From 25663e04c3ab01ef8dc9f906608282319cfea2db Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 20 Oct 2016 16:18:38 +0200
Subject: New upstream version 5.5.1
---
src/Makefile.in | 5 +-
src/_copyright/Makefile.in | 5 +-
src/_updown/Makefile.in | 5 +-
src/aikgen/Makefile.in | 5 +-
src/aikpub2/Makefile.in | 5 +-
src/charon-cmd/Makefile.in | 5 +-
src/charon-nm/Makefile.am | 5 +
src/charon-nm/Makefile.in | 83 +-
src/charon-nm/nm-strongswan-service.conf | 15 +
src/charon-nm/nm/nm_service.c | 56 +-
src/charon-svc/Makefile.in | 5 +-
src/charon-systemd/Makefile.in | 5 +-
src/charon-tkm/Makefile.in | 5 +-
src/charon-tkm/build_common.gpr | 3 +-
src/charon-tkm/src/charon-tkm.c | 5 +-
src/charon/Makefile.in | 5 +-
src/checksum/Makefile.am | 9 +
src/checksum/Makefile.in | 65 +-
src/conftest/Makefile.in | 5 +-
src/dumm/Makefile.in | 5 +-
src/include/Makefile.in | 5 +-
src/include/linux/xfrm.h | 22 +
src/ipsec/Makefile.in | 5 +-
src/ipsec/_ipsec.8 | 2 +-
src/libcharon/Makefile.am | 7 -
src/libcharon/Makefile.in | 141 ++-
src/libcharon/bus/bus.c | 101 ++-
src/libcharon/bus/bus.h | 35 +-
src/libcharon/bus/listeners/listener.h | 38 +-
src/libcharon/config/child_cfg.c | 14 +
src/libcharon/config/child_cfg.h | 10 +
src/libcharon/config/ike_cfg.h | 2 +-
src/libcharon/config/proposal.c | 127 ++-
src/libcharon/encoding/message.c | 4 +-
.../encoding/payloads/proposal_substructure.c | 15 +-
src/libcharon/plugins/addrblock/Makefile.in | 5 +-
src/libcharon/plugins/android_dns/Makefile.in | 5 +-
src/libcharon/plugins/android_log/Makefile.in | 5 +-
src/libcharon/plugins/attr/Makefile.in | 5 +-
src/libcharon/plugins/attr_sql/Makefile.in | 5 +-
src/libcharon/plugins/certexpire/Makefile.in | 5 +-
src/libcharon/plugins/connmark/Makefile.in | 5 +-
src/libcharon/plugins/coupling/Makefile.in | 5 +-
src/libcharon/plugins/dhcp/Makefile.in | 5 +-
src/libcharon/plugins/dnscert/Makefile.in | 5 +-
src/libcharon/plugins/dnscert/dnscert_cred.c | 19 +-
src/libcharon/plugins/duplicheck/Makefile.in | 5 +-
src/libcharon/plugins/eap_aka/Makefile.in | 5 +-
src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 5 +-
src/libcharon/plugins/eap_dynamic/Makefile.in | 5 +-
src/libcharon/plugins/eap_gtc/Makefile.in | 5 +-
src/libcharon/plugins/eap_identity/Makefile.in | 5 +-
src/libcharon/plugins/eap_md5/Makefile.in | 5 +-
src/libcharon/plugins/eap_mschapv2/Makefile.in | 5 +-
src/libcharon/plugins/eap_peap/Makefile.in | 5 +-
src/libcharon/plugins/eap_peap/eap_peap_server.c | 4 +-
src/libcharon/plugins/eap_radius/Makefile.in | 5 +-
src/libcharon/plugins/eap_sim/Makefile.in | 5 +-
src/libcharon/plugins/eap_sim_file/Makefile.in | 5 +-
src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 5 +-
.../plugins/eap_simaka_pseudonym/Makefile.in | 5 +-
.../plugins/eap_simaka_reauth/Makefile.in | 5 +-
src/libcharon/plugins/eap_simaka_sql/Makefile.in | 5 +-
src/libcharon/plugins/eap_tls/Makefile.in | 5 +-
src/libcharon/plugins/eap_tnc/Makefile.in | 5 +-
src/libcharon/plugins/eap_ttls/Makefile.in | 5 +-
src/libcharon/plugins/error_notify/Makefile.in | 5 +-
src/libcharon/plugins/ext_auth/Makefile.in | 5 +-
src/libcharon/plugins/farp/Makefile.in | 5 +-
src/libcharon/plugins/forecast/Makefile.in | 5 +-
src/libcharon/plugins/ha/Makefile.in | 5 +-
src/libcharon/plugins/ipseckey/Makefile.in | 5 +-
src/libcharon/plugins/ipseckey/ipseckey_cred.c | 28 +-
src/libcharon/plugins/kernel_iph/Makefile.in | 5 +-
src/libcharon/plugins/kernel_libipsec/Makefile.in | 5 +-
src/libcharon/plugins/kernel_netlink/Makefile.in | 5 +-
.../plugins/kernel_netlink/kernel_netlink_ipsec.c | 113 ++-
.../plugins/kernel_netlink/kernel_netlink_net.c | 190 ++--
src/libcharon/plugins/kernel_pfkey/Makefile.in | 5 +-
src/libcharon/plugins/kernel_pfroute/Makefile.in | 5 +-
src/libcharon/plugins/kernel_wfp/Makefile.in | 5 +-
src/libcharon/plugins/led/Makefile.in | 5 +-
src/libcharon/plugins/load_tester/Makefile.in | 5 +-
src/libcharon/plugins/lookip/Makefile.in | 5 +-
src/libcharon/plugins/maemo/Makefile.am | 29 -
src/libcharon/plugins/maemo/Makefile.in | 830 ------------------
src/libcharon/plugins/maemo/maemo_plugin.c | 87 --
src/libcharon/plugins/maemo/maemo_plugin.h | 42 -
src/libcharon/plugins/maemo/maemo_service.c | 530 -----------
src/libcharon/plugins/maemo/maemo_service.h | 49 --
.../plugins/maemo/org.strongswan.charon.service.in | 4 -
src/libcharon/plugins/medcli/Makefile.in | 5 +-
src/libcharon/plugins/medsrv/Makefile.in | 5 +-
src/libcharon/plugins/osx_attr/Makefile.in | 5 +-
src/libcharon/plugins/p_cscf/Makefile.in | 5 +-
src/libcharon/plugins/radattr/Makefile.in | 5 +-
src/libcharon/plugins/resolve/Makefile.in | 5 +-
src/libcharon/plugins/smp/Makefile.in | 5 +-
src/libcharon/plugins/socket_default/Makefile.in | 5 +-
src/libcharon/plugins/socket_dynamic/Makefile.in | 5 +-
src/libcharon/plugins/socket_win/Makefile.in | 5 +-
src/libcharon/plugins/sql/Makefile.in | 5 +-
src/libcharon/plugins/stroke/Makefile.in | 5 +-
src/libcharon/plugins/stroke/stroke_cred.c | 12 +-
src/libcharon/plugins/stroke/stroke_list.c | 9 +
src/libcharon/plugins/stroke/stroke_socket.c | 2 +-
src/libcharon/plugins/systime_fix/Makefile.in | 5 +-
src/libcharon/plugins/tnc_ifmap/Makefile.in | 5 +-
src/libcharon/plugins/tnc_pdp/Makefile.in | 5 +-
src/libcharon/plugins/uci/Makefile.in | 5 +-
src/libcharon/plugins/unity/Makefile.in | 5 +-
src/libcharon/plugins/updown/Makefile.in | 5 +-
src/libcharon/plugins/vici/Makefile.am | 1 +
src/libcharon/plugins/vici/Makefile.in | 6 +-
src/libcharon/plugins/vici/README.md | 13 +
src/libcharon/plugins/vici/perl/Makefile.in | 5 +-
.../plugins/vici/perl/Vici-Session/README.pod | 15 +
.../vici/perl/Vici-Session/lib/Vici/Session.pm | 4 +
src/libcharon/plugins/vici/python/Makefile.in | 5 +-
src/libcharon/plugins/vici/python/vici/session.py | 11 +
src/libcharon/plugins/vici/ruby/Makefile.in | 5 +-
src/libcharon/plugins/vici/ruby/lib/vici.rb | 6 +
src/libcharon/plugins/vici/vici_config.c | 64 +-
src/libcharon/plugins/vici/vici_cred.c | 86 +-
src/libcharon/plugins/vici/vici_cred.h | 10 +
src/libcharon/plugins/vici/vici_plugin.c | 4 +-
src/libcharon/plugins/vici/vici_query.c | 10 +
src/libcharon/plugins/whitelist/Makefile.in | 5 +-
src/libcharon/plugins/xauth_eap/Makefile.in | 5 +-
src/libcharon/plugins/xauth_generic/Makefile.in | 5 +-
src/libcharon/plugins/xauth_noauth/Makefile.in | 5 +-
src/libcharon/plugins/xauth_pam/Makefile.in | 5 +-
src/libcharon/sa/child_sa.c | 41 +-
src/libcharon/sa/ike_sa.c | 19 +-
src/libcharon/sa/ikev1/keymat_v1.c | 25 +-
src/libcharon/sa/ikev1/task_manager_v1.c | 17 +-
src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 3 +
src/libcharon/sa/ikev1/tasks/quick_mode.c | 40 +-
.../sa/ikev2/authenticators/pubkey_authenticator.c | 4 +-
src/libcharon/sa/ikev2/keymat_v2.c | 56 +-
src/libcharon/sa/ikev2/task_manager_v2.c | 25 +-
src/libcharon/sa/ikev2/tasks/child_create.c | 69 +-
src/libcharon/sa/ikev2/tasks/ike_init.c | 8 +-
src/libcharon/tests/Makefile.in | 5 +-
src/libcharon/tests/libcharon_tests.c | 17 +
src/libcharon/tests/suites/test_proposal.c | 100 ++-
src/libfast/Makefile.in | 5 +-
src/libimcv/Makefile.in | 5 +-
src/libimcv/imv/data.sql | 18 +
src/libimcv/plugins/imc_attestation/Makefile.in | 5 +-
src/libimcv/plugins/imc_hcd/Makefile.in | 5 +-
src/libimcv/plugins/imc_os/Makefile.in | 5 +-
src/libimcv/plugins/imc_scanner/Makefile.in | 5 +-
src/libimcv/plugins/imc_swid/Makefile.in | 5 +-
src/libimcv/plugins/imc_test/Makefile.in | 5 +-
src/libimcv/plugins/imv_attestation/Makefile.in | 5 +-
src/libimcv/plugins/imv_hcd/Makefile.in | 5 +-
src/libimcv/plugins/imv_os/Makefile.in | 5 +-
src/libimcv/plugins/imv_scanner/Makefile.in | 5 +-
src/libimcv/plugins/imv_swid/Makefile.in | 5 +-
src/libimcv/plugins/imv_test/Makefile.in | 5 +-
src/libimcv/pts/pts.c | 44 +-
src/libipsec/Makefile.in | 5 +-
src/libipsec/tests/Makefile.in | 5 +-
src/libpttls/Makefile.in | 5 +-
src/libradius/Makefile.in | 5 +-
src/libsimaka/Makefile.in | 5 +-
src/libstrongswan/Android.mk | 2 +-
src/libstrongswan/Makefile.am | 45 +-
src/libstrongswan/Makefile.in | 494 ++++++-----
src/libstrongswan/asn1/oid.c | 969 +++++++++++----------
src/libstrongswan/asn1/oid.h | 40 +-
src/libstrongswan/asn1/oid.txt | 11 +-
src/libstrongswan/credentials/auth_cfg.c | 11 +-
src/libstrongswan/credentials/keys/public_key.c | 64 +-
src/libstrongswan/credentials/keys/public_key.h | 26 +-
.../credentials/sets/auth_cfg_wrapper.c | 2 +-
src/libstrongswan/credentials/sets/mem_cred.c | 38 +-
src/libstrongswan/crypto/crypto_factory.c | 110 ++-
src/libstrongswan/crypto/crypto_factory.h | 42 +-
src/libstrongswan/crypto/crypto_tester.c | 155 ++++
src/libstrongswan/crypto/crypto_tester.h | 32 +
src/libstrongswan/crypto/diffie_hellman.c | 5 +-
src/libstrongswan/crypto/diffie_hellman.h | 1 +
src/libstrongswan/crypto/hashers/hasher.c | 27 +-
src/libstrongswan/crypto/mgf1/mgf1.c | 180 ----
src/libstrongswan/crypto/mgf1/mgf1.h | 77 --
src/libstrongswan/crypto/mgf1/mgf1_bitspender.c | 208 -----
src/libstrongswan/crypto/mgf1/mgf1_bitspender.h | 67 --
.../crypto/proposal/proposal_keywords.c | 2 +-
.../crypto/proposal/proposal_keywords_static.c | 239 ++---
.../crypto/proposal/proposal_keywords_static.txt | 1 +
src/libstrongswan/crypto/transform.c | 10 +-
src/libstrongswan/crypto/transform.h | 1 +
src/libstrongswan/crypto/xofs/mgf1.h | 47 +
src/libstrongswan/crypto/xofs/xof.c | 27 +
src/libstrongswan/crypto/xofs/xof.h | 114 +++
src/libstrongswan/crypto/xofs/xof_bitspender.c | 213 +++++
src/libstrongswan/crypto/xofs/xof_bitspender.h | 69 ++
src/libstrongswan/library.c | 46 +-
src/libstrongswan/math/libnttfft/Makefile.am | 15 +
src/libstrongswan/math/libnttfft/Makefile.in | 775 ++++++++++++++++
src/libstrongswan/math/libnttfft/ntt_fft.c | 207 +++++
src/libstrongswan/math/libnttfft/ntt_fft.h | 79 ++
src/libstrongswan/math/libnttfft/ntt_fft_params.c | 652 ++++++++++++++
src/libstrongswan/math/libnttfft/ntt_fft_params.h | 115 +++
src/libstrongswan/math/libnttfft/ntt_fft_reduce.h | 42 +
src/libstrongswan/math/libnttfft/tests/Makefile.am | 21 +
src/libstrongswan/math/libnttfft/tests/Makefile.in | 888 +++++++++++++++++++
.../math/libnttfft/tests/ntt_fft_tests.c | 60 ++
.../math/libnttfft/tests/ntt_fft_tests.h | 17 +
.../math/libnttfft/tests/suites/test_ntt_fft.c | 154 ++++
src/libstrongswan/plugins/acert/Makefile.in | 5 +-
src/libstrongswan/plugins/aes/Makefile.in | 5 +-
src/libstrongswan/plugins/aesni/Makefile.in | 5 +-
src/libstrongswan/plugins/af_alg/Makefile.in | 5 +-
src/libstrongswan/plugins/agent/Makefile.in | 5 +-
src/libstrongswan/plugins/bliss/Makefile.am | 21 +-
src/libstrongswan/plugins/bliss/Makefile.in | 42 +-
src/libstrongswan/plugins/bliss/bliss_fft.c | 199 -----
src/libstrongswan/plugins/bliss/bliss_fft.h | 71 --
src/libstrongswan/plugins/bliss/bliss_fft_params.c | 215 -----
src/libstrongswan/plugins/bliss/bliss_fft_params.h | 75 --
src/libstrongswan/plugins/bliss/bliss_huffman.c | 2 +-
src/libstrongswan/plugins/bliss/bliss_param_set.c | 24 +-
src/libstrongswan/plugins/bliss/bliss_param_set.h | 58 +-
src/libstrongswan/plugins/bliss/bliss_plugin.c | 16 +-
.../plugins/bliss/bliss_private_key.c | 80 +-
src/libstrongswan/plugins/bliss/bliss_public_key.c | 42 +-
src/libstrongswan/plugins/bliss/bliss_public_key.h | 8 +-
src/libstrongswan/plugins/bliss/bliss_sampler.c | 17 +-
src/libstrongswan/plugins/bliss/bliss_sampler.h | 6 +-
src/libstrongswan/plugins/bliss/bliss_signature.c | 6 +-
src/libstrongswan/plugins/bliss/bliss_signature.h | 4 +-
src/libstrongswan/plugins/bliss/bliss_utils.c | 18 +-
src/libstrongswan/plugins/bliss/bliss_utils.h | 28 +-
src/libstrongswan/plugins/bliss/tests/Makefile.am | 3 +-
src/libstrongswan/plugins/bliss/tests/Makefile.in | 28 +-
.../plugins/bliss/tests/bliss_tests.h | 3 +-
.../plugins/bliss/tests/suites/test_bliss_fft.c | 110 ---
.../bliss/tests/suites/test_bliss_sampler.c | 6 +-
.../bliss/tests/suites/test_bliss_signature.c | 4 +-
src/libstrongswan/plugins/blowfish/Makefile.in | 5 +-
src/libstrongswan/plugins/ccm/Makefile.in | 5 +-
src/libstrongswan/plugins/chapoly/Makefile.am | 3 +-
src/libstrongswan/plugins/chapoly/Makefile.in | 11 +-
src/libstrongswan/plugins/chapoly/chapoly_plugin.c | 3 +
src/libstrongswan/plugins/chapoly/chapoly_xof.c | 173 ++++
src/libstrongswan/plugins/chapoly/chapoly_xof.h | 49 ++
src/libstrongswan/plugins/cmac/Makefile.in | 5 +-
src/libstrongswan/plugins/constraints/Makefile.in | 5 +-
src/libstrongswan/plugins/ctr/Makefile.in | 5 +-
src/libstrongswan/plugins/curl/Makefile.in | 5 +-
src/libstrongswan/plugins/des/Makefile.in | 5 +-
src/libstrongswan/plugins/dnskey/Makefile.in | 5 +-
src/libstrongswan/plugins/files/Makefile.in | 5 +-
src/libstrongswan/plugins/fips_prf/Makefile.in | 5 +-
src/libstrongswan/plugins/gcm/Makefile.in | 5 +-
src/libstrongswan/plugins/gcrypt/Makefile.in | 5 +-
.../plugins/gcrypt/gcrypt_rsa_private_key.c | 12 +-
.../plugins/gcrypt/gcrypt_rsa_public_key.c | 16 +-
src/libstrongswan/plugins/gmp/Makefile.in | 5 +-
src/libstrongswan/plugins/gmp/gmp_plugin.c | 40 +-
.../plugins/gmp/gmp_rsa_private_key.c | 20 +-
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 24 +-
src/libstrongswan/plugins/hmac/Makefile.in | 5 +-
src/libstrongswan/plugins/keychain/Makefile.in | 5 +-
src/libstrongswan/plugins/ldap/Makefile.in | 5 +-
src/libstrongswan/plugins/ldap/ldap_fetcher.c | 3 +-
src/libstrongswan/plugins/md4/Makefile.in | 5 +-
src/libstrongswan/plugins/md5/Makefile.in | 5 +-
src/libstrongswan/plugins/mgf1/Makefile.am | 17 +
src/libstrongswan/plugins/mgf1/Makefile.in | 791 +++++++++++++++++
src/libstrongswan/plugins/mgf1/mgf1_plugin.c | 81 ++
src/libstrongswan/plugins/mgf1/mgf1_plugin.h | 42 +
src/libstrongswan/plugins/mgf1/mgf1_xof.c | 285 ++++++
src/libstrongswan/plugins/mgf1/mgf1_xof.h | 49 ++
src/libstrongswan/plugins/mysql/Makefile.in | 5 +-
src/libstrongswan/plugins/newhope/Makefile.am | 33 +
src/libstrongswan/plugins/newhope/Makefile.in | 818 +++++++++++++++++
src/libstrongswan/plugins/newhope/newhope_ke.c | 622 +++++++++++++
src/libstrongswan/plugins/newhope/newhope_ke.h | 50 ++
src/libstrongswan/plugins/newhope/newhope_noise.c | 160 ++++
src/libstrongswan/plugins/newhope/newhope_noise.h | 70 ++
src/libstrongswan/plugins/newhope/newhope_plugin.c | 78 ++
src/libstrongswan/plugins/newhope/newhope_plugin.h | 42 +
.../plugins/newhope/newhope_reconciliation.c | 217 +++++
.../plugins/newhope/newhope_reconciliation.h | 70 ++
.../plugins/newhope/tests/Makefile.am | 25 +
.../plugins/newhope/tests/Makefile.in | 929 ++++++++++++++++++++
.../plugins/newhope/tests/newhope_tests.c | 60 ++
.../plugins/newhope/tests/newhope_tests.h | 18 +
.../plugins/newhope/tests/suites/test_newhope_ke.c | 193 ++++
.../newhope/tests/suites/test_newhope_noise.c | 676 ++++++++++++++
.../tests/suites/test_newhope_reconciliation.c | 344 ++++++++
src/libstrongswan/plugins/nonce/Makefile.in | 5 +-
src/libstrongswan/plugins/ntru/Makefile.in | 5 +-
src/libstrongswan/plugins/ntru/ntru_ke.c | 13 +-
src/libstrongswan/plugins/ntru/ntru_param_set.c | 6 +-
src/libstrongswan/plugins/ntru/ntru_param_set.h | 96 +-
src/libstrongswan/plugins/ntru/ntru_plugin.c | 14 +-
src/libstrongswan/plugins/ntru/ntru_poly.c | 13 +-
src/libstrongswan/plugins/ntru/ntru_poly.h | 9 +-
src/libstrongswan/plugins/ntru/ntru_private_key.c | 39 +-
src/libstrongswan/plugins/ntru/ntru_private_key.h | 3 +-
src/libstrongswan/plugins/ntru/ntru_public_key.c | 18 +-
src/libstrongswan/plugins/ntru/ntru_public_key.h | 2 +-
src/libstrongswan/plugins/ntru/ntru_trits.c | 11 +-
src/libstrongswan/plugins/ntru/ntru_trits.h | 8 +-
src/libstrongswan/plugins/openssl/Makefile.in | 5 +-
.../plugins/openssl/openssl_ec_private_key.c | 25 +-
.../plugins/openssl/openssl_ec_private_key.h | 14 +-
src/libstrongswan/plugins/openssl/openssl_gcm.c | 6 +-
src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 4 -
src/libstrongswan/plugins/openssl/openssl_plugin.c | 70 +-
.../plugins/openssl/openssl_rsa_private_key.c | 41 +-
.../plugins/openssl/openssl_rsa_private_key.h | 14 +-
.../plugins/openssl/openssl_rsa_public_key.c | 12 +-
src/libstrongswan/plugins/openssl/openssl_util.h | 7 +
src/libstrongswan/plugins/padlock/Makefile.in | 5 +-
.../plugins/padlock/padlock_sha1_hasher.c | 11 +-
src/libstrongswan/plugins/pem/Makefile.in | 5 +-
src/libstrongswan/plugins/pgp/Makefile.in | 5 +-
src/libstrongswan/plugins/pkcs1/Makefile.in | 5 +-
src/libstrongswan/plugins/pkcs1/pkcs1_builder.c | 72 +-
src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 6 +-
src/libstrongswan/plugins/pkcs11/Makefile.in | 5 +-
.../plugins/pkcs11/pkcs11_private_key.c | 164 +++-
src/libstrongswan/plugins/pkcs12/Makefile.in | 5 +-
src/libstrongswan/plugins/pkcs7/Makefile.in | 5 +-
src/libstrongswan/plugins/pkcs8/Makefile.in | 5 +-
src/libstrongswan/plugins/plugin_feature.c | 21 +
src/libstrongswan/plugins/plugin_feature.h | 6 +
src/libstrongswan/plugins/pubkey/Makefile.in | 5 +-
src/libstrongswan/plugins/random/Makefile.in | 5 +-
src/libstrongswan/plugins/rc2/Makefile.in | 5 +-
src/libstrongswan/plugins/rdrand/Makefile.in | 5 +-
src/libstrongswan/plugins/revocation/Makefile.in | 5 +-
.../plugins/revocation/revocation_validator.c | 35 +-
src/libstrongswan/plugins/sha1/Makefile.in | 5 +-
src/libstrongswan/plugins/sha2/Makefile.in | 5 +-
src/libstrongswan/plugins/sha3/Makefile.am | 5 +-
src/libstrongswan/plugins/sha3/Makefile.in | 15 +-
src/libstrongswan/plugins/sha3/sha3_hasher.c | 447 +---------
src/libstrongswan/plugins/sha3/sha3_keccak.c | 498 +++++++++++
src/libstrongswan/plugins/sha3/sha3_keccak.h | 82 ++
src/libstrongswan/plugins/sha3/sha3_plugin.c | 6 +-
src/libstrongswan/plugins/sha3/sha3_shake.c | 143 +++
src/libstrongswan/plugins/sha3/sha3_shake.h | 48 +
src/libstrongswan/plugins/soup/Makefile.in | 5 +-
src/libstrongswan/plugins/sqlite/Makefile.in | 5 +-
src/libstrongswan/plugins/sshkey/Makefile.in | 5 +-
src/libstrongswan/plugins/test_vectors/Makefile.am | 2 +
src/libstrongswan/plugins/test_vectors/Makefile.in | 28 +-
.../plugins/test_vectors/test_vectors.h | 15 +
.../test_vectors/test_vectors/chacha20_xof.c | 81 ++
.../plugins/test_vectors/test_vectors/sha3.c | 1 -
.../plugins/test_vectors/test_vectors/sha3_shake.c | 472 ++++++++++
.../plugins/test_vectors/test_vectors_plugin.c | 16 +
src/libstrongswan/plugins/unbound/Makefile.in | 5 +-
.../plugins/unbound/unbound_response.c | 3 +-
src/libstrongswan/plugins/unbound/unbound_rr.c | 2 +
src/libstrongswan/plugins/winhttp/Makefile.in | 5 +-
src/libstrongswan/plugins/x509/Makefile.in | 5 +-
src/libstrongswan/plugins/xcbc/Makefile.in | 5 +-
src/libstrongswan/processing/watcher.c | 120 ++-
src/libstrongswan/tests/Makefile.in | 5 +-
src/libstrongswan/tests/suites/test_auth_cfg.c | 18 +-
src/libstrongswan/tests/suites/test_hasher.c | 50 +-
src/libstrongswan/tests/suites/test_mgf1.c | 88 +-
src/libstrongswan/tests/suites/test_ntru.c | 16 +-
src/libstrongswan/tests/suites/test_rsa.c | 8 +-
src/libstrongswan/tests/suites/test_utils.c | 23 +-
src/libstrongswan/tests/tests.h | 4 +-
src/libstrongswan/utils/leak_detective.c | 24 +-
src/libstrongswan/utils/utils.h | 6 +-
src/libstrongswan/utils/utils/byteorder.h | 42 +
src/libtls/Makefile.in | 5 +-
src/libtls/tests/Makefile.in | 5 +-
src/libtls/tls_crypto.c | 20 +-
src/libtnccs/Makefile.in | 5 +-
src/libtnccs/plugins/tnc_imc/Makefile.in | 5 +-
src/libtnccs/plugins/tnc_imv/Makefile.in | 5 +-
src/libtnccs/plugins/tnc_tnccs/Makefile.in | 5 +-
src/libtnccs/plugins/tnccs_11/Makefile.in | 5 +-
src/libtnccs/plugins/tnccs_20/Makefile.in | 5 +-
src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 5 +-
src/libtncif/Makefile.in | 5 +-
src/libtpmtss/Makefile.am | 5 +-
src/libtpmtss/Makefile.in | 13 +-
src/libtpmtss/tpm_tss_tss2.c | 7 +-
src/libtpmtss/tpm_tss_tss2_names.c | 2 +-
src/manager/Makefile.in | 5 +-
src/medsrv/Makefile.in | 5 +-
src/pki/Makefile.in | 5 +-
src/pki/commands/issue.c | 7 +-
src/pki/commands/keyid.c | 20 +-
src/pki/commands/print.c | 16 +-
src/pki/commands/pub.c | 11 +-
src/pki/commands/req.c | 10 +-
src/pki/commands/self.c | 8 +-
src/pki/commands/signcrl.c | 18 +-
src/pki/commands/verify.c | 18 +-
src/pki/man/Makefile.in | 5 +-
src/pki/man/pki---issue.1.in | 7 +-
src/pki/man/pki---keyid.1.in | 7 +-
src/pki/man/pki---print.1.in | 9 +-
src/pki/man/pki---pub.1.in | 7 +-
src/pki/man/pki---req.1.in | 3 +-
src/pki/man/pki---self.1.in | 3 +-
src/pki/man/pki---verify.1.in | 6 +-
src/pool/Makefile.in | 5 +-
src/pool/pool.c | 59 +-
src/pt-tls-client/Makefile.in | 5 +-
src/pt-tls-client/pt-tls-client.c | 30 +-
src/scepclient/Makefile.in | 5 +-
src/starter/Makefile.am | 7 +-
src/starter/Makefile.in | 12 +-
src/starter/confread.c | 1 +
src/starter/ipsec.secrets | 1 +
src/starter/starter.c | 66 --
src/starter/tests/Makefile.in | 5 +-
src/stroke/Makefile.in | 5 +-
src/swanctl/Makefile.am | 2 +
src/swanctl/Makefile.in | 12 +-
src/swanctl/command.h | 2 +-
src/swanctl/commands/flush_certs.c | 90 ++
src/swanctl/commands/load_conns.c | 2 +-
src/swanctl/commands/load_creds.c | 15 +-
src/swanctl/swanctl.8.in | 7 +-
src/swanctl/swanctl.conf | 17 +-
src/swanctl/swanctl.conf.5.main | 63 +-
src/swanctl/swanctl.h | 6 +
src/swanctl/swanctl.opt | 41 +-
434 files changed, 15568 insertions(+), 5863 deletions(-)
create mode 100644 src/charon-nm/nm-strongswan-service.conf
delete mode 100644 src/libcharon/plugins/maemo/Makefile.am
delete mode 100644 src/libcharon/plugins/maemo/Makefile.in
delete mode 100644 src/libcharon/plugins/maemo/maemo_plugin.c
delete mode 100644 src/libcharon/plugins/maemo/maemo_plugin.h
delete mode 100644 src/libcharon/plugins/maemo/maemo_service.c
delete mode 100644 src/libcharon/plugins/maemo/maemo_service.h
delete mode 100644 src/libcharon/plugins/maemo/org.strongswan.charon.service.in
delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1.c
delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1.h
delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
create mode 100644 src/libstrongswan/crypto/xofs/mgf1.h
create mode 100644 src/libstrongswan/crypto/xofs/xof.c
create mode 100644 src/libstrongswan/crypto/xofs/xof.h
create mode 100644 src/libstrongswan/crypto/xofs/xof_bitspender.c
create mode 100644 src/libstrongswan/crypto/xofs/xof_bitspender.h
create mode 100644 src/libstrongswan/math/libnttfft/Makefile.am
create mode 100644 src/libstrongswan/math/libnttfft/Makefile.in
create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft.c
create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft.h
create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_params.c
create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_params.h
create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
create mode 100644 src/libstrongswan/math/libnttfft/tests/Makefile.am
create mode 100644 src/libstrongswan/math/libnttfft/tests/Makefile.in
create mode 100644 src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
create mode 100644 src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
create mode 100644 src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft.c
delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft.h
delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft_params.c
delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft_params.h
delete mode 100644 src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c
create mode 100644 src/libstrongswan/plugins/chapoly/chapoly_xof.c
create mode 100644 src/libstrongswan/plugins/chapoly/chapoly_xof.h
create mode 100644 src/libstrongswan/plugins/mgf1/Makefile.am
create mode 100644 src/libstrongswan/plugins/mgf1/Makefile.in
create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_plugin.c
create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_plugin.h
create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_xof.c
create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_xof.h
create mode 100644 src/libstrongswan/plugins/newhope/Makefile.am
create mode 100644 src/libstrongswan/plugins/newhope/Makefile.in
create mode 100644 src/libstrongswan/plugins/newhope/newhope_ke.c
create mode 100644 src/libstrongswan/plugins/newhope/newhope_ke.h
create mode 100644 src/libstrongswan/plugins/newhope/newhope_noise.c
create mode 100644 src/libstrongswan/plugins/newhope/newhope_noise.h
create mode 100644 src/libstrongswan/plugins/newhope/newhope_plugin.c
create mode 100644 src/libstrongswan/plugins/newhope/newhope_plugin.h
create mode 100644 src/libstrongswan/plugins/newhope/newhope_reconciliation.c
create mode 100644 src/libstrongswan/plugins/newhope/newhope_reconciliation.h
create mode 100644 src/libstrongswan/plugins/newhope/tests/Makefile.am
create mode 100644 src/libstrongswan/plugins/newhope/tests/Makefile.in
create mode 100644 src/libstrongswan/plugins/newhope/tests/newhope_tests.c
create mode 100644 src/libstrongswan/plugins/newhope/tests/newhope_tests.h
create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c
create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c
create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c
create mode 100644 src/libstrongswan/plugins/sha3/sha3_keccak.c
create mode 100644 src/libstrongswan/plugins/sha3/sha3_keccak.h
create mode 100644 src/libstrongswan/plugins/sha3/sha3_shake.c
create mode 100644 src/libstrongswan/plugins/sha3/sha3_shake.h
create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c
create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c
create mode 100644 src/starter/ipsec.secrets
create mode 100644 src/swanctl/commands/flush_certs.c
(limited to 'src')
diff --git a/src/Makefile.in b/src/Makefile.in
index 51317383f..16b1d2834 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -367,7 +367,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -401,8 +400,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -456,6 +453,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 5f7d50fd9..ce9ce1fa4 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -319,7 +319,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -353,8 +352,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -408,6 +405,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 1d15c0c93..37a57af0d 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -386,6 +383,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 1e2b7dd8b..149e739a7 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/aikpub2/Makefile.in b/src/aikpub2/Makefile.in
index adb40e415..62be867c5 100644
--- a/src/aikpub2/Makefile.in
+++ b/src/aikpub2/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index 098eb9474..fb43e4e02 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -446,6 +443,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am
index 6ab7f27c5..4abfc743a 100644
--- a/src/charon-nm/Makefile.am
+++ b/src/charon-nm/Makefile.am
@@ -22,3 +22,8 @@ charon_nm_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
+
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+
+EXTRA_DIST = $(dbusservice_DATA)
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 715412ad2..7f05b359c 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -14,6 +14,7 @@
@SET_MAKE@
+
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
@@ -108,7 +109,8 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)" \
+ "$(DESTDIR)$(dbusservicedir)"
PROGRAMS = $(ipsec_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
am_charon_nm_OBJECTS = charon-nm.$(OBJEXT) nm/nm_backend.$(OBJEXT) \
@@ -166,6 +168,34 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+DATA = $(dbusservice_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -326,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -360,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -415,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -441,6 +470,9 @@ charon_nm_LDADD = \
$(top_builddir)/src/libcharon/libcharon.la \
-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+EXTRA_DIST = $(dbusservice_DATA)
all: all-am
.SUFFIXES:
@@ -583,6 +615,27 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+install-dbusserviceDATA: $(dbusservice_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \
+ done
+
+uninstall-dbusserviceDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -668,9 +721,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(dbusservicedir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -728,7 +781,7 @@ info: info-am
info-am:
-install-data-am: install-ipsecPROGRAMS
+install-data-am: install-dbusserviceDATA install-ipsecPROGRAMS
install-dvi: install-dvi-am
@@ -774,7 +827,7 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-dbusserviceDATA uninstall-ipsecPROGRAMS
.MAKE: install-am install-strip
@@ -783,14 +836,16 @@ uninstall-am: uninstall-ipsecPROGRAMS
distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
+ install-data-am install-dbusserviceDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+ tags tags-am uninstall uninstall-am uninstall-dbusserviceDATA \
+ uninstall-ipsecPROGRAMS
.PRECIOUS: Makefile
diff --git a/src/charon-nm/nm-strongswan-service.conf b/src/charon-nm/nm-strongswan-service.conf
new file mode 100644
index 000000000..a630f3407
--- /dev/null
+++ b/src/charon-nm/nm-strongswan-service.conf
@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager.strongswan"/>
+ <deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+</busconfig>
+
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 5991c2465..571c0edba 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -23,7 +23,6 @@
#include <utils/identification.h>
#include <config/peer_cfg.h>
#include <credentials/certificates/x509.h>
-#include <networking/tun_device.h>
#include <stdio.h>
@@ -43,8 +42,6 @@ typedef struct {
nm_creds_t *creds;
/* attribute handler for DNS/NBNS server information */
nm_handler_t *handler;
- /* dummy TUN device */
- tun_device_t *tun;
/* name of the connection */
char *name;
} NMStrongswanPluginPrivate;
@@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
GValue *val;
GHashTable *config;
enumerator_t *enumerator;
- host_t *me;
+ host_t *me, *other;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
handler = priv->handler;
- /* NM requires a tundev, but netkey does not use one. Passing the physical
- * interface does not work, as NM fiddles around with it. So we pass a dummy
- * TUN device along for NM to play with... */
+ /* NM apparently requires to know the gateway */
val = g_slice_new0 (GValue);
- g_value_init (val, G_TYPE_STRING);
- g_value_set_string (val, priv->tun->get_name(priv->tun));
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+ g_value_init (val, G_TYPE_UINT);
+ other = ike_sa->get_other_host(ike_sa);
+ g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
/* NM installs this IP address on the interface above, so we use the VIP if
* we got one.
@@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
priv->name);
DBG4(DBG_CFG, "%s",
nm_setting_to_string(NM_SETTING(vpn)));
- if (!priv->tun)
- {
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
- "Failed to create dummy TUN device.");
- return FALSE;
- }
address = nm_setting_vpn_get_data_item(vpn, "address");
if (!address || !*address)
{
@@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
/* no certificate defined, fall back to system-wide CA certificates */
- priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
+ priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
+ lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
}
if (!gateway)
{
@@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
{
user = identification_create_from_string((char*)str);
str = nm_setting_vpn_get_secret(vpn, "password");
+ if (auth_class == AUTH_CLASS_PSK &&
+ strlen(str) < 20)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "pre-shared key is too short.");
+ gateway->destroy(gateway);
+ user->destroy(user);
+ return FALSE;
+ }
priv->creds->set_username_password(priv->creds, user, (char*)str);
}
}
@@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0",
charon->socket->get_port(charon->socket, FALSE),
(char*)address, IKEV2_UDP_PORT,
- FRAGMENTATION_NO, 0);
+ FRAGMENTATION_YES, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
@@ -722,27 +723,9 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
memset(&priv->listener, 0, sizeof(listener_t));
priv->listener.child_updown = child_updown;
priv->listener.ike_rekey = ike_rekey;
- priv->tun = tun_device_create(NULL);
priv->name = NULL;
}
-/**
- * Destructor
- */
-static void nm_strongswan_plugin_dispose(GObject *obj)
-{
- NMStrongswanPlugin *plugin;
- NMStrongswanPluginPrivate *priv;
-
- plugin = NM_STRONGSWAN_PLUGIN(obj);
- priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
- if (priv->tun)
- {
- priv->tun->destroy(priv->tun);
- priv->tun = NULL;
- }
-}
-
/**
* Class constructor
*/
@@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init(
parent_class->connect = connect_;
parent_class->need_secrets = need_secrets;
parent_class->disconnect = disconnect;
- G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose;
}
/**
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 4afa62507..e9cb26620 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index 3dcf3d75a..c1aa833b0 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -324,7 +324,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -358,8 +357,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -413,6 +410,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 1eaf46a89..30a3ac86d 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr
index 102f6b7a2..459519564 100644
--- a/src/charon-tkm/build_common.gpr
+++ b/src/charon-tkm/build_common.gpr
@@ -9,7 +9,8 @@ project Build_Common is
C_Compiler_Switches := ("-W",
"-Wall",
- "-Wno-unused-parameter");
+ "-Wno-unused-parameter",
+ "-g");
Ada_Compiler_Switches := ("-gnatwale",
"-gnatygAdISuxo",
"-gnata",
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 13352e55a..4a6d2aed6 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -286,7 +286,7 @@ int main(int argc, char *argv[])
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
@@ -373,6 +373,7 @@ int main(int argc, char *argv[])
run();
unlink_pidfile();
+ free(pidfile_name);
status = 0;
charon->bus->remove_listener(charon->bus, &listener->listener);
listener->destroy(listener);
@@ -382,7 +383,7 @@ int main(int argc, char *argv[])
deinit:
destroy_dh_mapping();
libcharon_deinit();
- library_deinit();
tkm_deinit();
+ library_deinit();
return status;
}
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 51f62fc37..d07ea5c48 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -323,7 +323,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -357,8 +356,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -412,6 +409,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 87bbf9f28..88210908a 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -48,6 +48,11 @@ if USE_RADIUS
libs += $(DESTDIR)$(ipseclibdir)/libradius.so
endif
+if USE_LIBNTTFFT
+ deps += $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+ libs += $(DESTDIR)$(ipseclibdir)/libnttfft.so
+endif
+
if USE_LIBPTTLS
deps += $(top_builddir)/src/libpttls/libpttls.la
libs += $(DESTDIR)$(ipseclibdir)/libpttls.so
@@ -89,6 +94,10 @@ if USE_CMD
exes += $(DESTDIR)$(sbindir)/charon-cmd
endif
+if USE_SYSTEMD
+ exes += $(DESTDIR)$(sbindir)/charon-systemd
+endif
+
if USE_SCEPCLIENT
exes += $(DESTDIR)$(ipsecdir)/scepclient
endif
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index ef14d1236..7644e1b2b 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -96,27 +96,30 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@USE_TLS_TRUE@am__append_5 = $(DESTDIR)$(ipseclibdir)/libtls.so
@USE_RADIUS_TRUE@am__append_6 = $(top_builddir)/src/libradius/libradius.la
@USE_RADIUS_TRUE@am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so
-@USE_LIBPTTLS_TRUE@am__append_8 = $(top_builddir)/src/libpttls/libpttls.la
-@USE_LIBPTTLS_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so
-@USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la
-@USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so
-@USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la
-@USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
-@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_14 = -DT_PLUGINS=\""${t_plugins}\""
-@USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la
-@USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
-@USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la
-@USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so
-@USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la
-@USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so
-@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon
-@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_22 = -DC_PLUGINS=\""${c_plugins}\""
-@USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd
-@USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient
-@USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki
-@USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl
-@USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool
-@USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest
+@USE_LIBNTTFFT_TRUE@am__append_8 = $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+@USE_LIBNTTFFT_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libnttfft.so
+@USE_LIBPTTLS_TRUE@am__append_10 = $(top_builddir)/src/libpttls/libpttls.la
+@USE_LIBPTTLS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libpttls.so
+@USE_LIBTPMTSS_TRUE@am__append_12 = $(top_builddir)/src/libtpmtss/libtpmtss.la
+@USE_LIBTPMTSS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so
+@USE_LIBTNCCS_TRUE@am__append_14 = $(top_builddir)/src/libtnccs/libtnccs.la
+@USE_LIBTNCCS_TRUE@am__append_15 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
+@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_16 = -DT_PLUGINS=\""${t_plugins}\""
+@USE_SIMAKA_TRUE@am__append_17 = $(top_builddir)/src/libsimaka/libsimaka.la
+@USE_SIMAKA_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
+@USE_IMCV_TRUE@am__append_19 = $(top_builddir)/src/libimcv/libimcv.la
+@USE_IMCV_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libimcv.so
+@USE_CHARON_TRUE@am__append_21 = $(top_builddir)/src/libcharon/libcharon.la
+@USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipseclibdir)/libcharon.so
+@USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipsecdir)/charon
+@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_24 = -DC_PLUGINS=\""${c_plugins}\""
+@USE_CMD_TRUE@am__append_25 = $(DESTDIR)$(sbindir)/charon-cmd
+@USE_SYSTEMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-systemd
+@USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient
+@USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki
+@USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl
+@USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool
+@USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -388,7 +391,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -422,8 +424,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -477,6 +477,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -497,7 +499,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
- $(am__append_14) $(am__append_22)
+ $(am__append_16) $(am__append_24)
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -508,14 +510,15 @@ AM_CFLAGS = \
deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__append_2) $(am__append_4) $(am__append_6) \
$(am__append_8) $(am__append_10) $(am__append_12) \
- $(am__append_15) $(am__append_17) $(am__append_19)
+ $(am__append_14) $(am__append_17) $(am__append_19) \
+ $(am__append_21)
libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
$(am__append_5) $(am__append_7) $(am__append_9) \
- $(am__append_11) $(am__append_13) $(am__append_16) \
- $(am__append_18) $(am__append_20)
-exes = $(am__append_21) $(am__append_23) $(am__append_24) \
- $(am__append_25) $(am__append_26) $(am__append_27) \
- $(am__append_28)
+ $(am__append_11) $(am__append_13) $(am__append_15) \
+ $(am__append_18) $(am__append_20) $(am__append_22)
+exes = $(am__append_23) $(am__append_25) $(am__append_26) \
+ $(am__append_27) $(am__append_28) $(am__append_29) \
+ $(am__append_30) $(am__append_31)
all: all-am
.SUFFIXES:
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 7b499897c..9c55b503e 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -337,7 +337,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -371,8 +370,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -426,6 +423,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index d3bb11f61..38681f44b 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -358,7 +358,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -392,8 +391,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -447,6 +444,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index c909af9a1..4fa90fda5 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index 22e61fdf7..02d5125a5 100644
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -84,6 +84,8 @@ struct xfrm_replay_state {
__u32 bitmap;
};
+#define XFRMA_REPLAY_ESN_MAX 4096
+
struct xfrm_replay_state_esn {
unsigned int bmp_len;
__u32 oseq;
@@ -295,6 +297,9 @@ enum xfrm_attr_type_t {
XFRMA_MARK, /* struct xfrm_mark */
XFRMA_TFCPAD, /* __u32 */
XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */
+ XFRMA_SA_EXTRA_FLAGS, /* __u32 */
+ XFRMA_PROTO, /* __u8 */
+ XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
__XFRMA_MAX
#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -323,6 +328,8 @@ enum xfrm_spdattr_type_t {
XFRMA_SPD_UNSPEC,
XFRMA_SPD_INFO,
XFRMA_SPD_HINFO,
+ XFRMA_SPD_IPV4_HTHRESH,
+ XFRMA_SPD_IPV6_HTHRESH,
__XFRMA_SPD_MAX
#define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
@@ -342,6 +349,11 @@ struct xfrmu_spdhinfo {
__u32 spdhmcnt;
};
+struct xfrmu_spdhthresh {
+ __u8 lbits;
+ __u8 rbits;
+};
+
struct xfrm_usersa_info {
struct xfrm_selector sel;
struct xfrm_id id;
@@ -365,6 +377,8 @@ struct xfrm_usersa_info {
#define XFRM_STATE_ESN 128
};
+#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
+
struct xfrm_usersa_id {
xfrm_address_t daddr;
__be32 spi;
@@ -469,6 +483,14 @@ struct xfrm_user_mapping {
__be16 new_sport;
};
+struct xfrm_address_filter {
+ xfrm_address_t saddr;
+ xfrm_address_t daddr;
+ __u16 family;
+ __u8 splen;
+ __u8 dplen;
+};
+
#ifndef __KERNEL__
/* backwards compatibility for userspace */
#define XFRMGRP_ACQUIRE 1
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index c4cb5af4c..7512472cd 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -300,7 +300,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -334,8 +333,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -389,6 +386,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index b0acc6c0c..388a49246 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.5.1dr3" "strongSwan"
.
