18, 19, + 21, 22, 23, 21, 24, 22, 31, 31, 32, 32, + 58, 33, 33, 39, 40, 39, 40, 57, 22, 21, + 22, 23, 21, 24, 22, 43, 43, 59, 43, 43, + 59, 61, 61, 56, 61, 61, 55, 22, 26, 26, + 27, 26, 28, 26, 48, 29, 54, 39, 41, 62, + 62, 62, 62, 62, 62, 62, 26, 26, 26, 27, + 26, 28, 26, 62, 29, 62, 62, 62, 62, 62, + 62, 62, 62, 62, 62, 26, 35, 62, 36, 35, + + 62, 37, 48, 49, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62, 50, 51, 52, 20, 20, 20, + 20, 20, 20, 20, 20, 20, 20, 25, 25, 25, + 25, 25, 25, 25, 25, 25, 25, 30, 30, 30, + 30, 30, 30, 30, 30, 30, 30, 34, 62, 62, + 62, 62, 62, 62, 62, 34, 36, 62, 36, 36, + 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, + 42, 62, 62, 62, 62, 62, 62, 42, 42, 42, + 44, 62, 62, 62, 62, 62, 62, 44, 62, 44, + 45, 45, 45, 46, 46, 46, 62, 46, 62, 46, + + 46, 62, 46, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 53, 53, 62, 62, 53, 53, 53, + 53, 53, 53, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 60, 60, 60, 60, 60, 60, 60, + 62, 60, 60, 9, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62 } ; -static yyconst flex_int16_t yy_chk[182] = +static yyconst flex_int16_t yy_chk[265] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 3, 3, 43, 3, 3, 3, 5, 3, 6, 5, - 44, 6, 45, 44, 47, 45, 42, 47, 3, 4, - 4, 41, 4, 4, 4, 40, 4, 35, 29, 27, - 25, 14, 12, 9, 7, 0, 0, 4, 23, 23, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 23, 23, 23, 49, 49, 49, 49, 49, 49, 49, - 49, 49, 50, 50, 50, 50, 50, 50, 50, 50, - 50, 51, 0, 0, 0, 0, 0, 51, 52, 0, - - 52, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 54, 0, 0, 0, 0, 54, 0, 54, 55, 55, - 0, 0, 0, 55, 56, 56, 56, 56, 0, 56, - 0, 56, 56, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 58, 58, 0, 58, 58, 58, 58, 58, - 58, 59, 59, 59, 59, 59, 0, 59, 59, 59, - 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, - 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, - 48 + 3, 3, 3, 3, 3, 3, 7, 8, 7, 8, + 57, 7, 8, 15, 15, 38, 38, 56, 3, 4, + 4, 4, 4, 4, 4, 21, 43, 58, 21, 43, + 58, 59, 61, 55, 59, 61, 54, 4, 5, 5, + 5, 5, 5, 5, 49, 5, 41, 40, 17, 9, + 0, 0, 0, 0, 0, 0, 5, 6, 6, 6, + 6, 6, 6, 0, 6, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 6, 11, 0, 11, 11, + + 0, 11, 33, 33, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 33, 33, 33, 63, 63, 63, + 63, 63, 63, 63, 63, 63, 63, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 65, 65, 65, + 65, 65, 65, 65, 65, 65, 65, 66, 0, 0, + 0, 0, 0, 0, 0, 66, 67, 0, 67, 67, + 68, 68, 68, 68, 68, 68, 68, 68, 68, 68, + 69, 0, 0, 0, 0, 0, 0, 69, 69, 69, + 70, 0, 0, 0, 0, 0, 0, 70, 0, 70, + 71, 71, 71, 72, 72, 72, 0, 72, 0, 72, + + 72, 0, 72, 73, 73, 73, 73, 73, 73, 73, + 73, 73, 73, 74, 74, 0, 0, 74, 74, 74, + 74, 74, 74, 75, 75, 75, 75, 75, 75, 75, + 75, 75, 75, 76, 76, 76, 76, 76, 76, 76, + 0, 76, 76, 62, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, + 62, 62, 62, 62 } ; /* Table of booleans, true if rule could match eol. */ -static yyconst flex_int32_t yy_rule_can_match_eol[24] = +static yyconst flex_int32_t yy_rule_can_match_eol[31] = { 0, -0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1, 0, 1, 0, }; +0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, }; -static yyconst flex_int16_t yy_rule_linenum[23] = +static yyconst flex_int16_t yy_rule_linenum[30] = { 0, - 59, 60, 61, 63, 64, 65, 67, 72, 77, 85, - 105, 108, 111, 114, 120, 122, 141, 142, 143, 144, - 145, 146 + 61, 62, 63, 65, 66, 68, 73, 78, 83, 89, + 90, 92, 112, 118, 125, 128, 148, 151, 154, 157, + 163, 164, 166, 186, 187, 188, 189, 190, 191 } ; /* The intent behind this definition is that it'll catch @@ -616,7 +640,7 @@ static yyconst flex_int16_t yy_rule_linenum[23] = #line 2 "settings/settings_lexer.l" /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -646,15 +670,18 @@ static void include_files(parser_helper_t *ctx); /* prefix function/variable declarations */ /* don't change the name of the output file otherwise autotools has issues */ /* type of our extra data */ +/* state used to scan values */ + /* state used to scan include file patterns */ /* state used to scan quoted strings */ -#line 654 "settings/settings_lexer.c" +#line 680 "settings/settings_lexer.c" #define INITIAL 0 -#define inc 1 -#define str 2 +#define val 1 +#define inc 2 +#define str 3 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way @@ -1003,10 +1030,10 @@ YY_DECL { /* %% [7.0] user's declarations go here */ -#line 57 "settings/settings_lexer.l" +#line 59 "settings/settings_lexer.l" -#line 1010 "settings/settings_lexer.c" +#line 1037 "settings/settings_lexer.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1035,13 +1062,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 49 ) + if ( yy_current_state >= 63 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 161 ); + while ( yy_base[yy_current_state] != 244 ); yy_find_action: /* %% [10.0] code to find the action number goes here */ @@ -1076,13 +1103,13 @@ do_action: /* This label is used only to access EOF actions. */ { if ( yy_act == 0 ) fprintf( stderr, "--scanner backing up\n" ); - else if ( yy_act < 23 ) + else if ( yy_act < 30 ) fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n", (long)yy_rule_linenum[yy_act], yytext ); - else if ( yy_act == 23 ) + else if ( yy_act == 30 ) fprintf( stderr, "--accepting default rule (\"%s\")\n", yytext ); - else if ( yy_act == 24 ) + else if ( yy_act == 31 ) fprintf( stderr, "--(end of buffer or a NUL)\n" ); else fprintf( stderr, "--EOF (start condition %d)\n", YY_START ); @@ -1100,29 +1127,35 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 59 "settings/settings_lexer.l" +#line 61 "settings/settings_lexer.l" /* eat comments */ YY_BREAK case 2: YY_RULE_SETUP -#line 60 "settings/settings_lexer.l" +#line 62 "settings/settings_lexer.l" /* eat whitespace */ YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 61 "settings/settings_lexer.l" +#line 63 "settings/settings_lexer.l" return NEWLINE; /* also eats comments at the end of a line */ YY_BREAK case 4: -#line 64 "settings/settings_lexer.l" +#line 66 "settings/settings_lexer.l" case 5: -#line 65 "settings/settings_lexer.l" -case 6: YY_RULE_SETUP -#line 65 "settings/settings_lexer.l" +#line 66 "settings/settings_lexer.l" return yytext[0]; YY_BREAK +case 6: +YY_RULE_SETUP +#line 68 "settings/settings_lexer.l" +{ + yy_push_state(val, yyscanner); + return yytext[0]; +} + YY_BREAK case 7: /* rule 7 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ @@ -1130,7 +1163,7 @@ YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 67 "settings/settings_lexer.l" +#line 73 "settings/settings_lexer.l" { yyextra->string_init(yyextra); yy_push_state(inc, yyscanner); @@ -1138,28 +1171,88 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 72 "settings/settings_lexer.l" +#line 78 "settings/settings_lexer.l" { - yyextra->string_init(yyextra); - yy_push_state(str, yyscanner); + PARSER_DBG1(yyextra, "unexpected string detected"); + return STRING_ERROR; } YY_BREAK case 9: YY_RULE_SETUP -#line 77 "settings/settings_lexer.l" +#line 83 "settings/settings_lexer.l" { yylval->s = strdup(yytext); return NAME; } YY_BREAK +case 10: +YY_RULE_SETUP +#line 89 "settings/settings_lexer.l" +/* just ignore these */ + YY_BREAK +case 11: +YY_RULE_SETUP +#line 90 "settings/settings_lexer.l" + + YY_BREAK +case YY_STATE_EOF(val): +#line 91 "settings/settings_lexer.l" +case 12: +/* rule 12 can match eol */ +YY_RULE_SETUP +#line 92 "settings/settings_lexer.l" +{ + if (*yytext) + { + switch (yytext[0]) + { + case '\n': + /* put the newline back to fix the line numbers */ + unput('\n'); + yy_set_bol(0); + break; + case '#': + case '}': + /* these are parsed outside of this start condition */ + unput(yytext[0]); + break; + } + } + yy_pop_state(yyscanner); + } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 112 "settings/settings_lexer.l" +{ + yyextra->string_init(yyextra); + yy_push_state(str, yyscanner); + } + YY_BREAK +/* same as above, but allow more characters */ +case 14: +YY_RULE_SETUP +#line 118 "settings/settings_lexer.l" +{ + yylval->s = strdup(yytext); + return NAME; + } + YY_BREAK + + +case 15: +YY_RULE_SETUP +#line 125 "settings/settings_lexer.l" +/* just ignore these */ + YY_BREAK /* we allow all characters except #, } and spaces, they can be escaped */ case YY_STATE_EOF(inc): -#line 84 "settings/settings_lexer.l" -case 10: -/* rule 10 can match eol */ +#line 127 "settings/settings_lexer.l" +case 16: +/* rule 16 can match eol */ YY_RULE_SETUP -#line 85 "settings/settings_lexer.l" +#line 128 "settings/settings_lexer.l" { if (*yytext) { @@ -1181,44 +1274,49 @@ YY_RULE_SETUP yy_pop_state(yyscanner); } YY_BREAK -case 11: +case 17: YY_RULE_SETUP -#line 105 "settings/settings_lexer.l" +#line 148 "settings/settings_lexer.l" { /* string include */ yy_push_state(str, yyscanner); } YY_BREAK -case 12: +case 18: YY_RULE_SETUP -#line 108 "settings/settings_lexer.l" +#line 151 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 13: +case 19: YY_RULE_SETUP -#line 111 "settings/settings_lexer.l" +#line 154 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext+1); } YY_BREAK -case 14: +case 20: YY_RULE_SETUP -#line 114 "settings/settings_lexer.l" +#line 157 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 15: -#line 121 "settings/settings_lexer.l" +case 21: +YY_RULE_SETUP +#line 163 "settings/settings_lexer.l" +/* just ignore these */ + YY_BREAK +case 22: +#line 165 "settings/settings_lexer.l" YY_RULE_SETUP case YY_STATE_EOF(str): -#line 121 "settings/settings_lexer.l" -case 16: +#line 165 "settings/settings_lexer.l" +case 23: YY_RULE_SETUP -#line 122 "settings/settings_lexer.l" +#line 166 "settings/settings_lexer.l" { if (!streq(yytext, "\"")) { @@ -1239,43 +1337,43 @@ YY_RULE_SETUP } } YY_BREAK -case 17: +case 24: YY_RULE_SETUP -#line 141 "settings/settings_lexer.l" +#line 186 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\n"); YY_BREAK -case 18: +case 25: YY_RULE_SETUP -#line 142 "settings/settings_lexer.l" +#line 187 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\r"); YY_BREAK -case 19: +case 26: YY_RULE_SETUP -#line 143 "settings/settings_lexer.l" +#line 188 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\t"); YY_BREAK -case 20: -/* rule 20 can match eol */ +case 27: +/* rule 27 can match eol */ YY_RULE_SETUP -#line 144 "settings/settings_lexer.l" -/* merge lines that end with EOL characters */ +#line 189 "settings/settings_lexer.l" +/* merge lines that end with escaped EOL characters */ YY_BREAK -case 21: +case 28: YY_RULE_SETUP -#line 145 "settings/settings_lexer.l" +#line 190 "settings/settings_lexer.l" yyextra->string_add(yyextra, yytext+1); YY_BREAK -case 22: -/* rule 22 can match eol */ +case 29: +/* rule 29 can match eol */ YY_RULE_SETUP -#line 146 "settings/settings_lexer.l" +#line 191 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK case YY_STATE_EOF(INITIAL): -#line 151 "settings/settings_lexer.l" +#line 196 "settings/settings_lexer.l" { settings_parser_pop_buffer_state(yyscanner); if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER) @@ -1284,12 +1382,12 @@ case YY_STATE_EOF(INITIAL): } } YY_BREAK -case 23: +case 30: YY_RULE_SETUP -#line 159 "settings/settings_lexer.l" +#line 204 "settings/settings_lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1293 "settings/settings_lexer.c" +#line 1391 "settings/settings_lexer.c" case YY_END_OF_BUFFER: { @@ -1607,7 +1705,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 49 ) + if ( yy_current_state >= 63 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -1641,11 +1739,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 49 ) + if ( yy_current_state >= 63 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 48); + yy_is_jam = (yy_current_state == 62); (void)yyg; return yy_is_jam ? 