.SH NAME
.
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 550f6eb9c..e530205e8 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -513,13 +513,6 @@ if MONOLITHIC
endif
endif
-if USE_MAEMO
- SUBDIRS += plugins/maemo
-if MONOLITHIC
- libcharon_la_LIBADD += plugins/maemo/libstrongswan-maemo.la
-endif
-endif
-
if USE_HA
SUBDIRS += plugins/ha
if MONOLITHIC
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 3ea9b8089..e82e67b8f 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -239,60 +239,58 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_91 = plugins/android_dns/libstrongswan-android-dns.la
@USE_ANDROID_LOG_TRUE@am__append_92 = plugins/android_log
@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_93 = plugins/android_log/libstrongswan-android-log.la
-@USE_MAEMO_TRUE@am__append_94 = plugins/maemo
-@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_95 = plugins/maemo/libstrongswan-maemo.la
-@USE_HA_TRUE@am__append_96 = plugins/ha
-@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_97 = plugins/ha/libstrongswan-ha.la
-@USE_KERNEL_PFKEY_TRUE@am__append_98 = plugins/kernel_pfkey
-@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_99 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
-@USE_KERNEL_PFROUTE_TRUE@am__append_100 = plugins/kernel_pfroute
-@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_101 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
-@USE_KERNEL_NETLINK_TRUE@am__append_102 = plugins/kernel_netlink
-@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_103 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
-@USE_KERNEL_LIBIPSEC_TRUE@am__append_104 = plugins/kernel_libipsec
-@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_105 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
-@USE_KERNEL_WFP_TRUE@am__append_106 = plugins/kernel_wfp
-@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_107 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
-@USE_KERNEL_IPH_TRUE@am__append_108 = plugins/kernel_iph
-@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_109 = plugins/kernel_iph/libstrongswan-kernel-iph.la
-@USE_WHITELIST_TRUE@am__append_110 = plugins/whitelist
-@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_111 = plugins/whitelist/libstrongswan-whitelist.la
-@USE_LOOKIP_TRUE@am__append_112 = plugins/lookip
-@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_113 = plugins/lookip/libstrongswan-lookip.la
-@USE_ERROR_NOTIFY_TRUE@am__append_114 = plugins/error_notify
-@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_115 = plugins/error_notify/libstrongswan-error-notify.la
-@USE_CERTEXPIRE_TRUE@am__append_116 = plugins/certexpire
-@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_117 = plugins/certexpire/libstrongswan-certexpire.la
-@USE_SYSTIME_FIX_TRUE@am__append_118 = plugins/systime_fix
-@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_119 = plugins/systime_fix/libstrongswan-systime-fix.la
-@USE_LED_TRUE@am__append_120 = plugins/led
-@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_121 = plugins/led/libstrongswan-led.la
-@USE_DUPLICHECK_TRUE@am__append_122 = plugins/duplicheck
-@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_123 = plugins/duplicheck/libstrongswan-duplicheck.la
-@USE_COUPLING_TRUE@am__append_124 = plugins/coupling
-@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_125 = plugins/coupling/libstrongswan-coupling.la
-@USE_RADATTR_TRUE@am__append_126 = plugins/radattr
-@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_127 = plugins/radattr/libstrongswan-radattr.la
-@USE_UCI_TRUE@am__append_128 = plugins/uci
-@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_129 = plugins/uci/libstrongswan-uci.la
-@USE_ADDRBLOCK_TRUE@am__append_130 = plugins/addrblock
-@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_131 = plugins/addrblock/libstrongswan-addrblock.la
-@USE_UNITY_TRUE@am__append_132 = plugins/unity
-@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_133 = plugins/unity/libstrongswan-unity.la
-@USE_XAUTH_GENERIC_TRUE@am__append_134 = plugins/xauth_generic
-@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_135 = plugins/xauth_generic/libstrongswan-xauth-generic.la
-@USE_XAUTH_EAP_TRUE@am__append_136 = plugins/xauth_eap
-@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_137 = plugins/xauth_eap/libstrongswan-xauth-eap.la
-@USE_XAUTH_PAM_TRUE@am__append_138 = plugins/xauth_pam
-@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_139 = plugins/xauth_pam/libstrongswan-xauth-pam.la
-@USE_XAUTH_NOAUTH_TRUE@am__append_140 = plugins/xauth_noauth
-@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_141 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
-@USE_RESOLVE_TRUE@am__append_142 = plugins/resolve
-@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_143 = plugins/resolve/libstrongswan-resolve.la
-@USE_ATTR_TRUE@am__append_144 = plugins/attr
-@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_145 = plugins/attr/libstrongswan-attr.la
-@USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql
-@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la
+@USE_HA_TRUE@am__append_94 = plugins/ha
+@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_95 = plugins/ha/libstrongswan-ha.la
+@USE_KERNEL_PFKEY_TRUE@am__append_96 = plugins/kernel_pfkey
+@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_97 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+@USE_KERNEL_PFROUTE_TRUE@am__append_98 = plugins/kernel_pfroute
+@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_99 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+@USE_KERNEL_NETLINK_TRUE@am__append_100 = plugins/kernel_netlink
+@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_101 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+@USE_KERNEL_LIBIPSEC_TRUE@am__append_102 = plugins/kernel_libipsec
+@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_103 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
+@USE_KERNEL_WFP_TRUE@am__append_104 = plugins/kernel_wfp
+@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_105 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
+@USE_KERNEL_IPH_TRUE@am__append_106 = plugins/kernel_iph
+@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_107 = plugins/kernel_iph/libstrongswan-kernel-iph.la
+@USE_WHITELIST_TRUE@am__append_108 = plugins/whitelist
+@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_109 = plugins/whitelist/libstrongswan-whitelist.la
+@USE_LOOKIP_TRUE@am__append_110 = plugins/lookip
+@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_111 = plugins/lookip/libstrongswan-lookip.la
+@USE_ERROR_NOTIFY_TRUE@am__append_112 = plugins/error_notify
+@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_113 = plugins/error_notify/libstrongswan-error-notify.la
+@USE_CERTEXPIRE_TRUE@am__append_114 = plugins/certexpire
+@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_115 = plugins/certexpire/libstrongswan-certexpire.la
+@USE_SYSTIME_FIX_TRUE@am__append_116 = plugins/systime_fix
+@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_117 = plugins/systime_fix/libstrongswan-systime-fix.la
+@USE_LED_TRUE@am__append_118 = plugins/led
+@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_119 = plugins/led/libstrongswan-led.la
+@USE_DUPLICHECK_TRUE@am__append_120 = plugins/duplicheck
+@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_121 = plugins/duplicheck/libstrongswan-duplicheck.la
+@USE_COUPLING_TRUE@am__append_122 = plugins/coupling
+@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_123 = plugins/coupling/libstrongswan-coupling.la
+@USE_RADATTR_TRUE@am__append_124 = plugins/radattr
+@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_125 = plugins/radattr/libstrongswan-radattr.la
+@USE_UCI_TRUE@am__append_126 = plugins/uci
+@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_127 = plugins/uci/libstrongswan-uci.la
+@USE_ADDRBLOCK_TRUE@am__append_128 = plugins/addrblock
+@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_129 = plugins/addrblock/libstrongswan-addrblock.la
+@USE_UNITY_TRUE@am__append_130 = plugins/unity
+@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_131 = plugins/unity/libstrongswan-unity.la
+@USE_XAUTH_GENERIC_TRUE@am__append_132 = plugins/xauth_generic
+@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_133 = plugins/xauth_generic/libstrongswan-xauth-generic.la
+@USE_XAUTH_EAP_TRUE@am__append_134 = plugins/xauth_eap
+@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_135 = plugins/xauth_eap/libstrongswan-xauth-eap.la
+@USE_XAUTH_PAM_TRUE@am__append_136 = plugins/xauth_pam
+@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_137 = plugins/xauth_pam/libstrongswan-xauth-pam.la
+@USE_XAUTH_NOAUTH_TRUE@am__append_138 = plugins/xauth_noauth
+@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_139 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+@USE_RESOLVE_TRUE@am__append_140 = plugins/resolve
+@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_141 = plugins/resolve/libstrongswan-resolve.la
+@USE_ATTR_TRUE@am__append_142 = plugins/attr
+@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_143 = plugins/attr/libstrongswan-attr.la
+@USE_ATTR_SQL_TRUE@am__append_144 = plugins/attr_sql
+@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_145 = plugins/attr_sql/libstrongswan-attr-sql.la
subdir = src/libcharon
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -370,7 +368,7 @@ libcharon_la_DEPENDENCIES = \
$(am__append_127) $(am__append_129) $(am__append_131) \
$(am__append_133) $(am__append_135) $(am__append_137) \
$(am__append_139) $(am__append_141) $(am__append_143) \
- $(am__append_145) $(am__append_147)
+ $(am__append_145)
am__libcharon_la_SOURCES_DIST = attributes/attributes.c \
attributes/attributes.h attributes/attribute_provider.h \
attributes/attribute_handler.h attributes/attribute_manager.c \
@@ -747,16 +745,15 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \
plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \
plugins/p_cscf plugins/android_dns plugins/android_log \
- plugins/maemo plugins/ha plugins/kernel_pfkey \
- plugins/kernel_pfroute plugins/kernel_netlink \
- plugins/kernel_libipsec plugins/kernel_wfp plugins/kernel_iph \
- plugins/whitelist plugins/lookip plugins/error_notify \
- plugins/certexpire plugins/systime_fix plugins/led \
- plugins/duplicheck plugins/coupling plugins/radattr \
- plugins/uci plugins/addrblock plugins/unity \
- plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \
- plugins/xauth_noauth plugins/resolve plugins/attr \
- plugins/attr_sql tests
+ plugins/ha plugins/kernel_pfkey plugins/kernel_pfroute \
+ plugins/kernel_netlink plugins/kernel_libipsec \
+ plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \
+ plugins/lookip plugins/error_notify plugins/certexpire \
+ plugins/systime_fix plugins/led plugins/duplicheck \
+ plugins/coupling plugins/radattr plugins/uci plugins/addrblock \
+ plugins/unity plugins/xauth_generic plugins/xauth_eap \
+ plugins/xauth_pam plugins/xauth_noauth plugins/resolve \
+ plugins/attr plugins/attr_sql tests
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
@@ -923,7 +920,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -957,8 +953,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -1012,6 +1006,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -1159,8 +1155,7 @@ libcharon_la_LIBADD = \
$(am__append_123) $(am__append_125) $(am__append_127) \
$(am__append_129) $(am__append_131) $(am__append_133) \
$(am__append_135) $(am__append_137) $(am__append_139) \
- $(am__append_141) $(am__append_143) $(am__append_145) \
- $(am__append_147)
+ $(am__append_141) $(am__append_143) $(am__append_145)
EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \
@MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \
@@ -1195,8 +1190,7 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_130) $(am__append_132) \
@MONOLITHIC_FALSE@ $(am__append_134) $(am__append_136) \
@MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \
-@MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \
-@MONOLITHIC_FALSE@ $(am__append_146) tests
+@MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) tests
# build optional plugins
########################
@@ -1233,8 +1227,7 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_130) $(am__append_132) \
@MONOLITHIC_TRUE@ $(am__append_134) $(am__append_136) \
@MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \
-@MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \
-@MONOLITHIC_TRUE@ $(am__append_146) . tests
+@MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) . tests
all: all-recursive
.SUFFIXES:
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index e17d629d2..6b3cea880 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2016 Tobias Brunner
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -207,6 +207,24 @@ static inline void register_logger(private_bus_t *this, debug_t group,
}
}
+/**
+ * Find the log level of the first registered logger that implements log or
+ * vlog (or both).
+ */
+static bool find_max_levels(log_entry_t *entry, debug_t *group, level_t *level,
+ level_t *vlevel)
+{
+ if (entry->logger->log && *level == LEVEL_SILENT)
+ {
+ *level = entry->levels[*group];
+ }
+ if (entry->logger->vlog && *vlevel == LEVEL_SILENT)
+ {
+ *vlevel = entry->levels[*group];
+ }
+ return *level > LEVEL_SILENT && *vlevel > LEVEL_SILENT;
+}
+
/**
* Unregister a logger from all log groups (destroys the log_entry_t)
*/
@@ -240,18 +258,8 @@ static inline void unregister_logger(private_bus_t *this, logger_t *logger)
{
loggers = this->loggers[group];
loggers->remove(loggers, found, NULL);
-
- if (loggers->get_first(loggers, (void**)&entry) == SUCCESS)
- {
- if (entry->logger->log)
- {
- level = entry->levels[group];
- }
- if (entry->logger->vlog)
- {
- vlevel = entry->levels[group];
- }
- }
+ loggers->find_first(loggers, (linked_list_match_t)find_max_levels, NULL,
+ &group, &level, &vlevel);
set_level(&this->max_level[group], level);
set_level(&this->max_vlevel[group], vlevel);
}
@@ -593,6 +601,38 @@ METHOD(bus_t, ike_keys, void,
this->mutex->unlock(this->mutex);
}
+METHOD(bus_t, ike_derived_keys, void,
+ private_bus_t *this, chunk_t sk_ei, chunk_t sk_er, chunk_t sk_ai,
+ chunk_t sk_ar)
+{
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa;
+ entry_t *entry;
+ bool keep;
+
+ ike_sa = this->thread_sa->get(this->thread_sa);
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->calling || !entry->listener->ike_derived_keys)
+ {
+ continue;
+ }
+ entry->calling++;
+ keep = entry->listener->ike_derived_keys(entry->listener, ike_sa, sk_ei,
+ sk_er, sk_ai, sk_ar);
+ entry->calling--;
+ if (!keep)
+ {
+ unregister_listener(this, entry, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
METHOD(bus_t, child_keys, void,
private_bus_t *this, child_sa_t *child_sa, bool initiator,
diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r)
@@ -625,6 +665,39 @@ METHOD(bus_t, child_keys, void,
this->mutex->unlock(this->mutex);
}
+METHOD(bus_t, child_derived_keys, void,
+ private_bus_t *this, child_sa_t *child_sa, bool initiator,
+ chunk_t encr_i, chunk_t encr_r, chunk_t integ_i, chunk_t integ_r)
+{
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa;
+ entry_t *entry;
+ bool keep;
+
+ ike_sa = this->thread_sa->get(this->thread_sa);
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->calling || !entry->listener->child_derived_keys)
+ {
+ continue;
+ }
+ entry->calling++;
+ keep = entry->listener->child_derived_keys(entry->listener, ike_sa,
+ child_sa, initiator, encr_i, encr_r,
+ integ_i, integ_r);
+ entry->calling--;
+ if (!keep)
+ {
+ unregister_listener(this, entry, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
METHOD(bus_t, child_updown, void,
private_bus_t *this, child_sa_t *child_sa, bool up)
{
@@ -1061,7 +1134,9 @@ bus_t *bus_create()
.child_state_change = _child_state_change,
.message = _message,
.ike_keys = _ike_keys,
+ .ike_derived_keys = _ike_derived_keys,
.child_keys = _child_keys,
+ .child_derived_keys = _child_derived_keys,
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
.ike_update = _ike_update,
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 305cbe4ae..1e810a499 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -349,8 +349,8 @@ struct bus_t {
* @param ike_sa IKE_SA this keymat belongs to
* @param dh diffie hellman shared secret
* @param dh_other others DH public value (IKEv1 only)
- * @param nonce_i initiators nonce
- * @param nonce_r responders nonce
+ * @param nonce_i initiator's nonce
+ * @param nonce_r responder's nonce
* @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
* @param shared shared key used for key derivation (IKEv1-PSK only)
*/
@@ -358,18 +358,43 @@ struct bus_t {
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey, shared_key_t *shared);
+ /**
+ * IKE_SA derived keys hook.
+ *
+ * @param sk_ei SK_ei, or Ka for IKEv1
+ * @param sk_er SK_er
+ * @param sk_ai SK_ai, or SKEYID_a for IKEv1
+ * @param sk_ar SK_ar
+ */
+ void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er,
+ chunk_t sk_ai, chunk_t sk_ar);
+
/**
* CHILD_SA keymat hook.
*
* @param child_sa CHILD_SA this keymat is used for
* @param initiator initiator of the CREATE_CHILD_SA exchange
* @param dh diffie hellman shared secret
- * @param nonce_i initiators nonce
- * @param nonce_r responders nonce
+ * @param nonce_i initiator's nonce
+ * @param nonce_r responder's nonce
*/
void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator,
diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
+ /**
+ * CHILD_SA derived keys hook.
+ *
+ * @param child_sa CHILD_SA these keys are used for
+ * @param initiator initiator of the CREATE_CHILD_SA exchange
+ * @param encr_i initiator's encryption key
+ * @param encr_o responder's encryption key
+ * @param integ_i initiator's integrity key
+ * @param integ_r responder's integrity key
+ */
+ void (*child_derived_keys)(bus_t *this, child_sa_t *child_sa,
+ bool initiator, chunk_t encr_i, chunk_t encr_r,
+ chunk_t integ_i, chunk_t integ_r);
+
/**
* IKE_SA up/down hook.
*
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index be2726ede..be0dfbe21 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -84,8 +84,8 @@ struct listener_t {
* @param ike_sa IKE_SA this keymat belongs to
* @param dh diffie hellman shared secret
* @param dh_other others DH public value (IKEv1 only)
- * @param nonce_i initiators nonce
- * @param nonce_r responders nonce
+ * @param nonce_i initiator's nonce
+ * @param nonce_r responder's nonce
* @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
* @param shared shared key used for key derivation (IKEv1-PSK only)
* @return TRUE to stay registered, FALSE to unregister
@@ -94,6 +94,18 @@ struct listener_t {
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
ike_sa_t *rekey, shared_key_t *shared);
+ /**
+ * Hook called with derived IKE_SA keys.
+ *
+ * @param ike_sa IKE_SA these keys belong to
+ * @param sk_ei SK_ei, or Ka for IKEv1
+ * @param sk_er SK_er
+ * @param sk_ai SK_ai, or SKEYID_a for IKEv1
+ * @param sk_ar SK_ar
+ */
+ bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
+ chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
+
/**
* Hook called with CHILD_SA key material.
*
@@ -101,14 +113,30 @@ struct listener_t {
* @param child_sa CHILD_SA this keymat is used for
* @param initiator initiator of the CREATE_CHILD_SA exchange
* @param dh diffie hellman shared secret
- * @param nonce_i initiators nonce
- * @param nonce_r responders nonce
+ * @param nonce_i initiator's nonce
+ * @param nonce_r responder's nonce
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
bool initiator, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r);
+ /**
+ * Hook called with derived CHILD_SA keys.
+ *
+ * @param ike_sa IKE_SA the child sa belongs to
+ * @param child_sa CHILD_SA these keys are used for
+ * @param initiator initiator of the CREATE_CHILD_SA exchange
+ * @param encr_i initiator's encryption key
+ * @param encr_o responder's encryption key
+ * @param integ_i initiator's integrity key
+ * @param integ_r responder's integrity key
+ */
+ bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool initiator,
+ chunk_t encr_i, chunk_t encr_r,
+ chunk_t integ_i, chunk_t integ_r);
+
/**
* Hook called if an IKE_SA gets up or down.
*
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 76d7f2c58..6a9c342f4 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -153,6 +153,11 @@ struct private_child_cfg_t {
*/
bool install_policy;
+ /**
+ * Install outbound FWD policies
+ */
+ bool fwd_out_policy;
+
/**
* anti-replay window size
*/
@@ -564,6 +569,12 @@ METHOD(child_cfg_t, install_policy, bool,
return this->install_policy;
}
+METHOD(child_cfg_t, install_fwd_out_policy, bool,
+ private_child_cfg_t *this)
+{
+ return this->fwd_out_policy;
+}
+
#define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; })
#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); })
@@ -613,6 +624,7 @@ METHOD(child_cfg_t, equals, bool,
this->replay_window == other->replay_window &&
this->proxy_mode == other->proxy_mode &&
this->install_policy == other->install_policy &&
+ this->fwd_out_policy == other->fwd_out_policy &&
streq(this->updown, other->updown) &&
streq(this->interface, other->interface);
}
@@ -673,6 +685,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.set_replay_window = _set_replay_window,
.use_proxy_mode = _use_proxy_mode,
.install_policy = _install_policy,
+ .install_fwd_out_policy = _install_fwd_out_policy,
.equals = _equals,
.get_ref = _get_ref,
.destroy = _destroy,
@@ -695,6 +708,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.manual_prio = data->priority,
.interface = strdupnull(data->interface),
.install_policy = !data->suppress_policies,
+ .fwd_out_policy = data->fwd_out_policies,
.refcount = 1,
.proposals = linked_list_create(),
.my_ts = linked_list_create(),
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index e736b2737..b85bfd9bc 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -283,6 +283,14 @@ struct child_cfg_t {
*/
bool (*install_policy)(child_cfg_t *this);
+ /**
+ * Check whether outbound FWD IPsec policies should be installed.
+ *
+ * @return TRUE, if outbound FWD policies should be installed
+ * FALSE, otherwise
+ */
+ bool (*install_fwd_out_policy)(child_cfg_t *this);
+
/**
* Check if two child_cfg objects are equal.
*
@@ -346,6 +354,8 @@ struct child_cfg_create_t {
bool hostaccess;
/** Don't install IPsec policies */
bool suppress_policies;
+ /** Install outbound FWD IPsec policies to bypass drop policies */
+ bool fwd_out_policies;
};
/**
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index 5655a3497..afcb772fe 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -256,7 +256,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
fragmentation_t fragmentation, uint8_t dscp);
/**
- * Determine the address family of the local or remtoe address(es). If multiple
+ * Determine the address family of the local or remote address(es). If multiple
* families are configured AF_UNSPEC is returned. %any is ignored (%any4|6 are
* not though).
*
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index a83acec23..011c0b8b0 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -419,25 +419,41 @@ static const struct {
{AUTH_AES_CMAC_96, PRF_AES128_CMAC },
};
+/**
+ * Remove all entries of the given transform type
+ */
+static void remove_transform(private_proposal_t *this, transform_type_t type)
+{
+ enumerator_t *e;
+ entry_t *entry;
+
+ e = array_create_enumerator(this->transforms);
+ while (e->enumerate(e, &entry))
+ {
+ if (entry->type == type)
+ {
+ array_remove_at(this->transforms, e);
+ }
+ }
+ e->destroy(e);
+}
+
/**
* Checks the proposal read from a string.
*/
-static void check_proposal(private_proposal_t *this)
+static bool check_proposal(private_proposal_t *this)
{
enumerator_t *e;
entry_t *entry;
uint16_t alg, ks;
- bool all_aead = TRUE;
+ bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE;
int i;
if (this->protocol == PROTO_IKE)
{
- e = create_enumerator(this, PSEUDO_RANDOM_FUNCTION);
- if (!e->enumerate(e, &alg, &ks))
- {
- /* No explicit PRF found. We assume the same algorithm as used
- * for integrity checking */
- e->destroy(e);
+ if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
+ { /* No explicit PRF found. We assume the same algorithm as used
+ * for integrity checking. */
e = create_enumerator(this, INTEGRITY_ALGORITHM);
while (e->enumerate(e, &alg, &ks))
{
@@ -451,8 +467,13 @@ static void check_proposal(private_proposal_t *this)
}
}
}
+ e->destroy(e);
+ }
+ if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
+ {
+ DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
+ return FALSE;
}
- e->destroy(e);
/* remove MODP_NONE from IKE proposal */
e = array_create_enumerator(this->transforms);
while (e->enumerate(e, &entry))
@@ -463,48 +484,103 @@ static void check_proposal(private_proposal_t *this)
}
}
e->destroy(e);
+ if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL))
+ {
+ DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals");
+ return FALSE;
+ }
+ }
+ else
+ { /* remove PRFs from ESP/AH proposals */
+ remove_transform(this, PSEUDO_RANDOM_FUNCTION);
}
- if (this->protocol == PROTO_ESP)
+ if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP)
{
e = create_enumerator(this, ENCRYPTION_ALGORITHM);
while (e->enumerate(e, &alg, &ks))
{
- if (!encryption_algorithm_is_aead(alg))
+ any_enc = TRUE;
+ if (encryption_algorithm_is_aead(alg))
{
- all_aead = FALSE;
- break;
+ any_aead = TRUE;
+ continue;
}
+ all_aead = FALSE;
}
e->destroy(e);
- if (all_aead)
+ if (!any_enc)
+ {
+ DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals",
+ protocol_id_names, this->protocol);
+ return FALSE;
+ }
+ else if (any_aead && !all_aead)
{
- /* if all encryption algorithms in the proposal are AEADs,
+ DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption "
+ "algorithms can't be contained in the same %N proposal",
+ protocol_id_names, this->protocol);
+ return FALSE;
+ }
+ else if (all_aead)
+ { /* if all encryption algorithms in the proposal are AEADs,
* we MUST NOT propose any integrity algorithms */
- e = array_create_enumerator(this->transforms);
- while (e->enumerate(e, &entry))
+ remove_transform(this, INTEGRITY_ALGORITHM);
+ }
+ }
+ else
+ { /* AES-GMAC is parsed as encryption algorithm, so we map that to the
+ * proper integrity algorithm */
+ e = array_create_enumerator(this->transforms);
+ while (e->enumerate(e, &entry))
+ {
+ if (entry->type == ENCRYPTION_ALGORITHM)
{
- if (entry->type == INTEGRITY_ALGORITHM)
+ if (entry->alg == ENCR_NULL_AUTH_AES_GMAC)
{
- array_remove_at(this->transforms, e);
+ entry->type = INTEGRITY_ALGORITHM;
+ ks = entry->key_size;
+ entry->key_size = 0;
+ switch (ks)
+ {
+ case 128:
+ entry->alg = AUTH_AES_128_GMAC;
+ continue;
+ case 192:
+ entry->alg = AUTH_AES_192_GMAC;
+ continue;
+ case 256:
+ entry->alg = AUTH_AES_256_GMAC;
+ continue;
+ default:
+ break;
+ }
}
+ /* remove all other encryption algorithms */
+ array_remove_at(this->transforms, e);
}
- e->destroy(e);
+ }
+ e->destroy(e);
+
+ if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
+ {
+ DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH "
+ "proposals");
+ return FALSE;
}
}
if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
{
- e = create_enumerator(this, EXTENDED_SEQUENCE_NUMBERS);
- if (!e->enumerate(e, NULL, NULL))
+ if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL))
{ /* ESN not specified, assume not supported */
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
}
- e->destroy(e);
}
array_compress(this->transforms);
+ return TRUE;
}
/**
@@ -842,6 +918,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case NTRU_128_BIT:
case NTRU_192_BIT:
case NTRU_256_BIT:
+ case NH_128_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
@@ -999,13 +1076,11 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
}
enumerator->destroy(enumerator);
- if (failed)
+ if (failed || !check_proposal(this))
{
destroy(this);
return NULL;
}
- check_proposal(this);
-
return &this->public;
}
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 1fd644203..50dab9e38 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -535,7 +535,7 @@ static payload_rule_t aggressive_i_rules[] = {
{PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{PLV1_ID, 0, 1, FALSE, FALSE},
- {PLV1_CERTIFICATE, 0, 1, TRUE, FALSE},
+ {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
{PLV1_SIGNATURE, 0, 1, TRUE, FALSE},
{PLV1_HASH, 0, 1, TRUE, FALSE},
{PLV1_FRAGMENT, 0, 1, FALSE, TRUE},
@@ -575,7 +575,7 @@ static payload_rule_t aggressive_r_rules[] = {
{PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{PLV1_ID, 0, 1, FALSE, FALSE},
- {PLV1_CERTIFICATE, 0, 1, FALSE, FALSE},
+ {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, FALSE, FALSE},
{PLV1_SIGNATURE, 0, 1, FALSE, FALSE},
{PLV1_HASH, 0, 1, FALSE, FALSE},
{PLV1_FRAGMENT, 0, 1, FALSE, TRUE},
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 1a435a823..55641e145 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -1360,18 +1360,21 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
if (enumerator->enumerate(enumerator, &alg, &key_size))
{
- transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
alg = get_ikev1_auth_from_alg(alg);
- if (transid && alg)
+ if (alg)
{
- if (!transform)
+ transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
+ if (!transform && transid)
{
transform = transform_substructure_create_type(
PLV1_TRANSFORM_SUBSTRUCTURE, number, transid);
}
- transform->add_transform_attribute(transform,
- transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE,
- TATTR_PH2_AUTH_ALGORITHM, alg));
+ if (transform)
+ {
+ transform->add_transform_attribute(transform,
+ transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE,
+ TATTR_PH2_AUTH_ALGORITHM, alg));
+ }
}
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 3b49a8582..7917d457e 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 5f6ecbf14..3560d3634 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index bee30d9a9..9d3f2f532 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index 607fe3f87..4b900d1c0 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index d533a56b5..077e2f3a0 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 31e786158..30873fa35 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index c312821aa..3c9ba8036 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index a71d75518..61dd852f5 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 843d05eae..856ebaadf 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index 5f035ba35..fd47162c7 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c
index 790252682..d32794c99 100644
--- a/src/libcharon/plugins/dnscert/dnscert_cred.c
+++ b/src/libcharon/plugins/dnscert/dnscert_cred.c
@@ -70,6 +70,8 @@ typedef struct {
enumerator_t *inner;
/** response of the DNS resolver which contains the CERTs */
resolver_response_t *response;
+ /** most recently enumerated certificate */
+ certificate_t *cert;
} cert_enumerator_t;
METHOD(enumerator_t, cert_enumerator_enumerate, bool,
@@ -101,17 +103,17 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
/* Try to parse PEM certificate container. Both x509 and PGP should
* presumably come as PEM encoded certs. */
certificate = cur_crt->get_certificate(cur_crt);
- *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY,
- BUILD_BLOB_PEM, certificate,
- BUILD_END);
- if (*cert == NULL)
+ DESTROY_IF(this->cert);
+ this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY,
+ BUILD_BLOB_PEM, certificate,
+ BUILD_END);
+ cur_crt->destroy(cur_crt);
+ if (!this->cert)
{
- DBG1(DBG_CFG, " unable to parse certificate, skipping",
- cur_crt->get_cert_type(cur_crt));
- cur_crt->destroy(cur_crt);
+ DBG1(DBG_CFG, " unable to parse certificate, skipping");
continue;
}
- cur_crt->destroy(cur_crt);
+ *cert = this->cert;
return TRUE;
}
return FALSE;
@@ -120,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
METHOD(enumerator_t, cert_enumerator_destroy, void,
cert_enumerator_t *this)
{
+ DESTROY_IF(this->cert);
this->inner->destroy(this->inner);
this->response->destroy(this->response);
free(this);
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 9e3133b1d..866af82be 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -449,6 +446,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 8ac12c1f2..6ff71c2a3 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 7dc9003c9..eabe0b489 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index f81d54fc2..e6877f75e 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index f11d86051..a1ebc2bd0 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index e9755aa71..e2431feda 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 82ba96d26..2a4721814 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index c3b31cd9a..42c07956a 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 2a01a369f..23d9d1da8 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 7f8348e06..d51d0d090 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -211,7 +211,7 @@ METHOD(tls_application_t, process, status_t,
{
DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N]",
eap_code_short_names, code);
-
+ in->destroy(in);
/* if EAP_SUCCESS check if to continue phase2 with EAP-TNC */
return (this->phase2_result == EAP_SUCCESS && code == EAP_SUCCESS) ?
start_phase2_tnc(this) : FAILED;
@@ -250,6 +250,7 @@ METHOD(tls_application_t, process, status_t,
{
DBG1(DBG_IKE, "%N method not available",
eap_type_names, EAP_IDENTITY);
+ in->destroy(in);
return FAILED;
}
}
@@ -258,6 +259,7 @@ METHOD(tls_application_t, process, status_t,
{
DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_IDENTITY);
+ in->destroy(in);
return FAILED;
}
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index cdba38cde..7d0614d46 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index f1b8adb71..ba20c085e 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 40ff9f245..5d93852da 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 354c7a12d..8d0cd71f7 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 4e3105ffd..60b7ef32b 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 2d5747e01..8608587da 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index a491899ac..4cf739e7c 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index c912f9ff4..d125c13a1 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index efef3af20..c32671a56 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 6f39b8455..20a3dd88e 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index d3fd2a198..96c6a63e5 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -450,6 +447,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index c49c55fdb..1178d65b2 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 4674a78b4..f37ca65db 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index d29134f33..2f78e7749 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 420b8bdb7..2be7ee4a1 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 38a63ea02..971b72cc3 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index 6c041ce26..ff50d8a17 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -57,6 +57,8 @@ typedef struct {
time_t notAfter;
/* identity to which the IPSECKEY belongs */
identification_t *identity;
+ /** most recently enumerated certificate */
+ certificate_t *cert;
} cert_enumerator_t;
METHOD(enumerator_t, cert_enumerator_enumerate, bool,
@@ -91,28 +93,27 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_BLOB_DNSKEY, key,
BUILD_END);
+ cur_ipseckey->destroy(cur_ipseckey);
if (!public)
{
DBG1(DBG_CFG, " failed to create public key from IPSECKEY");
- cur_ipseckey->destroy(cur_ipseckey);
continue;
}
-
- *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
- CERT_TRUSTED_PUBKEY,
- BUILD_PUBLIC_KEY, public,
- BUILD_SUBJECT, this->identity,
- BUILD_NOT_BEFORE_TIME, this->notBefore,
- BUILD_NOT_AFTER_TIME, this->notAfter,
- BUILD_END);
- if (*cert == NULL)
+ DESTROY_IF(this->cert);
+ this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_TRUSTED_PUBKEY,
+ BUILD_PUBLIC_KEY, public,
+ BUILD_SUBJECT, this->identity,
+ BUILD_NOT_BEFORE_TIME, this->notBefore,
+ BUILD_NOT_AFTER_TIME, this->notAfter,
+ BUILD_END);
+ public->destroy(public);
+ if (!this->cert)
{
DBG1(DBG_CFG, " failed to create certificate from IPSECKEY");
- cur_ipseckey->destroy(cur_ipseckey);
- public->destroy(public);
continue;
}
- cur_ipseckey->destroy(cur_ipseckey);
+ *cert = this->cert;
return TRUE;
}
return FALSE;
@@ -121,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
METHOD(enumerator_t, cert_enumerator_destroy, void,
cert_enumerator_t *this)
{
+ DESTROY_IF(this->cert);
this->inner->destroy(this->inner);
this->response->destroy(this->response);
free(this);
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index 19e7701c6..a2c8d22c3 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 9bfdb950f..011ec3f5a 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 2435dea92..b2df52a61 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -392,7 +392,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -426,8 +425,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -481,6 +478,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 9c2a7c315..f3846ec07 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1245,7 +1245,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
*/
static void format_mark(char *buf, int buflen, mark_t mark)
{
- if (mark.value)
+ if (mark.value | mark.mask)
{
snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask);
}
@@ -1256,7 +1256,7 @@ static void format_mark(char *buf, int buflen, mark_t mark)
*/
static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
{
- if (mark.value)
+ if (mark.value | mark.mask)
{
struct xfrm_mark *xmrk;
@@ -2528,6 +2528,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
id->dir, markstr, cur_priority, use_count);
return SUCCESS;
}
+ policy->reqid = assigned_sa->sa->cfg.reqid;
if (this->policy_update)
{
@@ -2720,6 +2721,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
return SUCCESS;
}
current->used_by->get_first(current->used_by, (void**)&mapping);
+ current->reqid = mapping->sa->cfg.reqid;
DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, "
"refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir,
@@ -3044,6 +3046,110 @@ METHOD(kernel_ipsec_t, destroy, void,
free(this);
}
+/**
+ * Get the currently configured SPD hashing thresholds for an address family
+ */
+static bool get_spd_hash_thresh(private_kernel_netlink_ipsec_t *this,
+ int type, uint8_t *lbits, uint8_t *rbits)
+{
+ netlink_buf_t request;
+ struct nlmsghdr *hdr, *out;
+ struct xfrmu_spdhthresh *thresh;
+ struct rtattr *rta;
+ size_t len, rtasize;
+ bool success = FALSE;
+
+ memset(&request, 0, sizeof(request));
+
+ hdr = &request.hdr;
+ hdr->nlmsg_flags = NLM_F_REQUEST;
+ hdr->nlmsg_type = XFRM_MSG_GETSPDINFO;
+ hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t));
+
+ if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS)
+ {
+ hdr = out;
+ while (NLMSG_OK(hdr, len))
+ {
+ switch (hdr->nlmsg_type)
+ {
+ case XFRM_MSG_NEWSPDINFO:
+ {
+ rta = XFRM_RTA(hdr, uint32_t);
+ rtasize = XFRM_PAYLOAD(hdr, uint32_t);
+ while (RTA_OK(rta, rtasize))
+ {
+ if (rta->rta_type == type &&
+ RTA_PAYLOAD(rta) == sizeof(*thresh))
+ {
+ thresh = RTA_DATA(rta);
+ *lbits = thresh->lbits;
+ *rbits = thresh->rbits;
+ success = TRUE;
+ break;
+ }
+ rta = RTA_NEXT(rta, rtasize);
+ }
+ break;
+ }
+ case NLMSG_ERROR:
+ {
+ struct nlmsgerr *err = NLMSG_DATA(hdr);
+ DBG1(DBG_KNL, "getting SPD hash threshold failed: %s (%d)",
+ strerror(-err->error), -err->error);
+ break;
+ }
+ default:
+ hdr = NLMSG_NEXT(hdr, len);
+ continue;
+ case NLMSG_DONE:
+ break;
+ }
+ break;
+ }
+ free(out);
+ }
+ return success;
+}
+
+/**
+ * Configure SPD hashing threshold for an address family
+ */
+static void setup_spd_hash_thresh(private_kernel_netlink_ipsec_t *this,
+ char *key, int type, uint8_t def)
+{
+ struct xfrmu_spdhthresh *thresh;
+ struct nlmsghdr *hdr;
+ netlink_buf_t request;
+ uint8_t lbits, rbits;
+
+ if (!get_spd_hash_thresh(this, type, &lbits, &rbits))
+ {
+ return;
+ }
+ memset(&request, 0, sizeof(request));
+
+ hdr = &request.hdr;
+ hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+ hdr->nlmsg_type = XFRM_MSG_NEWSPDINFO;
+ hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t));
+
+ thresh = netlink_reserve(hdr, sizeof(request), type, sizeof(*thresh));
+ thresh->lbits = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.spdh_thresh.%s.lbits",
+ def, lib->ns, key);
+ thresh->rbits = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.spdh_thresh.%s.rbits",
+ def, lib->ns, key);
+ if (thresh->lbits != lbits || thresh->rbits != rbits)
+ {
+ if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "setting SPD hash threshold failed");
+ }
+ }
+}
+
/*
* Described in header.
*/
@@ -3114,6 +3220,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
return NULL;
}
+ setup_spd_hash_thresh(this, "ipv4", XFRMA_SPD_IPV4_HTHRESH, 32);
+ setup_spd_hash_thresh(this, "ipv6", XFRMA_SPD_IPV6_HTHRESH, 128);
+
if (register_for_events)
{
struct sockaddr_nl addr;
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 93c2ccccb..0132f7269 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -701,6 +701,54 @@ static void addr_map_entry_remove(hashtable_t *map, addr_entry_t *addr,
free(entry);
}
+/**
+ * Check if an address or net (addr with prefix net bits) is in
+ * subnet (net with net_len net bits)
+ */
+static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len)
+{
+ static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
+ int byte = 0;
+
+ if (net_len == 0)
+ { /* any address matches a /0 network */
+ return TRUE;
+ }
+ if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len)
+ {
+ return FALSE;
+ }
+ /* scan through all bytes in network order */
+ while (net_len > 0)
+ {
+ if (net_len < 8)
+ {
+ return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
+ }
+ else
+ {
+ if (addr.ptr[byte] != net.ptr[byte])
+ {
+ return FALSE;
+ }
+ byte++;
+ net_len -= 8;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * Check if the given address is in subnet (net with net_len net bits)
+ */
+static bool host_in_subnet(host_t *host, chunk_t net, int net_len)
+{
+ chunk_t addr;
+
+ addr = host->get_address(host);
+ return addr_in_subnet(addr, addr.len * 8, net, net_len);
+}
+
/**
* Determine the type or scope of the given unicast IP address. This is not
* the same thing returned in rtm_scope/ifa_scope.
@@ -837,7 +885,8 @@ static bool is_address_better(private_kernel_netlink_net_t *this,
}
/**
- * Get a non-virtual IP address on the given interface.
+ * Get a non-virtual IP address on the given interfaces and optionally in a
+ * given subnet.
*
* If a candidate address is given, we first search for that address and if not
* found return the address as above.
@@ -845,19 +894,21 @@ static bool is_address_better(private_kernel_netlink_net_t *this,
*
* this->lock must be held when calling this function.
*/
-static host_t *get_interface_address(private_kernel_netlink_net_t *this,
- int ifindex, int family, host_t *dest,
- host_t *candidate)
+static host_t *get_matching_address(private_kernel_netlink_net_t *this,
+ int *ifindex, int family, chunk_t net,
+ uint8_t mask, host_t *dest,
+ host_t *candidate)
{
+ enumerator_t *ifaces, *addrs;
iface_entry_t *iface;
- enumerator_t *addrs;
addr_entry_t *addr, *best = NULL;
+ bool candidate_matched = FALSE;
- if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
- (void**)&iface, &ifindex) == SUCCESS)
+ ifaces = this->ifaces->create_enumerator(this->ifaces);
+ while (ifaces->enumerate(ifaces, &iface))
{
- if (iface->usable)
- { /* only use interfaces not excluded by config */
+ if (iface->usable && (!ifindex || iface->ifindex == *ifindex))
+ { /* only use matching interfaces not excluded by config */
addrs = iface->addrs->create_enumerator(iface->addrs);
while (addrs->enumerate(addrs, &addr))
{
@@ -866,9 +917,14 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this,
{ /* ignore virtual IP addresses and ensure family matches */
continue;
}
+ if (net.ptr && !host_in_subnet(addr->ip, net, mask))
+ { /* optionally match a subnet */
+ continue;
+ }
if (candidate && candidate->ip_equals(candidate, addr->ip))
{ /* stop if we find the candidate */
best = addr;
+ candidate_matched = TRUE;
break;
}
else if (!best || is_address_better(this, best, addr, dest))
@@ -877,11 +933,49 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this,
}
}
addrs->destroy(addrs);
+ if (ifindex || candidate_matched)
+ {
+ break;
+ }
}
}
+ ifaces->destroy(ifaces);
return best ? best->ip->clone(best->ip) : NULL;
}
+/**
+ * Get a non-virtual IP address on the given interface.
+ *
+ * If a candidate address is given, we first search for that address and if not
+ * found return the address as above.
+ * Returned host is a clone, has to be freed by caller.
+ *
+ * this->lock must be held when calling this function.
+ */
+static host_t *get_interface_address(private_kernel_netlink_net_t *this,
+ int ifindex, int family, host_t *dest,
+ host_t *candidate)
+{
+ return get_matching_address(this, &ifindex, family, chunk_empty, 0, dest,
+ candidate);
+}
+
+/**
+ * Get a non-virtual IP address in the given subnet.
+ *
+ * If a candidate address is given, we first search for that address and if not
+ * found return the address as above.
+ * Returned host is a clone, has to be freed by caller.
+ *
+ * this->lock must be held when calling this function.
+ */
+static host_t *get_subnet_address(private_kernel_netlink_net_t *this,
+ int family, chunk_t net, uint8_t mask,
+ host_t *dest, host_t *candidate)
+{
+ return get_matching_address(this, NULL, family, net, mask, dest, candidate);
+}
+
/**
* callback function that raises the delayed roam event
*/
@@ -1527,52 +1621,17 @@ static char *get_interface_name_by_index(private_kernel_netlink_net_t *this,
return name;
}
-/**
- * check if an address or net (addr with prefix net bits) is in
- * subnet (net with net_len net bits)
- */
-static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len)
-{
- static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
- int byte = 0;
-
- if (net_len == 0)
- { /* any address matches a /0 network */
- return TRUE;
- }
- if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len)
- {
- return FALSE;
- }
- /* scan through all bytes in network order */
- while (net_len > 0)
- {
- if (net_len < 8)
- {
- return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
- }
- else
- {
- if (addr.ptr[byte] != net.ptr[byte])
- {
- return FALSE;
- }
- byte++;
- net_len -= 8;
- }
- }
- return TRUE;
-}
-
/**
* Store information about a route retrieved via RTNETLINK
*/
typedef struct {
chunk_t gtw;
- chunk_t src;
+ chunk_t pref_src;
chunk_t dst;
+ chunk_t src;
host_t *src_host;
uint8_t dst_len;
+ uint8_t src_len;
uint32_t table;
uint32_t oif;
uint32_t priority;
@@ -1626,9 +1685,11 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
if (route)
{
route->gtw = chunk_empty;
- route->src = chunk_empty;
+ route->pref_src = chunk_empty;
route->dst = chunk_empty;
route->dst_len = msg->rtm_dst_len;
+ route->src = chunk_empty;
+ route->src_len = msg->rtm_src_len;
route->table = msg->rtm_table;
route->oif = 0;
route->priority = 0;
@@ -1637,6 +1698,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
{
INIT(route,
.dst_len = msg->rtm_dst_len,
+ .src_len = msg->rtm_src_len,
.table = msg->rtm_table,
);
}
@@ -1646,7 +1708,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
switch (rta->rta_type)
{
case RTA_PREFSRC:
- route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
+ route->pref_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
break;
case RTA_GATEWAY:
route->gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
@@ -1654,6 +1716,9 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
case RTA_DST:
route->dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
break;
+ case RTA_SRC:
+ route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
+ break;
case RTA_OIF:
if (RTA_PAYLOAD(rta) == sizeof(route->oif))
{
@@ -1790,10 +1855,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
{ /* route destination does not contain dest */
continue;
}
- if (route->src.ptr)
+ if (route->pref_src.ptr)
{ /* verify source address, if any */
host_t *src = host_create_from_chunk(msg->rtm_family,
- route->src, 0);
+ route->pref_src, 0);
if (src && is_known_vip(this, src))
{ /* ignore routes installed by us */
src->destroy(src);
@@ -1863,12 +1928,29 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
best = best ?: route;
continue;
}
+ if (route->src.ptr)
+ { /* no src, but a source selector, try to find a matching address */
+ route->src_host = get_subnet_address(this, msg->rtm_family,
+ route->src, route->src_len, dest,
+ candidate);
+ if (route->src_host)
+ { /* we handle this address the same as the one above */
+ if (!candidate ||
+ candidate->ip_equals(candidate, route->src_host))
+ {
+ best = route;
+ break;
+ }
+ best = best ?: route;
+ continue;
+ }
+ }
if (route->oif)
{ /* no src, but an interface - get address from it */
route->src_host = get_interface_address(this, route->oif,
msg->rtm_family, dest, candidate);
if (route->src_host)
- { /* we handle this address the same as the one above */
+ { /* more of the same */
if (!candidate ||
candidate->ip_equals(candidate, route->src_host))
{
@@ -1913,9 +1995,9 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
if (best || routes->get_first(routes, (void**)&best) == SUCCESS)
{
addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0);
- if (iface && route->oif)
+ if (iface && best->oif)
{
- *iface = get_interface_name_by_index(this, route->oif);
+ *iface = get_interface_name_by_index(this, best->oif);
}
}
if (!addr && !match_net)
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 8866f13d4..d00e8b337 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index 1c3f49120..fb1520d90 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index e002b4f0d..2adb9244b 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -450,6 +447,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index e0c2cba50..857e62961 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 856bdd8aa..f5f3df654 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -363,7 +363,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -397,8 +396,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -452,6 +449,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 69aa3792c..00258c3fa 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -359,7 +359,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -393,8 +392,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -448,6 +445,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am
deleted file mode 100644
index 02c283f5b..000000000
--- a/src/libcharon/plugins/maemo/Makefile.am
+++ /dev/null
@@ -1,29 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = \
- ${maemo_CFLAGS} \
- $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-maemo.la
-else
-plugin_LTLIBRARIES = libstrongswan-maemo.la
-endif
-
-libstrongswan_maemo_la_SOURCES = \
- maemo_plugin.h maemo_plugin.c \
- maemo_service.h maemo_service.c
-
-libstrongswan_maemo_la_LDFLAGS = -module -avoid-version
-libstrongswan_maemo_la_LIBADD = ${maemo_LIBS}
-
-dbusservice_DATA = org.strongswan.charon.service
-
-org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
- $(AM_V_GEN) \
- sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@
-
-EXTRA_DIST = org.strongswan.charon.service.in
-CLEANFILES = $(dbusservice_DATA)
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
deleted file mode 100644
index 78525bf6c..000000000
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ /dev/null
@@ -1,830 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libcharon/plugins/maemo
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(plugindir)" \
- "$(DESTDIR)$(dbusservicedir)"
-LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libstrongswan_maemo_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
-am_libstrongswan_maemo_la_OBJECTS = maemo_plugin.lo maemo_service.lo
-libstrongswan_maemo_la_OBJECTS = $(am_libstrongswan_maemo_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-libstrongswan_maemo_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_maemo_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-@MONOLITHIC_FALSE@am_libstrongswan_maemo_la_rpath = -rpath \
-@MONOLITHIC_FALSE@ $(plugindir)
-@MONOLITHIC_TRUE@am_libstrongswan_maemo_la_rpath =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libstrongswan_maemo_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_maemo_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(dbusservice_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = \
- ${maemo_CFLAGS} \
- $(PLUGIN_CFLAGS)
-
-@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-maemo.la
-@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-maemo.la
-libstrongswan_maemo_la_SOURCES = \
- maemo_plugin.h maemo_plugin.c \
- maemo_service.h maemo_service.c
-
-libstrongswan_maemo_la_LDFLAGS = -module -avoid-version
-libstrongswan_maemo_la_LIBADD = ${maemo_LIBS}
-dbusservice_DATA = org.strongswan.charon.service
-EXTRA_DIST = org.strongswan.charon.service.in
-CLEANFILES = $(dbusservice_DATA)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
- }
-
-uninstall-pluginLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
- done
-
-clean-pluginLTLIBRARIES:
- -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
- @list='$(plugin_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libstrongswan-maemo.la: $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_DEPENDENCIES) $(EXTRA_libstrongswan_maemo_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libstrongswan_maemo_la_LINK) $(am_libstrongswan_maemo_la_rpath) $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/maemo_plugin.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/maemo_service.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-dbusserviceDATA: $(dbusservice_DATA)
- @$(NORMAL_INSTALL)
- @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \
- done
-
-uninstall-dbusserviceDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(dbusservicedir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- clean-pluginLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dbusserviceDATA install-pluginLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dbusserviceDATA \
- install-dvi install-dvi-am install-exec install-exec-am \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am \
- install-pluginLTLIBRARIES install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
- $(AM_V_GEN) \
- sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libcharon/plugins/maemo/maemo_plugin.c b/src/libcharon/plugins/maemo/maemo_plugin.c
deleted file mode 100644
index ddf9cdb5b..000000000
--- a/src/libcharon/plugins/maemo/maemo_plugin.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "maemo_plugin.h"
-#include "maemo_service.h"
-
-#include <daemon.h>
-
-typedef struct private_maemo_plugin_t private_maemo_plugin_t;
-
-/**
- * private data of maemo plugin
- */
-struct private_maemo_plugin_t {
-
- /**
- * implements plugin interface
- */
- maemo_plugin_t public;
-
- /**
- * service
- */
- maemo_service_t *service;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_maemo_plugin_t *this)
-{
- return "maemo";
-}
-
-METHOD(plugin_t, get_features, int,
- private_maemo_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- PLUGIN_NOOP,
- PLUGIN_PROVIDE(CUSTOM, "maemo"),
- };
- *features = f;
- return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
- private_maemo_plugin_t *this)
-{
- this->service->destroy(this->service);
- free(this);
-}
-
-/*
- * See header
- */
-plugin_t *maemo_plugin_create()
-{
- private_maemo_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
- },
- },
- );
-
- this->service = maemo_service_create();
- if (!this->service)
- {
- return NULL;
- }
-
- return &this->public.plugin;
-}
diff --git a/src/libcharon/plugins/maemo/maemo_plugin.h b/src/libcharon/plugins/maemo/maemo_plugin.h
deleted file mode 100644
index 23d139b49..000000000
--- a/src/libcharon/plugins/maemo/maemo_plugin.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup maemo maemo
- * @ingroup cplugins
- *
- * @defgroup maemo_plugin maemo_plugin
- * @{ @ingroup maemo
- */
-
-#ifndef MAEMO_PLUGIN_H_
-#define MAEMO_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct maemo_plugin_t maemo_plugin_t;
-
-/**
- * Maemo integration plugin.
- */
-struct maemo_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** MAEMO_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
deleted file mode 100644
index 3e5861b87..000000000
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ /dev/null
@@ -1,530 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <glib.h>
-#include <libosso.h>
-#include <sys/stat.h>
-
-#include "maemo_service.h"
-
-#include <daemon.h>
-#include <credentials/sets/mem_cred.h>
-#include <processing/jobs/callback_job.h>
-
-#define OSSO_STATUS_NAME "status"
-#define OSSO_STATUS_SERVICE "org.strongswan."OSSO_STATUS_NAME
-#define OSSO_STATUS_OBJECT "/org/strongswan/"OSSO_STATUS_NAME
-#define OSSO_STATUS_IFACE "org.strongswan."OSSO_STATUS_NAME
-
-#define OSSO_CHARON_NAME "charon"
-#define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
-#define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
-#define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
-
-#define MAEMO_COMMON_CA_DIR "/etc/certs/common-ca"
-#define MAEMO_USER_CA_DIR "/home/user/.maemosec-certs/wifi-ca"
-/* there is also an smime-ca and an ssl-ca sub-directory and the same for
- * ...-user, which store end user/server certificates */
-
-typedef enum {
- VPN_STATUS_DISCONNECTED,
- VPN_STATUS_CONNECTING,
- VPN_STATUS_CONNECTED,
- VPN_STATUS_AUTH_FAILED,
- VPN_STATUS_CONNECTION_FAILED,
-} vpn_status_t;
-
-typedef struct private_maemo_service_t private_maemo_service_t;
-
-/**
- * private data of maemo service
- */
-struct private_maemo_service_t {
-
- /**
- * public interface
- */
- maemo_service_t public;
-
- /**
- * credentials
- */
- mem_cred_t *creds;
-
- /**
- * Glib main loop for a thread, handles DBUS calls
- */
- GMainLoop *loop;
-
- /**
- * Context for OSSO
- */
- osso_context_t *context;
-
- /**
- * Current IKE_SA
- */
- ike_sa_t *ike_sa;
-
- /**
- * Status of the current connection
- */
- vpn_status_t status;
-
- /**
- * Name of the current connection
- */
- gchar *current;
-
-};
-
-static gint change_status(private_maemo_service_t *this, int status)
-{
- osso_rpc_t retval;
- gint res;
- this->status = status;
- res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT,
- OSSO_STATUS_IFACE, "StatusChanged", &retval,
- DBUS_TYPE_INT32, status,
- DBUS_TYPE_INVALID);
- return res;
-}
-
-METHOD(listener_t, ike_updown, bool,
- private_maemo_service_t *this, ike_sa_t *ike_sa, bool up)
-{
- /* this callback is only registered during initiation, so if the IKE_SA
- * goes down we assume an authentication error */
- if (this->ike_sa == ike_sa && !up)
- {
- change_status(this, VPN_STATUS_AUTH_FAILED);
- return FALSE;
- }
- return TRUE;
-}
-
-METHOD(listener_t, ike_state_change, bool,
- private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
-{
- /* this call back is only registered during initiation */
- if (this->ike_sa == ike_sa && state == IKE_DESTROYING)
- {
- change_status(this, VPN_STATUS_CONNECTION_FAILED);
- return FALSE;
- }
- return TRUE;
-}
-
-METHOD(listener_t, child_updown, bool,
- private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
- bool up)
-{
- if (this->ike_sa == ike_sa)
- {
- if (up)
- {
- /* disable hooks registered to catch initiation failures */
- this->public.listener.ike_updown = NULL;
- this->public.listener.ike_state_change = NULL;
- change_status(this, VPN_STATUS_CONNECTED);
- }
- else
- {
- change_status(this, VPN_STATUS_CONNECTION_FAILED);
- return FALSE;
- }
- }
- return TRUE;
-}
-
-METHOD(listener_t, ike_rekey, bool,
- private_maemo_service_t *this, ike_sa_t *old, ike_sa_t *new)
-{
- if (this->ike_sa == old)
- {
- this->ike_sa = new;
- }
- return TRUE;
-}
-
-/**
- * load all CA certificates in the given directory
- */
-static void load_ca_dir(private_maemo_service_t *this, char *dir)
-{
- enumerator_t *enumerator;
- char *rel, *abs;
- struct stat st;
-
- enumerator = enumerator_create_directory(dir);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &rel, &abs, &st))
- {
- if (rel[0] != '.')
- {
- if (S_ISREG(st.st_mode))
- {
- certificate_t *cert;
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
- CERT_X509, BUILD_FROM_FILE, abs,
- BUILD_END);
- if (!cert)
- {
- DBG1(DBG_CFG, "loading CA certificate '%s' failed",
- abs);
- continue;
- }
- DBG2(DBG_CFG, "loaded CA certificate '%Y'",
- cert->get_subject(cert));
- this->creds->add_cert(this->creds, TRUE, cert);
- }
- }
- }
- enumerator->destroy(enumerator);
- }
-}
-
-static void disconnect(private_maemo_service_t *this)
-{
- ike_sa_t *ike_sa;
- u_int id;
-
- if (!this->current)
- {
- return;
- }
-
- /* avoid status updates, as this is called from the Glib main loop */
- charon->bus->remove_listener(charon->bus, &this->public.listener);
-
- ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
- this->current, FALSE);
- if (ike_sa)
- {
- id = ike_sa->get_unique_id(ike_sa);
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- charon->controller->terminate_ike(charon->controller, id,
- NULL, NULL, 0);
- }
- this->current = (g_free(this->current), NULL);
- this->status = VPN_STATUS_DISCONNECTED;
-}
-
-static gboolean initiate_connection(private_maemo_service_t *this,
- GArray *arguments)
-{
- gint i;
- gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
- identification_t *gateway = NULL, *user = NULL;
- ike_sa_t *ike_sa;
- ike_cfg_t *ike_cfg;
- peer_cfg_t *peer_cfg;
- child_cfg_t *child_cfg;
- traffic_selector_t *ts;
- auth_cfg_t *auth;
- certificate_t *cert;
- peer_cfg_create_t peer = {
- .cert_policy = CERT_SEND_IF_ASKED,
- .unique = UNIQUE_REPLACE,
- .keyingtries = 1,
- .rekey_time = 36000, /* 10h */
- .jitter_time = 600, /* 10min */
- .over_time = 600, /* 10min */
- };
- child_cfg_create_t child = {
- .lifetime = {
- .time = {
- .life = 10800, /* 3h */
- .rekey = 10200, /* 2h50min */
- .jitter = 300 /* 5min */
- },
- },
- .mode = MODE_TUNNEL,
- };
-
- if (this->status == VPN_STATUS_CONNECTED ||
- this->status == VPN_STATUS_CONNECTING)
- {
- DBG1(DBG_CFG, "currently connected to '%s', disconnecting first",
- this->current);
- disconnect (this);
- }
-
- if (arguments->len != 5)
- {
- DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
- return FALSE;
- }
-
- for (i = 0; i < arguments->len; i++)
- {
- osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
- if (arg->type != DBUS_TYPE_STRING)
- {
- DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
- return FALSE;
- }
- switch (i)
- {
- case 0: /* name */
- this->current = (g_free(this->current), NULL);
- this->current = g_strdup(arg->value.s);
- break;
- case 1: /* hostname */
- hostname = arg->value.s;
- break;
- case 2: /* CA certificate path */
- cacert = arg->value.s;
- break;
- case 3: /* username */
- username = arg->value.s;
- break;
- case 4: /* password */
- password = arg->value.s;
- break;
- }
- }
-
- DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
-
- this->creds->clear(this->creds);
-
- if (cacert && !streq(cacert, ""))
- {
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, cacert, BUILD_END);
- if (cert)
- {
- this->creds->add_cert(this->creds, TRUE, cert);
- }
- else
- {
- DBG1(DBG_CFG, "failed to load CA certificate");
- }
- /* if this is a server cert we could use the cert subject as id */
- }
- else
- {
- load_ca_dir(this, MAEMO_COMMON_CA_DIR);
- load_ca_dir(this, MAEMO_USER_CA_DIR);
- }
-
- gateway = identification_create_from_string(hostname);
- DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
-
- {
- shared_key_t *shared_key;
- chunk_t secret = chunk_create(password, strlen(password));
- user = identification_create_from_string(username);
- shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
- this->creds->add_shared(this->creds, shared_key, user->clone(user),
- NULL);
- }
-
- ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0",
- charon->socket->get_port(charon->socket, FALSE),
- hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
- ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
- ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
-
- peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer);
- peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
-
- auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
- auth->add(auth, AUTH_RULE_IDENTITY, user);
- peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
- auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
- auth->add(auth, AUTH_RULE_IDENTITY, gateway);
- peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
-
- child_cfg = child_cfg_create(this->current, &child);
- child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
- child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
- ts = traffic_selector_create_dynamic(0, 0, 65535);
- child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
- ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
- 0, "255.255.255.255", 65535);
- child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
- peer_cfg->add_child_cfg(peer_cfg, child_cfg);
-
- /* get us an IKE_SA */
- ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
- peer_cfg);
- if (!ike_sa)
- {
- peer_cfg->destroy(peer_cfg);
- this->status = VPN_STATUS_CONNECTION_FAILED;
- return FALSE;
- }
- if (!ike_sa->get_peer_cfg(ike_sa))
- {
- ike_sa->set_peer_cfg(ike_sa, peer_cfg);
- }
- peer_cfg->destroy(peer_cfg);
-
- /* store the IKE_SA, so we can track its progress */
- this->ike_sa = ike_sa;
- this->status = VPN_STATUS_CONNECTING;
- this->public.listener.ike_updown = _ike_updown;
- this->public.listener.ike_state_change = _ike_state_change;
- charon->bus->add_listener(charon->bus, &this->public.listener);
-
- /* get an additional reference because initiate consumes one */
- child_cfg->get_ref(child_cfg);
- if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
- {
- DBG1(DBG_CFG, "failed to initiate tunnel");
- charon->bus->remove_listener(charon->bus, &this->public.listener);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
- ike_sa);
- this->status = VPN_STATUS_CONNECTION_FAILED;
- return FALSE;
- }
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- return TRUE;
-}
-
-/**
- * Callback for libosso dbus wrapper
- */
-static gint dbus_req_handler(const gchar *interface, const gchar *method,
- GArray *arguments, private_maemo_service_t *this,
- osso_rpc_t *retval)
-{
- if (streq(method, "Start"))
- { /* void start (void), dummy function to start charon as root */
- return OSSO_OK;
- }
- else if (streq(method, "Connect"))
- { /* bool connect (name, host, cert, user, pass) */
- retval->value.b = initiate_connection(this, arguments);
- retval->type = DBUS_TYPE_BOOLEAN;
- }
- else if (streq(method, "Disconnect"))
- { /* void disconnect (void) */
- disconnect(this);
- }
- else
- {
- return OSSO_ERROR;
- }
- return OSSO_OK;
-}
-
-/**
- * Main loop to handle D-BUS messages.
- */
-static job_requeue_t run(private_maemo_service_t *this)
-{
- this->loop = g_main_loop_new(NULL, FALSE);
- g_main_loop_run(this->loop);
- return JOB_REQUEUE_NONE;
-}
-
-/**
- * Cancel the GLib Main Event Loop
- */
-static bool cancel(private_maemo_service_t *this)
-{
- if (this->loop)
- {
- if (g_main_loop_is_running(this->loop))
- {
- g_main_loop_quit(this->loop);
- }
- g_main_loop_unref(this->loop);
- }
- return TRUE;
-}
-
-METHOD(maemo_service_t, destroy, void,
- private_maemo_service_t *this)
-{
- if (this->context)
- {
- osso_rpc_unset_cb_f(this->context,
- OSSO_CHARON_SERVICE,
- OSSO_CHARON_OBJECT,
- OSSO_CHARON_IFACE,
- (osso_rpc_cb_f*)dbus_req_handler,
- this);
- osso_deinitialize(this->context);
- }
- charon->bus->remove_listener(charon->bus, &this->public.listener);
- lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
- this->creds->destroy(this->creds);
- this->current = (g_free(this->current), NULL);
- free(this);
-}
-
-/*
- * See header
- */
-maemo_service_t *maemo_service_create()
-{
- osso_return_t result;
- private_maemo_service_t *this;
-
- INIT(this,
- .public = {
- .listener = {
- .ike_updown = _ike_updown,
- .ike_state_change = _ike_state_change,
- .child_updown = _child_updown,
- .ike_rekey = _ike_rekey,
- },
- .destroy = _destroy,
- },
- .creds = mem_cred_create(),
- );
-
- lib->credmgr->add_set(lib->credmgr, &this->creds->set);
-
- this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
- if (!this->context)
- {
- DBG1(DBG_CFG, "failed to initialize OSSO context");
- destroy(this);
- return NULL;
- }
-
- result = osso_rpc_set_cb_f(this->context,
- OSSO_CHARON_SERVICE,
- OSSO_CHARON_OBJECT,
- OSSO_CHARON_IFACE,
- (osso_rpc_cb_f*)dbus_req_handler,
- this);
- if (result != OSSO_OK)
- {
- DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
- destroy(this);
- return NULL;
- }
-
- this->loop = NULL;
- if (!g_thread_supported())
- {
- g_thread_init(NULL);
- }
-
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
- NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
-
- return &this->public;
-}
diff --git a/src/libcharon/plugins/maemo/maemo_service.h b/src/libcharon/plugins/maemo/maemo_service.h
deleted file mode 100644
index b0240cbaa..000000000
--- a/src/libcharon/plugins/maemo/maemo_service.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup maemo_service maemo_service
- * @{ @ingroup maemo
- */
-
-#ifndef MAEMO_SERVICE_H_
-#define MAEMO_SERVICE_H_
-
-#include <bus/listeners/listener.h>
-
-typedef struct maemo_service_t maemo_service_t;
-
-/**
- * Maemo connection management.
- */
-struct maemo_service_t {
-
- /**
- * Implements listener_t.
- */
- listener_t listener;
-
- /**
- * Destroy a maemo_service_t.
- */
- void (*destroy)(maemo_service_t *this);
-};
-
-/**
- * Create an instance of maemo_service_t.
- */
-maemo_service_t *maemo_service_create();
-
-#endif /** MAEMO_SERVICE_H_ @}*/
diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in b/src/libcharon/plugins/maemo/org.strongswan.charon.service.in
deleted file mode 100644
index 8fa83af93..000000000
--- a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in
+++ /dev/null
@@ -1,4 +0,0 @@
-[D-BUS Service]
-Name=org.strongswan.charon
-Exec=/usr/bin/run-standalone.sh @LIBEXECDIR@/ipsec/charon
-User=root
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index fe301a7d9..eb7efd282 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index d4154fea4..3dd849bf0 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index ec488defe..83850fcdf 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 67ab4bfe3..619bff10d 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 9b7ab4c53..9d227a110 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 38b709ef0..53af31f20 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 72a168cb5..d08a6f468 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 112d8d218..dd1da8bc5 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 9f5f4a2e9..b6152afd7 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index 1b6b9f64a..ed0af93fc 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index b9cae90ec..0a4000e23 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 9f63cb0b5..7eacc516a 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 929e6fc84..77911c7b0 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -562,7 +562,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
}
}
-METHOD(stroke_cred_t, cache_cert, void,
+METHOD(credential_set_t, cache_cert, void,
private_stroke_cred_t *this, certificate_t *cert)
{
if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
@@ -575,10 +575,14 @@ METHOD(stroke_cred_t, cache_cert, void,
{
char buf[BUF_LEN];
chunk_t chunk, hex;
+ bool is_delta_crl;
+
+ is_delta_crl = crl->is_delta_crl(crl, NULL);
chunk = crl->get_authKeyIdentifier(crl);
hex = chunk_to_hex(chunk, NULL, FALSE);
- snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex.ptr);
+ snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr,
+ is_delta_crl ? "_delta" : "");
free(hex.ptr);
if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
@@ -1497,6 +1501,10 @@ stroke_cred_t *stroke_cred_create(stroke_ca_t *ca)
.ca = ca,
);
+ if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns))
+ {
+ cachecrl(this, TRUE);
+ }
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
lib->credmgr->add_set(lib->credmgr, &this->aacerts->set);
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 6c5703a16..cec26579d 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -844,6 +844,7 @@ static void list_algs(FILE *out)
integrity_algorithm_t integrity;
hash_algorithm_t hash;
pseudo_random_function_t prf;
+ ext_out_function_t xof;
diffie_hellman_group_t group;
rng_quality_t quality;
const char *plugin_name;
@@ -891,6 +892,14 @@ static void list_algs(FILE *out)
print_alg(out, &len, pseudo_random_function_names, prf, plugin_name);
}
enumerator->destroy(enumerator);
+ fprintf(out, "\n xof: ");
+ len = 13;
+ enumerator = lib->crypto->create_xof_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &xof, &plugin_name))
+ {
+ print_alg(out, &len, ext_out_function_names, xof, plugin_name);
+ }
+ enumerator->destroy(enumerator);
fprintf(out, "\n dh-group: ");
len = 13;
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 4f7483666..46de90ca6 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2011-2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 125e3c176..e219159cc 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 0ea265e10..60618c051 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index f2398c3f4..2b6c34c33 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -446,6 +443,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 84eed9a45..2f79391f5 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index cfc1c5f4c..fc9bff75c 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 612535d85..a2dd067be 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index ca9b49906..af0b65cd0 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -2,6 +2,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
AM_CFLAGS = \
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index b943c09ce..ce1520424 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -449,7 +449,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -483,8 +482,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -538,6 +535,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -545,6 +544,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
AM_CFLAGS = \
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index cf5a85a8d..18a3ef7b5 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -481,6 +481,19 @@ Load a shared IKE PSK, EAP or XAuth secret into the daemon.
errmsg = <error string on failure>
}
+### flush-certs() ###
+
+Flushes the certificate cache. The optional type argument allows to flush
+only certificates of a given type, e.g. all cached CRLs.
+
+ {
+ type = <certificate type to filter for, X509|X509_AC|X509_CRL|
+ OCSP_RESPONSE|PUBKEY or ANY>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
### clear-creds() ###
Clear all loaded certificate, private key and shared key credentials. This
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index e32e9668c..523868c68 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
index de374aa11..d19739709 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
@@ -560,6 +560,21 @@ print "----- unload-authority -----\n";
($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
+=item flush_certs()
+
+flushes the volatile certificate cache. Optionally only a given certificate
+type is flushed.
+
+ my %vars = ( type => 'x509_crl' );
+ my ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
+
+=cut
+
+print "----- flush-certs -----\n";
+%vars = ( type => 'x509_crl' );
+($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
+print $res ? "ok\n" : "failed: $errmsg\n";
+
=item clear_creds()
clears all loaded certificate, private key and shared key credentials. This
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
index 78197136a..5c09b14ed 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
@@ -96,6 +96,10 @@ sub load_shared {
return request_vars_res('load-shared', @_);
}
+sub flush_certs {
+ return request_vars_res('flush-certs', @_);
+}
+
sub clear_creds {
return request_res('clear-creds', @_);
}
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 7d1c64267..4f1a91703 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -289,7 +289,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -323,8 +322,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -378,6 +375,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/python/vici/session.py b/src/libcharon/plugins/vici/python/vici/session.py
index 66de8590a..5bd4b7c40 100644
--- a/src/libcharon/plugins/vici/python/vici/session.py
+++ b/src/libcharon/plugins/vici/python/vici/session.py
@@ -166,6 +166,17 @@ class Session(object):
"""
self.handler.request("load-shared", secret)
+ def flush_certs(self, filter=None):
+ """Flush the volatile certificate cache.
+
+ Flush the certificate stored temporarily in the cache. The filter
+ allows to flush only a certain type of certificates, e.g. CRLs.
+
+ :param filter: flush only certificates of a given type (optional)
+ :type filter: dict
+ """
+ self.handler.request("flush-certs", filter)
+
def clear_creds(self):
"""Clear credentials loaded over vici.
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index aceb28adc..e176285a8 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
index 018f50766..1a95fc3dd 100644
--- a/src/libcharon/plugins/vici/ruby/lib/vici.rb
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -448,6 +448,12 @@ module Vici
@transp.request("get-conns").root
end
+ ##
+ # Flush credential cache.
+ def flush_certs((match = nil)
+ check_success(@transp.request("flush-certs", Message.new(match)))
+ end
+
##
# Clear all loaded credentials.
def clear_creds()
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index d919e1d94..2110fd31d 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -437,6 +437,7 @@ typedef struct {
linked_list_t *remote_ts;
uint32_t replay_window;
bool policies;
+ bool policies_fwd_out;
child_cfg_create_t cfg;
} child_data_t;
@@ -462,6 +463,7 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp);
DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode);
DBG2(DBG_CFG, " policies = %u", data->policies);
+ DBG2(DBG_CFG, " policies_fwd_out = %u", data->policies_fwd_out);
if (data->replay_window != REPLAY_UNDEFINED)
{
DBG2(DBG_CFG, " replay_window = %u", data->replay_window);
@@ -503,7 +505,7 @@ static void free_child_data(child_data_t *data)
*/
static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
{
- char buf[128];
+ char buf[BUF_LEN];
proposal_t *proposal;
if (!vici_stringify(v, buf, sizeof(buf)))
@@ -566,7 +568,7 @@ CALLBACK(parse_ah_proposal, bool,
CALLBACK(parse_ts, bool,
linked_list_t *out, chunk_t v)
{
- char buf[128], *protoport, *sep, *port = "", *end;
+ char buf[BUF_LEN], *protoport, *sep, *port = "", *end;
traffic_selector_t *ts = NULL;
struct protoent *protoent;
struct servent *svc;
@@ -720,7 +722,7 @@ typedef struct {
*/
static bool parse_map(enum_map_t *map, int count, int *out, chunk_t v)
{
- char buf[128];
+ char buf[BUF_LEN];
int i;
if (!vici_stringify(v, buf, sizeof(buf)))
@@ -1051,7 +1053,7 @@ CALLBACK(parse_auth, bool,
*/
static bool parse_id(auth_cfg_t *cfg, auth_rule_t rule, chunk_t v)
{
- char buf[256];
+ char buf[BUF_LEN];
if (!vici_stringify(v, buf, sizeof(buf)))
{
@@ -1330,31 +1332,32 @@ CALLBACK(child_kv, bool,
child_data_t *child, vici_message_t *message, char *name, chunk_t value)
{
parse_rule_t rules[] = {
- { "updown", parse_string, &child->cfg.updown },
- { "hostaccess", parse_bool, &child->cfg.hostaccess },
- { "mode", parse_mode, &child->cfg.mode },
- { "policies", parse_bool, &child->policies },
- { "replay_window", parse_uint32, &child->replay_window },
- { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
- { "life_time", parse_time, &child->cfg.lifetime.time.life },
- { "rand_time", parse_time, &child->cfg.lifetime.time.jitter },
- { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey },
- { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life },
- { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter },
- { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey },
- { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life },
- { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter },
- { "dpd_action", parse_action, &child->cfg.dpd_action },
- { "start_action", parse_action, &child->cfg.start_action },
- { "close_action", parse_action, &child->cfg.close_action },
- { "ipcomp", parse_bool, &child->cfg.ipcomp },
- { "inactivity", parse_time, &child->cfg.inactivity },
- { "reqid", parse_uint32, &child->cfg.reqid },
- { "mark_in", parse_mark, &child->cfg.mark_in },
- { "mark_out", parse_mark, &child->cfg.mark_out },
- { "tfc_padding", parse_tfc, &child->cfg.tfc },
- { "priority", parse_uint32, &child->cfg.priority },
- { "interface", parse_string, &child->cfg.interface },
+ { "updown", parse_string, &child->cfg.updown },
+ { "hostaccess", parse_bool, &child->cfg.hostaccess },
+ { "mode", parse_mode, &child->cfg.mode },
+ { "policies", parse_bool, &child->policies },
+ { "policies_fwd_out", parse_bool, &child->policies_fwd_out },
+ { "replay_window", parse_uint32, &child->replay_window },
+ { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
+ { "life_time", parse_time, &child->cfg.lifetime.time.life },
+ { "rand_time", parse_time, &child->cfg.lifetime.time.jitter },
+ { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey },
+ { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life },
+ { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter },
+ { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey },
+ { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life },
+ { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter },
+ { "dpd_action", parse_action, &child->cfg.dpd_action },
+ { "start_action", parse_action, &child->cfg.start_action },
+ { "close_action", parse_action, &child->cfg.close_action },
+ { "ipcomp", parse_bool, &child->cfg.ipcomp },
+ { "inactivity", parse_time, &child->cfg.inactivity },
+ { "reqid", parse_uint32, &child->cfg.reqid },
+ { "mark_in", parse_mark, &child->cfg.mark_in },
+ { "mark_out", parse_mark, &child->cfg.mark_out },
+ { "tfc_padding", parse_tfc, &child->cfg.tfc },
+ { "priority", parse_uint32, &child->cfg.priority },
+ { "interface", parse_string, &child->cfg.interface },
};
return parse_rules(rules, countof(rules), name, value,
@@ -1537,6 +1540,7 @@ CALLBACK(children_sn, bool,
}
}
child.cfg.suppress_policies = !child.policies;
+ child.cfg.fwd_out_policies = child.policies_fwd_out;
check_lifetimes(&child.cfg.lifetime);
@@ -1976,7 +1980,7 @@ CALLBACK(config_sn, bool,
.send_cert = CERT_SEND_IF_ASKED,
.version = IKE_ANY,
.remote_port = IKEV2_UDP_PORT,
- .fragmentation = FRAGMENTATION_NO,
+ .fragmentation = FRAGMENTATION_YES,
.unique = UNIQUE_NO,
.keyingtries = 1,
.rekey_time = LFT_UNDEFINED,
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index 3411b7d6c..baf285fb8 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -2,7 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -25,8 +25,15 @@
#include <credentials/certificates/crl.h>
#include <credentials/certificates/x509.h>
+#include <errno.h>
+
typedef struct private_vici_cred_t private_vici_cred_t;
+/**
+ * Directory for saved X.509 CRLs
+ */
+#define CRL_DIR SWANCTLDIR "/x509crl"
+
/**
* Private data of an vici_cred_t object.
*/
@@ -46,8 +53,54 @@ struct private_vici_cred_t {
* credentials
*/
mem_cred_t *creds;
+
+ /**
+ * cache CRLs to disk?