0 : yy_current_state; @@ -2680,7 +2778,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner) /* %ok-for-header */ -#line 159 "settings/settings_lexer.l" +#line 204 "settings/settings_lexer.l" diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l index ce9d4eedc..fa1ecac10 100644 --- a/src/libstrongswan/settings/settings_lexer.l +++ b/src/libstrongswan/settings/settings_lexer.l @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx); /* type of our extra data */ %option extra-type="parser_helper_t*" +/* state used to scan values */ +%x val /* state used to scan include file patterns */ %x inc /* state used to scan quoted strings */ @@ -56,13 +58,17 @@ static void include_files(parser_helper_t *ctx); %% -[\t ]*#[^\n]* /* eat comments */ -[\t ]+ /* eat whitespace */ +[\t ]*#[^\r\n]* /* eat comments */ +[\t\r ]+ /* eat whitespace */ \n|#.*\n return NEWLINE; /* also eats comments at the end of a line */ "{" | -"}" | -"=" return yytext[0]; +"}" return yytext[0]; + +"=" { + yy_push_state(val, yyscanner); + return yytext[0]; +} "include"[\t ]+/[^=] { yyextra->string_init(yyextra); @@ -70,16 +76,53 @@ static void include_files(parser_helper_t *ctx); } "\"" { - yyextra->string_init(yyextra); - yy_push_state(str, yyscanner); + PARSER_DBG1(yyextra, "unexpected string detected"); + return STRING_ERROR; } -[^#{}="\n\t ]+ { +[^#{}="\r\n\t ]+ { yylval->s = strdup(yytext); return NAME; } +{ + \r /* just ignore these */ + [\t ]+ + <> | + [#}\n] { + if (*yytext) + { + switch (yytext[0]) + { + case '\n': + /* put the newline back to fix the line numbers */ + unput('\n'); + yy_set_bol(0); + break; + case '#': + case '}': + /* these are parsed outside of this start condition */ + unput(yytext[0]); + break; + } + } + yy_pop_state(yyscanner); + } + + "\"" { + yyextra->string_init(yyextra); + yy_push_state(str, yyscanner); + } + + /* same as above, but allow more characters */ + [^#}"\r\n\t ]+ { + yylval->s = strdup(yytext); + return NAME; + } +} + { + \r /* just ignore these */ /* we allow all characters except #, } and spaces, they can be escaped */ <> | [#}\n\t ] { @@ -111,12 +154,13 @@ static void include_files(parser_helper_t *ctx); \\["#} ] { yyextra->string_add(yyextra, yytext+1); } - [^"\\#}\n\t ]+ { + [^"\\#}\r\n\t ]+ { yyextra->string_add(yyextra, yytext); } } { + \r /* just ignore these */ "\"" | <> | \\ { @@ -138,12 +182,13 @@ static void include_files(parser_helper_t *ctx); return STRING; } } + \\n yyextra->string_add(yyextra, "\n"); \\r yyextra->string_add(yyextra, "\r"); \\t yyextra->string_add(yyextra, "\t"); - \\\r?\n /* merge lines that end with EOL characters */ + \\\r?\n /* merge lines that end with escaped EOL characters */ \\. yyextra->string_add(yyextra, yytext+1); - [^\\"]+ { + [^\\\r"]+ { yyextra->string_add(yyextra, yytext); } } diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 47cf8ebd4..3d1a2ba27 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -72,7 +72,7 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y index 96ab36faf..2ab9ea723 100644 --- a/src/libstrongswan/settings/settings_parser.y +++ b/src/libstrongswan/settings/settings_parser.y @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c index d753720f5..1c2d61de7 100644 --- a/src/libstrongswan/settings/settings_types.c +++ b/src/libstrongswan/settings/settings_types.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h index 67299d8e7..82bcb230a 100644 --- a/src/libstrongswan/settings/settings_types.h +++ b/src/libstrongswan/settings/settings_types.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c index eed8fba56..da2bfbb76 100644 --- a/src/libstrongswan/tests/suites/test_array.c +++ b/src/libstrongswan/tests/suites/test_array.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c index d0fa8a045..9fc2bbd90 100644 --- a/src/libstrongswan/tests/suites/test_auth_cfg.c +++ b/src/libstrongswan/tests/suites/test_auth_cfg.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c index d3b4b4358..f5387301e 100644 --- a/src/libstrongswan/tests/suites/test_bio_reader.c +++ b/src/libstrongswan/tests/suites/test_bio_reader.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_bio_writer.c b/src/libstrongswan/tests/suites/test_bio_writer.c index e74288eb7..97ebe7e05 100644 --- a/src/libstrongswan/tests/suites/test_bio_writer.c +++ b/src/libstrongswan/tests/suites/test_bio_writer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 9b2e48b0e..fbfb3ff9f 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_crypto_factory.c b/src/libstrongswan/tests/suites/test_crypto_factory.c index 94f45dada..f0c851f57 100644 --- a/src/libstrongswan/tests/suites/test_crypto_factory.c +++ b/src/libstrongswan/tests/suites/test_crypto_factory.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_enum.c b/src/libstrongswan/tests/suites/test_enum.c index 70bfdb2aa..dd6b86f8e 100644 --- a/src/libstrongswan/tests/suites/test_enum.c +++ b/src/libstrongswan/tests/suites/test_enum.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c index b781ae9fd..924b34786 100644 --- a/src/libstrongswan/tests/suites/test_enumerator.c +++ b/src/libstrongswan/tests/suites/test_enumerator.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_hashtable.c b/src/libstrongswan/tests/suites/test_hashtable.c index 8cc7bfe42..de5c3f22e 100644 --- a/src/libstrongswan/tests/suites/test_hashtable.c +++ b/src/libstrongswan/tests/suites/test_hashtable.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 63f0eb20a..2a06dc61c 100644 --- a/src/libstrongswan/tests/suites/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c index 8b0a14b79..fa1c70940 100644 --- a/src/libstrongswan/tests/suites/test_iv_gen.c +++ b/src/libstrongswan/tests/suites/test_iv_gen.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c index aa1e0429f..93e11c42e 100644 --- a/src/libstrongswan/tests/suites/test_linked_list.c +++ b/src/libstrongswan/tests/suites/test_linked_list.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c index 48d6f40e6..19f381ef3 100644 --- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c +++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index 1a2f97d5f..938fa38aa 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -29,6 +29,8 @@ static struct { { PROTO_IKE, "aes128", NULL }, { PROTO_IKE, "aes128-sha256", NULL }, { PROTO_IKE, "aes128-sha256-modpnone", NULL }, + { PROTO_IKE, "aes128-prfsha256", NULL }, + { PROTO_IKE, "aes128-prfsha256-modp2048", NULL }, { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" }, { PROTO_IKE, "aes128gcm16-modp3072", NULL }, @@ -194,6 +196,106 @@ START_TEST(test_promote_dh_group_not_contained) } END_TEST +START_TEST(test_unknown_transform_types_print) +{ + proposal_t *proposal; + + proposal = proposal_create(PROTO_IKE, 0); + proposal->add_algorithm(proposal, 242, 42, 128); + assert_proposal_eq(proposal, "IKE:UNKNOWN_242_42_128"); + proposal->destroy(proposal); + + proposal = proposal_create_from_string(PROTO_IKE, + "aes128-sha256-ecp256"); + proposal->add_algorithm(proposal, 242, 42, 128); + proposal->add_algorithm(proposal, 243, 1, 0); + assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128/UNKNOWN_243_1"); + proposal->destroy(proposal); +} +END_TEST + +START_TEST(test_unknown_transform_types_equals) +{ + proposal_t *self, *other; + + self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other->add_algorithm(other, 242, 42, 0); + ck_assert(!self->equals(self, other)); + ck_assert(!other->equals(other, self)); + self->add_algorithm(self, 242, 42, 0); + ck_assert(self->equals(self, other)); + ck_assert(other->equals(other, self)); + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_unknown_transform_types_select_fail) +{ + proposal_t *self, *other, *selected; + + self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other->add_algorithm(other, 242, 42, 0); + + selected = self->select(self, other, TRUE, FALSE); + ck_assert(!selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_unknown_transform_types_select_fail_subtype) +{ + proposal_t *self, *other, *selected; + + self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + self->add_algorithm(self, 242, 8, 0); + other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other->add_algorithm(other, 242, 42, 0); + + selected = self->select(self, other, TRUE, FALSE); + ck_assert(!selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_unknown_transform_types_select_success) +{ + proposal_t *self, *other, *selected; + + self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + self->add_algorithm(self, 242, 42, 128); + other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); + other->add_algorithm(other, 242, 42, 128); + other->add_algorithm(other, 242, 1, 0); + + selected = self->select(self, other, TRUE, FALSE); + ck_assert(selected); + assert_proposal_eq(selected, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128"); + selected->destroy(selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +START_TEST(test_chacha20_poly1305_key_length) +{ + proposal_t *proposal; + uint16_t alg, ks; + + proposal = proposal_create_from_string(PROTO_IKE, "chacha20poly1305-prfsha256-ecp256"); + proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &ks); + ck_assert_int_eq(alg, ENCR_CHACHA20_POLY1305); + ck_assert_int_eq(ks, 0); + assert_proposal_eq(proposal, "IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/ECP_256"); + proposal->destroy(proposal); +} +END_TEST + + Suite *proposal_suite_create() { Suite *s; @@ -216,5 +318,17 @@ Suite *proposal_suite_create() tcase_add_test(tc, test_promote_dh_group_not_contained); suite_add_tcase(s, tc); + tc = tcase_create("unknown transform