+ */
+ bool cachecrl;
+
};
+METHOD(credential_set_t, cache_cert, void,
+ private_vici_cred_t *this, certificate_t *cert)
+{
+ if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
+ {
+ /* CRLs get written to /etc/swanctl/x509crl/<authkeyId>.crl */
+ crl_t *crl = (crl_t*)cert;
+
+ cert->get_ref(cert);
+ if (this->creds->add_crl(this->creds, crl))
+ {
+ char buf[BUF_LEN];
+ chunk_t chunk, hex;
+ bool is_delta_crl;
+
+ is_delta_crl = crl->is_delta_crl(crl, NULL);
+ chunk = crl->get_authKeyIdentifier(crl);
+ hex = chunk_to_hex(chunk, NULL, FALSE);
+ snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr,
+ is_delta_crl ? "_delta" : "");
+ free(hex.ptr);
+
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
+ {
+ if (chunk_write(chunk, buf, 022, TRUE))
+ {
+ DBG1(DBG_CFG, " written crl file '%s' (%d bytes)",
+ buf, chunk.len);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " writing crl file '%s' failed: %s",
+ buf, strerror(errno));
+ }
+ free(chunk.ptr);
+ }
+ }
+ }
+}
+
/**
* Create a (error) reply message
*/
@@ -287,6 +340,24 @@ CALLBACK(clear_creds, vici_message_t*,
return create_reply(NULL);
}
+CALLBACK(flush_certs, vici_message_t*,
+ private_vici_cred_t *this, char *name, u_int id, vici_message_t *message)
+{
+ certificate_type_t type = CERT_ANY;
+ x509_flag_t flag = X509_NONE;
+ char *str;
+
+ str = message->get_str(message, NULL, "type");
+ if (str && !enum_from_name(certificate_type_names, str, &type) &&
+ !vici_cert_info_from_str(str, &type, &flag))
+ {
+ return create_reply("invalid certificate type '%s'", str);
+ }
+ lib->credmgr->flush_cache(lib->credmgr, type);
+
+ return create_reply(NULL);
+}
+
static void manage_command(private_vici_cred_t *this,
char *name, vici_command_cb_t cb, bool reg)
{
@@ -300,6 +371,7 @@ static void manage_command(private_vici_cred_t *this,
static void manage_commands(private_vici_cred_t *this, bool reg)
{
manage_command(this, "clear-creds", clear_creds, reg);
+ manage_command(this, "flush-certs", flush_certs, reg);
manage_command(this, "load-cert", load_cert, reg);
manage_command(this, "load-key", load_key, reg);
manage_command(this, "load-shared", load_shared, reg);
@@ -330,6 +402,13 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher)
INIT(this,
.public = {
+ .set = {
+ .create_private_enumerator = (void*)return_null,
+ .create_cert_enumerator = (void*)return_null,
+ .create_shared_enumerator = (void*)return_null,
+ .create_cdp_enumerator = (void*)return_null,
+ .cache_cert = (void*)_cache_cert,
+ },
.add_cert = _add_cert,
.destroy = _destroy,
},
@@ -337,6 +416,11 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher)
.creds = mem_cred_create(),
);
+ if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns))
+ {
+ this->cachecrl = TRUE;
+ DBG1(DBG_CFG, "crl caching to %s enabled", CRL_DIR);
+ }
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
manage_commands(this, TRUE);
diff --git a/src/libcharon/plugins/vici/vici_cred.h b/src/libcharon/plugins/vici/vici_cred.h
index 8359c0e88..6ce514786 100644
--- a/src/libcharon/plugins/vici/vici_cred.h
+++ b/src/libcharon/plugins/vici/vici_cred.h
@@ -2,6 +2,9 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@@ -23,6 +26,8 @@
#include "vici_dispatcher.h"
+#include <credentials/credential_set.h>
+
typedef struct vici_cred_t vici_cred_t;
/**
@@ -30,6 +35,11 @@ typedef struct vici_cred_t vici_cred_t;
*/
struct vici_cred_t {
+ /**
+ * Implements credential_set_t
+ */
+ credential_set_t set;
+
/**
* Add a certificate to the certificate store
*
diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c
index ed7c743c7..136651261 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -2,7 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -130,6 +130,7 @@ static bool register_vici(private_vici_plugin_t *this,
this->cred = vici_cred_create(this->dispatcher);
this->authority = vici_authority_create(this->dispatcher,
this->cred);
+ lib->credmgr->add_set(lib->credmgr, &this->cred->set);
lib->credmgr->add_set(lib->credmgr, &this->authority->set);
this->config = vici_config_create(this->dispatcher, this->authority,
this->cred);
@@ -158,6 +159,7 @@ static bool register_vici(private_vici_plugin_t *this,
this->logger->destroy(this->logger);
this->attrs->destroy(this->attrs);
this->config->destroy(this->config);
+ lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
lib->credmgr->remove_set(lib->credmgr, &this->authority->set);
this->authority->destroy(this->authority);
this->cred->destroy(this->cred);
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 04cea004e..828b61927 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1072,6 +1072,7 @@ CALLBACK(get_algorithms, vici_message_t*,
integrity_algorithm_t integrity;
hash_algorithm_t hash;
pseudo_random_function_t prf;
+ ext_out_function_t xof;
diffie_hellman_group_t group;
rng_quality_t quality;
const char *plugin_name;
@@ -1123,6 +1124,15 @@ CALLBACK(get_algorithms, vici_message_t*,
enumerator->destroy(enumerator);
b->end_section(b);
+ b->begin_section(b, "xof");
+ enumerator = lib->crypto->create_xof_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &xof, &plugin_name))
+ {
+ add_algorithm(b, ext_out_function_names, xof, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ b->end_section(b);
+
b->begin_section(b, "dh");
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 47fcf91cd..2e7bf0213 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -449,6 +446,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 0e88f8e32..541bec94c 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index e20b46f57..50a6c8065 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index b8adbbf43..e2353a422 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 79c466689..048e4d580 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 8a405d93c..e4364de12 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -111,11 +111,16 @@ struct private_child_sa_t {
*/
bool static_reqid;
- /*
+ /**
* Unique CHILD_SA identifier
*/
uint32_t unique_id;
+ /**
+ * Whether FWD policieis in the outbound direction should be installed
+ */
+ bool policies_fwd_out;
+
/**
* inbound mark used for this child_sa
*/
@@ -931,15 +936,19 @@ static status_t install_policies_internal(private_child_sa_t *this,
* policies of two SAs we install them with reduced priority. As they
* basically act as bypass policies for drop policies we use a higher
* priority than is used for them. */
- out_id.dir = POLICY_FWD;
- other_sa->reqid = 0;
- if (priority == POLICY_PRIORITY_DEFAULT)
+ if (this->policies_fwd_out)
{
- out_policy.prio = POLICY_PRIORITY_ROUTED;
+ out_id.dir = POLICY_FWD;
+ other_sa->reqid = 0;
+ if (priority == POLICY_PRIORITY_DEFAULT)
+ {
+ out_policy.prio = POLICY_PRIORITY_ROUTED;
+ }
+ status |= charon->kernel->add_policy(charon->kernel, &out_id,
+ &out_policy);
+ /* reset the reqid for any other further policies */
+ other_sa->reqid = this->reqid;
}
- status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy);
- /* reset the reqid for any other further policies */
- other_sa->reqid = this->reqid;
}
return status;
}
@@ -988,14 +997,17 @@ static void del_policies_internal(private_child_sa_t *this,
in_id.dir = POLICY_FWD;
charon->kernel->del_policy(charon->kernel, &in_id, &in_policy);
- out_id.dir = POLICY_FWD;
- other_sa->reqid = 0;
- if (priority == POLICY_PRIORITY_DEFAULT)
+ if (this->policies_fwd_out)
{
- out_policy.prio = POLICY_PRIORITY_ROUTED;
+ out_id.dir = POLICY_FWD;
+ other_sa->reqid = 0;
+ if (priority == POLICY_PRIORITY_DEFAULT)
+ {
+ out_policy.prio = POLICY_PRIORITY_ROUTED;
+ }
+ charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
+ other_sa->reqid = this->reqid;
}
- charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
- other_sa->reqid = this->reqid;
}
}
@@ -1443,6 +1455,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
.mark_in = config->get_mark(config, TRUE),
.mark_out = config->get_mark(config, FALSE),
.install_time = time_monotonic(NULL),
+ .policies_fwd_out = config->install_fwd_out_policy(config),
);
this->config = config;
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 009277ddd..7b87918d3 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -921,6 +921,7 @@ METHOD(ike_sa_t, reset, void,
this->ike_sa_id->is_initiator(this->ike_sa_id));
this->task_manager->reset(this->task_manager, 0, 0);
+ this->task_manager->queue_ike(this->task_manager);
}
METHOD(ike_sa_t, get_keymat, keymat_t*,
@@ -1780,16 +1781,12 @@ METHOD(ike_sa_t, delete_, status_t,
{
switch (this->state)
{
- case IKE_REKEYING:
- if (this->version == IKEV1)
- { /* SA has been reauthenticated, delete */
- charon->bus->ike_updown(charon->bus, &this->public, FALSE);
- break;
- }
- /* FALL */
case IKE_ESTABLISHED:
- if (time_monotonic(NULL) >= this->stats[STAT_DELETE])
- { /* IKE_SA hard lifetime hit */
+ case IKE_REKEYING:
+ if (time_monotonic(NULL) >= this->stats[STAT_DELETE] &&
+ !(this->version == IKEV1 && this->state == IKE_REKEYING))
+ { /* IKE_SA hard lifetime hit, ignored for reauthenticated
+ * IKEv1 SAs */
charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
}
this->task_manager->queue_ike_delete(this->task_manager);
@@ -1831,7 +1828,6 @@ METHOD(ike_sa_t, reauth, status_t,
DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
get_name(this), this->unique_id);
reset(this);
- this->task_manager->queue_ike(this->task_manager);
return this->task_manager->initiate(this->task_manager);
}
/* we can't reauthenticate as responder when we use EAP or virtual IPs.
@@ -2335,7 +2331,6 @@ METHOD(ike_sa_t, retransmit, status_t,
this->keyingtry + 1, tries);
reset(this);
resolve_hosts(this);
- this->task_manager->queue_ike(this->task_manager);
return this->task_manager->initiate(this->task_manager);
}
DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
@@ -2980,7 +2975,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.flush_auth_cfg = lib->settings->get_bool(lib->settings,
"%s.flush_auth_cfg", FALSE, lib->ns),
.fragment_size = lib->settings->get_int(lib->settings,
- "%s.fragment_size", 0, lib->ns),
+ "%s.fragment_size", 1280, lib->ns),
.follow_redirects = lib->settings->get_bool(lib->settings,
"%s.follow_redirects", TRUE, lib->ns),
);
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index be6b03bef..d1d4cbd9b 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -74,11 +74,6 @@ struct private_keymat_v1_t {
*/
hasher_t *hasher;
- /**
- * Key used for authentication during main mode
- */
- chunk_t skeyid;
-
/**
* Key to derive key material from for non-ISAKMP SAs, rekeying
*/
@@ -269,12 +264,12 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf,
* Create a simple implementation of the aead_t interface which only encrypts
* or decrypts data.
*/
-static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
+static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e,
+ chunk_t *ka)
{
private_aead_t *this;
uint16_t alg, key_size;
crypter_t *crypter;
- chunk_t ka;
if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg,
&key_size))
@@ -292,17 +287,16 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
return NULL;
}
key_size = crypter->get_key_size(crypter);
- if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, &ka))
+ if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka))
{
return NULL;
}
- DBG4(DBG_IKE, "encryption key Ka %B", &ka);
- if (!crypter->set_key(crypter, ka))
+ DBG4(DBG_IKE, "encryption key Ka %B", ka);
+ if (!crypter->set_key(crypter, *ka))
{
- chunk_clear(&ka);
+ chunk_clear(ka);
return NULL;
}
- chunk_clear(&ka);
INIT(this,
.aead = {
@@ -392,7 +386,7 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
auth_method_t auth, shared_key_t *shared_key)
{
chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e;
- chunk_t skeyid;
+ chunk_t skeyid, ka;
uint16_t alg;
spi_i = chunk_alloca(sizeof(uint64_t));
@@ -550,11 +544,14 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
}
chunk_clear(&skeyid);
- this->aead = create_aead(proposal, this->prf, skeyid_e);
+ this->aead = create_aead(proposal, this->prf, skeyid_e, &ka);
if (!this->aead)
{
return FALSE;
}
+ charon->bus->ike_derived_keys(charon->bus, ka, chunk_empty, this->skeyid_a,
+ chunk_empty);
+ chunk_clear(&ka);
if (!this->hasher && !this->public.create_hasher(&this->public, proposal))
{
return FALSE;
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index b0c4f5f84..3b0c1cfd1 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -515,13 +515,13 @@ METHOD(task_manager_t, initiate, status_t,
new_mid = TRUE;
break;
}
- if (activate_task(this, TASK_ISAKMP_DELETE))
+ if (activate_task(this, TASK_QUICK_DELETE))
{
exchange = INFORMATIONAL_V1;
new_mid = TRUE;
break;
}
- if (activate_task(this, TASK_QUICK_DELETE))
+ if (activate_task(this, TASK_ISAKMP_DELETE))
{
exchange = INFORMATIONAL_V1;
new_mid = TRUE;
@@ -547,6 +547,14 @@ METHOD(task_manager_t, initiate, status_t,
break;
}
break;
+ case IKE_REKEYING:
+ if (activate_task(this, TASK_ISAKMP_DELETE))
+ {
+ exchange = INFORMATIONAL_V1;
+ new_mid = TRUE;
+ break;
+ }
+ break;
default:
break;
}
@@ -1181,7 +1189,7 @@ static status_t process_response(private_task_manager_t *this,
}
enumerator->destroy(enumerator);
- if (this->initiating.retransmitted)
+ if (this->initiating.retransmitted > 1)
{
packet_t *packet = NULL;
array_get(this->initiating.packets, 0, &packet);
@@ -1661,6 +1669,9 @@ METHOD(task_manager_t, queue_ike_delete, void,
enumerator_t *enumerator;
child_sa_t *child_sa;
+ /* cancel any currently active task to get the DELETE done quickly */
+ flush_queue(this, TASK_QUEUE_ACTIVE);
+
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, &child_sa))
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index f28b83e8a..dc86fc504 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -102,6 +102,7 @@ static struct {
{ "DPD", EXT_DPD, TRUE, 16,
"\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
+ /* CISCO-UNITY, similar to DPD the last two bytes indicate the version */
{ "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16,
"\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
@@ -190,6 +191,8 @@ static bool is_known_vid(chunk_t data, int i)
break;
case EXT_MS_WINDOWS:
return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16);
+ case EXT_CISCO_UNITY:
+ return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14);
default:
return chunk_equals(data, chunk_create(vendor_ids[i].id,
vendor_ids[i].len));
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index bbd1cb09f..6b896416a 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -348,10 +348,6 @@ static bool install(private_quick_mode_t *this)
this->initiator, FALSE, FALSE, tsr, tsi);
}
}
- chunk_clear(&integ_i);
- chunk_clear(&integ_r);
- chunk_clear(&encr_i);
- chunk_clear(&encr_r);
if (status_i != SUCCESS || status_o != SUCCESS)
{
@@ -361,22 +357,38 @@ static bool install(private_quick_mode_t *this)
(status_o != SUCCESS) ? "outbound " : "");
tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
- return FALSE;
- }
-
- if (this->initiator)
- {
- status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+ status = FAILED;
}
else
{
- status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+ if (this->initiator)
+ {
+ status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+ }
+ else
+ {
+ status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+ }
+ tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
+ tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
+ }
+ else
+ {
+ charon->bus->child_derived_keys(charon->bus, this->child_sa,
+ this->initiator, encr_i, encr_r,
+ integ_i, integ_r);
+ }
}
- tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
- tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+ chunk_clear(&integ_i);
+ chunk_clear(&integ_r);
+ chunk_clear(&encr_i);
+ chunk_clear(&encr_r);
+
if (status != SUCCESS)
{
- DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
return FALSE;
}
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 6fd34e0a6..592f49770 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -161,8 +161,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
if (key_type == KEY_RSA)
{
signature_scheme_t schemes[] = {
- SIGN_RSA_EMSA_PKCS1_SHA384,
- SIGN_RSA_EMSA_PKCS1_SHA256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
SIGN_RSA_EMSA_PKCS1_SHA1,
}, contained;
bool found;
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index e37399841..58efdbabe 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -103,7 +103,7 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
uint16_t key_size, prf_plus_t *prf_plus)
{
aead_t *aead_i, *aead_r;
- chunk_t key = chunk_empty;
+ chunk_t sk_ei = chunk_empty, sk_er = chunk_empty;
u_int salt_size;
switch (alg)
@@ -146,23 +146,22 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
{
goto failure;
}
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_ei secret %B", &key);
- if (!aead_i->set_key(aead_i, key))
+ DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
+ if (!aead_i->set_key(aead_i, sk_ei))
{
goto failure;
}
- chunk_clear(&key);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_er secret %B", &key);
- if (!aead_r->set_key(aead_r, key))
+ DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
+ if (!aead_r->set_key(aead_r, sk_er))
{
goto failure;
}
@@ -178,11 +177,14 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
this->aead_out = aead_r;
}
aead_i = aead_r = NULL;
+ charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, chunk_empty,
+ chunk_empty);
failure:
DESTROY_IF(aead_i);
DESTROY_IF(aead_r);
- chunk_clear(&key);
+ chunk_clear(&sk_ei);
+ chunk_clear(&sk_er);
return this->aead_in && this->aead_out;
}
@@ -196,7 +198,8 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
signer_t *signer_i, *signer_r;
iv_gen_t *ivg_i, *ivg_r;
size_t key_size;
- chunk_t key = chunk_empty;
+ chunk_t sk_ei = chunk_empty, sk_er = chunk_empty,
+ sk_ai = chunk_empty, sk_ar = chunk_empty;
signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
@@ -220,48 +223,45 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
/* SK_ai/SK_ar used for integrity protection */
key_size = signer_i->get_key_size(signer_i);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ai))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_ai secret %B", &key);
- if (!signer_i->set_key(signer_i, key))
+ DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai);
+ if (!signer_i->set_key(signer_i, sk_ai))
{
goto failure;
}
- chunk_clear(&key);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ar))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_ar secret %B", &key);
- if (!signer_r->set_key(signer_r, key))
+ DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar);
+ if (!signer_r->set_key(signer_r, sk_ar))
{
goto failure;
}
- chunk_clear(&key);
/* SK_ei/SK_er used for encryption */
key_size = crypter_i->get_key_size(crypter_i);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_ei secret %B", &key);
- if (!crypter_i->set_key(crypter_i, key))
+ DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
+ if (!crypter_i->set_key(crypter_i, sk_ei))
{
goto failure;
}
- chunk_clear(&key);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+ if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_er secret %B", &key);
- if (!crypter_r->set_key(crypter_r, key))
+ DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
+ if (!crypter_r->set_key(crypter_r, sk_er))
{
goto failure;
}
@@ -284,9 +284,13 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
}
signer_i = signer_r = NULL;
crypter_i = crypter_r = NULL;
+ charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, sk_ai, sk_ar);
failure:
- chunk_clear(&key);
+ chunk_clear(&sk_ai);
+ chunk_clear(&sk_ar);
+ chunk_clear(&sk_ei);
+ chunk_clear(&sk_er);
DESTROY_IF(signer_i);
DESTROY_IF(signer_r);
DESTROY_IF(crypter_i);
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 41a4e1b75..60a262ffc 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -709,7 +709,7 @@ static status_t process_response(private_task_manager_t *this,
}
enumerator->destroy(enumerator);
- if (this->initiating.retransmitted)
+ if (this->initiating.retransmitted > 1)
{
packet_t *packet = NULL;
array_get(this->initiating.packets, 0, &packet);
@@ -1827,15 +1827,22 @@ METHOD(task_manager_t, queue_dpd, void,
if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
{
- /* use mobike enabled DPD to detect NAT mapping changes */
- mobike = ike_mobike_create(this->ike_sa, TRUE);
- mobike->dpd(mobike);
- queue_task(this, &mobike->task);
- }
- else
- {
- queue_task(this, (task_t*)ike_dpd_create(TRUE));
+#ifdef ME
+ peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (cfg->get_peer_id(cfg) ||
+ this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#else
+ if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#endif
+ {
+ /* use mobike enabled DPD to detect NAT mapping changes */
+ mobike = ike_mobike_create(this->ike_sa, TRUE);
+ mobike->dpd(mobike);
+ queue_task(this, &mobike->task);
+ return;
+ }
}
+ queue_task(this, (task_t*)ike_dpd_create(TRUE));
}
METHOD(task_manager_t, adopt_tasks, void,
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 64a82850b..71cb6b8ea 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -666,10 +666,6 @@ static status_t select_and_install(private_child_create_t *this,
FALSE, this->tfcv3, my_ts, other_ts);
}
}
- chunk_clear(&integ_i);
- chunk_clear(&integ_r);
- chunk_clear(&encr_i);
- chunk_clear(&encr_r);
if (status_i != SUCCESS || status_o != SUCCESS)
{
@@ -679,41 +675,62 @@ static status_t select_and_install(private_child_create_t *this,
(status_o != SUCCESS) ? "outbound " : "");
charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED,
this->child_sa);
- return FAILED;
- }
-
- if (this->initiator)
- {
- status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts);
+ status = FAILED;
}
else
{
- /* use a copy of the traffic selectors, as the POST hook should not
- * change payloads */
- my_ts = this->tsr->clone_offset(this->tsr,
+ if (this->initiator)
+ {
+ status = this->child_sa->add_policies(this->child_sa,
+ my_ts, other_ts);
+ }
+ else
+ {
+ /* use a copy of the traffic selectors, as the POST hook should not
+ * change payloads */
+ my_ts = this->tsr->clone_offset(this->tsr,
offsetof(traffic_selector_t, clone));
- other_ts = this->tsi->clone_offset(this->tsi,
+ other_ts = this->tsi->clone_offset(this->tsi,
offsetof(traffic_selector_t, clone));
- charon->bus->narrow(charon->bus, this->child_sa,
- NARROW_RESPONDER_POST, my_ts, other_ts);
- if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0)
+ charon->bus->narrow(charon->bus, this->child_sa,
+ NARROW_RESPONDER_POST, my_ts, other_ts);
+ if (my_ts->get_count(my_ts) == 0 ||
+ other_ts->get_count(other_ts) == 0)
+ {
+ status = FAILED;
+ }
+ else
+ {
+ status = this->child_sa->add_policies(this->child_sa,
+ my_ts, other_ts);
+ }
+ my_ts->destroy_offset(my_ts,
+ offsetof(traffic_selector_t, destroy));
+ other_ts->destroy_offset(other_ts,
+ offsetof(traffic_selector_t, destroy));
+ }
+ if (status != SUCCESS)
{
- status = FAILED;
+ DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
+ charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED,
+ this->child_sa);
+ status = NOT_FOUND;
}
else
{
- status = this->child_sa->add_policies(this->child_sa,
- my_ts, other_ts);
+ charon->bus->child_derived_keys(charon->bus, this->child_sa,
+ this->initiator, encr_i, encr_r,
+ integ_i, integ_r);
}
- my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
- other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
}
+ chunk_clear(&integ_i);
+ chunk_clear(&integ_r);
+ chunk_clear(&encr_i);
+ chunk_clear(&encr_r);
+
if (status != SUCCESS)
{
- DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
- charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED,
- this->child_sa);
- return NOT_FOUND;
+ return status;
}
charon->bus->child_keys(charon->bus, this->child_sa, this->initiator,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 801b6d8f3..d82e206b8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -457,6 +457,11 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
}
enumerator->destroy(enumerator);
+ if (this->proposal)
+ {
+ this->ike_sa->set_proposal(this->ike_sa, this->proposal);
+ }
+
if (ke_payload && this->proposal &&
this->proposal->has_dh_group(this->proposal, this->dh_group))
{
@@ -614,7 +619,6 @@ METHOD(task_t, build_r, status_t,
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
- this->ike_sa->set_proposal(this->ike_sa, this->proposal);
/* check if we'd have to redirect the client */
if (!this->old_sa &&
@@ -651,6 +655,7 @@ METHOD(task_t, build_r, status_t,
else
{
DBG1(DBG_IKE, "no acceptable proposal found");
+ message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
}
return FAILED;
}
@@ -849,7 +854,6 @@ METHOD(task_t, process_i, status_t,
DBG1(DBG_IKE, "peers proposal selection invalid");
return FAILED;
}
- this->ike_sa->set_proposal(this->ike_sa, this->proposal);
if (this->dh == NULL ||
!this->proposal->has_dh_group(this->proposal, this->dh_group))
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 7a0d34292..7b6beae24 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -374,7 +374,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -408,8 +407,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -463,6 +460,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c
index e25e5434f..1ef13e978 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libcharon/tests/libcharon_tests.c
@@ -32,6 +32,22 @@ static test_configuration_t tests[] = {
{ .suite = NULL, }
};
+static void initialize_logging()
+{
+ int level = LEVEL_SILENT;
+ char *verbosity;
+
+ verbosity = getenv("TESTS_VERBOSITY");
+ if (verbosity)
+ {
+ level = atoi(verbosity);
+ }
+ lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
+ lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
+ level, lib->ns), lib->ns);
+ charon->load_loggers(charon, NULL, TRUE);
+}
+
static bool test_runner_init(bool init)
{
if (init)
@@ -39,6 +55,7 @@ static bool test_runner_init(bool init)
char *plugins, *plugindir;
libcharon_init();
+ initialize_logging();
plugins = getenv("TESTS_PLUGINS") ?:
lib->settings->get_str(lib->settings,
diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c
index a6226f68f..19f4cd1e1 100644
--- a/src/libcharon/tests/suites/test_proposal.c
+++ b/src/libcharon/tests/suites/test_proposal.c
@@ -18,38 +18,100 @@
#include <config/proposal.h>
static struct {
+ protocol_id_t proto;
+ char *proposal;
+ char *expected;
+} create_data[] = {
+ { PROTO_IKE, "", NULL },
+ { PROTO_IKE, "sha256", NULL },
+ { PROTO_IKE, "sha256-modp3072", NULL },
+ { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
+ { PROTO_IKE, "aes128", NULL },
+ { PROTO_IKE, "aes128-sha256", NULL },
+ { PROTO_IKE, "aes128-sha256-modpnone", NULL },
+ { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
+ { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
+ { PROTO_IKE, "aes128gcm16-modp3072", NULL },
+ { PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
+ { PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
+ { PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL },
+ { PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL },
+ { PROTO_ESP, "", NULL },
+ { PROTO_ESP, "sha256", NULL },
+ { PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" },
+ { PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
+ { PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" },
+ { PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL },
+ { PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" },
+ { PROTO_AH, "", NULL },
+ { PROTO_AH, "aes128", NULL },
+ { PROTO_AH, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_AH, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" },
+ { PROTO_AH, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_AH, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_AH, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_AH, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" },
+ { PROTO_AH, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
+ { PROTO_AH, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
+};
+
+START_TEST(test_create_from_string)
+{
+ proposal_t *proposal;
+ char str[BUF_LEN];
+
+ proposal = proposal_create_from_string(create_data[_i].proto,
+ create_data[_i].proposal);
+ if (!create_data[_i].expected)
+ {
+ ck_assert(!proposal);
+ return;
+ }
+ snprintf(str, sizeof(str), "%P", proposal);
+ ck_assert_str_eq(create_data[_i].expected, str);
+ proposal->destroy(proposal);
+}
+END_TEST
+
+static struct {
+ protocol_id_t proto;
char *self;
char *other;
char *expected;
} select_data[] = {
- { "aes128", "aes128", "aes128" },
- { "aes128", "aes256", NULL },
- { "aes128-aes256", "aes256-aes128", "aes128" },
- { "aes256-aes128", "aes128-aes256", "aes256" },
- { "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
- { "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
- { "aes128-sha256-modp3072", "aes128-sha256", NULL },
- { "aes128-sha256", "aes128-sha256-modp3072", NULL },
- { "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
- { "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
- { "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
- { "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
- { "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
- { "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+ { PROTO_ESP, "aes128", "aes128", "aes128" },
+ { PROTO_ESP, "aes128", "aes256", NULL },
+ { PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" },
+ { PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" },
+ { PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
+ { PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL },
+ { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
+ { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
+ { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
+ { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+ { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
+ { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
+ { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
};
START_TEST(test_select)
{
proposal_t *self, *other, *selected, *expected;
- self = proposal_create_from_string(PROTO_ESP,
+ self = proposal_create_from_string(select_data[_i].proto,
select_data[_i].self);
- other = proposal_create_from_string(PROTO_ESP,
+ other = proposal_create_from_string(select_data[_i].proto,
select_data[_i].other);
selected = self->select(self, other, FALSE);
if (select_data[_i].expected)
{
- expected = proposal_create_from_string(PROTO_ESP,
+ expected = proposal_create_from_string(select_data[_i].proto,
select_data[_i].expected);
ck_assert(selected);
ck_assert_msg(expected->equals(expected, selected), "proposal %P does "
@@ -73,6 +135,10 @@ Suite *proposal_suite_create()
s = suite_create("proposal");
+ tc = tcase_create("create_from_string");
+ tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("select");
tcase_add_loop_test(tc, test_select, 0, countof(select_data));
suite_add_tcase(s, tc);
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 4c489db65..79a9d74fa 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 7983b7758..4e5be546c 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -525,7 +525,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -559,8 +558,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -614,6 +611,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 6f88e173a..fb0db91ee 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -496,6 +496,18 @@ INSERT INTO products ( /* 83 */
'Debian 8.5 x86_64'
);
+INSERT INTO products ( /* 84 */
+ name
+) VALUES (
+ 'Debian 8.6 i686'
+);
+
+INSERT INTO products ( /* 85 */
+ name
+) VALUES (
+ 'Debian 8.6 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -1090,6 +1102,12 @@ INSERT INTO groups_product_defaults (
5, 83
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 85
+);
+
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index d2b8168b9..f5c73ef6b 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index 44aaf878b..ffc571009 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 93d532db2..4d6eff5a8 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 44d827945..7e18b3cb5 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index 5eec53129..f97a7ba6d 100644
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 508f7fe4b..95acd4bd8 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index 61b92e0e4..2be4e15d5 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -362,7 +362,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -396,8 +395,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -451,6 +448,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index 4fdbbf49c..1c3d0acdc 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index d2997a940..b1195592e 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index ffca30cd9..22eb4ae4c 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index aea48e7af..21bbe4a49 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 30fa3c7a9..a32a465ea 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 2ba949e40..d771d07ed 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this)
DBG1(DBG_PTS, "AIK Blob is not available");
}
- /* get AIK public key */
- if (key_path)
+ /* get AIK public key if no AIK certificate is available */
+ if (!this->aik_cert)
{
- map = chunk_map(key_path, FALSE);
- if (map)
+ if (key_path)
{
- DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
- aik_pubkey = chunk_clone(*map);
- chunk_unmap(map);
+ map = chunk_map(key_path, FALSE);
+ if (map)
+ {
+ DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
+ aik_pubkey = chunk_clone(*map);
+ chunk_unmap(map);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
+ key_path, strerror(errno));
+ }
}
else
{
- DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
- key_path, strerror(errno));
+ DBG1(DBG_PTS, "AIK public key is not available");
}
}
- else
- {
- DBG1(DBG_PTS, "AIK public key is not available");
- }
/* Load AIK item into TPM 1.2 object */
tpm_12 = (tpm_tss_trousers_t *)this->tpm;
@@ -716,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool,
scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
break;
case HASH_SHA256:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256;
break;
case HASH_SHA384:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384;
break;
case HASH_SHA512:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+ break;
+ case HASH_SHA3_256:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256;
+ break;
+ case HASH_SHA3_384:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
+ break;
+ case HASH_SHA3_512:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
break;
default:
scheme = SIGN_UNKNOWN;
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 19a2577b7..ea73c6036 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -390,7 +390,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -424,8 +423,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -479,6 +476,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index db73e1fe0..0c1d858ce 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -435,6 +432,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index a4d4b332b..14e4a6b53 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index f5a5d1231..8106295a3 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -435,6 +432,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index a7bc8e321..ea053a37a 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index da5f34e87..0e8f7f3c8 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -16,7 +16,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c \
-crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 9be93f1f8..52ae7c675 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -14,7 +14,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c \
-crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -75,7 +75,7 @@ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
-crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
+crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
@@ -220,16 +220,22 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/
$(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \
$(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@
-
-# build plugins with their own Makefile
-#######################################
-
if MONOLITHIC
SUBDIRS =
else
SUBDIRS = .
endif
+# build libnttfft used by some plugins
+######################################
+
+if USE_LIBNTTFFT
+ SUBDIRS += math/libnttfft
+endif
+
+# build plugins with their own Makefile
+#######################################
+
if USE_AF_ALG
SUBDIRS += plugins/af_alg
if MONOLITHIC
@@ -580,6 +586,13 @@ if MONOLITHIC
endif
endif
+if USE_MGF1
+ SUBDIRS += plugins/mgf1
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la
+endif
+endif
+
if USE_NTRU
SUBDIRS += plugins/ntru
if MONOLITHIC
@@ -594,6 +607,13 @@ if MONOLITHIC
endif
endif
+if USE_NEWHOPE
+ SUBDIRS += plugins/newhope
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/newhope/libstrongswan-newhope.la
+endif
+endif
+
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC
@@ -604,7 +624,20 @@ endif
if MONOLITHIC
SUBDIRS += .