types"); + tcase_add_test(tc, test_unknown_transform_types_print); + tcase_add_test(tc, test_unknown_transform_types_equals); + tcase_add_test(tc, test_unknown_transform_types_select_fail); + tcase_add_test(tc, test_unknown_transform_types_select_fail_subtype); + tcase_add_test(tc, test_unknown_transform_types_select_success); + suite_add_tcase(s, tc); + + tc = tcase_create("chacha20/poly1305"); + tcase_add_test(tc, test_chacha20_poly1305_key_length); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 9d0a6dea1..0759f7013 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -1109,6 +1109,12 @@ START_TEST(test_valid) "}\n"); ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "equals = a setting with = and { character"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("a setting with = and { character", "equals"); } END_TEST @@ -1148,12 +1154,110 @@ START_TEST(test_invalid) ck_assert(!settings->load_files(settings, path, FALSE)); contents = chunk_from_str( - "only = a single setting = per line"); + "\"unexpected\" = string"); ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(!settings->load_files(settings, path, FALSE)); } END_TEST +START_SETUP(setup_crlf_config) +{ + chunk_t inc1 = chunk_from_str( + "main {\r\n" + " key1 = n1\r\n" + " key2 = n2\n" + " key3 = val3\n" + " none = \n" + " sub1 {\n" + " key3 = value\n" + " }\n" + " sub2 {\n" + " sub3 = val3\n" + " }\n" + " include " include2 "\n" + "}"); + chunk_t inc2 = chunk_from_str( + "key2 = v2\n" + "sub1 {\n" + " key = val\n" + "}"); + ck_assert(chunk_write(inc1, include1, 0022, TRUE)); + ck_assert(chunk_write(inc2, include2, 0022, TRUE)); +} +END_SETUP + +START_TEST(test_crlf) +{ + chunk_t contents = chunk_from_str( + "main {\r\n" + " key1 = val1\r\n" + " none =\r\n" + " sub1 {\r\n" + " key2 = v2\r\n" + " # key2 = v3\r\n" + " sub1 {\r\n" + " key = val\r\n" + " }\r\n" + " }\r\n" + "}"); + + create_settings(contents); + + verify_string("val1", "main.key1"); + verify_string("v2", "main.sub1.key2"); + verify_string("val", "main.sub1.sub1.key"); + verify_null("main.none"); +} +END_TEST + +START_TEST(test_crlf_string) +{ + chunk_t contents = chunk_from_str( + "main {\r\n" + " key1 = \"new\r\nline\"\r\n" + " key2 = \"joi\\\r\nned\"\r\n" + " none =\r\n" + " sub1 {\r\n" + " key2 = v2\r\n" + " sub1 {\r\n" + " key = val\r\n" + " }\r\n" + " }\r\n" + "}"); + + create_settings(contents); + + verify_string("new\nline", "main.key1"); + verify_string("joined", "main.key2"); + verify_string("v2", "main.sub1.key2"); + verify_string("val", "main.sub1.sub1.key"); + verify_null("main.none"); +} +END_TEST + +START_TEST(test_crlf_include) +{ + chunk_t contents = chunk_from_str( + "main {\r\n" + " key1 = val1\r\n" + " none =\r\n" + " sub1 {\r\n" + " key2 = v2\r\n" + " sub1 {\r\n" + " key = val\r\n" + " }\r\n" + " }\r\n" + "}"); + + create_settings(contents); + + verify_string("val1", "main.key1"); + verify_string("v2", "main.sub1.key2"); + verify_string("val", "main.sub1.sub1.key"); + verify_null("main.none"); +} +END_TEST + Suite *settings_suite_create() { Suite *s; @@ -1241,5 +1345,12 @@ Suite *settings_suite_create() tcase_add_test(tc, test_invalid); suite_add_tcase(s, tc); + tc = tcase_create("crlf"); + tcase_add_checked_fixture(tc, setup_crlf_config, teardown_include_config); + tcase_add_test(tc, test_crlf); + tcase_add_test(tc, test_crlf_string); + tcase_add_test(tc, test_crlf_include); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c index 9a9fdd8e9..26e60db0d 100644 --- a/src/libstrongswan/tests/suites/test_threading.c +++ b/src/libstrongswan/tests/suites/test_threading.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -27,6 +27,36 @@ #include #include +#ifdef WIN32 +/* when running on AppVeyor the wait functions seem to frequently trigger a bit + * early, allow this if the difference is within 5ms. */ +static inline void time_is_at_least(timeval_t *expected, timeval_t *actual) +{ + if (!timercmp(actual, expected, >)) + { + timeval_t diff; + + timersub(expected, actual, &diff); + if (!diff.tv_sec && diff.tv_usec <= 5000) + { + warn("allow timer event %dus too early on Windows (expected: %u.%u, " + "actual: %u.%u)", diff.tv_usec, expected->tv_sec, + expected->tv_usec, actual->tv_sec, actual->tv_usec); + return; + } + fail("expected: %u.%u, actual: %u.%u", expected->tv_sec, + expected->tv_usec, actual->tv_sec, actual->tv_usec); + } +} +#else /* WIN32 */ +static inline void time_is_at_least(timeval_t *expected, timeval_t *actual) +{ + ck_assert_msg(timercmp(actual, expected, >), "expected: %u.%u, actual: " + "%u.%u", expected->tv_sec, expected->tv_usec, actual->tv_sec, + actual->tv_usec); +} +#endif /* WIN32 */ + /******************************************************************************* * recursive mutex test */ @@ -380,8 +410,7 @@ START_TEST(test_condvar_timed) time_monotonic(&end); mutex->unlock(mutex); timersub(&end, &start, &end); - ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", - end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + time_is_at_least(&diff, &end); thread = thread_create(condvar_run, NULL); @@ -419,8 +448,7 @@ START_TEST(test_condvar_timed_abs) } time_monotonic(&end); mutex->unlock(mutex); - ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", - end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + time_is_at_least(&diff, &end); thread = thread_create(condvar_run, NULL); @@ -704,8 +732,7 @@ START_TEST(test_rwlock_condvar_timed) rwlock->unlock(rwlock); time_monotonic(&end); timersub(&end, &start, &end); - ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", - end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + time_is_at_least(&diff, &end); thread = thread_create(rwlock_condvar_run, NULL); @@ -743,8 +770,7 @@ START_TEST(test_rwlock_condvar_timed_abs) } rwlock->unlock(rwlock); time_monotonic(&end); - ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u", - end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + time_is_at_least(&abso, &end); thread = thread_create(rwlock_condvar_run, NULL); @@ -866,8 +892,7 @@ START_TEST(test_semaphore_timed) ck_assert(semaphore->timed_wait(semaphore, diff.tv_usec / 1000)); time_monotonic(&end); timersub(&end, &start, &end); - ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", - end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + time_is_at_least(&diff, &end); thread = thread_create(semaphore_run, NULL); @@ -889,8 +914,7 @@ START_TEST(test_semaphore_timed_abs) timeradd(&start, &diff, &abso); ck_assert(semaphore->timed_wait_abs(semaphore, abso)); time_monotonic(&end); - ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u", - end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + time_is_at_least(&abso, &end); thread = thread_create(semaphore_run, NULL); diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c index 93361f9bf..137c337dc 100644 --- a/src/libstrongswan/tests/suites/test_traffic_selector.c +++ b/src/libstrongswan/tests/suites/test_traffic_selector.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2015 Martin Willi * Copyright (C) 2015 revosec AG @@ -72,10 +72,13 @@ START_TEST(test_create_from_cidr) verify("10.1.0.1/32[udp]", "10.1.0.1/32[17]", traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP, 0, 65535)); + verify("10.1.0.1/32[0/domain]", "10.1.0.1/32[0/53]", + traffic_selector_create_from_cidr("10.1.0.1/32", 0, + 53, 53)); verify("10.1.0.1/32[udp/1234-1235]", "10.1.0.1/32[17/1234-1235]", traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP, 1234, 1235)); - verify("10.1.0.0/16[OPAQUE]", NULL, + verify("10.1.0.0/16[0/OPAQUE]", NULL, traffic_selector_create_from_cidr("10.1.0.0/16", 0, 65535, 0)); verify(NULL, NULL, diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index b423d7d2d..00f000a6a 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/tests/suites/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c index a35342837..971b331b2 100644 --- a/src/libstrongswan/tests/suites/test_vectors.c +++ b/src/libstrongswan/tests/suites/test_vectors.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index b9a0fe6d6..c6dd97716 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 9b9fcad85..3bc3b38ca 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 5fab227f2..9fc38d480 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/condvar.h b/src/libstrongswan/threading/condvar.h index 48c949c7c..37b493b55 100644 --- a/src/libstrongswan/threading/condvar.h +++ b/src/libstrongswan/threading/condvar.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/lock_profiler.h b/src/libstrongswan/threading/lock_profiler.h index 1ae496455..a3c4241f7 100644 --- a/src/libstrongswan/threading/lock_profiler.h +++ b/src/libstrongswan/threading/lock_profiler.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c index 10cf04542..19cc11d15 100644 --- a/src/libstrongswan/threading/mutex.c +++ b/src/libstrongswan/threading/mutex.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/mutex.h b/src/libstrongswan/threading/mutex.h index ac36b6a25..147a3cde7 100644 --- a/src/libstrongswan/threading/mutex.h +++ b/src/libstrongswan/threading/mutex.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c index d7374cddf..bd57b65f0 100644 --- a/src/libstrongswan/threading/rwlock.c +++ b/src/libstrongswan/threading/rwlock.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/rwlock.h b/src/libstrongswan/threading/rwlock.h index a86a241c5..9fac91a82 100644 --- a/src/libstrongswan/threading/rwlock.h +++ b/src/libstrongswan/threading/rwlock.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/rwlock_condvar.h b/src/libstrongswan/threading/rwlock_condvar.h index 2b40c3fc6..d21e73d03 100644 --- a/src/libstrongswan/threading/rwlock_condvar.h +++ b/src/libstrongswan/threading/rwlock_condvar.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/semaphore.c b/src/libstrongswan/threading/semaphore.c index d90588b50..4147d7b93 100644 --- a/src/libstrongswan/threading/semaphore.c +++ b/src/libstrongswan/threading/semaphore.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/semaphore.h b/src/libstrongswan/threading/semaphore.h index bb384e669..034c92b60 100644 --- a/src/libstrongswan/threading/semaphore.h +++ b/src/libstrongswan/threading/semaphore.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/spinlock.c b/src/libstrongswan/threading/spinlock.c index a0de02ce5..901155089 100644 --- a/src/libstrongswan/threading/spinlock.c +++ b/src/libstrongswan/threading/spinlock.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/spinlock.h b/src/libstrongswan/threading/spinlock.h index 883980cc2..2c7164ab3 100644 --- a/src/libstrongswan/threading/spinlock.h +++ b/src/libstrongswan/threading/spinlock.