endif
+
+# build unit tests
+##################
+
SUBDIRS += tests
+
+if USE_LIBNTTFFT
+ SUBDIRS += math/libnttfft/tests
+endif
+
if USE_BLISS
SUBDIRS += plugins/bliss/tests
endif
+
+if USE_NEWHOPE
+ SUBDIRS += plugins/newhope/tests
+endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index d1b65bdb2..3eec96689 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -123,113 +123,126 @@ host_triplet = @host@
@USE_BUILTIN_PRINTF_TRUE@am__append_15 = -lm
@USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE@am__append_16 = utils/printf_hook/printf_hook_glibc.c
@USE_LIBCAP_TRUE@am__append_17 = -lcap
-@USE_AF_ALG_TRUE@am__append_18 = plugins/af_alg
-@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg/libstrongswan-af-alg.la
-@USE_AES_TRUE@am__append_20 = plugins/aes
-@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_21 = plugins/aes/libstrongswan-aes.la
-@USE_DES_TRUE@am__append_22 = plugins/des
-@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_23 = plugins/des/libstrongswan-des.la
-@USE_BLOWFISH_TRUE@am__append_24 = plugins/blowfish
-@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish/libstrongswan-blowfish.la
-@USE_RC2_TRUE@am__append_26 = plugins/rc2
-@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_27 = plugins/rc2/libstrongswan-rc2.la
-@USE_MD4_TRUE@am__append_28 = plugins/md4
-@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_29 = plugins/md4/libstrongswan-md4.la
-@USE_MD5_TRUE@am__append_30 = plugins/md5
-@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_31 = plugins/md5/libstrongswan-md5.la
-@USE_SHA1_TRUE@am__append_32 = plugins/sha1
-@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_33 = plugins/sha1/libstrongswan-sha1.la
-@USE_SHA2_TRUE@am__append_34 = plugins/sha2
-@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_35 = plugins/sha2/libstrongswan-sha2.la
-@USE_SHA3_TRUE@am__append_36 = plugins/sha3
-@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_37 = plugins/sha3/libstrongswan-sha3.la
-@USE_GMP_TRUE@am__append_38 = plugins/gmp
-@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_39 = plugins/gmp/libstrongswan-gmp.la
-@USE_RDRAND_TRUE@am__append_40 = plugins/rdrand
-@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand/libstrongswan-rdrand.la
-@USE_AESNI_TRUE@am__append_42 = plugins/aesni
-@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_43 = plugins/aesni/libstrongswan-aesni.la
-@USE_RANDOM_TRUE@am__append_44 = plugins/random
-@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_45 = plugins/random/libstrongswan-random.la
-@USE_NONCE_TRUE@am__append_46 = plugins/nonce
-@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_47 = plugins/nonce/libstrongswan-nonce.la
-@USE_HMAC_TRUE@am__append_48 = plugins/hmac
-@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_49 = plugins/hmac/libstrongswan-hmac.la
-@USE_CMAC_TRUE@am__append_50 = plugins/cmac
-@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_51 = plugins/cmac/libstrongswan-cmac.la
-@USE_XCBC_TRUE@am__append_52 = plugins/xcbc
-@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_53 = plugins/xcbc/libstrongswan-xcbc.la
-@USE_X509_TRUE@am__append_54 = plugins/x509
-@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_55 = plugins/x509/libstrongswan-x509.la
-@USE_REVOCATION_TRUE@am__append_56 = plugins/revocation
-@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation/libstrongswan-revocation.la
-@USE_CONSTRAINTS_TRUE@am__append_58 = plugins/constraints
-@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints/libstrongswan-constraints.la
-@USE_ACERT_TRUE@am__append_60 = plugins/acert
-@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_61 = plugins/acert/libstrongswan-acert.la
-@USE_PUBKEY_TRUE@am__append_62 = plugins/pubkey
-@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey/libstrongswan-pubkey.la
-@USE_PKCS1_TRUE@am__append_64 = plugins/pkcs1
-@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1/libstrongswan-pkcs1.la
-@USE_PKCS7_TRUE@am__append_66 = plugins/pkcs7
-@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7/libstrongswan-pkcs7.la
-@USE_PKCS8_TRUE@am__append_68 = plugins/pkcs8
-@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8/libstrongswan-pkcs8.la
-@USE_PKCS12_TRUE@am__append_70 = plugins/pkcs12
-@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12/libstrongswan-pkcs12.la
-@USE_PGP_TRUE@am__append_72 = plugins/pgp
-@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_73 = plugins/pgp/libstrongswan-pgp.la
-@USE_DNSKEY_TRUE@am__append_74 = plugins/dnskey
-@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey/libstrongswan-dnskey.la
-@USE_SSHKEY_TRUE@am__append_76 = plugins/sshkey
-@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey/libstrongswan-sshkey.la
-@USE_PEM_TRUE@am__append_78 = plugins/pem
-@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_79 = plugins/pem/libstrongswan-pem.la
-@USE_CURL_TRUE@am__append_80 = plugins/curl
-@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_81 = plugins/curl/libstrongswan-curl.la
-@USE_FILES_TRUE@am__append_82 = plugins/files
-@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_83 = plugins/files/libstrongswan-files.la
-@USE_WINHTTP_TRUE@am__append_84 = plugins/winhttp
-@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp/libstrongswan-winhttp.la
-@USE_UNBOUND_TRUE@am__append_86 = plugins/unbound
-@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound/libstrongswan-unbound.la
-@USE_SOUP_TRUE@am__append_88 = plugins/soup
-@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_89 = plugins/soup/libstrongswan-soup.la
-@USE_LDAP_TRUE@am__append_90 = plugins/ldap
-@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_91 = plugins/ldap/libstrongswan-ldap.la
-@USE_MYSQL_TRUE@am__append_92 = plugins/mysql
-@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_93 = plugins/mysql/libstrongswan-mysql.la
-@USE_SQLITE_TRUE@am__append_94 = plugins/sqlite
-@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite/libstrongswan-sqlite.la
-@USE_PADLOCK_TRUE@am__append_96 = plugins/padlock
-@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock/libstrongswan-padlock.la
-@USE_OPENSSL_TRUE@am__append_98 = plugins/openssl
-@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl/libstrongswan-openssl.la
-@USE_GCRYPT_TRUE@am__append_100 = plugins/gcrypt
-@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt/libstrongswan-gcrypt.la
-@USE_FIPS_PRF_TRUE@am__append_102 = plugins/fips_prf
-@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf/libstrongswan-fips-prf.la
-@USE_AGENT_TRUE@am__append_104 = plugins/agent
-@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_105 = plugins/agent/libstrongswan-agent.la
-@USE_KEYCHAIN_TRUE@am__append_106 = plugins/keychain
-@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain/libstrongswan-keychain.la
-@USE_PKCS11_TRUE@am__append_108 = plugins/pkcs11
-@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11/libstrongswan-pkcs11.la
-@USE_CHAPOLY_TRUE@am__append_110 = plugins/chapoly
-@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly/libstrongswan-chapoly.la
-@USE_CTR_TRUE@am__append_112 = plugins/ctr
-@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_113 = plugins/ctr/libstrongswan-ctr.la
-@USE_CCM_TRUE@am__append_114 = plugins/ccm
-@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_115 = plugins/ccm/libstrongswan-ccm.la
-@USE_GCM_TRUE@am__append_116 = plugins/gcm
-@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_117 = plugins/gcm/libstrongswan-gcm.la
-@USE_NTRU_TRUE@am__append_118 = plugins/ntru
-@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_119 = plugins/ntru/libstrongswan-ntru.la
-@USE_BLISS_TRUE@am__append_120 = plugins/bliss
-@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_121 = plugins/bliss/libstrongswan-bliss.la
-@USE_TEST_VECTORS_TRUE@am__append_122 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la
-@USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests
+
+# build libnttfft used by some plugins
+######################################
+@USE_LIBNTTFFT_TRUE@am__append_18 = math/libnttfft
+
+# build plugins with their own Makefile
+#######################################
+@USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg
+@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_20 = plugins/af_alg/libstrongswan-af-alg.la
+@USE_AES_TRUE@am__append_21 = plugins/aes
+@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_22 = plugins/aes/libstrongswan-aes.la
+@USE_DES_TRUE@am__append_23 = plugins/des
+@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_24 = plugins/des/libstrongswan-des.la
+@USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish
+@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_26 = plugins/blowfish/libstrongswan-blowfish.la
+@USE_RC2_TRUE@am__append_27 = plugins/rc2
+@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_28 = plugins/rc2/libstrongswan-rc2.la
+@USE_MD4_TRUE@am__append_29 = plugins/md4
+@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_30 = plugins/md4/libstrongswan-md4.la
+@USE_MD5_TRUE@am__append_31 = plugins/md5
+@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_32 = plugins/md5/libstrongswan-md5.la
+@USE_SHA1_TRUE@am__append_33 = plugins/sha1
+@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_34 = plugins/sha1/libstrongswan-sha1.la
+@USE_SHA2_TRUE@am__append_35 = plugins/sha2
+@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_36 = plugins/sha2/libstrongswan-sha2.la
+@USE_SHA3_TRUE@am__append_37 = plugins/sha3
+@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_38 = plugins/sha3/libstrongswan-sha3.la
+@USE_GMP_TRUE@am__append_39 = plugins/gmp
+@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_40 = plugins/gmp/libstrongswan-gmp.la
+@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand
+@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_42 = plugins/rdrand/libstrongswan-rdrand.la
+@USE_AESNI_TRUE@am__append_43 = plugins/aesni
+@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_44 = plugins/aesni/libstrongswan-aesni.la
+@USE_RANDOM_TRUE@am__append_45 = plugins/random
+@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_46 = plugins/random/libstrongswan-random.la
+@USE_NONCE_TRUE@am__append_47 = plugins/nonce
+@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_48 = plugins/nonce/libstrongswan-nonce.la
+@USE_HMAC_TRUE@am__append_49 = plugins/hmac
+@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_50 = plugins/hmac/libstrongswan-hmac.la
+@USE_CMAC_TRUE@am__append_51 = plugins/cmac
+@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_52 = plugins/cmac/libstrongswan-cmac.la
+@USE_XCBC_TRUE@am__append_53 = plugins/xcbc
+@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_54 = plugins/xcbc/libstrongswan-xcbc.la
+@USE_X509_TRUE@am__append_55 = plugins/x509
+@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_56 = plugins/x509/libstrongswan-x509.la
+@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation
+@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_58 = plugins/revocation/libstrongswan-revocation.la
+@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints
+@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_60 = plugins/constraints/libstrongswan-constraints.la
+@USE_ACERT_TRUE@am__append_61 = plugins/acert
+@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_62 = plugins/acert/libstrongswan-acert.la
+@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey
+@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_64 = plugins/pubkey/libstrongswan-pubkey.la
+@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1
+@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_66 = plugins/pkcs1/libstrongswan-pkcs1.la
+@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7
+@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_68 = plugins/pkcs7/libstrongswan-pkcs7.la
+@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8
+@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_70 = plugins/pkcs8/libstrongswan-pkcs8.la
+@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12
+@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_72 = plugins/pkcs12/libstrongswan-pkcs12.la
+@USE_PGP_TRUE@am__append_73 = plugins/pgp
+@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_74 = plugins/pgp/libstrongswan-pgp.la
+@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey
+@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_76 = plugins/dnskey/libstrongswan-dnskey.la
+@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey
+@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_78 = plugins/sshkey/libstrongswan-sshkey.la
+@USE_PEM_TRUE@am__append_79 = plugins/pem
+@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_80 = plugins/pem/libstrongswan-pem.la
+@USE_CURL_TRUE@am__append_81 = plugins/curl
+@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_82 = plugins/curl/libstrongswan-curl.la
+@USE_FILES_TRUE@am__append_83 = plugins/files
+@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_84 = plugins/files/libstrongswan-files.la
+@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp
+@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_86 = plugins/winhttp/libstrongswan-winhttp.la
+@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound
+@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_88 = plugins/unbound/libstrongswan-unbound.la
+@USE_SOUP_TRUE@am__append_89 = plugins/soup
+@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_90 = plugins/soup/libstrongswan-soup.la
+@USE_LDAP_TRUE@am__append_91 = plugins/ldap
+@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_92 = plugins/ldap/libstrongswan-ldap.la
+@USE_MYSQL_TRUE@am__append_93 = plugins/mysql
+@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_94 = plugins/mysql/libstrongswan-mysql.la
+@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite
+@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_96 = plugins/sqlite/libstrongswan-sqlite.la
+@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock
+@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_98 = plugins/padlock/libstrongswan-padlock.la
+@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl
+@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_100 = plugins/openssl/libstrongswan-openssl.la
+@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt
+@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_102 = plugins/gcrypt/libstrongswan-gcrypt.la
+@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_104 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_105 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_106 = plugins/agent/libstrongswan-agent.la
+@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain
+@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_108 = plugins/keychain/libstrongswan-keychain.la
+@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_110 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly
+@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_112 = plugins/chapoly/libstrongswan-chapoly.la
+@USE_CTR_TRUE@am__append_113 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_114 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_115 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_116 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_117 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_118 = plugins/gcm/libstrongswan-gcm.la
+@USE_MGF1_TRUE@am__append_119 = plugins/mgf1
+@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_120 = plugins/mgf1/libstrongswan-mgf1.la
+@USE_NTRU_TRUE@am__append_121 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_122 = plugins/ntru/libstrongswan-ntru.la
+@USE_BLISS_TRUE@am__append_123 = plugins/bliss
+@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_124 = plugins/bliss/libstrongswan-bliss.la
+@USE_NEWHOPE_TRUE@am__append_125 = plugins/newhope
+@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_126 = plugins/newhope/libstrongswan-newhope.la
+@USE_TEST_VECTORS_TRUE@am__append_127 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_128 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_LIBNTTFFT_TRUE@am__append_129 = math/libnttfft/tests
+@USE_BLISS_TRUE@am__append_130 = plugins/bliss/tests
+@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope/tests
subdir = src/libstrongswan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -289,25 +302,25 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \
- $(am__append_21) $(am__append_23) $(am__append_25) \
- $(am__append_27) $(am__append_29) $(am__append_31) \
- $(am__append_33) $(am__append_35) $(am__append_37) \
- $(am__append_39) $(am__append_41) $(am__append_43) \
- $(am__append_45) $(am__append_47) $(am__append_49) \
- $(am__append_51) $(am__append_53) $(am__append_55) \
- $(am__append_57) $(am__append_59) $(am__append_61) \
- $(am__append_63) $(am__append_65) $(am__append_67) \
- $(am__append_69) $(am__append_71) $(am__append_73) \
- $(am__append_75) $(am__append_77) $(am__append_79) \
- $(am__append_81) $(am__append_83) $(am__append_85) \
- $(am__append_87) $(am__append_89) $(am__append_91) \
- $(am__append_93) $(am__append_95) $(am__append_97) \
- $(am__append_99) $(am__append_101) $(am__append_103) \
- $(am__append_105) $(am__append_107) $(am__append_109) \
- $(am__append_111) $(am__append_113) $(am__append_115) \
- $(am__append_117) $(am__append_119) $(am__append_121) \
- $(am__append_123)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_20) \
+ $(am__append_22) $(am__append_24) $(am__append_26) \
+ $(am__append_28) $(am__append_30) $(am__append_32) \
+ $(am__append_34) $(am__append_36) $(am__append_38) \
+ $(am__append_40) $(am__append_42) $(am__append_44) \
+ $(am__append_46) $(am__append_48) $(am__append_50) \
+ $(am__append_52) $(am__append_54) $(am__append_56) \
+ $(am__append_58) $(am__append_60) $(am__append_62) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_70) $(am__append_72) $(am__append_74) \
+ $(am__append_76) $(am__append_78) $(am__append_80) \
+ $(am__append_82) $(am__append_84) $(am__append_86) \
+ $(am__append_88) $(am__append_90) $(am__append_92) \
+ $(am__append_94) $(am__append_96) $(am__append_98) \
+ $(am__append_100) $(am__append_102) $(am__append_104) \
+ $(am__append_106) $(am__append_108) $(am__append_110) \
+ $(am__append_112) $(am__append_114) $(am__append_116) \
+ $(am__append_118) $(am__append_120) $(am__append_122) \
+ $(am__append_124) $(am__append_126) $(am__append_128)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -323,7 +336,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
- crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -409,8 +422,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
crypto/crypto_tester.lo crypto/diffie_hellman.lo \
crypto/aead.lo crypto/transform.lo crypto/iv/iv_gen.lo \
crypto/iv/iv_gen_rand.lo crypto/iv/iv_gen_seq.lo \
- crypto/iv/iv_gen_null.lo crypto/mgf1/mgf1.lo \
- crypto/mgf1/mgf1_bitspender.lo \
+ crypto/iv/iv_gen_null.lo crypto/xofs/xof.lo \
+ crypto/xofs/xof_bitspender.lo \
credentials/credential_factory.lo credentials/builder.lo \
credentials/cred_encoding.lo credentials/keys/private_key.lo \
credentials/keys/public_key.lo credentials/keys/shared_key.lo \
@@ -539,11 +552,11 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
crypto/crypto_tester.h crypto/diffie_hellman.h crypto/aead.h \
crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
- crypto/iv/iv_gen_null.h crypto/mgf1/mgf1.h \
- crypto/mgf1/mgf1_bitspender.h credentials/credential_factory.h \
- credentials/builder.h credentials/cred_encoding.h \
- credentials/keys/private_key.h credentials/keys/public_key.h \
- credentials/keys/shared_key.h \
+ crypto/iv/iv_gen_null.h crypto/xofs/xof.h \
+ crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
+ credentials/credential_factory.h credentials/builder.h \
+ credentials/cred_encoding.h credentials/keys/private_key.h \
+ credentials/keys/public_key.h credentials/keys/shared_key.h \
credentials/certificates/certificate.h \
credentials/certificates/x509.h credentials/certificates/ac.h \
credentials/certificates/crl.h \
@@ -625,7 +638,7 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
+DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \
plugins/blowfish plugins/rc2 plugins/md4 plugins/md5 \
plugins/sha1 plugins/sha2 plugins/sha3 plugins/gmp \
plugins/rdrand plugins/aesni plugins/random plugins/nonce \
@@ -638,8 +651,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \
plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \
plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \
- plugins/ntru plugins/bliss plugins/test_vectors tests \
- plugins/bliss/tests
+ plugins/mgf1 plugins/ntru plugins/bliss plugins/newhope \
+ plugins/test_vectors tests math/libnttfft/tests \
+ plugins/bliss/tests plugins/newhope/tests
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
$(top_srcdir)/ylwrap settings/settings_lexer.c \
settings/settings_parser.c settings/settings_parser.h
@@ -808,7 +822,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -842,8 +855,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -897,6 +908,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -915,7 +928,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
- crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -976,7 +989,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
@USE_DEV_HEADERS_TRUE@crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
@USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
-@USE_DEV_HEADERS_TRUE@crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
+@USE_DEV_HEADERS_TRUE@crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
@USE_DEV_HEADERS_TRUE@credentials/credential_factory.h credentials/builder.h \
@USE_DEV_HEADERS_TRUE@credentials/cred_encoding.h credentials/keys/private_key.h \
@USE_DEV_HEADERS_TRUE@credentials/keys/public_key.h credentials/keys/shared_key.h \
@@ -1021,25 +1034,25 @@ settings/settings_types.h
libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
$(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \
$(am__append_4) $(am__append_5) $(am__append_13) \
- $(am__append_15) $(am__append_17) $(am__append_19) \
- $(am__append_21) $(am__append_23) $(am__append_25) \
- $(am__append_27) $(am__append_29) $(am__append_31) \
- $(am__append_33) $(am__append_35) $(am__append_37) \
- $(am__append_39) $(am__append_41) $(am__append_43) \
- $(am__append_45) $(am__append_47) $(am__append_49) \
- $(am__append_51) $(am__append_53) $(am__append_55) \
- $(am__append_57) $(am__append_59) $(am__append_61) \
- $(am__append_63) $(am__append_65) $(am__append_67) \
- $(am__append_69) $(am__append_71) $(am__append_73) \
- $(am__append_75) $(am__append_77) $(am__append_79) \
- $(am__append_81) $(am__append_83) $(am__append_85) \
- $(am__append_87) $(am__append_89) $(am__append_91) \
- $(am__append_93) $(am__append_95) $(am__append_97) \
- $(am__append_99) $(am__append_101) $(am__append_103) \
- $(am__append_105) $(am__append_107) $(am__append_109) \
- $(am__append_111) $(am__append_113) $(am__append_115) \
- $(am__append_117) $(am__append_119) $(am__append_121) \
- $(am__append_123)
+ $(am__append_15) $(am__append_17) $(am__append_20) \
+ $(am__append_22) $(am__append_24) $(am__append_26) \
+ $(am__append_28) $(am__append_30) $(am__append_32) \
+ $(am__append_34) $(am__append_36) $(am__append_38) \
+ $(am__append_40) $(am__append_42) $(am__append_44) \
+ $(am__append_46) $(am__append_48) $(am__append_50) \
+ $(am__append_52) $(am__append_54) $(am__append_56) \
+ $(am__append_58) $(am__append_60) $(am__append_62) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_70) $(am__append_72) $(am__append_74) \
+ $(am__append_76) $(am__append_78) $(am__append_80) \
+ $(am__append_82) $(am__append_84) $(am__append_86) \
+ $(am__append_88) $(am__append_90) $(am__append_92) \
+ $(am__append_94) $(am__append_96) $(am__append_98) \
+ $(am__append_100) $(am__append_102) $(am__append_104) \
+ $(am__append_106) $(am__append_108) $(am__append_110) \
+ $(am__append_112) $(am__append_114) $(am__append_116) \
+ $(am__append_118) $(am__append_120) $(am__append_122) \
+ $(am__append_124) $(am__append_126) $(am__append_128)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -1066,63 +1079,72 @@ MAINTAINERCLEANFILES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
$(srcdir)/crypto/proposal/proposal_keywords_static.c
-@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_20) \
-@MONOLITHIC_FALSE@ $(am__append_22) $(am__append_24) \
-@MONOLITHIC_FALSE@ $(am__append_26) $(am__append_28) \
-@MONOLITHIC_FALSE@ $(am__append_30) $(am__append_32) \
-@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \
-@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \
-@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \
-@MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \
-@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_60) \
-@MONOLITHIC_FALSE@ $(am__append_62) $(am__append_64) \
-@MONOLITHIC_FALSE@ $(am__append_66) $(am__append_68) \
-@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_72) \
-@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \
-@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \
-@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \
-@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \
-@MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \
-@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \
-@MONOLITHIC_FALSE@ $(am__append_98) $(am__append_100) \
-@MONOLITHIC_FALSE@ $(am__append_102) $(am__append_104) \
-@MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \
-@MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \
-@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \
-@MONOLITHIC_FALSE@ $(am__append_122) tests $(am__append_124)
-# build plugins with their own Makefile
-#######################################
-@MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_20) \
-@MONOLITHIC_TRUE@ $(am__append_22) $(am__append_24) \
-@MONOLITHIC_TRUE@ $(am__append_26) $(am__append_28) \
-@MONOLITHIC_TRUE@ $(am__append_30) $(am__append_32) \
-@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \
-@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \
-@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \
-@MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \
-@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_60) \
-@MONOLITHIC_TRUE@ $(am__append_62) $(am__append_64) \
-@MONOLITHIC_TRUE@ $(am__append_66) $(am__append_68) \
-@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_72) \
-@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \
-@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \
-@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \
-@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \
-@MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \
-@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \
-@MONOLITHIC_TRUE@ $(am__append_98) $(am__append_100) \
-@MONOLITHIC_TRUE@ $(am__append_102) $(am__append_104) \
-@MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \
-@MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \
-@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \
-@MONOLITHIC_TRUE@ $(am__append_122) . tests $(am__append_124)
+# build unit tests
+##################
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_19) \
+@MONOLITHIC_FALSE@ $(am__append_21) $(am__append_23) \
+@MONOLITHIC_FALSE@ $(am__append_25) $(am__append_27) \
+@MONOLITHIC_FALSE@ $(am__append_29) $(am__append_31) \
+@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_35) \
+@MONOLITHIC_FALSE@ $(am__append_37) $(am__append_39) \
+@MONOLITHIC_FALSE@ $(am__append_41) $(am__append_43) \
+@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_47) \
+@MONOLITHIC_FALSE@ $(am__append_49) $(am__append_51) \
+@MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \
+@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_59) \
+@MONOLITHIC_FALSE@ $(am__append_61) $(am__append_63) \
+@MONOLITHIC_FALSE@ $(am__append_65) $(am__append_67) \
+@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \
+@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \
+@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \
+@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \
+@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_87) \
+@MONOLITHIC_FALSE@ $(am__append_89) $(am__append_91) \
+@MONOLITHIC_FALSE@ $(am__append_93) $(am__append_95) \
+@MONOLITHIC_FALSE@ $(am__append_97) $(am__append_99) \
+@MONOLITHIC_FALSE@ $(am__append_101) $(am__append_103) \
+@MONOLITHIC_FALSE@ $(am__append_105) $(am__append_107) \
+@MONOLITHIC_FALSE@ $(am__append_109) $(am__append_111) \
+@MONOLITHIC_FALSE@ $(am__append_113) $(am__append_115) \
+@MONOLITHIC_FALSE@ $(am__append_117) $(am__append_119) \
+@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \
+@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) tests \
+@MONOLITHIC_FALSE@ $(am__append_129) $(am__append_130) \
+@MONOLITHIC_FALSE@ $(am__append_131)
+
+# build unit tests
+##################
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_19) \
+@MONOLITHIC_TRUE@ $(am__append_21) $(am__append_23) \
+@MONOLITHIC_TRUE@ $(am__append_25) $(am__append_27) \
+@MONOLITHIC_TRUE@ $(am__append_29) $(am__append_31) \
+@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_35) \
+@MONOLITHIC_TRUE@ $(am__append_37) $(am__append_39) \
+@MONOLITHIC_TRUE@ $(am__append_41) $(am__append_43) \
+@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_47) \
+@MONOLITHIC_TRUE@ $(am__append_49) $(am__append_51) \
+@MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \
+@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_59) \
+@MONOLITHIC_TRUE@ $(am__append_61) $(am__append_63) \
+@MONOLITHIC_TRUE@ $(am__append_65) $(am__append_67) \
+@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \
+@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \
+@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \
+@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \
+@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_87) \
+@MONOLITHIC_TRUE@ $(am__append_89) $(am__append_91) \
+@MONOLITHIC_TRUE@ $(am__append_93) $(am__append_95) \
+@MONOLITHIC_TRUE@ $(am__append_97) $(am__append_99) \
+@MONOLITHIC_TRUE@ $(am__append_101) $(am__append_103) \
+@MONOLITHIC_TRUE@ $(am__append_105) $(am__append_107) \
+@MONOLITHIC_TRUE@ $(am__append_109) $(am__append_111) \
+@MONOLITHIC_TRUE@ $(am__append_113) $(am__append_115) \
+@MONOLITHIC_TRUE@ $(am__append_117) $(am__append_119) \
+@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \
+@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) . tests \
+@MONOLITHIC_TRUE@ $(am__append_129) $(am__append_130) \
+@MONOLITHIC_TRUE@ $(am__append_131)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -1317,16 +1339,16 @@ crypto/iv/iv_gen_seq.lo: crypto/iv/$(am__dirstamp) \
crypto/iv/$(DEPDIR)/$(am__dirstamp)
crypto/iv/iv_gen_null.lo: crypto/iv/$(am__dirstamp) \
crypto/iv/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/$(am__dirstamp):
- @$(MKDIR_P) crypto/mgf1
- @: > crypto/mgf1/$(am__dirstamp)
-crypto/mgf1/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) crypto/mgf1/$(DEPDIR)
- @: > crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/mgf1.lo: crypto/mgf1/$(am__dirstamp) \
- crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/mgf1_bitspender.lo: crypto/mgf1/$(am__dirstamp) \
- crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/$(am__dirstamp):
+ @$(MKDIR_P) crypto/xofs
+ @: > crypto/xofs/$(am__dirstamp)
+crypto/xofs/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) crypto/xofs/$(DEPDIR)
+ @: > crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/xof.lo: crypto/xofs/$(am__dirstamp) \
+ crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/xof_bitspender.lo: crypto/xofs/$(am__dirstamp) \
+ crypto/xofs/$(DEPDIR)/$(am__dirstamp)
credentials/$(am__dirstamp):
@$(MKDIR_P) credentials
@: > credentials/$(am__dirstamp)
@@ -1697,8 +1719,6 @@ mostlyclean-compile:
-rm -f crypto/hashers/*.lo
-rm -f crypto/iv/*.$(OBJEXT)
-rm -f crypto/iv/*.lo
- -rm -f crypto/mgf1/*.$(OBJEXT)
- -rm -f crypto/mgf1/*.lo
-rm -f crypto/prfs/*.$(OBJEXT)
-rm -f crypto/prfs/*.lo
-rm -f crypto/proposal/*.$(OBJEXT)
@@ -1707,6 +1727,8 @@ mostlyclean-compile:
-rm -f crypto/rngs/*.lo
-rm -f crypto/signers/*.$(OBJEXT)
-rm -f crypto/signers/*.lo
+ -rm -f crypto/xofs/*.$(OBJEXT)
+ -rm -f crypto/xofs/*.lo
-rm -f database/*.$(OBJEXT)
-rm -f database/*.lo
-rm -f eap/*.$(OBJEXT)
@@ -1794,8 +1816,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_null.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_rand.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_seq.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1_bitspender.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/mac_prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/proposal/$(DEPDIR)/proposal_keywords.Plo@am__quote@
@@ -1803,6 +1823,8 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@crypto/rngs/$(DEPDIR)/rng.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/signers/$(DEPDIR)/mac_signer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/signers/$(DEPDIR)/signer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@crypto/xofs/$(DEPDIR)/xof.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@crypto/xofs/$(DEPDIR)/xof_bitspender.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@database/$(DEPDIR)/database.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@database/$(DEPDIR)/database_factory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@eap/$(DEPDIR)/eap.Plo@am__quote@
@@ -1923,11 +1945,11 @@ clean-libtool:
-rm -rf crypto/crypters/.libs crypto/crypters/_libs
-rm -rf crypto/hashers/.libs crypto/hashers/_libs
-rm -rf crypto/iv/.libs crypto/iv/_libs
- -rm -rf crypto/mgf1/.libs crypto/mgf1/_libs
-rm -rf crypto/prfs/.libs crypto/prfs/_libs
-rm -rf crypto/proposal/.libs crypto/proposal/_libs
-rm -rf crypto/rngs/.libs crypto/rngs/_libs
-rm -rf crypto/signers/.libs crypto/signers/_libs
+ -rm -rf crypto/xofs/.libs crypto/xofs/_libs
-rm -rf database/.libs database/_libs
-rm -rf eap/.libs eap/_libs
-rm -rf fetcher/.libs fetcher/_libs
@@ -2186,8 +2208,6 @@ distclean-generic:
-rm -f crypto/hashers/$(am__dirstamp)
-rm -f crypto/iv/$(DEPDIR)/$(am__dirstamp)
-rm -f crypto/iv/$(am__dirstamp)
- -rm -f crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
- -rm -f crypto/mgf1/$(am__dirstamp)
-rm -f crypto/prfs/$(DEPDIR)/$(am__dirstamp)
-rm -f crypto/prfs/$(am__dirstamp)
-rm -f crypto/proposal/$(DEPDIR)/$(am__dirstamp)
@@ -2196,6 +2216,8 @@ distclean-generic:
-rm -f crypto/rngs/$(am__dirstamp)
-rm -f crypto/signers/$(DEPDIR)/$(am__dirstamp)
-rm -f crypto/signers/$(am__dirstamp)
+ -rm -f crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+ -rm -f crypto/xofs/$(am__dirstamp)
-rm -f database/$(DEPDIR)/$(am__dirstamp)
-rm -f database/$(am__dirstamp)
-rm -f eap/$(DEPDIR)/$(am__dirstamp)
@@ -2249,7 +2271,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -2296,7 +2318,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index c23746e57..40174446c 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -10,484 +10,493 @@
#include "oid.h"
const oid_t oid_names[] = {
- {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */
- { 0x82, 0, 1, 1, "" }, /* 1 */
- { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */
- { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */
- { 0x0A, 0, 1, 4, "" }, /* 4 */
- { 0x07, 0, 1, 5, "" }, /* 5 */
- { 0x14, 0, 0, 6, "ND" }, /* 6 */
- {0x09, 18, 1, 0, "data" }, /* 7 */
- { 0x92, 0, 1, 1, "" }, /* 8 */
- { 0x26, 0, 1, 2, "" }, /* 9 */
- { 0x89, 0, 1, 3, "" }, /* 10 */
- { 0x93, 0, 1, 4, "" }, /* 11 */
- { 0xF2, 0, 1, 5, "" }, /* 12 */
- { 0x2C, 0, 1, 6, "" }, /* 13 */
- { 0x64, 0, 1, 7, "pilot" }, /* 14 */
- { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
- { 0x01, 17, 0, 9, "UID" }, /* 16 */
- { 0x19, 0, 0, 9, "DC" }, /* 17 */
- {0x55, 67, 1, 0, "X.500" }, /* 18 */
- { 0x04, 39, 1, 1, "X.509" }, /* 19 */
- { 0x03, 21, 0, 2, "CN" }, /* 20 */
- { 0x04, 22, 0, 2, "S" }, /* 21 */
- { 0x05, 23, 0, 2, "SN" }, /* 22 */
- { 0x06, 24, 0, 2, "C" }, /* 23 */
- { 0x07, 25, 0, 2, "L" }, /* 24 */
- { 0x08, 26, 0, 2, "ST" }, /* 25 */
- { 0x0A, 27, 0, 2, "O" }, /* 26 */
- { 0x0B, 28, 0, 2, "OU" }, /* 27 */
- { 0x0C, 29, 0, 2, "T" }, /* 28 */
- { 0x0D, 30, 0, 2, "D" }, /* 29 */
- { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */
- { 0x29, 32, 0, 2, "N" }, /* 31 */
- { 0x2A, 33, 0, 2, "G" }, /* 32 */
- { 0x2B, 34, 0, 2, "I" }, /* 33 */
- { 0x2D, 35, 0, 2, "ID" }, /* 34 */
- { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */
- { 0x36, 37, 0, 2, "dmdName" }, /* 36 */
- { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */
- { 0x48, 0, 0, 2, "role" }, /* 38 */
- { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */
- { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */
- { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */
- { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */
- { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */
- { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */
- { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */
- { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */
- { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */
- { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */
- { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */
- { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */
- { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */
- { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */
- { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */
- { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */
- { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */
- { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */
- { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */
- { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */
- { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */
- { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */
- { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */
- { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */
- { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */
- { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */
- { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */
- { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */
- {0x2A, 191, 1, 0, "" }, /* 67 */
- { 0x83, 80, 1, 1, "" }, /* 68 */
- { 0x08, 0, 1, 2, "jp" }, /* 69 */
- { 0x8C, 0, 1, 3, "" }, /* 70 */
- { 0x9A, 0, 1, 4, "" }, /* 71 */
- { 0x4B, 0, 1, 5, "" }, /* 72 */
- { 0x3D, 0, 1, 6, "" }, /* 73 */
- { 0x01, 0, 1, 7, "security" }, /* 74 */
- { 0x01, 0, 1, 8, "algorithm" }, /* 75 */
- { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */
- { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */
- { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */
- { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */
- { 0x86, 0, 1, 1, "" }, /* 80 */
- { 0x48, 0, 1, 2, "us" }, /* 81 */
- { 0x86, 150, 1, 3, "" }, /* 82 */
- { 0xF6, 88, 1, 4, "" }, /* 83 */
- { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */
- { 0x07, 0, 1, 6, "Entrust" }, /* 85 */
- { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */
- { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */
- { 0xF7, 0, 1, 4, "" }, /* 88 */
- { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */
- { 0x01, 145, 1, 6, "PKCS" }, /* 90 */
- { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */
- { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */
- { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */
- { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */
- { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */
- { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */
- { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */
- { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */
- { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */
- { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */
- { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */
- { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */
- { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */
- { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */
- { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */
- { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */
- { 0x01, 110, 0, 8, "data" }, /* 109 */
- { 0x02, 111, 0, 8, "signedData" }, /* 110 */
- { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */
- { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */
- { 0x05, 114, 0, 8, "digestedData" }, /* 113 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */
- { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */
- { 0x01, 117, 0, 8, "E" }, /* 116 */
- { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */
- { 0x03, 119, 0, 8, "contentType" }, /* 118 */
- { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */
- { 0x05, 121, 0, 8, "signingTime" }, /* 120 */
- { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */
- { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */
- { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */
- { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */
- { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 126 */
- { 0x01, 128, 0, 9, "X.509" }, /* 127 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 128 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */
- { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */
- { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */
- { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */
- { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */
- { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */
- { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 138 */
- { 0x01, 140, 0, 10, "keyBag" }, /* 139 */
- { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */
- { 0x03, 142, 0, 10, "certBag" }, /* 141 */
- { 0x04, 143, 0, 10, "crlBag" }, /* 142 */
- { 0x05, 144, 0, 10, "secretBag" }, /* 143 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */
- { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */
- { 0x02, 147, 0, 7, "md2" }, /* 146 */
- { 0x05, 0, 0, 7, "md5" }, /* 147 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */
- { 0xCE, 0, 1, 3, "" }, /* 150 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */
- { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */
- { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */
- { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */
- { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */
- { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */
- { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */
- { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */
- { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */
- { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */
- { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */
- { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */
- { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */
- { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */
- { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */
- { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */
- { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */
- { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */
- { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */
- { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */
- { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */
- { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */
- { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */
- { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */
- { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */
- { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */
- { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */
- { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */
- { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */
- { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */
- { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */
- { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */
- { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */
- {0x2B, 418, 1, 0, "" }, /* 191 */
- { 0x06, 332, 1, 1, "dod" }, /* 192 */
- { 0x01, 0, 1, 2, "internet" }, /* 193 */
- { 0x04, 283, 1, 3, "private" }, /* 194 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 195 */
- { 0x82, 233, 1, 5, "" }, /* 196 */
- { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */
- { 0x0A, 202, 1, 7, "" }, /* 198 */
- { 0x03, 0, 1, 8, "" }, /* 199 */
- { 0x03, 201, 0, 9, "msSGC" }, /* 200 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */
- { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */
- { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 205 */
- { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */
- { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */
- { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */
- { 0xA0, 0, 1, 6, "" }, /* 209 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 210 */
- { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */
- { 0x02, 213, 0, 8, "cps" }, /* 212 */
- { 0x03, 214, 0, 8, "e-voting" }, /* 213 */
- { 0x05, 0, 1, 8, "BLISS" }, /* 214 */
- { 0x01, 217, 1, 9, "keyType" }, /* 215 */
- { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */
- { 0x02, 226, 1, 9, "parameters" }, /* 217 */
- { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */
- { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */
- { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */
- { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */
- { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */
- { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */
- { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */
- { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */
- { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */
- { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */
- { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */
- { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */
- { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */
- { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */
- { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */
- { 0x89, 240, 1, 5, "" }, /* 233 */
- { 0x31, 0, 1, 6, "" }, /* 234 */
- { 0x01, 0, 1, 7, "" }, /* 235 */
- { 0x01, 0, 1, 8, "" }, /* 236 */
- { 0x02, 0, 1, 9, "" }, /* 237 */
- { 0x02, 0, 1, 10, "" }, /* 238 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */
- { 0x97, 244, 1, 5, "" }, /* 240 */
- { 0x55, 0, 1, 6, "" }, /* 241 */
- { 0x01, 0, 1, 7, "" }, /* 242 */
- { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */
- { 0xC1, 0, 1, 5, "" }, /* 244 */
- { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */
- { 0x01, 0, 1, 7, "eess" }, /* 246 */
- { 0x01, 0, 1, 8, "eess1" }, /* 247 */
- { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */
- { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */
- { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */
- { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */
- { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */
- { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */
- { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */
- { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */
- { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */
- { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */
- { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */
- { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */
- { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */
- { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */
- { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */
- { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */
- { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */
- { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */
- { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */
- { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */
- { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */
- { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */
- { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */
- { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */
- { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */
- { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */
- { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */
- { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */
- { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */
- { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */
- { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */
- { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */
- { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */
- { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */
- { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */
- { 0x05, 0, 1, 3, "security" }, /* 283 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */
- { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */
- { 0x01, 290, 1, 6, "id-pe" }, /* 286 */
- { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */
- { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */
- { 0x02, 293, 1, 6, "id-qt" }, /* 290 */
- { 0x01, 292, 0, 7, "cps" }, /* 291 */
- { 0x02, 0, 0, 7, "unotice" }, /* 292 */
- { 0x03, 303, 1, 6, "id-kp" }, /* 293 */
- { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */
- { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */
- { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */
- { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */
- { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */
- { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */
- { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */
- { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */
- { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */
- { 0x01, 305, 0, 7, "personalData" }, /* 304 */
- { 0x02, 306, 0, 7, "userGroup" }, /* 305 */
- { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */
- { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */
- { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */
- { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */
- { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */
- { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */
- { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */
- { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */
- { 0x04, 0, 0, 7, "group" }, /* 315 */
- { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 317 */
- { 0x01, 326, 1, 7, "ocsp" }, /* 318 */
- { 0x01, 320, 0, 8, "basic" }, /* 319 */
- { 0x02, 321, 0, 8, "nonce" }, /* 320 */
- { 0x03, 322, 0, 8, "crl" }, /* 321 */
- { 0x04, 323, 0, 8, "response" }, /* 322 */
- { 0x05, 324, 0, 8, "noCheck" }, /* 323 */
- { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */
- { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */
- { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 328 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 329 */
- { 0x02, 0, 1, 6, "certificate" }, /* 330 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */
- { 0x0E, 338, 1, 1, "oiw" }, /* 332 */
- { 0x03, 0, 1, 2, "secsig" }, /* 333 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 334 */
- { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */
- { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */
- { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 339 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */
- { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */
- { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */
- { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 345 */
- { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */
- { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */
- { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */
- { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */
- { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */
- { 0x01, 355, 1, 6, "fieldType" }, /* 351 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */
- { 0x01, 0, 1, 8, "basisType" }, /* 353 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */
- { 0x02, 357, 1, 6, "keyType" }, /* 355 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */
- { 0x03, 358, 0, 6, "curve" }, /* 357 */
- { 0x04, 365, 1, 6, "signatures" }, /* 358 */
- { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */
- { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */
- { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */
- { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */
- { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */
- { 0x05, 0, 1, 6, "module" }, /* 365 */
- { 0x01, 0, 0, 7, "1" }, /* 366 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 369 */
- { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */
- { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */
- { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */
- { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */
- { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */
- { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */
- { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */
- { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */
- { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */
- { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */
- { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */
- { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */
- { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */
- { 0x81, 0, 1, 1, "" }, /* 384 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 385 */
- { 0x00, 0, 1, 3, "curve" }, /* 386 */
- { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */
- { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */
- { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */
- { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */
- { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */
- { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */
- { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */
- { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */
- { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */
- { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */
- { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */
- { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */
- { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */
- { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */
- { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */
- { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */
- { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */
- { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */
- { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */
- { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */
- { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */
- { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */
- { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */
- { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */
- { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */
- { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */
- { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */
- { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */
- { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */
- { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */
- {0x60, 472, 1, 0, "" }, /* 418 */
- { 0x86, 0, 1, 1, "" }, /* 419 */
- { 0x48, 0, 1, 2, "" }, /* 420 */
- { 0x01, 0, 1, 3, "organization" }, /* 421 */
- { 0x65, 448, 1, 4, "gov" }, /* 422 */
- { 0x03, 0, 1, 5, "csor" }, /* 423 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */
- { 0x01, 435, 1, 7, "aes" }, /* 425 */
- { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */
- { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */
- { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */
- { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */
- { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */
- { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */
- { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */
- { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 435 */
- { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */
- { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */
- { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */
- { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */
- { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */
- { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */
- { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */
- { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */
- { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */
- { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */
- { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */
- { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */
- { 0x86, 0, 1, 4, "" }, /* 448 */
- { 0xf8, 0, 1, 5, "" }, /* 449 */
- { 0x42, 462, 1, 6, "netscape" }, /* 450 */
- { 0x01, 457, 1, 7, "" }, /* 451 */
- { 0x01, 453, 0, 8, "nsCertType" }, /* 452 */
- { 0x03, 454, 0, 8, "nsRevocationUrl" }, /* 453 */
- { 0x04, 455, 0, 8, "nsCaRevocationUrl" }, /* 454 */
- { 0x08, 456, 0, 8, "nsCaPolicyUrl" }, /* 455 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 456 */
- { 0x03, 460, 1, 7, "directory" }, /* 457 */
- { 0x01, 0, 1, 8, "" }, /* 458 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 459 */
- { 0x04, 0, 1, 7, "policy" }, /* 460 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 461 */
- { 0x45, 0, 1, 6, "verisign" }, /* 462 */
- { 0x01, 0, 1, 7, "pki" }, /* 463 */
- { 0x09, 0, 1, 8, "attributes" }, /* 464 */
- { 0x02, 466, 0, 9, "messageType" }, /* 465 */