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index de5cbaa21..487ea0401 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -348,6 +348,8 @@ thread_t *thread_create(thread_main_t main, void *arg) { DBG1(DBG_LIB, "failed to create thread!"); this->mutex->lock(this->mutex); + this->terminated = TRUE; + this->detached_or_joined = TRUE; thread_destroy(this); return NULL; } diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h index 35da24459..1dfc3772d 100644 --- a/src/libstrongswan/threading/thread.h +++ b/src/libstrongswan/threading/thread.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/thread_value.c b/src/libstrongswan/threading/thread_value.c index 190b7434f..6d015494d 100644 --- a/src/libstrongswan/threading/thread_value.c +++ b/src/libstrongswan/threading/thread_value.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/threading/thread_value.h b/src/libstrongswan/threading/thread_value.h index 48f5f7d6b..028bdeebe 100644 --- a/src/libstrongswan/threading/thread_value.h +++ b/src/libstrongswan/threading/thread_value.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 18b19166e..146f91c4a 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006-2013 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 16e84c4d9..85d8d250c 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c index ce5f550b5..38c2ee09e 100644 --- a/src/libstrongswan/utils/capabilities.c +++ b/src/libstrongswan/utils/capabilities.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG * @@ -422,7 +422,10 @@ METHOD(capabilities_t, drop, bool, { #ifndef WIN32 #ifdef HAVE_PRCTL - prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + if (has_capability(this, CAP_SETPCAP, NULL)) + { + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + } #endif if (this->uid && !init_supplementary_groups(this)) diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h index 20c18554b..c7bdfa347 100644 --- a/src/libstrongswan/utils/capabilities.h +++ b/src/libstrongswan/utils/capabilities.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG * @@ -47,6 +47,9 @@ typedef struct capabilities_t capabilities_t; #ifndef CAP_DAC_OVERRIDE # define CAP_DAC_OVERRIDE 1 #endif +#ifndef CAP_SETPCAP +# define CAP_SETPCAP 8 +#endif /** * POSIX capability dropping abstraction layer. diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 3a7984098..239353879 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -2,7 +2,7 @@ * Copyright (C) 2008-2013 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 160d09944..e60cd8ad0 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -2,7 +2,7 @@ * Copyright (C) 2008-2013 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/compat/android.h b/src/libstrongswan/utils/compat/android.h index 6edd3effb..da8de6279 100644 --- a/src/libstrongswan/utils/compat/android.h +++ b/src/libstrongswan/utils/compat/android.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/debug.c b/src/libstrongswan/utils/debug.c index 8a80b81a2..812ade4f5 100644 --- a/src/libstrongswan/utils/debug.c +++ b/src/libstrongswan/utils/debug.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/debug.h b/src/libstrongswan/utils/debug.h index 3b554487c..a2258a879 100644 --- a/src/libstrongswan/utils/debug.h +++ b/src/libstrongswan/utils/debug.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c index 1cead77ca..25182f93d 100644 --- a/src/libstrongswan/utils/enum.c +++ b/src/libstrongswan/utils/enum.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/enum.h b/src/libstrongswan/utils/enum.h index 928f4079a..4312cb9a1 100644 --- a/src/libstrongswan/utils/enum.h +++ b/src/libstrongswan/utils/enum.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -53,7 +53,7 @@ typedef struct enum_name_t enum_name_t; * The ENUM and the ENUM_END define a enum_name_t pointer with the name supplied * in "name". * - * Resolving of enum names is done using a printf hook. A printf fromat + * Resolving of enum names is done using a printf hook. A printf format * character %N is replaced by the enum string. Printf needs two arguments to * resolve a %N, the enum_name_t* (the defined name in ENUM_BEGIN) followed * by the numerical enum value. diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 206f7c3e0..704df7842 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -2,7 +2,7 @@ * Copyright (C) 2009-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c index 6f9510b3e..d39b587a9 100644 --- a/src/libstrongswan/utils/integrity_checker.c +++ b/src/libstrongswan/utils/integrity_checker.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/integrity_checker.h b/src/libstrongswan/utils/integrity_checker.h index 2ac21c608..2766a0a74 100644 --- a/src/libstrongswan/utils/integrity_checker.h +++ b/src/libstrongswan/utils/integrity_checker.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 1dfeea557..b873e12a8 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2013-2014 Tobias Brunner * Copyright (C) 2006-2013 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h index ca70067d4..b27534e2a 100644 --- a/src/libstrongswan/utils/leak_detective.h +++ b/src/libstrongswan/utils/leak_detective.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h index 7eb68069b..4c9d2b342 100644 --- a/src/libstrongswan/utils/lexparser.h +++ b/src/libstrongswan/utils/lexparser.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2001-2008 Andreas Steffen * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index 6f721c9ef..5c5f649b7 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h index b0a9d0096..3ce52365f 100644 --- a/src/libstrongswan/utils/optionsfrom.h +++ b/src/libstrongswan/utils/optionsfrom.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2007-2008 Andreas Steffen * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/parser_helper.c b/src/libstrongswan/utils/parser_helper.c index 4c6aa251f..3ed22b61d 100644 --- a/src/libstrongswan/utils/parser_helper.c +++ b/src/libstrongswan/utils/parser_helper.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/parser_helper.h b/src/libstrongswan/utils/parser_helper.h index 09ed1991c..818062c66 100644 --- a/src/libstrongswan/utils/parser_helper.h +++ b/src/libstrongswan/utils/parser_helper.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/printf_hook/printf_hook.h b/src/libstrongswan/utils/printf_hook/printf_hook.h index c1d6fa90d..bced19146 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook.h +++ b/src/libstrongswan/utils/printf_hook/printf_hook.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c index 5efe1d990..17b56d278 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009-2013 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c index ab93b24ba..6d8827624 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2009-2013 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h index 7c24b05e2..6d744b257 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h +++ b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c index 0b0a80f42..0e9f07cd0 100644 --- a/src/libstrongswan/utils/test.c +++ b/src/libstrongswan/utils/test.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h index f9a84713e..f7ae7d60c 100644 --- a/src/libstrongswan/utils/test.h +++ b/src/libstrongswan/utils/test.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 4deba0fe7..94863d3d6 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index ec994bfc5..ea08b68c2 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -206,7 +206,7 @@ void utils_deinit(); * Block and wait for a set of signals * * We don't replicate the functionality of siginfo_t. If info is not NULL - * -1 is returend and errno is set to EINVAL. + * -1 is returned and errno is set to EINVAL. * * @param set set of signals to wait for * @param info must be NULL diff --git a/src/libstrongswan/utils/utils/align.c b/src/libstrongswan/utils/utils/align.c index ffdb1b5ce..bb76866f1 100644 --- a/src/libstrongswan/utils/utils/align.c +++ b/src/libstrongswan/utils/utils/align.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/align.h b/src/libstrongswan/utils/utils/align.h index a28dc3668..85eb25974 100644 --- a/src/libstrongswan/utils/utils/align.h +++ b/src/libstrongswan/utils/utils/align.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/atomics.c b/src/libstrongswan/utils/utils/atomics.c index 17e823e70..82a889614 100644 --- a/src/libstrongswan/utils/utils/atomics.c +++ b/src/libstrongswan/utils/utils/atomics.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h index e5db0a1cb..a973b1adc 100644 --- a/src/libstrongswan/utils/utils/atomics.h +++ b/src/libstrongswan/utils/utils/atomics.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h index 0665ef363..6bd626cbc 100644 --- a/src/libstrongswan/utils/utils/byteorder.h +++ b/src/libstrongswan/utils/utils/byteorder.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c index 4b4b6ccee..82c30d88e 100644 --- a/src/libstrongswan/utils/utils/memory.c +++ b/src/libstrongswan/utils/utils/memory.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -29,7 +29,7 @@ void memxor(uint8_t dst[], const uint8_t src[], size_t n) { dst[i] ^= src[i]; } - /* try to use words if src shares an aligment with dst */ + /* try to use words if src shares an alignment with dst */ switch (((uintptr_t)&src[i] % sizeof(long))) { case 0: diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index e84033010..1dffe85df 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/object.h b/src/libstrongswan/utils/utils/object.h index 301fb6685..24169dafc 100644 --- a/src/libstrongswan/utils/utils/object.h +++ b/src/libstrongswan/utils/utils/object.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/path.c b/src/libstrongswan/utils/utils/path.c index 3abbe77ed..d964c70cc 100644 --- a/src/libstrongswan/utils/utils/path.c +++ b/src/libstrongswan/utils/utils/path.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/path.h b/src/libstrongswan/utils/utils/path.h index 838ce73e6..b72bdaf42 100644 --- a/src/libstrongswan/utils/utils/path.h +++ b/src/libstrongswan/utils/utils/path.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/status.c b/src/libstrongswan/utils/utils/status.c index 4a97d846c..21f38a6de 100644 --- a/src/libstrongswan/utils/utils/status.c +++ b/src/libstrongswan/utils/utils/status.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/status.h b/src/libstrongswan/utils/utils/status.h index c96eebd44..8d96c2bfc 100644 --- a/src/libstrongswan/utils/utils/status.h +++ b/src/libstrongswan/utils/utils/status.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c index d35bbec68..c29b2f773 100644 --- a/src/libstrongswan/utils/utils/strerror.c +++ b/src/libstrongswan/utils/utils/strerror.