- { 0x03, 467, 0, 9, "pkiStatus" }, /* 466 */
- { 0x04, 468, 0, 9, "failInfo" }, /* 467 */
- { 0x05, 469, 0, 9, "senderNonce" }, /* 468 */
- { 0x06, 470, 0, 9, "recipientNonce" }, /* 469 */
- { 0x07, 471, 0, 9, "transID" }, /* 470 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 471 */
- {0x67, 0, 1, 0, "" }, /* 472 */
- { 0x81, 0, 1, 1, "" }, /* 473 */
- { 0x05, 0, 1, 2, "" }, /* 474 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 475 */
- { 0x01, 477, 0, 4, "tcg-at-tpmManufacturer" }, /* 476 */
- { 0x02, 478, 0, 4, "tcg-at-tpmModel" }, /* 477 */
- { 0x03, 479, 0, 4, "tcg-at-tpmVersion" }, /* 478 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 479 */
+ {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */
+ { 0x82, 0, 1, 1, "" }, /* 1 */
+ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */
+ { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */
+ { 0x0A, 0, 1, 4, "" }, /* 4 */
+ { 0x07, 0, 1, 5, "" }, /* 5 */
+ { 0x14, 0, 0, 6, "ND" }, /* 6 */
+ {0x09, 18, 1, 0, "data" }, /* 7 */
+ { 0x92, 0, 1, 1, "" }, /* 8 */
+ { 0x26, 0, 1, 2, "" }, /* 9 */
+ { 0x89, 0, 1, 3, "" }, /* 10 */
+ { 0x93, 0, 1, 4, "" }, /* 11 */
+ { 0xF2, 0, 1, 5, "" }, /* 12 */
+ { 0x2C, 0, 1, 6, "" }, /* 13 */
+ { 0x64, 0, 1, 7, "pilot" }, /* 14 */
+ { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
+ { 0x01, 17, 0, 9, "UID" }, /* 16 */
+ { 0x19, 0, 0, 9, "DC" }, /* 17 */
+ {0x55, 67, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 39, 1, 1, "X.509" }, /* 19 */
+ { 0x03, 21, 0, 2, "CN" }, /* 20 */
+ { 0x04, 22, 0, 2, "S" }, /* 21 */
+ { 0x05, 23, 0, 2, "SN" }, /* 22 */
+ { 0x06, 24, 0, 2, "C" }, /* 23 */
+ { 0x07, 25, 0, 2, "L" }, /* 24 */
+ { 0x08, 26, 0, 2, "ST" }, /* 25 */
+ { 0x0A, 27, 0, 2, "O" }, /* 26 */
+ { 0x0B, 28, 0, 2, "OU" }, /* 27 */
+ { 0x0C, 29, 0, 2, "T" }, /* 28 */
+ { 0x0D, 30, 0, 2, "D" }, /* 29 */
+ { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */
+ { 0x29, 32, 0, 2, "N" }, /* 31 */
+ { 0x2A, 33, 0, 2, "G" }, /* 32 */
+ { 0x2B, 34, 0, 2, "I" }, /* 33 */
+ { 0x2D, 35, 0, 2, "ID" }, /* 34 */
+ { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */
+ { 0x36, 37, 0, 2, "dmdName" }, /* 36 */
+ { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */
+ { 0x48, 0, 0, 2, "role" }, /* 38 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */
+ { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */
+ { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */
+ { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */
+ { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */
+ { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */
+ { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */
+ { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */
+ { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */
+ { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */
+ { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */
+ { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */
+ { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */
+ { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */
+ { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */
+ { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */
+ { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */
+ { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */
+ { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */
+ { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */
+ { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */
+ { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */
+ { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */
+ { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */
+ { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */
+ { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */
+ { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */
+ {0x2A, 191, 1, 0, "" }, /* 67 */
+ { 0x83, 80, 1, 1, "" }, /* 68 */
+ { 0x08, 0, 1, 2, "jp" }, /* 69 */
+ { 0x8C, 0, 1, 3, "" }, /* 70 */
+ { 0x9A, 0, 1, 4, "" }, /* 71 */
+ { 0x4B, 0, 1, 5, "" }, /* 72 */
+ { 0x3D, 0, 1, 6, "" }, /* 73 */
+ { 0x01, 0, 1, 7, "security" }, /* 74 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 75 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */
+ { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */
+ { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */
+ { 0x86, 0, 1, 1, "" }, /* 80 */
+ { 0x48, 0, 1, 2, "us" }, /* 81 */
+ { 0x86, 150, 1, 3, "" }, /* 82 */
+ { 0xF6, 88, 1, 4, "" }, /* 83 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 85 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */
+ { 0xF7, 0, 1, 4, "" }, /* 88 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */
+ { 0x01, 145, 1, 6, "PKCS" }, /* 90 */
+ { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */
+ { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */
+ { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */
+ { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */
+ { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */
+ { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */
+ { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */
+ { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */
+ { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */
+ { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */
+ { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */
+ { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */
+ { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */
+ { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */
+ { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */
+ { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */
+ { 0x01, 110, 0, 8, "data" }, /* 109 */
+ { 0x02, 111, 0, 8, "signedData" }, /* 110 */
+ { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */
+ { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */
+ { 0x05, 114, 0, 8, "digestedData" }, /* 113 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */
+ { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */
+ { 0x01, 117, 0, 8, "E" }, /* 116 */
+ { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */
+ { 0x03, 119, 0, 8, "contentType" }, /* 118 */
+ { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */
+ { 0x05, 121, 0, 8, "signingTime" }, /* 120 */
+ { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */
+ { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */
+ { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */
+ { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */
+ { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 126 */
+ { 0x01, 128, 0, 9, "X.509" }, /* 127 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 128 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */
+ { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */
+ { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */
+ { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */
+ { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC" }, /* 133 */
+ { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC" }, /* 134 */
+ { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 138 */
+ { 0x01, 140, 0, 10, "keyBag" }, /* 139 */
+ { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */
+ { 0x03, 142, 0, 10, "certBag" }, /* 141 */
+ { 0x04, 143, 0, 10, "crlBag" }, /* 142 */
+ { 0x05, 144, 0, 10, "secretBag" }, /* 143 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */
+ { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */
+ { 0x02, 147, 0, 7, "md2" }, /* 146 */
+ { 0x05, 0, 0, 7, "md5" }, /* 147 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */
+ { 0xCE, 0, 1, 3, "" }, /* 150 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */
+ { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */
+ { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */
+ { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */
+ { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */
+ { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */
+ { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */
+ { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */
+ { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */
+ { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */
+ { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */
+ { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */
+ { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */
+ { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */
+ { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */
+ { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */
+ { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */
+ { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */
+ { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */
+ { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */
+ { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */
+ { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */
+ { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */
+ { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */
+ { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */
+ { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */
+ { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */
+ { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */
+ { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */
+ { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */
+ { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */
+ { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */
+ { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */
+ {0x2B, 418, 1, 0, "" }, /* 191 */
+ { 0x06, 332, 1, 1, "dod" }, /* 192 */
+ { 0x01, 0, 1, 2, "internet" }, /* 193 */
+ { 0x04, 283, 1, 3, "private" }, /* 194 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 195 */
+ { 0x82, 233, 1, 5, "" }, /* 196 */
+ { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */
+ { 0x0A, 202, 1, 7, "" }, /* 198 */
+ { 0x03, 0, 1, 8, "" }, /* 199 */
+ { 0x03, 201, 0, 9, "msSGC" }, /* 200 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */
+ { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */
+ { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 205 */
+ { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */
+ { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */
+ { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */
+ { 0xA0, 0, 1, 6, "" }, /* 209 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 210 */
+ { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */
+ { 0x02, 213, 0, 8, "cps" }, /* 212 */
+ { 0x03, 214, 0, 8, "e-voting" }, /* 213 */
+ { 0x05, 0, 1, 8, "BLISS" }, /* 214 */
+ { 0x01, 217, 1, 9, "keyType" }, /* 215 */
+ { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */
+ { 0x02, 226, 1, 9, "parameters" }, /* 217 */
+ { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */
+ { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */
+ { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */
+ { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */
+ { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */
+ { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */
+ { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */
+ { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */
+ { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */
+ { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */
+ { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */
+ { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */
+ { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */
+ { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */
+ { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */
+ { 0x89, 240, 1, 5, "" }, /* 233 */
+ { 0x31, 0, 1, 6, "" }, /* 234 */
+ { 0x01, 0, 1, 7, "" }, /* 235 */
+ { 0x01, 0, 1, 8, "" }, /* 236 */
+ { 0x02, 0, 1, 9, "" }, /* 237 */
+ { 0x02, 0, 1, 10, "" }, /* 238 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */
+ { 0x97, 244, 1, 5, "" }, /* 240 */
+ { 0x55, 0, 1, 6, "" }, /* 241 */
+ { 0x01, 0, 1, 7, "" }, /* 242 */
+ { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */
+ { 0xC1, 0, 1, 5, "" }, /* 244 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */
+ { 0x01, 0, 1, 7, "eess" }, /* 246 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 247 */
+ { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */
+ { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */
+ { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */
+ { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */
+ { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */
+ { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */
+ { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */
+ { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */
+ { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */
+ { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */
+ { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */
+ { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */
+ { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */
+ { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */
+ { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */
+ { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */
+ { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */
+ { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */
+ { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */
+ { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */
+ { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */
+ { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */
+ { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */
+ { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */
+ { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */
+ { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */
+ { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */
+ { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */
+ { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */
+ { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */
+ { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */
+ { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */
+ { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */
+ { 0x05, 0, 1, 3, "security" }, /* 283 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */
+ { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */
+ { 0x01, 290, 1, 6, "id-pe" }, /* 286 */
+ { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */
+ { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */
+ { 0x02, 293, 1, 6, "id-qt" }, /* 290 */
+ { 0x01, 292, 0, 7, "cps" }, /* 291 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 292 */
+ { 0x03, 303, 1, 6, "id-kp" }, /* 293 */
+ { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */
+ { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */
+ { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */
+ { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */
+ { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */
+ { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */
+ { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */
+ { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */
+ { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */
+ { 0x01, 305, 0, 7, "personalData" }, /* 304 */
+ { 0x02, 306, 0, 7, "userGroup" }, /* 305 */
+ { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */
+ { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */
+ { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */
+ { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */
+ { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */
+ { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */
+ { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */
+ { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */
+ { 0x04, 0, 0, 7, "group" }, /* 315 */
+ { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 317 */
+ { 0x01, 326, 1, 7, "ocsp" }, /* 318 */
+ { 0x01, 320, 0, 8, "basic" }, /* 319 */
+ { 0x02, 321, 0, 8, "nonce" }, /* 320 */
+ { 0x03, 322, 0, 8, "crl" }, /* 321 */
+ { 0x04, 323, 0, 8, "response" }, /* 322 */
+ { 0x05, 324, 0, 8, "noCheck" }, /* 323 */
+ { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */
+ { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */
+ { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 328 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 329 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 330 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */
+ { 0x0E, 338, 1, 1, "oiw" }, /* 332 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 333 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 334 */
+ { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */
+ { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */
+ { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 339 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */
+ { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */
+ { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */
+ { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 345 */
+ { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */
+ { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */
+ { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */
+ { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */
+ { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */
+ { 0x01, 355, 1, 6, "fieldType" }, /* 351 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 353 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */
+ { 0x02, 357, 1, 6, "keyType" }, /* 355 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */
+ { 0x03, 358, 0, 6, "curve" }, /* 357 */
+ { 0x04, 365, 1, 6, "signatures" }, /* 358 */
+ { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */
+ { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */
+ { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */
+ { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */
+ { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */
+ { 0x05, 0, 1, 6, "module" }, /* 365 */
+ { 0x01, 0, 0, 7, "1" }, /* 366 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 369 */
+ { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */
+ { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */
+ { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */
+ { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */
+ { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */
+ { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */
+ { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */
+ { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */
+ { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */
+ { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */
+ { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */
+ { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */
+ { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */
+ { 0x81, 0, 1, 1, "" }, /* 384 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 385 */
+ { 0x00, 0, 1, 3, "curve" }, /* 386 */
+ { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */
+ { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */
+ { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */
+ { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */
+ { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */
+ { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */
+ { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */
+ { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */
+ { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */
+ { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */
+ { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */
+ { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */
+ { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */
+ { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */
+ { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */
+ { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */
+ { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */
+ { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */
+ { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */
+ { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */
+ { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */
+ { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */
+ { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */
+ { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */
+ { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */
+ { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */
+ { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */
+ { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */
+ { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */
+ { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */
+ {0x60, 481, 1, 0, "" }, /* 418 */
+ { 0x86, 0, 1, 1, "" }, /* 419 */
+ { 0x48, 0, 1, 2, "" }, /* 420 */
+ { 0x01, 0, 1, 3, "organization" }, /* 421 */
+ { 0x65, 457, 1, 4, "gov" }, /* 422 */
+ { 0x03, 0, 1, 5, "csor" }, /* 423 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */
+ { 0x01, 435, 1, 7, "aes" }, /* 425 */
+ { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */
+ { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */
+ { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */
+ { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */
+ { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */
+ { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */
+ { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */
+ { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */
+ { 0x02, 448, 1, 7, "hashAlgs" }, /* 435 */
+ { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */
+ { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */
+ { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */
+ { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */
+ { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */
+ { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */
+ { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */
+ { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */
+ { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */
+ { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */
+ { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */
+ { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */
+ { 0x03, 0, 1, 7, "sigAlgs" }, /* 448 */
+ { 0x09, 450, 0, 8, "id-ecdsa-with-sha3-224" }, /* 449 */
+ { 0x0A, 451, 0, 8, "id-ecdsa-with-sha3-256" }, /* 450 */
+ { 0x0B, 452, 0, 8, "id-ecdsa-with-sha3-384" }, /* 451 */
+ { 0x0C, 453, 0, 8, "id-ecdsa-with-sha3-512" }, /* 452 */
+ { 0x0D, 454, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 453 */
+ { 0x0E, 455, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 454 */
+ { 0x0F, 456, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 455 */
+ { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 456 */
+ { 0x86, 0, 1, 4, "" }, /* 457 */
+ { 0xf8, 0, 1, 5, "" }, /* 458 */
+ { 0x42, 471, 1, 6, "netscape" }, /* 459 */
+ { 0x01, 466, 1, 7, "" }, /* 460 */
+ { 0x01, 462, 0, 8, "nsCertType" }, /* 461 */
+ { 0x03, 463, 0, 8, "nsRevocationUrl" }, /* 462 */
+ { 0x04, 464, 0, 8, "nsCaRevocationUrl" }, /* 463 */
+ { 0x08, 465, 0, 8, "nsCaPolicyUrl" }, /* 464 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 465 */
+ { 0x03, 469, 1, 7, "directory" }, /* 466 */
+ { 0x01, 0, 1, 8, "" }, /* 467 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 468 */
+ { 0x04, 0, 1, 7, "policy" }, /* 469 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 470 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 471 */
+ { 0x01, 0, 1, 7, "pki" }, /* 472 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 473 */
+ { 0x02, 475, 0, 9, "messageType" }, /* 474 */
+ { 0x03, 476, 0, 9, "pkiStatus" }, /* 475 */
+ { 0x04, 477, 0, 9, "failInfo" }, /* 476 */
+ { 0x05, 478, 0, 9, "senderNonce" }, /* 477 */
+ { 0x06, 479, 0, 9, "recipientNonce" }, /* 478 */
+ { 0x07, 480, 0, 9, "transID" }, /* 479 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 480 */
+ {0x67, 0, 1, 0, "" }, /* 481 */
+ { 0x81, 0, 1, 1, "" }, /* 482 */
+ { 0x05, 0, 1, 2, "" }, /* 483 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 484 */
+ { 0x01, 486, 0, 4, "tcg-at-tpmManufacturer" }, /* 485 */
+ { 0x02, 487, 0, 4, "tcg-at-tpmModel" }, /* 486 */
+ { 0x03, 488, 0, 4, "tcg-at-tpmVersion" }, /* 487 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 488 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 042f108dd..bca299923 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -240,22 +240,30 @@ extern const oid_t oid_names[];
#define OID_SHA3_256 443
#define OID_SHA3_384 444
#define OID_SHA3_512 445
-#define OID_NS_REVOCATION_URL 453
-#define OID_NS_CA_REVOCATION_URL 454
-#define OID_NS_CA_POLICY_URL 455
-#define OID_NS_COMMENT 456
-#define OID_EMPLOYEE_NUMBER 459
-#define OID_PKI_MESSAGE_TYPE 465
-#define OID_PKI_STATUS 466
-#define OID_PKI_FAIL_INFO 467
-#define OID_PKI_SENDER_NONCE 468
-#define OID_PKI_RECIPIENT_NONCE 469
-#define OID_PKI_TRANS_ID 470
-#define OID_TPM_MANUFACTURER 476
-#define OID_TPM_MODEL 477
-#define OID_TPM_VERSION 478
-#define OID_TPM_ID_LABEL 479
+#define OID_ECDSA_WITH_SHA3_224 449
+#define OID_ECDSA_WITH_SHA3_256 450
+#define OID_ECDSA_WITH_SHA3_384 451
+#define OID_ECDSA_WITH_SHA3_512 452
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 453
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 454
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 455
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 456
+#define OID_NS_REVOCATION_URL 462
+#define OID_NS_CA_REVOCATION_URL 463
+#define OID_NS_CA_POLICY_URL 464
+#define OID_NS_COMMENT 465
+#define OID_EMPLOYEE_NUMBER 468
+#define OID_PKI_MESSAGE_TYPE 474
+#define OID_PKI_STATUS 475
+#define OID_PKI_FAIL_INFO 476
+#define OID_PKI_SENDER_NONCE 477
+#define OID_PKI_RECIPIENT_NONCE 478
+#define OID_PKI_TRANS_ID 479
+#define OID_TPM_MANUFACTURER 485
+#define OID_TPM_MODEL 486
+#define OID_TPM_VERSION 487
+#define OID_TPM_ID_LABEL 488
-#define OID_MAX 480
+#define OID_MAX 489
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index eeeb234c7..761a38ab6 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -433,7 +433,7 @@
0x2A "id-aes256-CBC" OID_AES256_CBC
0x2E "id-aes256-GCM" OID_AES256_GCM
0x2F "id-aes256-CCM" OID_AES256_CCM
- 0x02 "hashalgs"
+ 0x02 "hashAlgs"
0x01 "id-sha256" OID_SHA256
0x02 "id-sha384" OID_SHA384
0x03 "id-sha512" OID_SHA512
@@ -446,6 +446,15 @@
0x0A "id-sha3-512" OID_SHA3_512
0x0B "id-shake128"
0x0C "id-shake256"
+ 0x03 "sigAlgs"
+ 0x09 "id-ecdsa-with-sha3-224" OID_ECDSA_WITH_SHA3_224
+ 0x0A "id-ecdsa-with-sha3-256" OID_ECDSA_WITH_SHA3_256
+ 0x0B "id-ecdsa-with-sha3-384" OID_ECDSA_WITH_SHA3_384
+ 0x0C "id-ecdsa-with-sha3-512" OID_ECDSA_WITH_SHA3_512
+ 0x0D "id-rsassa-pkcs1v15-with-sha3-224" OID_RSASSA_PKCS1V15_WITH_SHA3_224
+ 0x0E "id-rsassa-pkcs1v15-with-sha3-256" OID_RSASSA_PKCS1V15_WITH_SHA3_256
+ 0x0F "id-rsassa-pkcs1v15-with-sha3-384" OID_RSASSA_PKCS1V15_WITH_SHA3_384
+ 0x10 "id-rsassa-pkcs1v15-with-sha3-512" OID_RSASSA_PKCS1V15_WITH_SHA3_512
0x86 ""
0xf8 ""
0x42 "netscape"
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 956ce08c9..3ec9491ed 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,7 +1,8 @@
/*
* Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
} schemes[] = {
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
- { "sha224", SIGN_RSA_EMSA_PKCS1_SHA224, KEY_RSA, },
- { "sha256", SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, },
- { "sha384", SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, },
- { "sha512", SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, },
+ { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
+ { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
+ { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
+ { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index d6f211a34..03f93b1d3 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"RSA_EMSA_PKCS1_SHA1",
- "RSA_EMSA_PKCS1_SHA224",
- "RSA_EMSA_PKCS1_SHA256",
- "RSA_EMSA_PKCS1_SHA384",
- "RSA_EMSA_PKCS1_SHA512",
+ "RSA_EMSA_PKCS1_SHA2_224",
+ "RSA_EMSA_PKCS1_SHA2_256",
+ "RSA_EMSA_PKCS1_SHA2_384",
+ "RSA_EMSA_PKCS1_SHA2_512",
+ "RSA_EMSA_PKCS1_SHA3_224",
+ "RSA_EMSA_PKCS1_SHA3_256",
+ "RSA_EMSA_PKCS1_SHA3_384",
+ "RSA_EMSA_PKCS1_SHA3_512",
"ECDSA_WITH_SHA1_DER",
"ECDSA_WITH_SHA256_DER",
"ECDSA_WITH_SHA384_DER",
@@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid)
return SIGN_RSA_EMSA_PKCS1_SHA1;
case OID_SHA224_WITH_RSA:
case OID_SHA224:
- return SIGN_RSA_EMSA_PKCS1_SHA224;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_224;
case OID_SHA256_WITH_RSA:
case OID_SHA256:
- return SIGN_RSA_EMSA_PKCS1_SHA256;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_256;
case OID_SHA384_WITH_RSA:
case OID_SHA384:
- return SIGN_RSA_EMSA_PKCS1_SHA384;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_384;
case OID_SHA512_WITH_RSA:
case OID_SHA512:
- return SIGN_RSA_EMSA_PKCS1_SHA512;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_512;
case OID_ECDSA_WITH_SHA1:
case OID_EC_PUBLICKEY:
return SIGN_ECDSA_WITH_SHA1_DER;
@@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_MD5_WITH_RSA;
case SIGN_RSA_EMSA_PKCS1_SHA1:
return OID_SHA1_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return OID_SHA224_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return OID_SHA256_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return OID_SHA384_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return OID_SHA512_WITH_RSA;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
case SIGN_ECDSA_WITH_SHA1_DER:
return OID_ECDSA_WITH_SHA1;
case SIGN_ECDSA_WITH_SHA256_DER:
@@ -216,9 +236,9 @@ static struct {
key_type_t type;
int max_keysize;
} scheme_map[] = {
- { SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, 3072 },
- { SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, 7680 },
- { SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, 0 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
@@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_NULL:
case SIGN_RSA_EMSA_PKCS1_MD5:
case SIGN_RSA_EMSA_PKCS1_SHA1:
- case SIGN_RSA_EMSA_PKCS1_SHA224:
- case SIGN_RSA_EMSA_PKCS1_SHA256:
- case SIGN_RSA_EMSA_PKCS1_SHA384:
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
return KEY_RSA;
case SIGN_ECDSA_WITH_SHA1_DER:
case SIGN_ECDSA_WITH_SHA256_DER:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ce48f9b7e..236128234 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -70,14 +70,22 @@ enum signature_scheme_t {
SIGN_RSA_EMSA_PKCS1_MD5,
/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
SIGN_RSA_EMSA_PKCS1_SHA1,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
- SIGN_RSA_EMSA_PKCS1_SHA224,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
- SIGN_RSA_EMSA_PKCS1_SHA256,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
- SIGN_RSA_EMSA_PKCS1_SHA384,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
- SIGN_RSA_EMSA_PKCS1_SHA512,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_224,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_224,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_256,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_384,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_512,
/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
SIGN_ECDSA_WITH_SHA1_DER,
/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index c6b8d0c7e..8393d5b18 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -108,7 +108,7 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
}
*value = cert;
enumerator->auth->replace(enumerator->auth, enumerator->inner,
- *rule, cert->get_ref(cert));
+ *rule, cert);
return TRUE;
}
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 988e709ad..0f8bff23f 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2010-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperwsil
+ * Copyright (C) 2010-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperwsil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -223,6 +224,7 @@ METHOD(mem_cred_t, add_crl, bool,
{
if (current->get_type(current) == CERT_X509_CRL)
{
+ chunk_t base;
bool found = FALSE;
crl_t *crl_c = (crl_t*)current;
chunk_t authkey = crl->get_authKeyIdentifier(crl);
@@ -246,17 +248,37 @@ METHOD(mem_cred_t, add_crl, bool,
}
if (found)
{
- new = crl_is_newer(crl, crl_c);
- if (new)
+ /* we keep at most one delta CRL for each base CRL */
+ if (crl->is_delta_crl(crl, &base))
{
- this->untrusted->remove_at(this->untrusted, enumerator);
- current->destroy(current);
+ if (!crl_c->is_delta_crl(crl_c, NULL))
+ {
+ if (chunk_equals(base, crl_c->get_serial(crl_c)))
+ { /* keep the added delta and the existing base CRL
+ * but check if this is the newest delta CRL for
+ * the same base */
+ continue;
+ }
+ }
}
- else
+ else if (crl_c->is_delta_crl(crl_c, &base))
+ {
+ if (chunk_equals(base, crl->get_serial(crl)))
+ { /* keep the existing delta and the added base CRL,
+ * but check if we don't store it already */
+ continue;
+ }
+ }
+ new = crl_is_newer(crl, crl_c);
+ if (!new)
{
cert->destroy(cert);
+ break;
}
- break;
+ /* we remove the existing older CRL but there might be other
+ * delta or base CRLs we can replace */
+ this->untrusted->remove_at(this->untrusted, enumerator);
+ current->destroy(current);
}
}
}
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 35dcf25ac..bab59a06f 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -1,7 +1,8 @@
/*
* Copyright (C) 2013-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -51,6 +52,7 @@ struct entry_t {
signer_constructor_t create_signer;
hasher_constructor_t create_hasher;
prf_constructor_t create_prf;
+ xof_constructor_t create_xof;
rng_constructor_t create_rng;
nonce_gen_constructor_t create_nonce_gen;
dh_constructor_t create_dh;
@@ -95,6 +97,11 @@ struct private_crypto_factory_t {
*/
linked_list_t *prfs;
+ /**
+ * registered xofs, as entry_t
+ */
+ linked_list_t *xofs;
+
/**
* registered rngs, as entry_t
*/
@@ -303,6 +310,38 @@ METHOD(crypto_factory_t, create_prf, prf_t*,
return prf;
}
+METHOD(crypto_factory_t, create_xof, xof_t*,
+ private_crypto_factory_t *this, ext_out_function_t algo)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ xof_t *xof = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->xofs->create_enumerator(this->xofs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->algo == algo)
+ {
+ if (this->test_on_create &&
+ !this->tester->test_xof(this->tester, algo,
+ entry->create_xof, NULL,
+ default_plugin_name))
+ {
+ continue;
+ }
+ xof = entry->create_xof(algo);
+ if (xof)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return xof;
+}
+
METHOD(crypto_factory_t, create_rng, rng_t*,
private_crypto_factory_t *this, rng_quality_t quality)
{
@@ -633,6 +672,43 @@ METHOD(crypto_factory_t, remove_prf, void,
this->lock->unlock(this->lock);
}
+METHOD(crypto_factory_t, add_xof, bool,
+ private_crypto_factory_t *this, ext_out_function_t algo,
+ const char *plugin_name, xof_constructor_t create)
+{
+ u_int speed = 0;
+
+ if (!this->test_on_add ||
+ this->tester->test_xof(this->tester, algo, create,
+ this->bench ? &speed : NULL, plugin_name))
+ {
+ add_entry(this, this->xofs, algo, plugin_name, speed, create);
+ return TRUE;
+ }
+ this->test_failures++;
+ return FALSE;
+}
+
+METHOD(crypto_factory_t, remove_xof, void,
+ private_crypto_factory_t *this, xof_constructor_t create)
+{
+ entry_t *entry;
+ enumerator_t *enumerator;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->xofs->create_enumerator(this->xofs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->create_xof == create)
+ {
+ this->xofs->remove_at(this->xofs, enumerator);
+ free(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
METHOD(crypto_factory_t, add_rng, bool,
private_crypto_factory_t *this, rng_quality_t quality,
const char *plugin_name, rng_constructor_t create)
@@ -845,6 +921,23 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
return create_enumerator(this, this->prfs, prf_filter);
}
+/**
+ * Filter function to enumerate algorithm, not entry
+ */
+static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo,
+ void *i2, const char **plugin_name)
+{
+ *algo = (*entry)->algo;
+ *plugin_name = (*entry)->plugin_name;
+ return TRUE;
+}
+
+METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
+{
+ return create_enumerator(this, this->xofs, xof_filter);
+}
+
/**
* Filter function to enumerate group, not entry
*/
@@ -909,6 +1002,8 @@ METHOD(crypto_factory_t, add_test_vector, void,
return this->tester->add_hasher_vector(this->tester, vector);
case PSEUDO_RANDOM_FUNCTION:
return this->tester->add_prf_vector(this->tester, vector);
+ case EXTENDED_OUTPUT_FUNCTION:
+ return this->tester->add_xof_vector(this->tester, vector);
case RANDOM_NUMBER_GENERATOR:
return this->tester->add_rng_vector(this->tester, vector);
case DIFFIE_HELLMAN_GROUP:
@@ -961,6 +1056,10 @@ METHOD(enumerator_t, verify_enumerate, bool,
*valid = this->tester->test_prf(this->tester, entry->algo,
entry->create_prf, NULL, entry->plugin_name);
break;
+ case EXTENDED_OUTPUT_FUNCTION:
+ *valid = this->tester->test_xof(this->tester, entry->algo,
+ entry->create_xof, NULL, entry->plugin_name);
+ break;
case RANDOM_NUMBER_GENERATOR:
*valid = this->tester->test_rng(this->tester, entry->algo,
entry->create_rng, NULL, entry->plugin_name);
@@ -1009,6 +1108,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*,
case PSEUDO_RANDOM_FUNCTION:
inner = this->prfs->create_enumerator(this->prfs);
break;
+ case EXTENDED_OUTPUT_FUNCTION:
+ inner = this->xofs->create_enumerator(this->xofs);
+ break;
case RANDOM_NUMBER_GENERATOR:
inner = this->rngs->create_enumerator(this->rngs);
break;
@@ -1040,6 +1142,7 @@ METHOD(crypto_factory_t, destroy, void,
this->signers->destroy(this->signers);
this->hashers->destroy(this->hashers);
this->prfs->destroy(this->prfs);
+ this->xofs->destroy(this->xofs);
this->rngs->destroy(this->rngs);
this->nonce_gens->destroy(this->nonce_gens);
this->dhs->destroy(this->dhs);
@@ -1062,6 +1165,7 @@ crypto_factory_t *crypto_factory_create()
.create_signer = _create_signer,
.create_hasher = _create_hasher,
.create_prf = _create_prf,
+ .create_xof = _create_xof,
.create_rng = _create_rng,
.create_nonce_gen = _create_nonce_gen,
.create_dh = _create_dh,
@@ -1075,6 +1179,8 @@ crypto_factory_t *crypto_factory_create()
.remove_hasher = _remove_hasher,
.add_prf = _add_prf,
.remove_prf = _remove_prf,
+ .add_xof = _add_xof,
+ .remove_xof = _remove_xof,
.add_rng = _add_rng,
.remove_rng = _remove_rng,
.add_nonce_gen = _add_nonce_gen,
@@ -1086,6 +1192,7 @@ crypto_factory_t *crypto_factory_create()
.create_signer_enumerator = _create_signer_enumerator,
.create_hasher_enumerator = _create_hasher_enumerator,
.create_prf_enumerator = _create_prf_enumerator,
+ .create_xof_enumerator = _create_xof_enumerator,
.create_dh_enumerator = _create_dh_enumerator,
.create_rng_enumerator = _create_rng_enumerator,
.create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
@@ -1098,6 +1205,7 @@ crypto_factory_t *crypto_factory_create()
.signers = linked_list_create(),
.hashers = linked_list_create(),
.prfs = linked_list_create(),
+ .xofs = linked_list_create(),
.rngs = linked_list_create(),
.nonce_gens = linked_list_create(),
.dhs = linked_list_create(),
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index e03915603..4f61ba1fc 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -31,6 +32,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <crypto/hashers/hasher.h>
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
+#include <crypto/xofs/xof.h>
#include <crypto/nonce_gen.h>
#include <crypto/diffie_hellman.h>
#include <crypto/transform.h>
@@ -62,6 +64,11 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo);
*/
typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo);
+/**
+ * Constructor function for pseudo random functions
+ */
+typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
+
/**
* Constructor function for source of randomness
*/
@@ -132,6 +139,14 @@ struct crypto_factory_t {
*/
prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo);
+ /**
+ * Create an extended output function instance.
+ *
+ * @param algo XOF algorithm to use
+ * @return xof_t instance, NULL if not supported
+ */
+ xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
+
/**
* Create a source of randomness.
*
@@ -252,6 +267,24 @@ struct crypto_factory_t {
*/
void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create);
+ /**
+ * Register an xof constructor.
+ *
+ * @param algo algorithm to constructor
+ * @param plugin_name plugin that registered this algorithm
+ * @param create constructor function for that algorithm
+ * @return TRUE if registered, FALSE if test vector failed
+ */
+ bool (*add_xof)(crypto_factory_t *this, ext_out_function_t algo,
+ const char *plugin_name, xof_constructor_t create);
+
+ /**
+ * Unregister an xof constructor.
+ *
+ * @param create constructor function to unregister
+ */
+ void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
+
/**
* Register a source of randomness.
*
@@ -341,6 +374,13 @@ struct crypto_factory_t {
*/
enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this);
+ /**
+ * Create an enumerator over all registered XOFs.
+ *
+ * @return enumerator over ext_out_function_t, plugin
+ */
+ enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
+
/**
* Create an enumerator over all registered diffie hellman groups.
*
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 5607d35b9..e86e7ae76 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -62,6 +62,11 @@ struct private_crypto_tester_t {
*/
linked_list_t *prf;
+ /**
+ * List of XOF test vectors
+ */
+ linked_list_t *xof;
+
/**
* List of RNG test vectors
*/
@@ -1034,6 +1039,146 @@ failure:
return !failed;
}
+/**
+ * Benchmark an XOF
+ */
+static u_int bench_xof(private_crypto_tester_t *this,
+ ext_out_function_t alg, xof_constructor_t create)
+{
+ xof_t *xof;
+
+ xof = create(alg);
+ if (xof)
+ {
+ char seed[xof->get_seed_size(xof)];
+ char bytes[xof->get_block_size(xof)];
+ struct timespec start;
+ u_int runs;
+
+ memset(seed, 0x56, xof->get_seed_size(xof));
+ if (!xof->set_seed(xof, chunk_create(seed, xof->get_seed_size(xof))))
+ {
+ xof->destroy(xof);
+ return 0;
+ }
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ if (xof->get_bytes(xof, xof->get_block_size(xof), bytes))
+ {
+ runs++;
+ }
+ }
+ xof->destroy(xof);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_xof, bool,
+ private_crypto_tester_t *this, ext_out_function_t alg,
+ xof_constructor_t create, u_int *speed, const char *plugin_name)
+{
+ enumerator_t *enumerator;
+ xof_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->xof->create_enumerator(this->xof);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ xof_t *xof;
+ chunk_t seed, out = chunk_empty;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ failed = TRUE;
+ xof = create(alg);
+ if (!xof)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
+ ext_out_function_names, alg, plugin_name);
+ break;
+ }
+
+ seed = chunk_create(vector->seed, vector->len);
+ if (!xof->set_seed(xof, seed))
+ {
+ goto failure;
+ }
+ /* allocated bytes */
+ if (!xof->allocate_bytes(xof, vector->out_len, &out))
+ {
+ goto failure;
+ }
+ if (out.len != vector->out_len)
+ {
+ goto failure;
+ }
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ goto failure;
+ }
+ /* bytes to existing buffer */
+ memset(out.ptr, 0, out.len);
+ if (!xof->set_seed(xof, seed))
+ {
+ goto failure;
+ }
+ if (!xof->get_bytes(xof, vector->out_len, out.ptr))
+ {
+ goto failure;
+ }
+ if (!memeq(vector->out, out.ptr, vector->out_len))
+ {
+ goto failure;
+ }
+ /* bytes to existing buffer, using append mode */
+ /* TODO */
+
+ failed = FALSE;
+failure:
+ xof->destroy(xof);
+ chunk_free(&out);
+ if (failed)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
+ ext_out_function_names, alg, plugin_name, get_name(vector));
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ ext_out_function_names, alg, plugin_name);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ if (speed)
+ {
+ *speed = bench_xof(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points",
+ ext_out_function_names, alg, plugin_name, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors",
+ ext_out_function_names, alg, plugin_name, tested);
+ }
+ }
+ return !failed;
+}
+
/**
* Benchmark a RNG
*/
@@ -1338,6 +1483,12 @@ METHOD(crypto_tester_t, add_prf_vector, void,
this->prf->insert_last(this->prf, vector);
}
+METHOD(crypto_tester_t, add_xof_vector, void,
+ private_crypto_tester_t *this, xof_test_vector_t *vector)
+{
+ this->xof->insert_last(this->xof, vector);
+}
+
METHOD(crypto_tester_t, add_rng_vector, void,
private_crypto_tester_t *this, rng_test_vector_t *vector)
{
@@ -1358,6 +1509,7 @@ METHOD(crypto_tester_t, destroy, void,
this->signer->destroy(this->signer);
this->hasher->destroy(this->hasher);
this->prf->destroy(this->prf);
+ this->xof->destroy(this->xof);
this->rng->destroy(this->rng);
this->dh->destroy(this->dh);
free(this);
@@ -1377,6 +1529,7 @@ crypto_tester_t *crypto_tester_create()
.test_signer = _test_signer,
.test_hasher = _test_hasher,
.test_prf = _test_prf,
+ .test_xof = _test_xof,
.test_rng = _test_rng,
.test_dh = _test_dh,
.add_crypter_vector = _add_crypter_vector,
@@ -1384,6 +1537,7 @@ crypto_tester_t *crypto_tester_create()
.add_signer_vector = _add_signer_vector,
.add_hasher_vector = _add_hasher_vector,
.add_prf_vector = _add_prf_vector,
+ .add_xof_vector = _add_xof_vector,
.add_rng_vector = _add_rng_vector,
.add_dh_vector = _add_dh_vector,
.destroy = _destroy,
@@ -1393,6 +1547,7 @@ crypto_tester_t *crypto_tester_create()
.signer = linked_list_create(),
.hasher = linked_list_create(),
.prf = linked_list_create(),
+ .xof = linked_list_create(),
.rng = linked_list_create(),
.dh = linked_list_create(),
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index 6cc9b0d57..34dfa9489 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -30,6 +30,7 @@ typedef struct aead_test_vector_t aead_test_vector_t;
typedef struct signer_test_vector_t signer_test_vector_t;
typedef struct hasher_test_vector_t hasher_test_vector_t;
typedef struct prf_test_vector_t prf_test_vector_t;
+typedef struct xof_test_vector_t xof_test_vector_t;
typedef struct rng_test_vector_t rng_test_vector_t;
typedef struct dh_test_vector_t dh_test_vector_t;
@@ -114,6 +115,19 @@ struct prf_test_vector_t {
u_char *out;
};
+struct xof_test_vector_t {
+ /** xof algorithm this test vector tests */
+ ext_out_function_t alg;
+ /** size of the seed data */
+ size_t len;
+ /** seed data */
+ u_char *seed;
+ /** size of the output */
+ size_t out_len;
+ /** expected output of size*/
+ u_char *out;
+};
+
/**
* Test vector for a RNG.
*
@@ -216,6 +230,17 @@ struct crypto_tester_t {
bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg,
prf_constructor_t create,
u_int *speed, const char *plugin_name);
+ /**
+ * Test an XOF algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the XOF
+ * @param speed speed test result, NULL to omit
+ * @return TRUE if test passed
+ */
+ bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg,
+ xof_constructor_t create,
+ u_int *speed, const char *plugin_name);
/**
* Test a RNG implementation.
*
@@ -274,6 +299,13 @@ struct crypto_tester_t {
*/
void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
+ /**
+ * Add a test vector to test an XOF.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
+
/**
* Add a test vector to test a RNG.
*
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 0d4cd9109..6dcb6cb33 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -49,7 +49,9 @@ ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
"NTRU_128",
"NTRU_192",
"NTRU_256");
-ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
+ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+ "NEWHOPE_128");
+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
"MODP_CUSTOM");
ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
@@ -554,6 +556,7 @@ bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value)
case NTRU_128_BIT:
case NTRU_192_BIT:
case NTRU_256_BIT:
+ case NH_128_BIT:
/* verification currently not supported, do in plugin */
valid = FALSE;
break;
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index abebd66ad..f457153c9 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -68,6 +68,7 @@ enum diffie_hellman_group_t {
NTRU_128_BIT = 1031,
NTRU_192_BIT = 1032,
NTRU_256_BIT = 1033,
+ NH_128_BIT = 1040,
/** internally used DH group with additional parameters g and p, outside
* of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
MODP_CUSTOM = 65536,
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index e220593d4..d136799d7 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
case OID_SHA512_WITH_RSA:
return HASH_SHA512;
case OID_SHA3_224:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
return HASH_SHA3_224;
case OID_SHA3_256:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
return HASH_SHA3_256;
case OID_SHA3_384:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
return HASH_SHA3_384;
case OID_SHA3_512:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
return HASH_SHA3_512;
default:
return HASH_UNKNOWN;
@@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
return OID_SHA384_WITH_RSA;
case HASH_SHA512:
return OID_SHA512_WITH_RSA;
+ case HASH_SHA3_224:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+ case HASH_SHA3_256:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+ case HASH_SHA3_384:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case HASH_SHA3_512:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
default:
return OID_UNKNOWN;
}
@@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_SHA1:
case SIGN_ECDSA_WITH_SHA1_DER:
return HASH_SHA1;
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return HASH_SHA224;
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
case SIGN_BLISS_WITH_SHA2_256:
return HASH_SHA256;
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
case SIGN_BLISS_WITH_SHA2_384:
return HASH_SHA384;
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
case SIGN_BLISS_WITH_SHA2_512:
return HASH_SHA512;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return HASH_SHA3_224;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
case SIGN_BLISS_WITH_SHA3_256:
return HASH_SHA3_256;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
case SIGN_BLISS_WITH_SHA3_384:
return HASH_SHA3_384;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
case SIGN_BLISS_WITH_SHA3_512:
return HASH_SHA3_512;
}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c
deleted file mode 100644
index 5116dfefa..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1.h"
-
-#include "crypto/hashers/hasher.h"
-#include "utils/debug.h"
-#include "utils/test.h"
-
-typedef struct private_mgf1_t private_mgf1_t;
-
-/**
- * Private data of an mgf1_t object.
- */
-struct private_mgf1_t {
-
- /**
- * Public mgf1_t interface.
- */
- mgf1_t public;
-
- /**
- * Hasher the MGF1 Mask Generation Function is based on
- */
- hasher_t *hasher;
-
- /**
- * Counter
- */
- uint32_t counter;
-
- /**
- * Set if counter has reached 2^32
- */
- bool overflow;
-
- /**
- * Current state to be hashed
- */
- chunk_t state;
-
- /**
- * Position of the 4 octet counter string
- */
- u_char *ctr_str;
-
-};
-
-METHOD(mgf1_t, get_hash_size, size_t,
- private_mgf1_t *this)
-{
- return this->hasher->get_hash_size(this->hasher);
-}
-
-METHOD(mgf1_t, get_mask, bool,
- private_mgf1_t *this, size_t mask_len, u_char *mask)
-{
- u_char buf[HASH_SIZE_SHA512];
- size_t hash_len;
-
- hash_len = this->hasher->get_hash_size(this->hasher);
-
- while (mask_len > 0)
- {
- /* detect overflow, set counter string and increment counter */
- if (this->overflow)
- {
- return FALSE;
- }
- htoun32(this->ctr_str, this->counter++);
- if (this->counter == 0)
- {
- this->overflow = TRUE;
- }
-
- /* get the next or final mask block from the hash function */
- if (!this->hasher->get_hash(this->hasher, this->state,
- (mask_len < hash_len) ? buf : mask))
- {
- return FALSE;
- }
- if (mask_len < hash_len)
- {
- memcpy(mask, buf, mask_len);
- return TRUE;
- }
- mask_len -= hash_len;
- mask += hash_len;
- }
- return TRUE;
-}
-
-METHOD(mgf1_t, allocate_mask, bool,
- private_mgf1_t *this, size_t mask_len, chunk_t *mask)
-{
- if (mask_len == 0)
- {
- *mask = chunk_empty;
- return TRUE;
- }
- *mask = chunk_alloc(mask_len);
-
- return get_mask(this, mask_len, mask->ptr);
-}
-
-METHOD(mgf1_t, destroy, void,
- private_mgf1_t *this)
-{
- this->hasher->destroy(this->hasher);
- chunk_clear(&this->state);
- free(this);
-}
-
-/*
- * Described in header.
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_t *this;
- hasher_t *hasher;
- size_t state_len;
-
- if (seed.len == 0)
- {
- DBG1(DBG_LIB, "empty seed for MGF1");
- return NULL;
- }
-
- hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (!hasher)
- {
- DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
- hash_algorithm_names, alg);
- return NULL;
- }
- state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
-
- INIT(this,
- .public = {
- .get_hash_size = _get_hash_size,
- .allocate_mask = _allocate_mask,
- .get_mask = _get_mask,
- .destroy = _destroy,
- },
- .hasher = hasher,
- .state = chunk_alloc(state_len),
- );
-
- /* determine position of the 4 octet counter string */
- this->ctr_str = this->state.ptr + state_len - 4;
-
- if (hash_seed)
- {
- if (!hasher->get_hash(hasher, seed, this->state.ptr))
- {
- DBG1(DBG_LIB, "failed to hash seed for MGF1");
- destroy(this);
- return NULL;
- }
- }
- else
- {
- memcpy(this->state.ptr, seed.ptr, seed.len);
- }
-
- return &this->public;
-}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.h b/src/libstrongswan/crypto/mgf1/mgf1.h
deleted file mode 100644
index 592d31596..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1 mgf1
- * @{ @ingroup crypto
- */
-
-#ifndef MGF1_H_
-#define MGF1_H_
-
-typedef struct mgf1_t mgf1_t;
-
-#include <library.h>
-
-/**
- * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
- * defined in section 10.2.1 of RFC 2437
- */
-struct mgf1_t {
-
- /**
- * Get the hash size of the underlying hash function
- *
- * @return hash size in bytes
- */
- size_t (*get_hash_size)(mgf1_t *this);
-
- /**
- * Generate a mask pattern and copy it to an output buffer
- * If the maximum number of requests has been reached, reseeding occurs
- *
- * @param mask_len number of mask bytes to generate
- * @param mask output buffer of minimum size mask_len
- * @return TRUE if successful
- */
- bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
-
- /**
- * Generate a mask pattern and return it in an allocated chunk
- *
- * @param mask_len number of mask bytes to generate
- * @param mask chunk containing generated mask
- * @return TRUE if successful
- */
- bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
-
- /**
- * Destroy the MGF1 object
- */
- void (*destroy)(mgf1_t *this);
-};
-
-/**
- * Create an MGF1 object
- *
- * @param alg hash algorithm to be used by MGF1
- * @param seed seed used by MGF1 to generate mask from
- * @param hash_seed hash seed before using it as a seed for MGF1
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
-
-#endif /** MGF1_H_ @}*/
-
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
deleted file mode 100644
index ef0a2bd01..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1_bitspender.h"
-
-#include <crypto/mgf1/mgf1.h>
-
-typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
-
-/**
- * Private data structure for mgf1_bitspender_t object
- */
-struct private_mgf1_bitspender_t {
- /**
- * Public interface.
- */
- mgf1_bitspender_t public;
-
- /**
- * MGF1 bit mask generator
- */
- mgf1_t *mgf1;
-
- /**
- * Octet storage (accommodates up to 64 octets)
- */
- uint8_t octets[HASH_SIZE_SHA512];
-
- /**
- * Length of the returned hash value in octets
- */
- int hash_len;
-
- /**
- * Number of generated octets
- */
- int octets_count;
-
- /**
- * Number of available octets
- */
- int octets_left;
-
- /**
- * Bit storage (accommodates up to 32 bits)
- */
- uint32_t bits;
-
- /**
- * Number of available bits
- */
- int bits_left;
-
- /**
- * Byte storage (accommodates up to 4 bytes)
- */
- uint8_t bytes[4];
-
- /**
- * Number of available bytes
- */
- int bytes_left;
-
-};
-
-METHOD(mgf1_bitspender_t, get_bits, bool,
- private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
-{
- int bits_now;
-
- *bits = 0x00000000;
-
- if (bits_needed == 0)
- {
- /* trivial */
- return TRUE;
- }
- if (bits_needed > 32)
- {
- /* too many bits requested */
- return FALSE;
- }
-
- while (bits_needed)
- {
- if (this->bits_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
- this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- this->bits = untoh32(this->octets + this->hash_len -
- this->octets_left);
- this->bits_left = 32;
- this->octets_left -= 4;
- }
- if (bits_needed > this->bits_left)
- {
- bits_now = this->bits_left;
- this->bits_left = 0;
- bits_needed -= bits_now;
- }
- else
- {
- bits_now = bits_needed;
- this->bits_left -= bits_needed;
- bits_needed = 0;
- }
- if (bits_now == 32)
- {
- *bits = this->bits;
- }
- else
- {
- *bits <<= bits_now;
- *bits |= this->bits >> this->bits_left;
- if (this->bits_left)
- {
- this->bits &= 0xffffffff >> (32 - this->bits_left);
- }
- }
- }
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, get_byte, bool,
- private_mgf1_bitspender_t *this, uint8_t *byte)
-{
- if (this->bytes_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4);
- this->bytes_left = 4;
- this->octets_left -= 4;
- }
- *byte = this->bytes[4 - this->bytes_left--];
-
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, destroy, void,
- private_mgf1_bitspender_t *this)
-{
- DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
- memwipe(this->octets, sizeof(this->octets));
- this->mgf1->destroy(this->mgf1);
- free(this);
-}
-
-/**
- * See header.