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h index f59649c2a..46138824f 100644 --- a/src/libstrongswan/utils/utils/strerror.h +++ b/src/libstrongswan/utils/utils/strerror.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/string.c b/src/libstrongswan/utils/utils/string.c index 56910ed79..df7a9936b 100644 --- a/src/libstrongswan/utils/utils/string.c +++ b/src/libstrongswan/utils/utils/string.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/string.h b/src/libstrongswan/utils/utils/string.h index 562516b91..67a915166 100644 --- a/src/libstrongswan/utils/utils/string.h +++ b/src/libstrongswan/utils/utils/string.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/tty.c b/src/libstrongswan/utils/utils/tty.c index 7cce71dc5..9f36b58c3 100644 --- a/src/libstrongswan/utils/utils/tty.c +++ b/src/libstrongswan/utils/utils/tty.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/tty.h b/src/libstrongswan/utils/utils/tty.h index 6cd285a9a..f45d62e49 100644 --- a/src/libstrongswan/utils/utils/tty.h +++ b/src/libstrongswan/utils/utils/tty.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libstrongswan/utils/utils/types.h b/src/libstrongswan/utils/utils/types.h index 45b5043bf..c6a122aa3 100644 --- a/src/libstrongswan/utils/utils/types.h +++ b/src/libstrongswan/utils/utils/types.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtls/tls_application.h b/src/libtls/tls_application.h index bd839fbb6..0debe9cee 100644 --- a/src/libtls/tls_application.h +++ b/src/libtls/tls_application.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c b/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c index 26a5ed2b4..7e6b2f672 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c b/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c index 660ba179d..292ceb6ad 100644 --- a/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c +++ b/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c index f0e821c8c..f3b0d3faa 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c index 26a6c032f..d20f8b09c 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c index e3736560d..4cb4b302e 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c index 710269ba9..3ff556699 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c index 7c2f9b3f9..e855c16c6 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c index 013e0c7ed..f685dc667 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c @@ -1,6 +1,8 @@ /* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2006 Mike McCauley (mikem@open.com.au) - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c index 0d3e1c2a0..cc1f09bfc 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtpmtss/plugins/tpm/tpm_cert.c b/src/libtpmtss/plugins/tpm/tpm_cert.c index 248da7e53..126941f8d 100644 --- a/src/libtpmtss/plugins/tpm/tpm_cert.c +++ b/src/libtpmtss/plugins/tpm/tpm_cert.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2017 Andreas Steffen - * HSR Hochschule für Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c index 8b91fb44a..90a16c103 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -278,8 +278,9 @@ static bool initialize_tcti_tabrmd_context(private_tpm_tss_tss2_t *this) return FALSE; } - /* allocate memory for tcti context */ + /* allocate and initialize memory for tcti context */ this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + memset(this->tcti_context, 0x00, tcti_context_size); /* initialize tcti context */ rval = tss2_tcti_tabrmd_init(this->tcti_context, &tcti_context_size); diff --git a/src/manager/controller/auth_controller.c b/src/manager/controller/auth_controller.c index 5f2de5154..8abce7312 100644 --- a/src/manager/controller/auth_controller.c +++ b/src/manager/controller/auth_controller.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/auth_controller.h b/src/manager/controller/auth_controller.h index 07292273d..2e9548599 100644 --- a/src/manager/controller/auth_controller.h +++ b/src/manager/controller/auth_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/config_controller.c b/src/manager/controller/config_controller.c index bc93c542d..fbde2f23f 100644 --- a/src/manager/controller/config_controller.c +++ b/src/manager/controller/config_controller.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/config_controller.h b/src/manager/controller/config_controller.h index 504ec8c3b..896ceb4c3 100644 --- a/src/manager/controller/config_controller.h +++ b/src/manager/controller/config_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c index a8db2f272..f0a16eeb2 100644 --- a/src/manager/controller/control_controller.c +++ b/src/manager/controller/control_controller.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/control_controller.h b/src/manager/controller/control_controller.h index 0342f8ca2..9feb3c3b6 100644 --- a/src/manager/controller/control_controller.h +++ b/src/manager/controller/control_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/gateway_controller.c b/src/manager/controller/gateway_controller.c index 6c0257980..bb14451b1 100644 --- a/src/manager/controller/gateway_controller.c +++ b/src/manager/controller/gateway_controller.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/gateway_controller.h b/src/manager/controller/gateway_controller.h index 170bc1bdb..f6bed4ddd 100644 --- a/src/manager/controller/gateway_controller.h +++ b/src/manager/controller/gateway_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/ikesa_controller.c b/src/manager/controller/ikesa_controller.c index df0e5f475..5cb5245aa 100644 --- a/src/manager/controller/ikesa_controller.c +++ b/src/manager/controller/ikesa_controller.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/controller/ikesa_controller.h b/src/manager/controller/ikesa_controller.h index 592047539..cd76ee5a5 100644 --- a/src/manager/controller/ikesa_controller.h +++ b/src/manager/controller/ikesa_controller.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/gateway.c b/src/manager/gateway.c index 58ee6ab54..362611da3 100644 --- a/src/manager/gateway.c +++ b/src/manager/gateway.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 1f62d2365..04f4dfb65 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/main.c b/src/manager/main.c index b6169082f..1ba8b1e04 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/manager.c b/src/manager/manager.c index 22a4191d9..bbffb1bb8 100644 --- a/src/manager/manager.c +++ b/src/manager/manager.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/manager.h b/src/manager/manager.h index e0ed7fcaf..506127b7f 100644 --- a/src/manager/manager.h +++ b/src/manager/manager.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/storage.c b/src/manager/storage.c index 6a8e76e5e..5fdfe0318 100644 --- a/src/manager/storage.c +++ b/src/manager/storage.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/storage.h b/src/manager/storage.h index 4324e99fe..76c2b7b9b 100644 --- a/src/manager/storage.h +++ b/src/manager/storage.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/xml.c b/src/manager/xml.c index 0aee5f69b..17c2512da 100644 --- a/src/manager/xml.c +++ b/src/manager/xml.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/manager/xml.h b/src/manager/xml.h index bd11cb4f8..46503b8af 100644 --- a/src/manager/xml.h +++ b/src/manager/xml.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/controller/peer_controller.c b/src/medsrv/controller/peer_controller.c index 4943647b5..7dbda8b49 100644 --- a/src/medsrv/controller/peer_controller.c +++ b/src/medsrv/controller/peer_controller.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/controller/peer_controller.h b/src/medsrv/controller/peer_controller.h index 1282156b7..3bc640b93 100644 --- a/src/medsrv/controller/peer_controller.h +++ b/src/medsrv/controller/peer_controller.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c index 36d04e12c..8bdd86a42 100644 --- a/src/medsrv/controller/user_controller.c +++ b/src/medsrv/controller/user_controller.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/controller/user_controller.h b/src/medsrv/controller/user_controller.h index 8443a8d2b..62e15a7cf 100644 --- a/src/medsrv/controller/user_controller.h +++ b/src/medsrv/controller/user_controller.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/filter/auth_filter.c b/src/medsrv/filter/auth_filter.c index fb39bdb0e..713abe46b 100644 --- a/src/medsrv/filter/auth_filter.c +++ b/src/medsrv/filter/auth_filter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/filter/auth_filter.h b/src/medsrv/filter/auth_filter.h index 022254dde..15c254256 100644 --- a/src/medsrv/filter/auth_filter.h +++ b/src/medsrv/filter/auth_filter.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/main.c b/src/medsrv/main.c index 745fcc359..6ad817334 100644 --- a/src/medsrv/main.c +++ b/src/medsrv/main.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2008 Philip Boetschi, Adrian Doerig - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/user.c b/src/medsrv/user.c index 023dafbed..26b766f96 100644 --- a/src/medsrv/user.c +++ b/src/medsrv/user.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/medsrv/user.h b/src/medsrv/user.h index 475972a5b..b58d14ab1 100644 --- a/src/medsrv/user.h +++ b/src/medsrv/user.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pki/command.c b/src/pki/command.c index f425af7e8..4ad4339a8 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pki/command.h b/src/pki/command.h index a7dade758..353f5141c 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pki/commands/dn.c b/src/pki/commands/dn.c index 75585fc16..96ce5326e 100644 --- a/src/pki/commands/dn.c +++ b/src/pki/commands/dn.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pki/commands/pkcs12.c b/src/pki/commands/pkcs12.c index dcd1496ba..e218c4c89 100644 --- a/src/pki/commands/pkcs12.c +++ b/src/pki/commands/pkcs12.