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_bitspender_t *this;
- mgf1_t *mgf1;
-
- mgf1 = mgf1_create(alg, seed, hash_seed);
- if (!mgf1)
- {
- return NULL;
- }
- DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
- hash_algorithm_short_names, alg, seed.len);
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .get_byte = _get_byte,
- .destroy = _destroy,
- },
- .mgf1 = mgf1,
- .hash_len = mgf1->get_hash_size(mgf1),
- );
-
- return &this->public;
-}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
deleted file mode 100644
index f7df8e834..000000000
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1_bitspender mgf1_bitspender
- * @{ @ingroup mgf1
- */
-
-#ifndef MGF1_BITSPENDER_H_
-#define MGF1_BITSPENDER_H_
-
-#include <library.h>
-#include <crypto/hashers/hasher.h>
-
-typedef struct mgf1_bitspender_t mgf1_bitspender_t;
-
-/**
- * Generates a given number of pseudo-random bits at a time using MGF1
- */
-struct mgf1_bitspender_t {
-
- /**
- * Get pseudo-random bits
- *
- * @param bits_needed Number of needed bits (1..32)
- * @param bits Pseudo-random bits
- * @result FALSE if internal MGF1 error occurred
- */
- bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
-
- /**
- * Get a pseudo-random byte
- *
- * @param byte Pseudo-random byte
- * @result FALSE if internal MGF1 error occurred
- */
- bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
-
- /**
- * Destroy mgf1_bitspender_t object
- */
- void (*destroy)(mgf1_bitspender_t *this);
-};
-
-/**
- * Create a mgf1_bitspender_t object
- *
- * @param alg Hash algorithm to be used with MGF1
- * @param seed Seed used to initialize MGF1
- * @param hash_seed Hash seed before using it as a seed for MFG1
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
-
-#endif /** MGF1_BITSPENDER_H_ @}*/
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 282d40e7b..cd4e5763c 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -154,7 +154,7 @@ METHOD(proposal_keywords_t, register_algname_parser, void,
private_proposal_keywords_t *this, proposal_algname_parser_t parser)
{
this->lock->write_lock(this->lock);
- this->tokens->insert_first(this->parsers, parser);
+ this->parsers->insert_first(this->parsers, parser);
this->lock->unlock(this->lock);
}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index ba4c895d7..b058ad288 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -59,12 +59,12 @@ struct proposal_token {
uint16_t keysize;
};
-#define TOTAL_KEYWORDS 140
+#define TOTAL_KEYWORDS 141
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 11
-#define MAX_HASH_VALUE 266
-/* maximum key range = 256, duplicates = 0 */
+#define MIN_HASH_VALUE 7
+#define MAX_HASH_VALUE 282
+/* maximum key range = 276, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned short asso_values[] =
{
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 71, 4,
- 20, 6, 48, 32, 10, 30, 5, 3, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 97, 267, 4, 8, 18,
- 56, 107, 107, 78, 10, 4, 267, 267, 3, 5,
- 7, 4, 30, 92, 104, 3, 32, 145, 267, 267,
- 3, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
- 267, 267, 267, 267, 267, 267, 267
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 75, 2,
+ 16, 16, 30, 26, 8, 35, 3, 1, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 29, 283, 10, 2, 16,
+ 46, 1, 23, 78, 4, 4, 283, 283, 1, 9,
+ 5, 2, 124, 117, 77, 106, 85, 27, 283, 283,
+ 1, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 283, 283
};
register int hval = len;
@@ -145,23 +145,20 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
{"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
{"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
{"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
{"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
{"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
{"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
{"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
{"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
@@ -171,14 +168,17 @@ static const struct proposal_token wordlist[] =
{"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
{"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
{"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
{"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
@@ -187,26 +187,32 @@ static const struct proposal_token wordlist[] =
{"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
{"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
{"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
{"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
{"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
{"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
@@ -215,106 +221,103 @@ static const struct proposal_token wordlist[] =
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
{"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0},
{"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
{"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
{"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
{"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
{"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
{"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
{"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
{
+ -1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, 1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 2, -1, -1, -1,
+ 3, 4, -1, 5, 6, 7, 8, -1, -1, -1,
+ -1, 9, -1, -1, 10, 11, -1, 12, -1, 13,
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+ 24, 25, 26, -1, 27, 28, 29, 30, 31, 32,
+ 33, 34, 35, 36, 37, 38, -1, 39, 40, 41,
+ 42, 43, 44, 45, 46, -1, 47, 48, -1, 49,
+ 50, 51, 52, 53, 54, -1, 55, 56, 57, 58,
+ 59, 60, 61, 62, 63, 64, -1, 65, -1, -1,
+ 66, 67, 68, 69, 70, 71, 72, 73, 74, 75,
+ 76, 77, 78, 79, -1, 80, 81, 82, 83, -1,
+ 84, 85, 86, 87, 88, 89, 90, 91, 92, 93,
+ 94, 95, 96, 97, 98, 99, 100, -1, 101, -1,
+ -1, -1, 102, -1, 103, 104, 105, 106, -1, 107,
+ -1, 108, 109, 110, 111, 112, 113, 114, -1, 115,
+ -1, 116, 117, -1, -1, 118, 119, 120, -1, 121,
+ -1, -1, 122, 123, 124, -1, 125, 126, 127, -1,
+ 128, 129, 130, -1, 131, 132, -1, -1, -1, -1,
+ -1, -1, 133, 134, -1, -1, -1, 135, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 136, -1,
+ -1, 137, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 0, -1, -1, 1, -1, -1, -1, -1, -1,
- -1, -1, -1, 2, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, 3,
- 4, -1, 5, -1, 6, 7, -1, 8, 9, -1,
- -1, -1, -1, -1, -1, 10, -1, 11, 12, 13,
- 14, -1, -1, -1, 15, -1, 16, 17, -1, 18,
- 19, 20, 21, 22, 23, 24, 25, 26, 27, -1,
- -1, -1, 28, 29, 30, -1, 31, -1, 32, 33,
- 34, -1, 35, 36, 37, 38, -1, 39, 40, 41,
- 42, -1, 43, 44, -1, -1, -1, -1, -1, 45,
- -1, 46, 47, 48, 49, 50, 51, 52, 53, 54,
- 55, 56, -1, 57, 58, 59, 60, 61, 62, 63,
- 64, 65, 66, 67, 68, 69, 70, 71, 72, 73,
- 74, 75, 76, 77, 78, 79, 80, 81, 82, 83,
- 84, -1, 85, 86, -1, 87, 88, 89, 90, 91,
- 92, -1, 93, 94, 95, 96, 97, 98, 99, 100,
- -1, -1, 101, 102, 103, -1, -1, 104, 105, 106,
- 107, 108, 109, -1, -1, 110, -1, 111, 112, 113,
- 114, -1, 115, 116, -1, 117, 118, 119, 120, 121,
- -1, -1, -1, -1, 122, 123, 124, -1, 125, -1,
- -1, -1, 126, 127, 128, -1, 129, 130, 131, -1,
- -1, 132, 133, -1, -1, -1, 134, -1, 135, 136,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 137, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, 138, -1, -1, 139
+ -1, -1, -1, -1, -1, -1, -1, 138, 139, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, 140
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 87602430d..3ac772962 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -167,5 +167,6 @@ ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0
ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0
ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0
ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0
+newhope128, DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index 7c6678b61..808cb996e 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -17,13 +17,15 @@
#include <crypto/hashers/hasher.h>
#include <crypto/rngs/rng.h>
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION,
"UNDEFINED_TRANSFORM_TYPE",
"HASH_ALGORITHM",
"RANDOM_NUMBER_GENERATOR",
"AEAD_ALGORITHM",
- "COMPRESSION_ALGORITHM");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
+ "COMPRESSION_ALGORITHM",
+ "EXTENDED OUTPUT FUNCTION");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
+ EXTENDED_OUTPUT_FUNCTION,
"ENCRYPTION_ALGORITHM",
"PSEUDO_RANDOM_FUNCTION",
"INTEGRITY_ALGORITHM",
@@ -60,6 +62,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
return diffie_hellman_group_names;
case EXTENDED_SEQUENCE_NUMBERS:
return extended_sequence_numbers_names;
+ case EXTENDED_OUTPUT_FUNCTION:
+ return ext_out_function_names;
case UNDEFINED_TRANSFORM_TYPE:
case COMPRESSION_ALGORITHM:
break;
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index 0cb84f0f5..e043e605c 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -34,6 +34,7 @@ enum transform_type_t {
RANDOM_NUMBER_GENERATOR = 243,
AEAD_ALGORITHM = 244,
COMPRESSION_ALGORITHM = 245,
+ EXTENDED_OUTPUT_FUNCTION = 246,
ENCRYPTION_ALGORITHM = 1,
PSEUDO_RANDOM_FUNCTION = 2,
INTEGRITY_ALGORITHM = 3,
diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h
new file mode 100644
index 000000000..5ad3a518a
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/mgf1.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1 mgf1
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+typedef struct mgf1_t mgf1_t;
+
+#include "xof.h"
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_t {
+
+ /**
+ * Generic xof_t interface for this Extended Output Function (XOF).
+ */
+ xof_t xof_interface;
+
+ /**
+ * Hash the seed before using it as a seed for MGF1
+ *
+ * @param yes TRUE if seed has to be hashed first
+ */
+ void (*set_hash_seed)(mgf1_t *this, bool yes);
+};
+
+#endif /** MGF1_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
new file mode 100644
index 000000000..1e9c2834b
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof.h"
+
+ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
+ "XOF_UNDEFINED",
+ "XOF_MGF1_SHA1",
+ "XOF_MGF1_SHA256",
+ "XOF_MGF1_SHA512",
+ "XOF_SHAKE128",
+ "XOF_SHAKE256",
+ "XOF_CHACHA20"
+);
+
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
new file mode 100644
index 000000000..8c9ae0131
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef XOF_H_
+#define XOF_H_
+
+typedef enum ext_out_function_t ext_out_function_t;
+typedef struct xof_t xof_t;
+
+#include <library.h>
+
+/**
+ * Extendable Output Functions.
+ */
+enum ext_out_function_t {
+ XOF_UNDEFINED,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA1,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA256,
+ /** RFC 2437 PKCS#1 */
+ XOF_MGF1_SHA512,
+ /** FIPS 202 */
+ XOF_SHAKE_128,
+ /** FIPS 202 */
+ XOF_SHAKE_256,
+ /** RFC 7539 ChaCha20 */
+ XOF_CHACHA20,
+};
+
+/**
+ * enum name for ext_out_function_t.
+ */
+extern enum_name_t *ext_out_function_names;
+
+/**
+ * Generic interface for Extended Output Function (XOF)
+ */
+struct xof_t {
+
+ /**
+ * Return the type of the Extended Output Function
+ *
+ * @return XOF type
+ */
+ ext_out_function_t (*get_type)(xof_t *this);
+
+ /**
+ * Generates pseudo random bytes and writes them in the buffer.
+ *
+ * @param out_len number of output bytes requested
+ * @param buffer pointer where the generated bytes will be written
+ * @return TRUE if bytes generated successfully
+ */
+ bool (*get_bytes)(xof_t *this, size_t out_len,
+ uint8_t *buffer) __attribute__((warn_unused_result));
+
+ /**
+ * Generates pseudo random bytes and allocate space for them.
+ *
+ * @param out_len number of output bytes requested
+ * @param chunk chunk which will hold generated bytes
+ * @return TRUE if bytes allocated and generated successfully
+ */
+ bool (*allocate_bytes)(xof_t *this, size_t out_len,
+ chunk_t *chunk) __attribute__((warn_unused_result));
+
+ /**
+ * Get the output block size
+ *
+ * @return block size in bytes
+ */
+ size_t (*get_block_size)(xof_t *this);
+
+ /**
+ * Get the recommended minimum seed size
+ *
+ * @return seed size in bytes
+ */
+ size_t (*get_seed_size)(xof_t *this);
+
+ /**
+ * Set the key for this xof_t object.
+ *
+ * @param sed seed to set
+ * @return TRUE if XOF initialized with seed successfully
+ */
+ bool (*set_seed)(xof_t *this,
+ chunk_t seed) __attribute__((warn_unused_result));
+
+ /**
+ * Destroys a xof object.
+ */
+ void (*destroy)(xof_t *this);
+};
+
+#endif /** XOF_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c
new file mode 100644
index 000000000..f18b806a3
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof_bitspender.h"
+#include "mgf1.h"
+
+typedef struct private_xof_bitspender_t private_xof_bitspender_t;
+
+/**
+ * Private data structure for xof_bitspender_t object
+ */
+struct private_xof_bitspender_t {
+ /**
+ * Public interface.
+ */
+ xof_bitspender_t public;
+
+ /**
+ * Extended Output Function (XOF)
+ */
+ xof_t *xof;
+
+ /**
+ * Length of the returned hash value in octets
+ */
+ int hash_len;
+
+ /**
+ * Bit storage (accommodates up to 32 bits)
+ */
+ uint32_t bits;
+
+ /**
+ * Number of available bits
+ */
+ int bits_left;
+
+ /**
+ * Byte storage (accommodates up to 4 bytes)
+ */
+ uint8_t bytes[4];
+
+ /**
+ * Number of available bytes
+ */
+ int bytes_left;
+
+ /**
+ * Number of octets spent
+ */
+ int octet_count;
+
+};
+
+static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
+{
+ if (!this->xof->get_bytes(this->xof, 4, buffer))
+ {
+ /* no block available */
+ return FALSE;
+ }
+ this->octet_count += 4;
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_bits, bool,
+ private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
+{
+ int bits_now;
+
+ *bits = 0x00000000;
+
+ if (bits_needed == 0)
+ {
+ /* trivial */
+ return TRUE;
+ }
+ if (bits_needed > 32)
+ {
+ /* too many bits requested */
+ return FALSE;
+ }
+
+ while (bits_needed)
+ {
+ if (this->bits_left == 0)
+ {
+ uint8_t buf[4];
+
+ if (!get_next_block(this, buf))
+ {
+ return FALSE;
+ }
+ this->bits = untoh32(buf);
+ this->bits_left = 32;
+ }
+ if (bits_needed > this->bits_left)
+ {
+ bits_now = this->bits_left;
+ this->bits_left = 0;
+ bits_needed -= bits_now;
+ }
+ else
+ {
+ bits_now = bits_needed;
+ this->bits_left -= bits_needed;
+ bits_needed = 0;
+ }
+ if (bits_now == 32)
+ {
+ *bits = this->bits;
+ }
+ else
+ {
+ *bits <<= bits_now;
+ *bits |= this->bits >> this->bits_left;
+ if (this->bits_left)
+ {
+ this->bits &= 0xffffffff >> (32 - this->bits_left);
+ }
+ }
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_byte, bool,
+ private_xof_bitspender_t *this, uint8_t *byte)
+{
+ if (this->bytes_left == 0)
+ {
+ if (!get_next_block(this, this->bytes))
+ {
+ return FALSE;
+ }
+ this->bytes_left = 4;
+ }
+ *byte = this->bytes[4 - this->bytes_left--];
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, destroy, void,
+ private_xof_bitspender_t *this)
+{
+ DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
+ this->xof->get_type(this->xof), this->octet_count);
+ memwipe(this->bytes, 4);
+ this->xof->destroy(this->xof);
+ free(this);
+}
+
+/**
+ * See header.
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed)
+{
+ private_xof_bitspender_t *this;
+ xof_t *xof;
+
+ xof = lib->crypto->create_xof(lib->crypto, alg);
+ if (!xof)
+ {
+ return NULL;
+ }
+
+ switch (alg)
+ {
+ case XOF_MGF1_SHA1:
+ case XOF_MGF1_SHA256:
+ case XOF_MGF1_SHA512:
+ {
+ mgf1_t *mgf1 = (mgf1_t*)xof;
+
+ mgf1->set_hash_seed(mgf1, hash_seed);
+ break;
+ }
+ default:
+ break;
+ }
+ if (!xof->set_seed(xof, seed))
+ {
+ xof->destroy(xof);
+ return NULL;
+ }
+ DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
+ alg, seed.len);
+
+ INIT(this,
+ .public = {
+ .get_bits = _get_bits,
+ .get_byte = _get_byte,
+ .destroy = _destroy,
+ },
+ .xof = xof,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h
new file mode 100644
index 000000000..f42207903
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof_bitspender xof_bitspender
+ * @{ @ingroup mgf1
+ */
+
+#ifndef XOF_BITSPENDER_H_
+#define XOF_BITSPENDER_H_
+
+#include "xof.h"
+
+#include <library.h>
+
+typedef struct xof_bitspender_t xof_bitspender_t;
+
+/**
+ * Generates a given number of pseudo-random bits at a time using an
+ * Extended Output Function (XOF)
+ */
+struct xof_bitspender_t {
+
+ /**
+ * Get pseudo-random bits
+ *
+ * @param bits_needed Number of needed bits (1..32)
+ * @param bits Pseudo-random bits
+ * @result FALSE if internal MGF1 error occurred
+ */
+ bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
+
+ /**
+ * Get a pseudo-random byte
+ *
+ * @param byte Pseudo-random byte
+ * @result FALSE if internal MGF1 error occurred
+ */
+ bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
+
+ /**
+ * Destroy xof_bitspender_t object
+ */
+ void (*destroy)(xof_bitspender_t *this);
+};
+
+/**
+ * Create a xof_bitspender_t object
+ *
+ * @param alg XOF to be used
+ * @param seed Seed used to initialize XOF
+ * @param hash_seed Hash seed before using it as a seed for MFG1
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed);
+
+#endif /** XOF_BITSPENDER_H_ @}*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index e130b93ee..4f79dcc5b 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -55,6 +55,13 @@ struct private_library_t {
*/
bool integrity_failed;
+#ifdef LEAK_DETECTIVE
+ /**
+ * Where to write leak detective output to
+ */
+ FILE *ld_out;
+#endif
+
/**
* Number of times we have been initialized
*/
@@ -95,32 +102,34 @@ library_t *lib = NULL;
/**
* Default leak report callback
*/
-static void report_leaks(void *user, int count, size_t bytes,
- backtrace_t *bt, bool detailed)
+CALLBACK(report_leaks, void,
+ private_library_t *this, int count, size_t bytes, backtrace_t *bt,
+ bool detailed)
{
- fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
+ fprintf(this->ld_out, "%zu bytes total, %d allocations, %zu bytes average:\n",
bytes, count, bytes / count);
- bt->log(bt, stderr, detailed);
+ bt->log(bt, this->ld_out, detailed);
}
/**
* Default leak report summary callback
*/
-static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
+CALLBACK(sum_leaks, void,
+ private_library_t *this, int count, size_t bytes, int whitelisted)
{
switch (count)
{
case 0:
- fprintf(stderr, "No leaks detected");
+ fprintf(this->ld_out, "No leaks detected");
break;
case 1:
- fprintf(stderr, "One leak detected");
+ fprintf(this->ld_out, "One leak detected");
break;
default:
- fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
+ fprintf(this->ld_out, "%d leaks detected, %zu bytes", count, bytes);
break;
}
- fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
+ fprintf(this->ld_out, ", %d suppressed by whitelist\n", whitelisted);
}
#endif /* LEAK_DETECTIVE */
@@ -172,6 +181,12 @@ void library_deinit()
lib->leak_detective->destroy(lib->leak_detective);
lib->leak_detective = NULL;
}
+#ifdef LEAK_DETECTIVE
+ if (this->ld_out && this->ld_out != stderr)
+ {
+ fclose(this->ld_out);
+ }
+#endif /* LEAK_DETECTIVE */
backtrace_deinit();
arrays_deinit();
@@ -301,11 +316,22 @@ bool library_init(char *settings, const char *namespace)
backtrace_init();
#ifdef LEAK_DETECTIVE
+ {
+ FILE *out = NULL;
+ char *log;
+
+ log = getenv("LEAK_DETECTIVE_LOG");
+ if (log)
+ {
+ out = fopen(log, "a");
+ }
+ this->ld_out = out ?: stderr;
+ }
lib->leak_detective = leak_detective_create();
if (lib->leak_detective)
{
lib->leak_detective->set_report_cb(lib->leak_detective,
- report_leaks, sum_leaks, NULL);
+ report_leaks, sum_leaks, this);
}
#endif /* LEAK_DETECTIVE */
diff --git a/src/libstrongswan/math/libnttfft/Makefile.am b/src/libstrongswan/math/libnttfft/Makefile.am
new file mode 100644
index 000000000..ec98abead
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/Makefile.am
@@ -0,0 +1,15 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
+AM_LDFLAGS = \
+ -no-undefined
+
+ipseclib_LTLIBRARIES = libnttfft.la
+
+libnttfft_la_SOURCES = \
+ ntt_fft_reduce.h ntt_fft.h ntt_fft.c \
+ ntt_fft_params.h ntt_fft_params.c
+
diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in
new file mode 100644
index 000000000..1a5621399
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/Makefile.in
@@ -0,0 +1,775 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/math/libnttfft
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(ipseclibdir)"
+LTLIBRARIES = $(ipseclib_LTLIBRARIES)
+libnttfft_la_LIBADD =
+am_libnttfft_la_OBJECTS = ntt_fft.lo ntt_fft_params.lo
+libnttfft_la_OBJECTS = $(am_libnttfft_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libnttfft_la_SOURCES)
+DIST_SOURCES = $(libnttfft_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
+AM_LDFLAGS = \
+ -no-undefined
+
+ipseclib_LTLIBRARIES = libnttfft.la
+libnttfft_la_SOURCES = \
+ ntt_fft_reduce.h ntt_fft.h ntt_fft.c \
+ ntt_fft_params.h ntt_fft_params.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \
+ }
+
+uninstall-ipseclibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \
+ done
+
+clean-ipseclibLTLIBRARIES:
+ -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES)
+ @list='$(ipseclib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libnttfft.la: $(libnttfft_la_OBJECTS) $(libnttfft_la_DEPENDENCIES) $(EXTRA_libnttfft_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libnttfft_la_OBJECTS) $(libnttfft_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft_params.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(ipseclibdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-ipseclibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-ipseclibLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-ipseclibLTLIBRARIES install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+ uninstall-ipseclibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft.c b/src/libstrongswan/math/libnttfft/ntt_fft.c
new file mode 100644
index 000000000..f83dbfc7e
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
+
+/**
+ * Described in header.
+ */
+void libnttfft_init(void)
+{
+ /* empty */
+}
+
+typedef struct private_ntt_fft_t private_ntt_fft_t;
+
+/**
+ * Private data structure for ntt_fft_t object
+ */
+struct private_ntt_fft_t {
+
+ /**
+ * Public interface.
+ */
+ ntt_fft_t public;
+
+ /**
+ * FFT parameter set used as constants
+ */
+ const ntt_fft_params_t *p;
+
+};
+
+METHOD(ntt_fft_t, get_size, uint16_t,
+ private_ntt_fft_t *this)
+{
+ return this->p->n;
+}
+
+METHOD(ntt_fft_t, get_modulus, uint16_t,
+ private_ntt_fft_t *this)
+{
+ return this->p->q;
+}
+
+/**
+ * Do an FFT butterfly operation
+ *
+ * x[i1] ---|+|------- x[i1]
+ * \/
+ * /\ w[iw]
+ * x[i2] ---|-|--|*|-- x[i2]
+ *
+ */
+static void butterfly(private_ntt_fft_t *this, uint32_t *x, int i1,int i2, int iw)
+{
+ uint32_t xp, xm;
+
+ xp = x[i1] + x[i2];
+ xm = x[i1] + (this->p->q - x[i2]);
+ if (xp >= this->p->q)
+ {
+ xp -= this->p->q;
+ }
+ x[i1] = xp;
+ x[i2] = ntt_fft_mreduce(xm * this->p->wr[iw], this->p);
+}
+
+/**
+ * Trivial butterfly operation of last FFT stage
+ */
+static void butterfly_last(private_ntt_fft_t *this, uint32_t *x, int i1)
+{
+ uint32_t xp, xm;
+ int i2 = i1 + 1;
+
+ xp = x[i1] + x[i2];
+ xm = x[i1] + (this->p->q - x[i2]);
+ if (xp >= this->p->q)
+ {
+ xp -= this->p->q;
+ }
+ if (xm >= this->p->q)
+ {
+ xm -= this->p->q;
+ }
+ x[i1] = xp;
+ x[i2] = xm;
+}
+
+METHOD(ntt_fft_t, transform, void,
+ private_ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse)
+{
+ int stage, i, j, k, m, n, s, t, iw, i_rev;
+ uint32_t tmp;
+
+ /* we are going to use the transform size n a lot */
+ n = this->p->n;
+ s = this->p->s;
+
+ if (!inverse)
+ {
+ /* apply linear phase needed for negative wrapped convolution */
+ for (i = 0; i < n; i++)
+ {
+ b[i] = ntt_fft_mreduce(a[i] * this->p->wf[s*i], this->p);
+ }
+ }
+ else if (a != b)
+ {
+ /* copy if input and output array are not the same */
+ for (i = 0; i < n; i++)
+ {
+ b[i] = a[i];
+ }
+ }
+
+ m = n;
+ k = 1;
+
+ for (stage = this->p->stages; stage > 0; stage--)
+ {
+ m >>= 1;
+ t = 0;
+
+ for (j = 0; j < k; j++)
+ {
+ if (stage == 1)
+ {
+ butterfly_last(this, b, t);
+ }
+ else
+ {
+ for (i = 0; i < m; i++)
+ {
+ iw = s * (inverse ? (n - i * k) : (i * k));
+ butterfly(this, b, t + i, t + i + m, iw);
+ }
+ }
+ t += 2*m;
+ }
+ k <<= 1;
+ }
+
+ /* Sort output in bit-reverse order */
+ for (i = 0; i < n; i++)
+ {
+ i_rev = this->p->rev[i];
+
+ if (i_rev > i)
+ {
+ tmp = b[i];
+ b[i] = b[i_rev];
+ b[i_rev] = tmp;
+ }
+ }
+
+ /**
+ * Compensate the linear phase needed for negative wrapped convolution
+ * and normalize the output array with 1/n mod q after the inverse FFT.
+ */
+ if (inverse)
+ {
+ for (i = 0; i < n; i++)
+ {
+ b[i] = ntt_fft_mreduce(b[i] * this->p->wi[i], this->p);
+ }
+ }
+}
+
+METHOD(ntt_fft_t, destroy, void,
+ private_ntt_fft_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header.
+ */
+ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params)
+{
+ private_ntt_fft_t *this;
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_modulus = _get_modulus,
+ .transform = _transform,
+ .destroy = _destroy,
+ },
+ .p = params,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft.h b/src/libstrongswan/math/libnttfft/ntt_fft.h
new file mode 100644
index 000000000..c05bb4e37
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntt_p libnttfft
+ *
+ * @defgroup ntt_fft ntt_fft
+ * @{ @ingroup ntt_p
+ */
+
+#ifndef NTT_FFT_H_
+#define NTT_FFT_H_
+
+#include "ntt_fft_params.h"
+
+#include <library.h>
+
+typedef struct ntt_fft_t ntt_fft_t;
+
+/**
+ * Implements a Number Theoretic Transform (NTT) via the FFT algorithm
+ */
+struct ntt_fft_t {
+
+ /**
+ * Get the size of the Number Theoretic Transform
+ *
+ * @result Transform size
+ */
+ uint16_t (*get_size)(ntt_fft_t *this);
+
+ /**
+ * Get the prime modulus of the Number Theoretic Transform
+ *
+ * @result Prime modulus
+ */
+ uint16_t (*get_modulus)(ntt_fft_t *this);
+
+ /**
+ * Compute the [inverse] NTT of a polynomial
+ *
+ * @param a Coefficient of input polynomial
+ * @param b Coefficient of output polynomial
+ * @param inverse TRUE if the inverse NTT has to be computed
+ */
+ void (*transform)(ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse);
+
+ /**
+ * Destroy ntt_fft_t object
+ */
+ void (*destroy)(ntt_fft_t *this);
+};
+
+/**
+ * Create a ntt_fft_t object for a given FFT parameter set
+ *
+ * @param params FFT parameters
+ */
+ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params);
+
+/**
+ * Dummy libnttfft initialization function needed for integrity test
+ */
+void libnttfft_init(void);
+
+
+#endif /** NTT_FFT_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.c b/src/libstrongswan/math/libnttfft/ntt_fft_params.c
new file mode 100644
index 000000000..4daac272a
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.c
@@ -0,0 +1,652 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntt_fft_params.h"
+
+/**
+ * FFT twiddle factors in Montgomery form for q = 12289 and n = 1024
+ */
+static const uint16_t wr_12289_1024[] = {
+ 4075, 3051, 2031, 1207, 9987, 10092, 2948, 9273, 11973, 9094,
+ 3202, 9430, 7377, 5092, 3728, 10626, 4536, 1062, 2882, 6039,
+ 975, 10908, 6065, 2249, 11889, 4978, 10431, 7270, 12138, 4890,
+ 6119, 4895, 6364, 4611, 4737, 10911, 6212, 9452, 8455, 8758,
+ 11316, 1479, 11026, 11847, 2920, 7901, 6190, 8374, 4789, 1170,
+ 8174, 7278, 241, 11809, 1058, 2686, 8724, 9650, 5868, 4885,
+ 5874, 5179, 7991, 10600, 3262, 81, 3969, 10146, 5594, 3748,
+ 11606, 3400, 6843, 3504, 11939, 7428, 7591, 3289, 1404, 7351,
+ 3818, 2747, 11713, 8643, 5681, 8011, 11580, 2126, 5862, 4591,
+ 3757, 12047, 431, 8830, 2555, 2305, 2344, 4255, 11871, 4096,
+
+ 4080, 3296, 1747, 11869, 3998, 11567, 1489, 11516, 11279, 11955,
+ 8212, 9140, 5456, 9275, 12071, 1607, 5009, 11950, 7967, 9424,
+ 7083, 2975, 10596, 3066, 2766, 355, 5106, 4414, 7373, 4896,
+ 6413, 7012, 11785, 12171, 6507, 11618, 3988, 11077, 2057, 2481,
+ 10968, 9005, 11130, 4654, 6844, 3553, 2051, 2187, 8851, 3584,
+ 3570, 2884, 6137, 5777, 426, 8585, 2839, 3932, 8333, 2780,
+ 1041, 1853, 4774, 435, 9026, 12159, 5919, 7384, 5435, 8246,
+ 10806, 1067, 3127, 5755, 11637, 4919, 7540, 790, 1843, 4284,
+ 1003, 12280, 11848, 2969, 10302, 949, 9634, 5084, 3336, 3707,
+ 9597, 3271, 522, 1000, 12133, 4645, 6403, 6522, 64, 3136,
+
+ 6196, 8668, 6906, 6591, 3445, 9048, 948, 9585, 2683, 8577,
+ 2447, 9302, 1105, 4989, 10970, 9103, 3643, 6461, 9364, 4143,
+ 6383, 5542, 1200, 9644, 5574, 2768, 453, 9908, 6221, 9893,
+ 5486, 10745, 10367, 4134, 5942, 8511, 11502, 10593, 2919, 7852,
+ 3789, 1326, 3529, 875, 6008, 11745, 10211, 8779, 56, 2744,
+ 11566, 1440, 9115, 4231, 10695, 7917, 6974, 9923, 6956, 9041,
+ 605, 5067, 2503, 12046, 382, 6429, 7796, 1045, 2049, 2089,
+ 4049, 1777, 1050, 2294, 1805, 2422, 8077, 2525, 835, 4048,
+ 1728, 10938, 7535, 545, 2127, 5911, 6992, 10805, 1018, 726,
+ 10996, 10377, 4624, 5374, 5257, 11813, 1254, 1, 49, 2401,
+
+ 7048, 1260, 295, 2166, 7822, 2319, 3030, 1002, 12231, 9447,
+ 8210, 9042, 654, 7468, 9551, 1017, 677, 8595, 3329, 3364,
+ 5079, 3091, 3991, 11224, 9260, 11336, 2459, 9890, 5339, 3542,
+ 1512, 354, 5057, 2013, 325, 3636, 6118, 4846, 3963, 9852,
+ 3477, 10616, 4046, 1630, 6136, 5728, 10314, 1537, 1579, 3637,
+ 6167, 7247, 11011, 11112, 3772, 493, 11868, 3949, 9166, 6730,
+ 10256, 10984, 9789, 390, 6821, 2426, 8273, 12129, 4449, 9088,
+ 2908, 7313, 1956, 9821, 1958, 9919, 6760, 11726, 9280, 27,
+ 1323, 3382, 5961, 9442, 7965, 9326, 2281, 1168, 8076, 2476,
+ 10723, 9289, 468, 10643, 5369, 5012, 12097, 2881, 5990, 10863,
+
+ 3860, 4805, 1954, 9723, 9445, 8112, 4240, 11136, 4948, 8961,
+ 8974, 9611, 3957, 9558, 1360, 5195, 8775, 12149, 5429, 7952,
+ 8689, 7935, 7856, 3985, 10930, 7143, 5915, 7188, 8120, 4632,
+ 5766, 12176, 6752, 11334, 2361, 5088, 3532, 1022, 922, 8311,
+ 1702, 9664, 6554, 1632, 6234, 10530, 12121, 4057, 2169, 7969,
+ 9522, 11885, 4782, 827, 3656, 7098, 3710, 9744, 10474, 9377,
+ 4780, 729, 11143, 5291, 1190, 9154, 6142, 6022, 142, 6958,
+ 9139, 5407, 6874, 5023, 347, 4714, 9784, 145, 7105, 4053,
+ 1973, 10654, 5908, 6845, 3602, 4452, 9235, 10111, 3879, 5736,
+ 10706, 8456, 8807, 1428, 8527, 12286, 12142, 5086, 3434, 8509,
+
+ 11404, 5791, 1112, 5332, 3199, 9283, 174, 8526, 12237, 9741,
+ 10327, 2174, 8214, 9238, 10258, 11082, 2302, 2197, 9341, 3016,
+ 316, 3195, 9087, 2859, 4912, 7197, 8561, 1663, 7753, 11227,
+ 9407, 6250, 11314, 1381, 6224, 10040, 400, 7311, 1858, 5019,
+ 151, 7399, 6170, 7394, 5925, 7678, 7552, 1378, 6077, 2837,
+ 3834, 3531, 973, 10810, 1263, 442, 9369, 4388, 6099, 3915,
+ 7500, 11119, 4115, 5011, 12048, 480, 11231, 9603, 3565, 2639,
+ 6421, 7404, 6415, 7110, 4298, 1689, 9027, 12208, 8320, 2143,
+ 6695, 8541, 683, 8889, 5446, 8785, 350, 4861, 4698, 9000,
+ 10885, 4938, 8471, 9542, 576, 3646, 6608, 4278, 709, 10163,
+
+ 6427, 7698, 8532, 242, 11858, 3459, 9734, 9984, 9945, 8034,
+ 418, 8193, 8209, 8993, 10542, 420, 8291, 722, 10800, 773,
+ 1010, 334, 4077, 3149, 6833, 3014, 218, 10682, 7280, 339,
+ 4322, 2865, 5206, 9314, 1693, 9223, 9523, 11934, 7183, 7875,
+ 4916, 7393, 5876, 5277, 504, 118, 5782, 671, 8301, 1212,
+ 10232, 9808, 1321, 3284, 1159, 7635, 5445, 8736, 10238, 10102,
+ 3438, 8705, 8719, 9405, 6152, 6512, 11863, 3704, 9450, 8357,
+ 3956, 9509, 11248, 10436, 7515, 11854, 3263, 130, 6370, 4905,
+ 6854, 4043, 1483, 11222, 9162, 6534, 652, 7370, 4749, 11499,
+ 10446, 8005, 11286, 9, 441, 9320, 1987, 11340, 2655, 7205,
+
+ 8953, 8582, 2692, 9018, 11767, 11289, 156, 7644, 5886, 5767,
+ 12225, 9153, 6093, 3621, 5383, 5698, 8844, 3241, 11341, 2704,
+ 9606, 3712, 9842, 2987, 11184, 7300, 1319, 3186, 8646, 5828,
+ 2925, 8146, 5906, 6747, 11089, 2645, 6715, 9521, 11836, 2381,
+ 6068, 2396, 6803, 1544, 1922, 8155, 6347, 3778, 787, 1696,
+ 9370, 4437, 8500, 10963, 8760, 11414, 6281, 544, 2078, 3510,
+ 12233, 9545, 723, 10849, 3174, 8058, 1594, 4372, 5315, 2366,
+ 5333, 3248, 11684, 7222, 9786, 243, 11907, 5860, 4493, 11244,
+ 10240, 10200, 8240, 10512, 11239, 9995, 10484, 9867, 4212, 9764,
+ 11454, 8241, 10561, 1351, 4754, 11744, 10162, 6378, 5297, 1484,
+
+ 11271, 11563, 1293, 1912, 7665, 6915, 7032, 476, 11035, 12288,
+ 12240, 9888, 5241, 11029, 11994, 10123, 4467, 9970, 9259, 11287,
+ 58, 2842, 4079, 3247, 11635, 4821, 2738, 11272, 11612, 3694,
+ 8960, 8925, 7210, 9198, 8298, 1065, 3029, 953, 9830, 2399,
+ 6950, 8747, 10777, 11935, 7232, 10276, 11964, 8653, 6171, 7443,
+ 8326, 2437, 8812, 1673, 8243, 10659, 6153, 6561, 1975, 10752,
+ 10710, 8652, 6122, 5042, 1278, 1177, 8517, 11796, 421, 8340,
+ 3123, 5559, 2033, 1305, 2500, 11899, 5468, 9863, 4016, 160,
+ 7840, 3201, 9381, 4976, 10333, 2468, 10331, 2370, 5529, 563,
+ 3009, 12262, 10966, 8907, 6328, 2847, 4324, 2963, 10008, 11121,
+
+ 4213, 9813, 1566, 3000, 11821, 1646, 6920, 7277, 192, 9408,
+ 6299, 1426, 8429, 7484, 10335, 2566, 2844, 4177, 8049, 1153,
+ 7341, 3328, 3315, 2678, 8332, 2731, 10929, 7094, 3514, 140,
+ 6860, 4337, 3600, 4354, 4433, 8304, 1359, 5146, 6374, 5101,
+ 4169, 7657, 6523, 113, 5537, 955, 9928, 7201, 8757, 11267,
+ 11367, 3978, 10587, 2625, 5735, 10657, 6055, 1759, 168, 8232,
+ 10120, 4320, 2767, 404, 7507, 11462, 8633, 5191, 8579, 2545,
+ 1815, 2912, 7509, 11560, 1146, 6998, 11099, 3135, 6147, 6267,
+ 12147, 5331, 3150, 6882, 5415, 7266, 11942, 7575, 2505, 12144,
+ 5184, 8236, 10316, 1635, 6381, 5444, 8687, 7837, 3054, 2178,
+
+ 8410, 6553, 1583, 3833, 3482, 10861, 3762, 3, 147, 7203,
+ 8855, 3780, 885, 6498, 11177, 6957, 9090, 3006, 12115, 3763,