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index dd667fb34..88ef448b5 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2018 Tobias Brunner * Copyright (C) 2009 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -14,6 +14,9 @@ * for more details. */ +#include +#include +#include #include #include "pki.h" @@ -22,6 +25,84 @@ #include #include +/** + * Load a CA or CRL and add it to the credential set + */ +static bool load_cert(mem_cred_t *creds, char *path, certificate_type_t subtype) +{ + certificate_t *cert; + char *credname; + + switch (subtype) + { + case CERT_X509: + credname = "CA certificate"; + break; + case CERT_X509_CRL: + credname = "CRL"; + break; + default: + return FALSE; + } + cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, subtype, + BUILD_FROM_FILE, path, BUILD_END); + if (!cert) + { + fprintf(stderr, "parsing %s from '%s' failed\n", credname, path); + return FALSE; + } + if (subtype == CERT_X509_CRL) + { + creds->add_crl(creds, (crl_t*)cert); + } + else + { + creds->add_cert(creds, TRUE, cert); + } + return TRUE; +} + +/** + * Load CA cert or CRL either from a file or a path + */ +static bool load_certs(mem_cred_t *creds, char *path, + certificate_type_t subtype) +{ + enumerator_t *enumerator; + struct stat st; + bool loaded = FALSE; + + if (stat(path, &st)) + { + fprintf(stderr, "failed to access '%s': %s\n", path, strerror(errno)); + return FALSE; + } + if (S_ISDIR(st.st_mode)) + { + enumerator = enumerator_create_directory(path); + if (!enumerator) + { + fprintf(stderr, "directory '%s' can not be opened: %s", + path, strerror(errno)); + return FALSE; + } + while (enumerator->enumerate(enumerator, NULL, &path, &st)) + { + if (S_ISREG(st.st_mode) && load_cert(creds, path, subtype)) + { + loaded = TRUE; + } + } + enumerator->destroy(enumerator); + } + else + { + loaded = load_cert(creds, path, subtype); + } + return loaded; +} + /** * Verify a certificate signature */ @@ -49,28 +130,16 @@ static int verify() file = arg; continue; case 'c': - cert = lib->creds->create(lib->creds, - CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, arg, BUILD_END); - if (!cert) + if (load_certs(creds, arg, CERT_X509)) { - fprintf(stderr, "parsing CA certificate failed\n"); - goto end; + has_ca = TRUE; } - has_ca = TRUE; - creds->add_cert(creds, TRUE, cert); continue; case 'l': - cert = lib->creds->create(lib->creds, - CRED_CERTIFICATE, CERT_X509_CRL, - BUILD_FROM_FILE, arg, BUILD_END); - if (!cert) + if (load_certs(creds, arg, CERT_X509_CRL)) { - fprintf(stderr, "parsing CRL failed\n"); - goto end; + online = TRUE; } - online = TRUE; - creds->add_crl(creds, (crl_t*)cert); continue; case 'o': online = TRUE; @@ -108,7 +177,7 @@ static int verify() fprintf(stderr, "parsing certificate failed\n"); goto end; } - creds->add_cert(creds, !has_ca, cert); + cert = creds->add_cert_ref(creds, !has_ca, cert); enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, cert->get_subject(cert), online); @@ -153,6 +222,7 @@ static int verify() printf("\n"); } enumerator->destroy(enumerator); + cert->destroy(cert); if (!trusted) { diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in index 74adaf150..a655858a1 100644 --- a/src/pki/man/pki---verify.1.in +++ b/src/pki/man/pki---verify.1.in @@ -47,10 +47,13 @@ X.509 certificate to verify. If not given it is read from \fISTDIN\fR. .TP .BI "\-c, \-\-cacert " file CA certificate to use for trustchain verification. If not given the certificate -is assumed to be self\-signed. +is assumed to be self\-signed. May optionally be a path to a directory from +which CA certificates are loaded. Can be used multiple times. .TP .BI "\-l, \-\-crl " file -Local CRL to use for trustchain verification. Implies \fB-o\fR. +Local CRL to use for trustchain verification. May optionally be a path to a +directory from which CRLs are loaded. Can be used multiple times. +Implies \fB-o\fR. .TP .BI "\-o, \-\-online Enable online CRL/OCSP revocation checking. diff --git a/src/pool/pool_attributes.c b/src/pool/pool_attributes.c index 72af4f494..5ebdbeb37 100644 --- a/src/pool/pool_attributes.c +++ b/src/pool/pool_attributes.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pool/pool_attributes.h b/src/pool/pool_attributes.h index 6a5af3349..8536d4205 100644 --- a/src/pool/pool_attributes.h +++ b/src/pool/pool_attributes.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009-2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pool/pool_usage.c b/src/pool/pool_usage.c index 94cc041b5..2b380e386 100644 --- a/src/pool/pool_usage.c +++ b/src/pool/pool_usage.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2009-2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pool/pool_usage.h b/src/pool/pool_usage.h index 0082ef6f2..a7fa672ff 100644 --- a/src/pool/pool_usage.h +++ b/src/pool/pool_usage.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Copyright (C) 2009-2010 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index d31e16220..9f1faf454 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -1,7 +1,9 @@ /* - * Copyright (C) 2010-2013 Martin Willi, revosec AG * Copyright (C) 2013-2015 Andreas Steffen - * HSR Hochschule für Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2010-2013 Martin Willi + * Copyright (C) 2010-2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index 5bb29bbd8..cc227cc7a 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h index 4ef5eaf8e..97fc7bf8e 100644 --- a/src/scepclient/scep.h +++ b/src/scepclient/scep.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 853490f61..83079f3d8 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/args.c b/src/starter/args.c index 477a52082..a37ce6a3e 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2014 Tobias Brunner * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/args.h b/src/starter/args.h index 76c05de8c..d1181f4a4 100644 --- a/src/starter/args.h +++ b/src/starter/args.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/confread.c b/src/starter/confread.c index f154f8951..345d0b60b 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security * diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 5d95305cb..e78e65792 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -1,6 +1,9 @@ -/* strongSwan charon launcher - * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security - * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil +/* + * Copyright (C) 2006 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2001-2002 Mathieu Lafon + * Arkoon Network Security * * Ported from invokepluto.c to fit charons needs. * diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h index aaf913c9b..b789c761d 100644 --- a/src/starter/invokecharon.h +++ b/src/starter/invokecharon.h @@ -1,6 +1,9 @@ -/* strongSwan charon launcher - * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security - * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil +/* + * Copyright (C) 2006 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2001-2002 Mathieu Lafon + * Arkoon Network Security * * Ported from invokepluto.h to fit charons needs. * diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 0e2d0fb4b..a8f50169a 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea /* * Copyright (C) 2005 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 27d16b0b8..d017134d9 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2005 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/keywords.h.in b/src/starter/keywords.h.in index d2b08f2cf..60ec2723a 100644 --- a/src/starter/keywords.h.in +++ b/src/starter/keywords.h.in @@ -1,6 +1,6 @@ /* * Copyright (C) 2005 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index dd673bc7a..e696dce8e 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2005 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/conf_parser.c b/src/starter/parser/conf_parser.c index 66e0ae8e4..d35dad76c 100644 --- a/src/starter/parser/conf_parser.c +++ b/src/starter/parser/conf_parser.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/conf_parser.h b/src/starter/parser/conf_parser.h index 49131a0db..db486a03f 100644 --- a/src/starter/parser/conf_parser.h +++ b/src/starter/parser/conf_parser.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c index afca86341..d19cee08a 100644 --- a/src/starter/parser/lexer.c +++ b/src/starter/parser/lexer.c @@ -634,7 +634,7 @@ static yyconst flex_int16_t yy_rule_linenum[26] = #line 2 "parser/lexer.l" /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/lexer.l b/src/starter/parser/lexer.l index f70658e68..e10fd1b38 100644 --- a/src/starter/parser/lexer.l +++ b/src/starter/parser/lexer.l @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/parser.c b/src/starter/parser/parser.c index 7204cc61d..7d9cd7805 100644 --- a/src/starter/parser/parser.c +++ b/src/starter/parser/parser.c @@ -72,7 +72,7 @@ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/parser/parser.y b/src/starter/parser/parser.y index 0b2b3b09f..1371fe931 100644 --- a/src/starter/parser/parser.y +++ b/src/starter/parser/parser.y @@ -1,7 +1,7 @@ %{ /* * Copyright (C) 2013-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/starter.c b/src/starter/starter.c index 51a42a504..8ca1af29c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -276,7 +276,7 @@ static bool check_pid(char *pid_file) pid = atoi(buf); } fclose(pidfile); - if (pid && kill(pid, 0) == 0) + if (pid && pid != getpid() && kill(pid, 0) == 0) { /* such a process is running */ return TRUE; } @@ -477,6 +477,7 @@ int main (int argc, char **argv) } } +#ifndef STARTER_ALLOW_NON_ROOT /* verify that we can start */ if (getuid() != 0) { @@ -484,6 +485,7 @@ int main (int argc, char **argv) cleanup(); exit(LSB_RC_NOT_ALLOWED); } +#endif if (check_pid(pid_file)) { @@ -520,6 +522,7 @@ int main (int argc, char **argv) exit(LSB_RC_INVALID_ARGUMENT); } +#ifndef SKIP_KERNEL_IPSEC_MODPROBES /* determine if we have a native netkey IPsec stack */ if (!starter_netkey_init()) { @@ -530,6 +533,7 @@ int main (int argc, char **argv) DBG1(DBG_APP, "no known IPsec stack detected, ignoring!"); } } +#endif last_reload = time_monotonic(NULL); diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 90af9372a..90ba1cd72 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2007-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/starterstroke.h b/src/starter/starterstroke.h index 126486325..685c528b6 100644 --- a/src/starter/starterstroke.h +++ b/src/starter/starterstroke.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/tests/starter_tests.c b/src/starter/tests/starter_tests.c index 4194c5256..23722e96f 100644 --- a/src/starter/tests/starter_tests.c +++ b/src/starter/tests/starter_tests.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/tests/starter_tests.h b/src/starter/tests/starter_tests.h index 3486597a0..79a75c568 100644 --- a/src/starter/tests/starter_tests.h +++ b/src/starter/tests/starter_tests.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/starter/tests/suites/test_parser.c b/src/starter/tests/suites/test_parser.c index 4ae7b22fa..81555a86f 100644 --- a/src/starter/tests/suites/test_parser.c +++ b/src/starter/tests/suites/test_parser.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 6571815e5..8248440dd 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2007-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index 4dce7fbc8..17a3663fe 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -30,9 +30,9 @@ error "gperf generated tables don't work with this execution character set. Plea #endif -/* stroke keywords +/* * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index 00b992769..4e0b66b3d 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -1,6 +1,6 @@ -/* stroke keywords +/* * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke_keywords.h.in b/src/stroke/stroke_keywords.h.in index 2b5780adc..416c8f9ad 100644 --- a/src/stroke/stroke_keywords.h.in +++ b/src/stroke/stroke_keywords.h.in @@ -1,6 +1,6 @@ -/* stroke keywords +/* * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index ceb0dd253..1d96ccdd1 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -1,7 +1,7 @@ %{ -/* stroke keywords +/* * Copyright (C) 2006 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 60ea0028d..08560d36f 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/sw-collector/sw-collector.8.in b/src/sw-collector/sw-collector.8.in index b9041c77b..5c8d25656 100644 --- a/src/sw-collector/sw-collector.8.in +++ b/src/sw-collector/sw-collector.8.in @@ -34,6 +34,12 @@ sw-collector \- Extracts software installation events from dpkg history log .YS . .SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.BR \-\-check +.YS +. +.SY "sw-collector" .B \-h | .B \-\-help @@ -76,7 +82,7 @@ installation status. .B "\-u, \-\-unregistered" Lists all software packages residing in the local collector database but for which no SWID tags exist yet in a central collector database reachable via a -REST interface. +REST interface. .TP .B "\-g, \-\-generate" Generates ISO 19770-2:2015 SWID tags for all software packages residing in the @@ -86,6 +92,10 @@ database reachable via a REST interface. .B "\-m, \-\-migrate" Can be used to migrate collector database versions. Currently all architecture suffixes are removed from dpkg package names. +.TP +.B "\-C, \-\-check" +Checks the integrity of the collector database against the actual list of +installed packages obtained with dpkg-query. . .SH "CONFIGURATION" . diff --git a/src/sw-collector/sw-collector.c b/src/sw-collector/sw-collector.c index a42f1068a..f8229a192 100644 --- a/src/sw-collector/sw-collector.c +++ b/src/sw-collector/sw-collector.c @@ -31,9 +31,10 @@ #include #include #include +#include #include - +#include /** * global debug output variables */ @@ -48,7 +49,8 @@ enum collector_op_t { COLLECTOR_OP_LIST, COLLECTOR_OP_UNREGISTERED, COLLECTOR_OP_GENERATE, - COLLECTOR_OP_MIGRATE + COLLECTOR_OP_MIGRATE, + COLLECTOR_OP_CHECK }; /** @@ -119,7 +121,8 @@ Usage:\n\ --list|-unregistered\n\ sw-collector [--debug ] [--quiet] [--installed|--removed] \ [--full] --generate\n\ - sw-collector [--debug ] [--quiet] --migrate\n"); + sw-collector [--debug ] [--quiet] --migrate\n\ + sw-collector [--debug ] [--quiet] --check\n"); } /** @@ -140,6 +143,7 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags, struct option long_opts[] = { { "help", no_argument, NULL, 'h' }, + { "check", no_argument, NULL, 'C' }, { "count", required_argument, NULL, 'c' }, { "debug", required_argument, NULL, 'd' }, { "full", no_argument, NULL, 'f' }, @@ -153,7 +157,7 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags, { 0,0,0,0 } }; - c = getopt_long(argc, argv, "hc:d:fgilmqru", long_opts, NULL); + c = getopt_long(argc, argv, "hCc:d:fgilmqru", long_opts, NULL); switch (c) { case EOF: @@ -162,6 +166,9 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags, usage(); exit(SUCCESS); break; + case 'C': + op = COLLECTOR_OP_CHECK; + continue; case 'c': count = atoi(optarg); continue; @@ -537,7 +544,7 @@ end: } /** - * Append missing architecture suffix to package entries in the database + * Remove architecture suffix from package entries in the database */ static int migrate(sw_collector_db_t *db) { @@ -582,6 +589,84 @@ static int migrate(sw_collector_db_t *db) return status; } +/** + * Free hashtable entry + */ +static void free_entry(void *value, void *key) +{ + free(value); + free(key); +} + +/** + * Check consistency of installed software identifiers in collector database + */ +static int check(sw_collector_db_t *db) +{ + sw_collector_dpkg_t *dpkg; + swid_gen_info_t *info; + hashtable_t *table; + enumerator_t *e; + char *dpkg_name, *name, *package, *arch, *version; + uint32_t sw_id, count = 0, installed; + + dpkg = sw_collector_dpkg_create(); + if (!dpkg) + { + return EXIT_FAILURE; + } + info = swid_gen_info_create(); + table = hashtable_create(hashtable_hash_str, hashtable_equals_str, 4096); + + /* Store all installed sw identifiers (according to dpkg) in hashtable */ + e = dpkg->create_sw_enumerator(dpkg); + while (e->enumerate(e, &package, &arch, &version)) + { + dpkg_name = info->create_sw_id(info, package, version); + table->put(table, strdup(package), dpkg_name); + } + e->destroy(e); + + info->destroy(info); + dpkg->destroy(dpkg); + + e = db->create_sw_enumerator(db, SW_QUERY_ALL, NULL); + if (!e) + { + table->destroy_function(table, (void*)free_entry); + return EXIT_FAILURE; + } + while (e->enumerate(e, &sw_id, &name, &package, &version, &installed)) + { + dpkg_name = table->get(table, package); + if (installed) + { + if (!dpkg_name) + { + printf("%4d %s erroneously noted as installed\n", sw_id, name); + } + else if (!streq(name, dpkg_name)) + { + printf("%4d %s erroneously noted as installed instead of\n " + " %s\n", sw_id, name, dpkg_name); + } + } + else + { + if (dpkg_name && streq(name, dpkg_name)) + { + printf("%4d %s erroneously noted as removed\n", sw_id, name); + } + } + count++; + } + e->destroy(e); + + table->destroy_function(table, (void*)free_entry); + printf("checked %d software identifiers\n", count); + + return EXIT_SUCCESS; +} int main(int argc, char *argv[]) { @@ -646,6 +731,9 @@ int main(int argc, char *argv[]) case COLLECTOR_OP_MIGRATE: status = migrate(db); break; + case COLLECTOR_OP_CHECK: + status = check(db); + break; } db->destroy(db); diff --git a/src/swanctl/command.c b/src/swanctl/command.c index 225dff617..63f4523bb 100644 --- a/src/swanctl/command.c +++ b/src/swanctl/command.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/command.h b/src/swanctl/command.h index 0d93ae45c..f2640d90f 100644 --- a/src/swanctl/command.h +++ b/src/swanctl/command.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/list_algs.c b/src/swanctl/commands/list_algs.c index 616e6ff75..99b5c7627 100644 --- a/src/swanctl/commands/list_algs.c +++ b/src/swanctl/commands/list_algs.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/redirect.c b/src/swanctl/commands/redirect.c index 6edb936e6..46e0c5719 100644 --- a/src/swanctl/commands/redirect.c +++ b/src/swanctl/commands/redirect.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c index 8b3233c89..bce404a54 100644 --- a/src/swanctl/commands/terminate.c +++ b/src/swanctl/commands/terminate.c @@ -39,6 +39,7 @@ static int terminate(vici_conn_t *conn) command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL, *ike = NULL; int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0; + bool force = FALSE; while (TRUE) { @@ -55,6 +56,9 @@ static int terminate(vici_conn_t *conn) case 'c': child = arg; continue; + case 'f': + force = TRUE; + continue; case 'i': ike = arg; continue; @@ -101,6 +105,10 @@ static int terminate(vici_conn_t *conn) { vici_add_key_valuef(req, "ike-id", "%d", ike_id); } + if (force) + { + vici_add_key_valuef(req, "force", "yes"); + } if (timeout) { vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); @@ -150,6 +158,7 @@ static void __attribute__ ((constructor))reg() {"ike", 'i', 1, "terminate by IKE_SA name"}, {"child-id", 'C', 1, "terminate by CHILD_SA reqid"}, {"ike-id", 'I', 1, "terminate by IKE_SA unique identifier"}, + {"force", 'f', 0, "terminate IKE_SA without waiting, unless timeout is set"}, {"timeout", 't', 1, "timeout in seconds before detaching"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 637661083..1f7e3a2cc 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -1146,7 +1146,13 @@ disables IPsec replay protection. .TP .BR connections..children..hw_offload " [no]" Enable hardware offload for this CHILD_SA, if supported by the IPsec -implementation. +implementation. The value +.RI "" "yes" "" +enforces offloading and the installation will +fail if it's not supported by either kernel or device. The value +.RI "" "auto" "" +enables offloading, if it's supported, but the installation does not fail +otherwise. .TP .BR connections..children..start_action " [none]" diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 5675b31ca..120e5812e 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -931,6 +931,12 @@ connections..children..hw_offload = no Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation. + Enable hardware offload for this CHILD_SA, if supported by the IPsec + implementation. The value _yes_ enforces offloading and the installation + will fail if it's not supported by either kernel or device. The value _auto_ + enables offloading, if it's supported, but the installation does not fail + otherwise. + connections..children..start_action = none Action to perform after loading the configuration (_none_, _trap_, _start_). diff --git a/testing/hosts/default/etc/sysctl.conf b/testing/hosts/default/etc/sysctl.conf index 43010d52e..364b64ad6 100644 --- a/testing/hosts/default/etc/sysctl.conf +++ b/testing/hosts/default/etc/sysctl.conf @@ -1,6 +1,6 @@ # # /etc/sysctl.conf - Configuration file for setting system variables -# See /etc/sysctl.d/ for additonal system variables +# See /etc/sysctl.d/ for additional system variables # See sysctl.conf (5) for information. # diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh index 6460c86a3..26a233d48 100644 --- a/testing/scripts/recipes/patches/freeradius-tnc-fhh +++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh @@ -5363,7 +5363,7 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc -#define VLAN_ACCESS 2 -/* - **** -- * EAP - MD5 does not specify code, id & length but chap specifies them, +- * EAP - MD5 doesnot specify code, id & length but chap specifies them, - * for generalization purpose, complete header should be sent - * and not just value_size, value and name. - * future implementation. diff --git a/testing/testing.conf b/testing/testing.conf index 595fd9667..0da9aedad 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,14 +24,14 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.15} +: ${KERNELVERSION=4.15.18} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} : ${KERNELCONFIG=$DIR/../config/kernel/config-4.15} -: ${KERNELPATCH=ha-4.14-abicompat.patch.bz2} +: ${KERNELPATCH=ha-4.15.6-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.6.2} +: ${SWANVERSION=5.6.3} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ikev2/alg-chacha20poly1305/description.txt b/testing/tests/ikev2/alg-chacha20poly1305/description.txt index dd8918b68..a808c4b67 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/description.txt +++ b/testing/tests/ikev2/alg-chacha20poly1305/description.txt @@ -1,5 +1,5 @@ Roadwarrior carol proposes to gateway moon the cipher suite -CHACHA20_POLY1305_256 both for IKE and ESP by defining +CHACHA20_POLY1305 both for IKE and ESP by defining ike=chacha20poly1305-prfsha256-ntru256 and esp=chacha20poly1305-ntru256 in ipsec.conf, respectively. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat index ab54ce153..ac29c66ff 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat +++ b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat @@ -3,10 +3,10 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES -carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES -moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES -carol::ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305::YES +moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305,::YES +carol::ipsec statusall 2> /dev/null::CHACHA20_POLY1305,::YES moon:: ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES carol::ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules index 2d9a466b0..792fc56bc 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootpc and bootps --A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT +# allow bootps (in relay mode also in OUTPUT) +-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat index d4a05b28b..60be3f95c 100644 --- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat @@ -1,8 +1,9 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -venus::cat /var/state/dhcp/dhcpd.leases +venus::cat /var/lib/dhcp/dhcpd.leases venus::service isc-dhcp-server stop 2> /dev/null +venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules index 2d9a466b0..792fc56bc 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootpc and bootps --A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT +# allow bootps (in relay mode also in OUTPUT) +-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf index c4a0ff8bb..0883bf058 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf @@ -6,6 +6,7 @@ charon { plugins { dhcp { server = 10.1.255.255 + identity_lease = yes } } } diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules index 2d9a466b0..792fc56bc 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootpc and bootps --A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT +# allow bootps (in relay mode also in OUTPUT) +-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/multi-level-ca-skipped/description.txt b/testing/tests/ikev2/multi-level-ca-skipped/description.txt new file mode 100644 index 000000000..a5571d00c --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/description.txt @@ -0,0 +1,4 @@ +The roadwarrior carol possesses a certificate issued by the Research CA. +The CRL for the root CA can't be fetched and thus the status of the certificate +of the Research CA is unknown and the authentication is rejected due to the +strict CRL policy enforced by the gateway moon. diff --git a/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat b/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat new file mode 100644 index 000000000..5d445c27f --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat @@ -0,0 +1,4 @@ +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES +carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf new file mode 100644 index 000000000..297e348ea --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA" + auto=add diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..698e47cc0 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCAxSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDQyNjEwMjUwNFoXDTE5MDQwMzEwMjUw +NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKupuHqUUqSufsEtjSTZEkTF +sTGWXQkwZoLbAPNlZ4PV0Dx1ju3xRvVtjQHN3Tsx6IsB1JO3k/dMExwttbeBA8HK +oKYw+CFG8+6XWUU+tBT5xlwa5sdVUHIo8On1x7Rb3s+RDhJ2/YvCf/H13aOtqG+L +7Xyt7OwRQZNx4Gx60sgU2Zhr9WsMslWJQeS92va6UiGYN4c6qRNyrS9zTZEJ0yib +tflhd07LLcgz+jHqCdUcPK4g8+TH8HCtek0n2QRu3IfbEM+i6EaZjUJq1kp6k9HA +IgKR48r9HVk3zBsWJBo6sxUn8/avFM54vdwD8NAClNn9xobEXsO3jwGljc5mb40C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRd +qfnvgHGNOog5OOLebmYkmJ/faTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj +YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +TgUJbXL83e11Fzo+XGMQ24FfxdUvlex9IcnnNZnjsy4cYaUhofdI1AIkOhdh7R4i +9dtdfbFLLQR3qc2jmL9ubdQP83FiZZQOXX55XV5/Gb4E4g2T2ZU8ahby+ZzQsEcI +jGeot7fRfbxUrcjnIKxZd7JsQSaR45rMrNcUOQpFT212urojUngrEoAeaC5USEiX +sF11P654UejR8DCczwLi4QBvjRTH3bcMC57FjsWt1n/KCB08dS0ojD+T+6lN7/1K +yLreeRNynXzc1GAln5G03Ivwm9STFT1mYjkBMOCY+3ihEOpzlR9pWCWl9p728db3 +mk0VsDm1jdOf3PK1Xd2PJw== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..3a5d7c487 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAq6m4epRSpK5+wS2NJNkSRMWxMZZdCTBmgtsA82Vng9XQPHWO +7fFG9W2NAc3dOzHoiwHUk7eT90wTHC21t4EDwcqgpjD4IUbz7pdZRT60FPnGXBrm +x1VQcijw6fXHtFvez5EOEnb9i8J/8fXdo62ob4vtfK3s7BFBk3HgbHrSyBTZmGv1 +awyyVYlB5L3a9rpSIZg3hzqpE3KtL3NNkQnTKJu1+WF3TsstyDP6MeoJ1Rw8riDz +5MfwcK16TSfZBG7ch9sQz6LoRpmNQmrWSnqT0cAiApHjyv0dWTfMGxYkGjqzFSfz +9q8Uzni93APw0AKU2f3GhsRew7ePAaWNzmZvjQIDAQABAoIBAEJqa+GhOUhV6ty6 +zv0Ory7EfgX9cwl3HHJMYVXKSf6L3wFFSoNs8lNKi1/DUnDwolQF5UUxpaHsYQhp +9wCEffugdf9WuunFFeOd0wAjfnEPIlvIXLmKnJFOnccnPJjfYplUOemS+A32tqHa +ymHlcmGV9dBjSmMbWg+942KVMrAOHtCnAk0yT2WlE+9efLTuXoZIQCx+Ico6Lwp8 +JCmZYW2pfUk9co9di6UCl50C+A5RcvpsE7CZcXCzEAqz06eFz4imgQuzQSLaedup +F77cyPd13nD2N7+YGfWrWKbdqGMuQnmfrOQWZf94rlOsQjyCzbHIeItJsXT+DBKT +0SwEIQECgYEA1mcoUiCYOcQcA+FtSO8byzSu0uQZO1cS/VES5mbtRIuLo33L0P0y +bVnBIfk3iaBq70GU98XjhCGUwNwQDQm+zbLK+p+j+4L2ayvjtOV5ql0b2gk6eyRZ +oX14evsmxC2OFqGmGD+VePN4pP+Q39QMCFvf26BMtKHyXQnkwA61G30CgYEAzPfH +Lp3iT9xLqpp9zP9j2m9Ts6m6/Uzzuazpzl7rYMlLkd6fBWBquQ46qbO5Wv+SO7yZ +aWU7OuWGe6zng1VWSrLBZlRMfu+ze1uEETNdedRI858nv1bMlHmt9+RiZgOgZe7H +3D4dLphrQrJC8tlsaP0GWYRZkf64n+37KZX2QVECgYEAyKcmbyYeEQHeDius8XMF +mfmmG6xpiMWG+hgkDgkJyPqoJswWMXKk/P3g6ACq31yId33zAqfqs8ARzSSmyOzz +6uKHYGKDP2FjaQ1cP/H7GVumMzorxw9P6vjYBpCByVuw/LEwFsV7CAUkRZcAaNm0 +oSYKrSqqXuqpPjWCJdQd3qkCgYAdIf6ylohLN5GdrxXAZHBp5Lbt62sDg8OEmZol +1gH4oMPX+N97YSfqI6ac5kmrMHY1fWoEu/m+Nk92Fq5VUXTRazTn+YVh6WoGV4ye +8UERBuZTkkSRAqJTXDQo7tI5k7xhoJ3RpRZ6v/lG4pV3dQXeqlATuycMBDtzp9yy +HXmB8QKBgQCut7SsOJ0DtgpzjatYzKBh43WgwjbeRyReyT6OWuPiLUiKQYN8W5od +pZ51zorvFxu6iEMjAzXs0k1zbM4/EaQwwatTEZF0ZQMYMvm46f0ndhN3fY0O0ENY +zZES5DrfCgboPlmrWoVexU3xEDCWO8hO0fLmwqIK8F4EU8ByOVsHcg== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..fac55d63b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA carolKey.pem diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..7a64dce30 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default +} diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..fe69abe92 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +ca strongswan + cacert=strongswanCert.pem + crluri=http://crl.strongswan.org/not-available.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + +conn alice + leftsubnet=PH_IP_ALICE/32 + right=%any + rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" + auto=add diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem new file mode 100644 index 000000000..4d9fed09a --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBKDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE0MDMyMjEzNTYyMloXDTE5MDMyMTEzNTYyMlowUTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD +FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU +zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO +/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0 +C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 ++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E +BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd +VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAKHj4oUmSaG9u3QC +wjbETgexmKo6EViRjaf++QlK54ILHmPHCkN6Smzr5xpmi7P/FnBLqMlfMIQ3DCD7 +Fof/8SqaE/V9cP7TXK6c5vZHLoVU/NZW1A/HucMHSxd1DEiTfmrz8Q9RNb/r5adZ +Epbje7IRlufhpDD2hDNs1FyjmY9V9G4VfOBA/JBWlgs+A810uidNVD+YEFxDlIZG +6Kr0d5/WZowOUX7G8LUaa5kjoCS7MJONeEX2D/wtsx7Zw3f7GjFDdJfdi+CbAwBN +d8kt2l7yt7oEW9AfOcMQ7+HZOqihNrV8mCErk39p9f6zcZtYHnjM5fJlNRmc+EXC +mk13kTA= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..7a64dce30 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default +} diff --git a/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat b/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat new file mode 100644 index 000000000..f84b7e37b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat @@ -0,0 +1,3 @@ +moon::ipsec stop +carol::ipsec stop +moon::rm /etc/ipsec.d/cacerts/* diff --git a/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat b/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat new file mode 100644 index 000000000..1d847c013 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat @@ -0,0 +1,5 @@ +moon::ipsec start +carol::ipsec start +moon::expect-connection alice +carol::expect-connection home +carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-skipped/test.conf b/testing/tests/ikev2/multi-level-ca-skipped/test.conf new file mode 100644 index 000000000..892f51cd9 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-skipped/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ipv6/rw-psk-ikev2/description.txt b/testing/tests/ipv6/rw-psk-ikev2/description.txt index 0bd1474a0..fd7369d8f 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/description.txt +++ b/testing/tests/ipv6/rw-psk-ikev2/description.txt @@ -1,4 +1,4 @@ -TThe roadwarriors carol and dave set up an IPv6 tunnel connection each +The roadwarriors carol and dave set up an IPv6 tunnel connection each to gateway moon. The authentication is based on distinct pre-shared keys and IPv6 addresses. Upon the successful establishment of the IPsec tunnels, automatically inserted ip6tables-based firewall rules let pass the tunneled traffic. diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules index 2d9a466b0..792fc56bc 100644 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootpc and bootps --A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT +# allow bootps (in relay mode also in OUTPUT) +-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat index 37e8b02d8..466fc931c 100644 --- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat @@ -3,8 +3,9 @@ dave::swanctl --terminate --ike home carol::systemctl stop strongswan-swanctl dave::systemctl stop strongswan-swanctl moon::systemctl stop strongswan-swanctl -venus::cat /var/state/dhcp/dhcpd.leases -venus::server isc-dhcp-server stop 2> /dev/null +venus::cat /var/lib/dhcp/dhcpd.leases +venus::service isc-dhcp-server stop 2> /dev/null +venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush -- cgit v1.2.3