+ 52, 2548, 1962, 10115, 4075
+};
+
+/**
+ * FFT phase shift in forward transform for q = 12289 and n = 1024
+ */
+static const uint16_t wf_12289_1024[] = {
+ 3186, 10013, 8646, 11366, 5828, 3929, 2925, 8186, 8146, 7866,
+ 5906, 4475, 6747, 10362, 11089, 3889, 2645, 6226, 6715, 10138,
+ 9521, 5202, 11836, 9118, 2381, 4378, 6068, 5609, 2396, 4483,
+ 6803, 10754, 1544, 10808, 1922, 1165, 8155, 7929, 6347, 7562,
+ 3778, 1868, 787, 5509, 1696, 11872, 9370, 4145, 4437, 6481,
+ 8500, 10344, 10963, 3007, 8760, 12164, 11414, 6164, 6281, 7100,
+ 544, 3808, 2078, 2257, 3510, 12281, 12233, 11897, 9545, 5370,
+ 723, 5061, 10849, 2209, 3174, 9929, 8058, 7250, 1594, 11158,
+ 4372, 6026, 5315, 338, 2366, 4273, 5333, 464, 3248, 10447,
+ 11684, 8054, 7222, 1398, 9786, 7057, 243, 1701, 11907, 9615,
+
+ 5860, 4153, 4493, 6873, 11244, 4974, 10240, 10235, 10200, 9955,
+ 8240, 8524, 10512, 12139, 11239, 4939, 9995, 8520, 10484, 11943,
+ 9867, 7624, 4212, 4906, 9764, 6903, 11454, 6444, 8241, 8531,
+ 10561, 193, 1351, 9457, 4754, 8700, 11744, 8474, 10162, 9689,
+ 6378, 7779, 5297, 212, 1484, 10388, 11271, 5163, 11563, 7207,
+ 1293, 9051, 1912, 1095, 7665, 4499, 6915, 11538, 7032, 68,
+ 476, 3332, 11035, 3511, 12288, 12282, 12240, 11946, 9888, 7771,
+ 5241, 12109, 11029, 3469, 11994, 10224, 10123, 9416, 4467, 6691,
+ 9970, 8345, 9259, 3368, 11287, 5275, 58, 406, 2842, 7605,
+ 4079, 3975, 3247, 10440, 11635, 7711, 4821, 9169, 2738, 6877,
+
+ 11272, 5170, 11612, 7550, 3694, 1280, 8960, 1275, 8925, 1030,
+ 7210, 1314, 9198, 2941, 8298, 8930, 1065, 7455, 3029, 8914,
+ 953, 6671, 9830, 7365, 2399, 4504, 6950, 11783, 8747, 12073,
+ 10777, 1705, 11935, 9811, 7232, 1468, 10276, 10487, 11964, 10014,
+ 8653, 11415, 6171, 6330, 7443, 2945, 8326, 9126, 2437, 4770,
+ 8812, 239, 1673, 11711, 8243, 8545, 10659, 879, 6153, 6204,
+ 6561, 9060, 1975, 1536, 10752, 1530, 10710, 1236, 8652, 11408,
+ 6122, 5987, 5042, 10716, 1278, 8946, 1177, 8239, 8517, 10463,
+ 11796, 8838, 421, 2947, 8340, 9224, 3123, 9572, 5559, 2046,
+ 2033, 1942, 1305, 9135, 2500, 5211, 11899, 9559, 5468, 1409,
+
+ 9863, 7596, 4016, 3534, 160, 1120, 7840, 5724, 3201, 10118,
+ 9381, 4222, 4976, 10254, 10333, 10886, 2468, 4987, 10331, 10872,
+ 2370, 4301, 5529, 1836, 563, 3941, 3009, 8774, 12262, 12100,
+ 10966, 3028, 8907, 904, 6328, 7429, 2847, 7640, 4324, 5690,
+ 2963, 8452, 10008, 8611, 11121, 4113, 4213, 4913, 9813, 7246,
+ 1566, 10962, 3000, 8711, 11821, 9013, 1646, 11522, 6920, 11573,
+ 7277, 1783, 192, 1344, 9408, 4411, 6299, 7226, 1426, 9982,
+ 8429, 9847, 7484, 3232, 10335, 10900, 2566, 5673, 2844, 7619,
+ 4177, 4661, 8049, 7187, 1153, 8071, 7341, 2231, 3328, 11007,
+ 3315, 10916, 2678, 6457, 8332, 9168, 2731, 6828, 10929, 2769,
+
+ 7094, 502, 3514, 20, 140, 980, 6860, 11153, 4337, 5781,
+ 3600, 622, 4354, 5900, 4433, 6453, 8304, 8972, 1359, 9513,
+ 5146, 11444, 6374, 7751, 5101, 11129, 4169, 4605, 7657, 4443,
+ 6523, 8794, 113, 791, 5537, 1892, 955, 6685, 9928, 8051,
+ 7201, 1251, 8757, 12143, 11267, 5135, 11367, 5835, 3978, 3268,
+ 10587, 375, 2625, 6086, 5735, 3278, 10657, 865, 6055, 5518,
+ 1759, 24, 168, 1176, 8232, 8468, 10120, 9395, 4320, 5662,
+ 2767, 7080, 404, 2828, 7507, 3393, 11462, 6500, 8633, 11275,
+ 5191, 11759, 8579, 10897, 2545, 5526, 1815, 416, 2912, 8095,
+ 7509, 3407, 11560, 7186, 1146, 8022, 6998, 12119, 11099, 3959,
+
+ 3135, 9656, 6147, 6162, 6267, 7002, 12147, 11295, 5331, 450,
+ 3150, 9761, 6882, 11307, 5415, 1038, 7266, 1706, 11942, 9860,
+ 7575, 3869, 2505, 5246, 12144, 11274, 5184, 11710, 8236, 8496,
+ 10316, 10767, 1635, 11445, 6381, 7800, 5444, 1241, 8687, 11653,
+ 7837, 5703, 3054, 9089, 2178, 2957, 8410, 9714, 6553, 9004,
+ 1583, 11081, 3833, 2253, 3482, 12085, 10861, 2293, 3762, 1756,
+ 3, 21, 147, 1029, 7203, 1265, 8855, 540, 3780, 1882,
+ 885, 6195, 6498, 8619, 11177, 4505, 6957, 11832, 9090, 2185,
+ 3006, 8753, 12115, 11071, 3763, 1763, 52, 364, 2548, 5547,
+ 1962, 1445, 10115, 9360, 4075, 3947, 3051, 9068, 2031, 1928,
+
+ 1207, 8449, 9987, 8464, 10092, 9199, 2948, 8347, 9273, 3466,
+ 11973, 10077, 9094, 2213, 3202, 10125, 9430, 4565, 7377, 2483,
+ 5092, 11066, 3728, 1518, 10626, 648, 4536, 7174, 1062, 7434,
+ 2882, 7885, 6039, 5406, 975, 6825, 10908, 2622, 6065, 5588,
+ 2249, 3454, 11889, 9489, 4978, 10268, 10431, 11572, 7270, 1734,
+ 12138, 11232, 4890, 9652, 6119, 5966, 4895, 9687, 6364, 7681,
+ 4611, 7699, 4737, 8581, 10911, 2643, 6212, 6617, 9452, 4719,
+ 8455, 10029, 8758, 12150, 11316, 5478, 1479, 10353, 11026, 3448,
+ 11847, 9195, 2920, 8151, 7901, 6151, 6190, 6463, 8374, 9462,
+ 4789, 8945, 1170, 8190, 8174, 8062, 7278, 1790, 241, 1687,
+
+ 11809, 8929, 1058, 7406, 2686, 6513, 8724, 11912, 9650, 6105,
+ 5868, 4209, 4885, 9617, 5874, 4251, 5179, 11675, 7991, 6781,
+ 10600, 466, 3262, 10545, 81, 567, 3969, 3205, 10146, 9577,
+ 5594, 2291, 3748, 1658, 11606, 7508, 3400, 11511, 6843, 11034,
+ 3504, 12239, 11939, 9839, 7428, 2840, 7591, 3981, 3289, 10734,
+ 1404, 9828, 7351, 2301, 3818, 2148, 2747, 6940, 11713, 8257,
+ 8643, 11345, 5681, 2900, 8011, 6921, 11580, 7326, 2126, 2593,
+ 5862, 4167, 4591, 7559, 3757, 1721, 12047, 10595, 431, 3017,
+ 8830, 365, 2555, 5596, 2305, 3846, 2344, 4119, 4255, 5207,
+ 11871, 9363, 4096, 4094, 4080, 3982, 3296, 10783, 1747, 12229,
+
+ 11869, 9349, 3998, 3408, 11567, 7235, 1489, 10423, 11516, 6878,
+ 11279, 5219, 11955, 9951, 8212, 8328, 9140, 2535, 5456, 1325,
+ 9275, 3480, 12071, 10763, 1607, 11249, 5009, 10485, 11950, 9916,
+ 7967, 6613, 9424, 4523, 7083, 425, 2975, 8536, 10596, 438,
+ 3066, 9173, 2766, 7073, 355, 2485, 5106, 11164, 4414, 6320,
+ 7373, 2455, 4896, 9694, 6413, 8024, 7012, 12217, 11785, 8761,
+ 12171, 11463, 6507, 8682, 11618, 7592, 3988, 3338, 11077, 3805,
+ 2057, 2110, 2481, 5078, 10968, 3042, 9005, 1590, 11130, 4176,
+ 4654, 8000, 6844, 11041, 3553, 293, 2051, 2068, 2187, 3020,
+ 8851, 512, 3584, 510, 3570, 412, 2884, 7899, 6137, 6092,
+
+ 5777, 3572, 426, 2982, 8585, 10939, 2839, 7584, 3932, 2946,
+ 8333, 9175, 2780, 7171, 1041, 7287, 1853, 682, 4774, 8840,
+ 435, 3045, 9026, 1737, 12159, 11379, 5919, 4566, 7384, 2532,
+ 5435, 1178, 8246, 8566, 10806, 1908, 1067, 7469, 3127, 9600,
+ 5755, 3418, 11637, 7725, 4919, 9855, 7540, 3624, 790, 5530,
+ 1843, 612, 4284, 5410, 1003, 7021, 12280, 12226, 11848, 9202,
+ 2969, 8494, 10302, 10669, 949, 6643, 9634, 5993, 5084, 11010,
+ 3336, 11063, 3707, 1371, 9597, 5734, 3271, 10608, 522, 3654,
+ 1000, 7000, 12133, 11197, 4645, 7937, 6403, 7954, 6522, 8787,
+ 64, 448, 3136, 9663, 6196, 6505, 8668, 11520, 6906, 11475,
+
+ 6591, 9270, 3445, 11826, 9048, 1891, 948, 6636, 9585, 5650,
+ 2683, 6492, 8577, 10883, 2447, 4840, 9302, 3669, 1105, 7735,
+ 4989, 10345, 10970, 3056
+};
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 12289 and n = 1024
+ */
+static const uint16_t wi_12289_1024[] = {
+ 12277, 5265, 9530, 3117, 5712, 816, 10650, 3277, 9246, 4832,
+ 5957, 851, 10655, 10300, 3227, 461, 3577, 511, 73, 1766,
+ 5519, 2544, 2119, 7325, 2802, 5667, 11343, 3376, 5749, 6088,
+ 7892, 2883, 3923, 2316, 3842, 4060, 580, 3594, 2269, 9102,
+ 6567, 9716, 1388, 5465, 7803, 8137, 2918, 3928, 9339, 10112,
+ 11978, 10489, 3254, 3976, 568, 8859, 11799, 12219, 12279, 10532,
+ 12038, 8742, 4760, 680, 8875, 4779, 7705, 8123, 2916, 10950,
+ 6831, 4487, 641, 10625, 5029, 2474, 2109, 5568, 2551, 2120,
+ 3814, 4056, 2335, 10867, 3308, 11006, 6839, 977, 10673, 8547,
+ 1221, 1930, 7298, 11576, 8676, 2995, 3939, 7585, 11617, 12193,
+
+ 5253, 2506, 358, 8829, 6528, 11466, 1638, 234, 1789, 10789,
+ 6808, 11506, 8666, 1238, 3688, 4038, 4088, 584, 1839, 7285,
+ 8063, 4663, 9444, 10127, 8469, 4721, 2430, 9125, 11837, 1691,
+ 10775, 6806, 6239, 6158, 7902, 4640, 4174, 5863, 11371, 3380,
+ 3994, 11104, 6853, 979, 3651, 11055, 6846, 978, 7162, 9801,
+ 10178, 1454, 7230, 4544, 9427, 8369, 11729, 12209, 10522, 10281,
+ 8491, 1213, 5440, 9555, 1365, 195, 3539, 11039, 1577, 5492,
+ 11318, 5128, 11266, 3365, 7503, 4583, 7677, 8119, 4671, 5934,
+ 7870, 6391, 913, 1886, 2025, 5556, 7816, 11650, 6931, 9768,
+ 3151, 9228, 6585, 7963, 11671, 6934, 11524, 6913, 11521, 5157,
+
+ 7759, 2864, 9187, 3068, 5705, 815, 1872, 2023, 289, 5308,
+ 6025, 7883, 9904, 4926, 7726, 8126, 4672, 2423, 9124, 3059,
+ 437, 1818, 7282, 6307, 901, 7151, 11555, 8673, 1239, 177,
+ 5292, 756, 108, 1771, 253, 8814, 10037, 4945, 2462, 7374,
+ 2809, 5668, 7832, 4630, 2417, 5612, 7824, 8140, 4674, 7690,
+ 11632, 8684, 11774, 1682, 5507, 7809, 11649, 10442, 8514, 6483,
+ 9704, 6653, 2706, 10920, 1560, 3734, 2289, 327, 7069, 4521,
+ 4157, 4105, 2342, 10868, 12086, 12260, 3507, 501, 10605, 1515,
+ 1972, 7304, 2799, 3911, 7581, 1083, 7177, 6292, 4410, 630,
+ 90, 3524, 2259, 7345, 6316, 6169, 6148, 6145, 4389, 627,
+
+ 10623, 12051, 12255, 8773, 6520, 2687, 3895, 2312, 5597, 11333,
+ 1619, 5498, 2541, 363, 3563, 509, 7095, 11547, 12183, 3496,
+ 2255, 9100, 1300, 7208, 8052, 6417, 7939, 9912, 1416, 5469,
+ 6048, 864, 1879, 2024, 9067, 6562, 2693, 7407, 9836, 10183,
+ 8477, 1211, 173, 7047, 8029, 1147, 3675, 525, 75, 7033,
+ 8027, 8169, 1167, 7189, 1027, 7169, 9802, 6667, 2708, 3898,
+ 4068, 9359, 1337, 191, 5294, 6023, 2616, 7396, 11590, 8678,
+ 8262, 6447, 921, 10665, 12057, 3478, 4008, 11106, 12120, 3487,
+ 9276, 10103, 6710, 11492, 8664, 8260, 1180, 10702, 5040, 720,
+ 3614, 5783, 9604, 1372, 196, 28, 4, 10534, 5016, 11250,
+
+ 10385, 12017, 8739, 3004, 9207, 6582, 6207, 7909, 4641, 663,
+ 7117, 8039, 2904, 3926, 4072, 7604, 6353, 11441, 3390, 5751,
+ 11355, 10400, 8508, 2971, 2180, 2067, 5562, 11328, 6885, 11517,
+ 6912, 2743, 3903, 11091, 3340, 9255, 10100, 4954, 7730, 6371,
+ 9688, 1384, 7220, 2787, 9176, 4822, 4200, 600, 7108, 2771,
+ 3907, 9336, 8356, 8216, 8196, 4682, 4180, 9375, 6606, 7966,
+ 1138, 10696, 1528, 5485, 11317, 8639, 10012, 6697, 7979, 4651,
+ 2420, 7368, 11586, 10433, 3246, 7486, 2825, 10937, 3318, 474,
+ 7090, 4524, 5913, 7867, 4635, 9440, 11882, 3453, 5760, 4334,
+ 9397, 3098, 10976, 1568, 224, 32, 10538, 3261, 3977, 9346,
+
+ 10113, 8467, 11743, 12211, 3500, 500, 1827, 261, 5304, 7780,
+ 2867, 10943, 6830, 7998, 11676, 1668, 5505, 2542, 9141, 4817,
+ 9466, 6619, 11479, 5151, 4247, 7629, 4601, 5924, 6113, 6140,
+ 9655, 6646, 2705, 2142, 306, 7066, 2765, 395, 1812, 3770,
+ 11072, 8604, 10007, 11963, 1709, 9022, 4800, 7708, 9879, 6678,
+ 954, 5403, 4283, 4123, 589, 8862, 1266, 3692, 2283, 9104,
+ 11834, 12224, 7013, 4513, 7667, 6362, 4420, 2387, 341, 7071,
+ 9788, 6665, 9730, 1390, 10732, 10311, 1473, 1966, 3792, 7564,
+ 11614, 10437, 1491, 213, 1786, 9033, 3046, 9213, 10094, 1442,
+ 206, 1785, 255, 1792, 256, 10570, 1510, 7238, 1034, 7170,
+
+ 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647,
+ 1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994,
+ 3796, 5809, 4341, 9398, 11876, 12230, 10525, 12037, 12253, 3506,
+ 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553,
+ 7387, 6322, 9681, 1383, 10731, 1533, 219, 5298, 4268, 7632,
+ 6357, 9686, 8406, 4712, 9451, 10128, 4958, 5975, 11387, 8649,
+ 11769, 6948, 11526, 12180, 1740, 10782, 6807, 2728, 7412, 4570,
+ 4164, 4106, 11120, 12122, 8754, 11784, 3439, 5758, 11356, 6889,
+ 9762, 11928, 1704, 1999, 10819, 12079, 12259, 7018, 11536, 1648,
+ 1991, 2040, 2047, 2048, 10826, 12080, 8748, 8272, 8204, 1172,
+
+ 1923, 7297, 2798, 7422, 6327, 4415, 7653, 6360, 11442, 12168,
+ 7005, 8023, 9924, 8440, 8228, 2931, 7441, 1063, 3663, 5790,
+ 9605, 10150, 1450, 8985, 11817, 10466, 10273, 12001, 3470, 7518,
+ 1074, 1909, 7295, 9820, 4914, 702, 5367, 7789, 8135, 9940,
+ 1420, 3714, 11064, 12114, 12264, 1752, 5517, 9566, 11900, 1700,
+ 3754, 5803, 829, 1874, 7290, 2797, 10933, 5073, 7747, 8129,
+ 6428, 6185, 11417, 1631, 233, 5300, 9535, 10140, 11982, 8734,
+ 8270, 2937, 10953, 8587, 8249, 2934, 9197, 4825, 5956, 4362,
+ 9401, 1343, 3703, 529, 10609, 12049, 6988, 6265, 895, 3639,
+ 4031, 4087, 4095, 585, 10617, 8539, 4731, 4187, 9376, 3095,
+
+ 9220, 10095, 10220, 1460, 10742, 12068, 1724, 5513, 11321, 6884,
+ 2739, 5658, 6075, 4379, 11159, 10372, 8504, 4726, 9453, 3106,
+ 7466, 11600, 10435, 8513, 9994, 8450, 9985, 3182, 10988, 8592,
+ 2983, 9204, 4826, 2445, 5616, 6069, 867, 3635, 5786, 11360,
+ 5134, 2489, 10889, 12089, 1727, 7269, 2794, 9177, 1311, 5454,
+ 9557, 6632, 2703, 9164, 10087, 1441, 3717, 531, 3587, 2268,
+ 324, 5313, 759, 1864, 5533, 2546, 7386, 9833, 8427, 4715,
+ 11207, 1601, 7251, 4547, 11183, 12131, 1733, 10781, 10318, 1474,
+ 10744, 5046, 4232, 11138, 10369, 6748, 964, 7160, 4534, 7670,
+ 8118, 8182, 4680, 11202, 6867, 981, 8918, 1274, 182, 26,
+
+ 7026, 8026, 11680, 12202, 10521, 1503, 7237, 4545, 5916, 9623,
+ 8397, 11733, 10454, 3249, 9242, 6587, 941, 1890, 270, 10572,
+ 6777, 9746, 6659, 6218, 6155, 6146, 878, 1881, 7291, 11575,
+ 12187, 1741, 7271, 8061, 11685, 6936, 4502, 9421, 4857, 4205,
+ 7623, 1089, 10689, 1527, 8996, 10063, 11971, 10488, 6765, 2722,
+ 3900, 9335, 11867, 6962, 11528, 5158, 4248, 4118, 5855, 2592,
+ 5637, 6072, 2623, 7397, 8079, 9932, 4930, 5971, 853, 3633,
+ 519, 8852, 11798, 3441, 11025, 1575, 225, 8810, 11792, 12218,
+ 3501, 9278, 3081, 9218, 4828, 7712, 8124, 11694, 12204, 3499,
+ 4011, 573, 3593, 5780, 7848, 9899, 10192, 1456, 208, 7052,
+
+ 2763, 7417, 11593, 10434, 12024, 8740, 11782, 10461, 3250, 5731,
+ 7841, 9898, 1414, 202, 3540, 7528, 2831, 2160, 10842, 5060,
+ 4234, 4116, 588, 84
+};
+
+/**
+ * Bit-reversed indices for n = 1024
+ */
+static const uint16_t rev_1024[] = {
+ 0, 512, 256, 768, 128, 640, 384, 896, 64, 576,
+ 320, 832, 192, 704, 448, 960, 32, 544, 288, 800,
+ 160, 672, 416, 928, 96, 608, 352, 864, 224, 736,
+ 480, 992, 16, 528, 272, 784, 144, 656, 400, 912,
+ 80, 592, 336, 848, 208, 720, 464, 976, 48, 560,
+ 304, 816, 176, 688, 432, 944, 112, 624, 368, 880,
+ 240, 752, 496, 1008, 8, 520, 264, 776, 136, 648,
+ 392, 904, 72, 584, 328, 840, 200, 712, 456, 968,
+ 40, 552, 296, 808, 168, 680, 424, 936, 104, 616,
+ 360, 872, 232, 744, 488, 1000, 24, 536, 280, 792,
+
+ 152, 664, 408, 920, 88, 600, 344, 856, 216, 728,
+ 472, 984, 56, 568, 312, 824, 184, 696, 440, 952,
+ 120, 632, 376, 888, 248, 760, 504, 1016, 4, 516,
+ 260, 772, 132, 644, 388, 900, 68, 580, 324, 836,
+ 196, 708, 452, 964, 36, 548, 292, 804, 164, 676,
+ 420, 932, 100, 612, 356, 868, 228, 740, 484, 996,
+ 20, 532, 276, 788, 148, 660, 404, 916, 84, 596,
+ 340, 852, 212, 724, 468, 980, 52, 564, 308, 820,
+ 180, 692, 436, 948, 116, 628, 372, 884, 244, 756,
+ 500, 1012, 12, 524, 268, 780, 140, 652, 396, 908,
+
+ 76, 588, 332, 844, 204, 716, 460, 972, 44, 556,
+ 300, 812, 172, 684, 428, 940, 108, 620, 364, 876,
+ 236, 748, 492, 1004, 28, 540, 284, 796, 156, 668,
+ 412, 924, 92, 604, 348, 860, 220, 732, 476, 988,
+ 60, 572, 316, 828, 188, 700, 444, 956, 124, 636,
+ 380, 892, 252, 764, 508, 1020, 2, 514, 258, 770,
+ 130, 642, 386, 898, 66, 578, 322, 834, 194, 706,
+ 450, 962, 34, 546, 290, 802, 162, 674, 418, 930,
+ 98, 610, 354, 866, 226, 738, 482, 994, 18, 530,
+ 274, 786, 146, 658, 402, 914, 82, 594, 338, 850,
+
+ 210, 722, 466, 978, 50, 562, 306, 818, 178, 690,
+ 434, 946, 114, 626, 370, 882, 242, 754, 498, 1010,
+ 10, 522, 266, 778, 138, 650, 394, 906, 74, 586,
+ 330, 842, 202, 714, 458, 970, 42, 554, 298, 810,
+ 170, 682, 426, 938, 106, 618, 362, 874, 234, 746,
+ 490, 1002, 26, 538, 282, 794, 154, 666, 410, 922,
+ 90, 602, 346, 858, 218, 730, 474, 986, 58, 570,
+ 314, 826, 186, 698, 442, 954, 122, 634, 378, 890,
+ 250, 762, 506, 1018, 6, 518, 262, 774, 134, 646,
+ 390, 902, 70, 582, 326, 838, 198, 710, 454, 966,
+
+ 38, 550, 294, 806, 166, 678, 422, 934, 102, 614,
+ 358, 870, 230, 742, 486, 998, 22, 534, 278, 790,
+ 150, 662, 406, 918, 86, 598, 342, 854, 214, 726,
+ 470, 982, 54, 566, 310, 822, 182, 694, 438, 950,
+ 118, 630, 374, 886, 246, 758, 502, 1014, 14, 526,
+ 270, 782, 142, 654, 398, 910, 78, 590, 334, 846,
+ 206, 718, 462, 974, 46, 558, 302, 814, 174, 686,
+ 430, 942, 110, 622, 366, 878, 238, 750, 494, 1006,
+ 30, 542, 286, 798, 158, 670, 414, 926, 94, 606,
+ 350, 862, 222, 734, 478, 990, 62, 574, 318, 830,
+
+ 190, 702, 446, 958, 126, 638, 382, 894, 254, 766,
+ 510, 1022, 1, 513, 257, 769, 129, 641, 385, 897,
+ 65, 577, 321, 833, 193, 705, 449, 961, 33, 545,
+ 289, 801, 161, 673, 417, 929, 97, 609, 353, 865,
+ 225, 737, 481, 993, 17, 529, 273, 785, 145, 657,
+ 401, 913, 81, 593, 337, 849, 209, 721, 465, 977,
+ 49, 561, 305, 817, 177, 689, 433, 945, 113, 625,
+ 369, 881, 241, 753, 497, 1009, 9, 521, 265, 777,
+ 137, 649, 393, 905, 73, 585, 329, 841, 201, 713,
+ 457, 969, 41, 553, 297, 809, 169, 681, 425, 937,
+
+ 105, 617, 361, 873, 233, 745, 489, 1001, 25, 537,
+ 281, 793, 153, 665, 409, 921, 89, 601, 345, 857,
+ 217, 729, 473, 985, 57, 569, 313, 825, 185, 697,
+ 441, 953, 121, 633, 377, 889, 249, 761, 505, 1017,
+ 5, 517, 261, 773, 133, 645, 389, 901, 69, 581,
+ 325, 837, 197, 709, 453, 965, 37, 549, 293, 805,
+ 165, 677, 421, 933, 101, 613, 357, 869, 229, 741,
+ 485, 997, 21, 533, 277, 789, 149, 661, 405, 917,
+ 85, 597, 341, 853, 213, 725, 469, 981, 53, 565,
+ 309, 821, 181, 693, 437, 949, 117, 629, 373, 885,
+
+ 245, 757, 501, 1013, 13, 525, 269, 781, 141, 653,
+ 397, 909, 77, 589, 333, 845, 205, 717, 461, 973,
+ 45, 557, 301, 813, 173, 685, 429, 941, 109, 621,
+ 365, 877, 237, 749, 493, 1005, 29, 541, 285, 797,
+ 157, 669, 413, 925, 93, 605, 349, 861, 221, 733,
+ 477, 989, 61, 573, 317, 829, 189, 701, 445, 957,
+ 125, 637, 381, 893, 253, 765, 509, 1021, 3, 515,
+ 259, 771, 131, 643, 387, 899, 67, 579, 323, 835,
+ 195, 707, 451, 963, 35, 547, 291, 803, 163, 675,
+ 419, 931, 99, 611, 355, 867, 227, 739, 483, 995,
+
+ 19, 531, 275, 787, 147, 659, 403, 915, 83, 595,
+ 339, 851, 211, 723, 467, 979, 51, 563, 307, 819,
+ 179, 691, 435, 947, 115, 627, 371, 883, 243, 755,
+ 499, 1011, 11, 523, 267, 779, 139, 651, 395, 907,
+ 75, 587, 331, 843, 203, 715, 459, 971, 43, 555,
+ 299, 811, 171, 683, 427, 939, 107, 619, 363, 875,
+ 235, 747, 491, 1003, 27, 539, 283, 795, 155, 667,
+ 411, 923, 91, 603, 347, 859, 219, 731, 475, 987,
+ 59, 571, 315, 827, 187, 699, 443, 955, 123, 635,
+ 379, 891, 251, 763, 507, 1019, 7, 519, 263, 775,
+
+ 135, 647, 391, 903, 71, 583, 327, 839, 199, 711,
+ 455, 967, 39, 551, 295, 807, 167, 679, 423, 935,
+ 103, 615, 359, 871, 231, 743, 487, 999, 23, 535,
+ 279, 791, 151, 663, 407, 919, 87, 599, 343, 855,
+ 215, 727, 471, 983, 55, 567, 311, 823, 183, 695,
+ 439, 951, 119, 631, 375, 887, 247, 759, 503, 1015,
+ 15, 527, 271, 783, 143, 655, 399, 911, 79, 591,
+ 335, 847, 207, 719, 463, 975, 47, 559, 303, 815,
+ 175, 687, 431, 943, 111, 623, 367, 879, 239, 751,
+ 495, 1007, 31, 543, 287, 799, 159, 671, 415, 927,
+
+ 95, 607, 351, 863, 223, 735, 479, 991, 63, 575,
+ 319, 831, 191, 703, 447, 959, 127, 639, 383, 895,
+ 255, 767, 511, 1023
+};
+
+const ntt_fft_params_t ntt_fft_12289_1024 = {
+ 12289, 12287, 18, 3186, (1<<18)-1, 1024, 12277, 10,
+ wr_12289_1024, wf_12289_1024, wi_12289_1024, 1, rev_1024
+};
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 12289 and n = 512
+ */
+static const uint16_t wi_12289_512[] = {
+ 12265, 6771, 11424, 9011, 6203, 11914, 9021, 6454, 7154, 146,
+ 11038, 4238, 5604, 10397, 11498, 3495, 7846, 7684, 1160, 4538,
+ 845, 2776, 3317, 5836, 6389, 11667, 6508, 1136, 11309, 12269,
+ 11787, 9520, 5461, 3121, 5832, 1373, 1282, 10058, 4218, 5102,
+ 7628, 4670, 6616, 1389, 9057, 2442, 2307, 5063, 7878, 10945,
+ 10506, 716, 767, 3276, 3578, 1327, 5043, 7376, 8176, 3678,
+ 3837, 6599, 4649, 4860, 11385, 9261, 189, 3515, 8348, 10453,
+ 7988, 1417, 7302, 1403, 2035, 8067, 2171, 6565, 11169, 8755,
+ 4693, 10880, 2730, 7078, 3154, 10347, 10243, 2717, 3065, 9342,
+ 3451, 1826, 4050, 3343, 1573, 6302, 881, 11053, 10759, 10753,
+
+ 3229, 6085, 11410, 3744, 578, 12050, 7519, 3163, 9344, 5959,
+ 874, 2275, 1802, 10821, 2478, 10584, 216, 506, 7785, 4924,
+ 5618, 3375, 4834, 3359, 9348, 10975, 11259, 11014, 11009, 4739,
+ 7119, 5412, 3120, 4578, 1849, 8314, 4684, 11883, 7014, 8921,
+ 3944, 5598, 2873, 2065, 8820, 180, 4518, 343, 7, 8778,
+ 8957, 12221, 751, 7790, 11194, 3238, 5082, 7126, 1901, 12077,
+ 4510, 2600, 3815, 3589, 2832, 12096, 3758, 5845, 5386, 7383,
+ 4665, 346, 3769, 7350, 150, 3765, 2334, 2054, 7315, 5416,
+ 8136, 2674, 10588, 5232, 10891, 4235, 1842, 11825, 8016, 11951,
+ 6263, 1131, 5039, 2360, 10080, 7228, 6919, 392, 8, 10032,
+
+ 8481, 5189, 6125, 125, 9282, 1945, 5808, 8144, 417, 6780,
+ 10421, 4727, 4360, 11124, 1481, 1535, 7806, 6680, 7911, 3171,
+ 7087, 2151, 6063, 8400, 1927, 7814, 4423, 4103, 8360, 923,
+ 2276, 3056, 10345, 7735, 3669, 4840, 10883, 6492, 5650, 6636,
+ 1891, 11826, 9270, 11475, 11520, 6505, 9663, 448, 8787, 7954,
+ 7937, 11197, 7000, 3654, 10608, 5734, 1371, 11063, 11010, 5993,
+ 6643, 10669, 8494, 9202, 12226, 7021, 5410, 612, 5530, 3624,
+ 9855, 7725, 3418, 9600, 7469, 1908, 8566, 1178, 2532, 4566,
+ 11379, 1737, 3045, 8840, 682, 7287, 7171, 9175, 2946, 7584,
+ 10939, 2982, 3572, 6092, 7899, 412, 510, 512, 3020, 2068,
+
+ 293, 11041, 8000, 4176, 1590, 3042, 5078, 2110, 3805, 3338,
+ 7592, 8682, 11463, 8761, 12217, 8024, 9694, 2455, 6320, 11164,
+ 2485, 7073, 9173, 438, 8536, 425, 4523, 6613, 9916, 10485,
+ 11249, 10763, 3480, 1325, 2535, 8328, 9951, 5219, 6878, 10423,
+ 7235, 3408, 9349, 12229, 10783, 3982, 4094, 9363, 5207, 4119,
+ 3846, 5596, 365, 3017, 10595, 1721, 7559, 4167, 2593, 7326,
+ 6921, 2900, 11345, 8257, 6940, 2148, 2301, 9828, 10734, 3981,
+ 2840, 9839, 12239, 11034, 11511, 7508, 1658, 2291, 9577, 3205,
+ 567, 10545, 466, 6781, 11675, 4251, 9617, 4209, 6105, 11912,
+ 6513, 7406, 8929, 1687, 1790, 8062, 8190, 8945, 9462, 6463,
+
+ 6151, 8151, 9195, 3448, 10353, 5478, 12150, 10029, 4719, 6617,
+ 2643, 8581, 7699, 7681, 9687, 5966, 9652, 11232, 1734, 11572,
+ 10268, 9489, 3454, 5588, 2622, 6825, 5406, 7885, 7434, 7174,
+ 648, 1518, 11066, 2483, 4565, 10125, 2213, 10077, 3466, 8347,
+ 9199, 8464, 8449, 1928, 9068, 3947, 9360, 1445, 5547, 364,
+ 1763, 11071, 8753, 2185, 11832, 4505, 8619, 6195, 1882, 540,
+ 1265, 1029, 21, 1756, 2293, 12085, 2253, 11081, 9004, 9714,
+ 2957, 9089, 5703, 11653, 1241, 7800, 11445, 10767, 8496, 11710,
+ 11274, 5246, 3869, 9860, 1706, 1038, 11307, 9761, 450, 11295,
+ 7002, 6162, 9656, 3959, 12119, 8022, 7186, 3407, 8095, 416,
+
+ 5526, 10897, 11759, 11275, 6500, 3393, 2828, 7080, 5662, 9395,
+ 8468, 1176
+};
+
+/**
+ * Bit-reversed indices for n = 512
+ */
+static const uint16_t rev_512[] = {
+ 0, 256, 128, 384, 64, 320, 192, 448, 32, 288,
+ 160, 416, 96, 352, 224, 480, 16, 272, 144, 400,
+ 80, 336, 208, 464, 48, 304, 176, 432, 112, 368,
+ 240, 496, 8, 264, 136, 392, 72, 328, 200, 456,
+ 40, 296, 168, 424, 104, 360, 232, 488, 24, 280,
+ 152, 408, 88, 344, 216, 472, 56, 312, 184, 440,
+ 120, 376, 248, 504, 4, 260, 132, 388, 68, 324,
+ 196, 452, 36, 292, 164, 420, 100, 356, 228, 484,
+ 20, 276, 148, 404, 84, 340, 212, 468, 52, 308,
+ 180, 436, 116, 372, 244, 500, 12, 268, 140, 396,
+
+ 76, 332, 204, 460, 44, 300, 172, 428, 108, 364,
+ 236, 492, 28, 284, 156, 412, 92, 348, 220, 476,
+ 60, 316, 188, 444, 124, 380, 252, 508, 2, 258,
+ 130, 386, 66, 322, 194, 450, 34, 290, 162, 418,
+ 98, 354, 226, 482, 18, 274, 146, 402, 82, 338,
+ 210, 466, 50, 306, 178, 434, 114, 370, 242, 498,
+ 10, 266, 138, 394, 74, 330, 202, 458, 42, 298,
+ 170, 426, 106, 362, 234, 490, 26, 282, 154, 410,
+ 90, 346, 218, 474, 58, 314, 186, 442, 122, 378,
+ 250, 506, 6, 262, 134, 390, 70, 326, 198, 454,
+
+ 38, 294, 166, 422, 102, 358, 230, 486, 22, 278,
+ 150, 406, 86, 342, 214, 470, 54, 310, 182, 438,
+ 118, 374, 246, 502, 14, 270, 142, 398, 78, 334,
+ 206, 462, 46, 302, 174, 430, 110, 366, 238, 494,
+ 30, 286, 158, 414, 94, 350, 222, 478, 62, 318,
+ 190, 446, 126, 382, 254, 510, 1, 257, 129, 385,
+ 65, 321, 193, 449, 33, 289, 161, 417, 97, 353,
+ 225, 481, 17, 273, 145, 401, 81, 337, 209, 465,
+ 49, 305, 177, 433, 113, 369, 241, 497, 9, 265,
+ 137, 393, 73, 329, 201, 457, 41, 297, 169, 425,
+
+ 105, 361, 233, 489, 25, 281, 153, 409, 89, 345,
+ 217, 473, 57, 313, 185, 441, 121, 377, 249, 505,
+ 5, 261, 133, 389, 69, 325, 197, 453, 37, 293,
+ 165, 421, 101, 357, 229, 485, 21, 277, 149, 405,
+ 85, 341, 213, 469, 53, 309, 181, 437, 117, 373,
+ 245, 501, 13, 269, 141, 397, 77, 333, 205, 461,
+ 45, 301, 173, 429, 109, 365, 237, 493, 29, 285,
+ 157, 413, 93, 349, 221, 477, 61, 317, 189, 445,
+ 125, 381, 253, 509, 3, 259, 131, 387, 67, 323,
+ 195, 451, 35, 291, 163, 419, 99, 355, 227, 483,
+
+ 19, 275, 147, 403, 83, 339, 211, 467, 51, 307,
+ 179, 435, 115, 371, 243, 499, 11, 267, 139, 395,
+ 75, 331, 203, 459, 43, 299, 171, 427, 107, 363,
+ 235, 491, 27, 283, 155, 411, 91, 347, 219, 475,
+ 59, 315, 187, 443, 123, 379, 251, 507, 7, 263,
+ 135, 391, 71, 327, 199, 455, 39, 295, 167, 423,
+ 103, 359, 231, 487, 23, 279, 151, 407, 87, 343,
+ 215, 471, 55, 311, 183, 439, 119, 375, 247, 503,
+ 15, 271, 143, 399, 79, 335, 207, 463, 47, 303,
+ 175, 431, 111, 367, 239, 495, 31, 287, 159, 415,
+
+ 95, 351, 223, 479, 63, 319, 191, 447, 127, 383,
+ 255, 511
+};
+
+const ntt_fft_params_t ntt_fft_12289_512 = {
+ 12289, 12287, 18, 3186, (1<<18)-1, 512, 12265, 9,
+ wr_12289_1024, wf_12289_1024, wi_12289_512, 2, rev_512
+};
+
+/**
+ * FFT twiddle factors in Montgomery form for q = 17 and n = 8
+ */
+static const uint16_t wr_17_8[] = { 15, 16, 8, 4, 2, 1, 9, 13, 15 };
+
+/**
+ * FFT phase shift in forward transform for q = 17 and n = 8
+ */
+static const uint16_t wf_17_8[] = { 4, 12, 2, 6, 1, 3, 9, 10 };
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 17 and n = 8
+ */
+static const uint16_t wi_17_8[] = { 15, 5, 13, 10, 9, 3, 1, 6 };
+
+/**
+ * Bit-reversed indices for n = 8
+ */
+static const uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
+
+const ntt_fft_params_t ntt_fft_17_8 = {
+ 17, 15, 5, 4, (1<<5)-1, 8, 15, 3, wr_17_8, wf_17_8, wi_17_8, 1, rev_8
+};
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.h b/src/libstrongswan/math/libnttfft/ntt_fft_params.h
new file mode 100644
index 000000000..27fabe7c4
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntt_fft_params ntt_fft_params
+ * @{ @ingroup ntt_p
+ */
+
+#ifndef NTT_FFT_PARAMS_H_
+#define NTT_FFT_PARAMS_H_
+
+#include <library.h>
+
+typedef struct ntt_fft_params_t ntt_fft_params_t;
+
+/**
+ * Defines the parameters for an NTT computed via the FFT algorithm
+ */
+struct ntt_fft_params_t {
+
+ /**
+ * Prime modulus
+ */
+ uint16_t q;
+
+ /**
+ * Inverse of Prime modulus (-q_inv * q mod r = 1)
+ */
+ uint16_t q_inv;
+
+ /**
+ * Logarithm of Montgomery radix: log2(r)
+ */
+ uint16_t rlog;
+
+ /**
+ * Square of Montgomery radix: r^2 mod q
+ */
+ const uint32_t r2;
+
+ /**
+ * Montgomery radix mask: (1<<rlog) - 1
+ */
+ const uint32_t rmask;
+
+ /**
+ * Size of the FFT with the condition k * n = q-1
+ */
+ const uint16_t n;
+
+ /**
+ * Inverse of n mod q used for normalization of the FFT
+ */
+ const uint16_t n_inv;
+
+ /**
+ * Number of FFT stages stages = log2(n)
+ */
+ const uint16_t stages;
+
+ /**
+ * FFT twiddle factors (n-th roots of unity) in Montgomery form
+ */
+ const uint16_t *wr;
+
+ /**
+ * FFT phase shift (2n-th roots of unity) in forward transform
+ */
+ const uint16_t *wf;
+
+ /**
+ * FFT phase shift (2n-th roots of unity) and scaling in inverse transform
+ */
+ const uint16_t *wi;
+
+ /**
+ * Subsampling of FFT twiddle factors table
+ */
+ const uint16_t s;
+
+ /**
+ * FFT bit reversal
+ */
+ const uint16_t *rev;
+
+};
+
+/**
+ * FFT parameters for q = 12289 and n = 1024
+ */
+extern const ntt_fft_params_t ntt_fft_12289_1024;
+
+/**
+ * FFT parameters for q = 12289 and n = 512
+ */
+extern const ntt_fft_params_t ntt_fft_12289_512;
+
+/**
+ * FFT parameters for q = 17 and n = 8
+ */
+extern const ntt_fft_params_t ntt_fft_17_8;
+
+#endif /** NTT_FFT_PARAMS_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_reduce.h b/src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
new file mode 100644
index 000000000..5ff2b9588
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntt_fft ntt_fft
+ * @{ @ingroup ntt_p
+ */
+
+#ifndef NTT_REDUCE_H_
+#define NTT_REDUCE_H_
+
+#include "ntt_fft_params.h"
+
+/**
+ * Montgomery Reduction
+ *
+ * Montgomery, P. L. Modular multiplication without trial division.
+ * Mathematics of Computation 44, 170 (1985), 519–521.
+ */
+static inline uint32_t ntt_fft_mreduce(uint32_t x, const ntt_fft_params_t *p)
+{
+ uint32_t m, t;
+
+ m = (x * p->q_inv) & p->rmask;
+ t = (x + m * p->q) >> p->rlog;
+
+ return (t < p->q) ? t : t - p->q;
+}
+
+#endif /** NTT_REDUCE_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.am b/src/libstrongswan/math/libnttfft/tests/Makefile.am
new file mode 100644
index 000000000..55e6fff94
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.am
@@ -0,0 +1,21 @@
+TESTS = ntt_fft_tests
+
+check_PROGRAMS = $(TESTS)
+
+ntt_fft_tests_SOURCES = \
+ suites/test_ntt_fft.c \
+ ntt_fft_tests.h ntt_fft_tests.c
+
+ntt_fft_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+ntt_fft_tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ ../libnttfft.la
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in
new file mode 100644
index 000000000..54e02edc0
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in
@@ -0,0 +1,888 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS = ntt_fft_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = src/libstrongswan/math/libnttfft/tests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 = ntt_fft_tests$(EXEEXT)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_ntt_fft_tests_OBJECTS = \
+ suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT) \
+ ntt_fft_tests-ntt_fft_tests.$(OBJEXT)
+ntt_fft_tests_OBJECTS = $(am_ntt_fft_tests_OBJECTS)
+ntt_fft_tests_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ ../libnttfft.la
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+ntt_fft_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(ntt_fft_tests_CFLAGS) \
+ $(CFLAGS) $(ntt_fft_tests_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(ntt_fft_tests_SOURCES)
+DIST_SOURCES = $(ntt_fft_tests_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red='�[0;31m'; \
+ grn='�[0;32m'; \
+ lgn='�[1;32m'; \
+ blu='�[1;34m'; \
+ mgn='�[0;35m'; \
+ brg='�[1m'; \
+ std='�[m'; \
+ fi; \
+}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+ntt_fft_tests_SOURCES = \
+ suites/test_ntt_fft.c \
+ ntt_fft_tests.h ntt_fft_tests.c
+
+ntt_fft_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+ntt_fft_tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ ../libnttfft.la
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+
+ntt_fft_tests$(EXEEXT): $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_DEPENDENCIES) $(EXTRA_ntt_fft_tests_DEPENDENCIES)
+ @rm -f ntt_fft_tests$(EXEEXT)
+ $(AM_V_CCLD)$(ntt_fft_tests_LINK) $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f suites/*.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+suites/ntt_fft_tests-test_ntt_fft.o: suites/test_ntt_fft.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.o -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c
+
+suites/ntt_fft_tests-test_ntt_fft.obj: suites/test_ntt_fft.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.obj -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi`
+
+ntt_fft_tests-ntt_fft_tests.o: ntt_fft_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.o -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c
+
+ntt_fft_tests-ntt_fft_tests.obj: ntt_fft_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.obj -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
new file mode 100644
index 000000000..71f566426
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+#include <library.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#include "ntt_fft_tests.h"
+#undef TEST_SUITE
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#include "ntt_fft_tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ char *plugins, *plugindir;
+
+ plugins = lib->settings->get_str(lib->settings,
+ "tests.load", PLUGINS);
+ plugindir = lib->settings->get_str(lib->settings,
+ "tests.plugindir", PLUGINDIR);
+ plugin_loader_add_plugindirs(plugindir, plugins);
+ if (!lib->plugins->load(lib->plugins, plugins))
+ {
+ return FALSE;
+ }
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ lib->plugins->unload(lib->plugins);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("ntt_fft", tests, test_runner_init);
+}
diff --git a/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
new file mode 100644
index 000000000..200b5b087
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(ntt_fft_suite_create)
+
diff --git a/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
new file mode 100644
index 000000000..d8277183e
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <ntt_fft.h>
+#include <ntt_fft_reduce.h>
+
+#include <time.h>
+
+static const ntt_fft_params_t *fft_params[] = {
+ &ntt_fft_17_8,
+ &ntt_fft_12289_512,
+ &ntt_fft_12289_1024
+};
+
+START_TEST(test_ntt_fft_impulse)
+{
+ ntt_fft_t *fft;
+ uint16_t n = fft_params[_i]->n;
+ uint32_t rq = (1 << fft_params[_i]->rlog) % fft_params[_i]->q;
+ uint32_t x[n], X[n];
+ int i;
+
+ for (i = 0; i < n; i++)
+ {
+ x[i] = 0;
+ }
+ x[0] = 1;
+
+ fft = ntt_fft_create(fft_params[_i]);
+ fft->transform(fft, x, X, FALSE);
+
+ for (i = 0; i < n; i++)
+ {
+ ck_assert(X[i] == rq);
+ }
+ fft->transform(fft, X, x, TRUE);
+
+ for (i = 0; i < n; i++)
+ {
+ ck_assert(x[i] == (i == 0));
+ }
+ fft->destroy(fft);
+}
+END_TEST
+
+START_TEST(test_ntt_fft_wrap)
+{
+ ntt_fft_t *fft;
+ uint16_t n = fft_params[_i]->n;
+ uint16_t q = fft_params[_i]->q;
+ uint32_t x[n],y[n], X[n], Y[n];
+ int i, j;
+
+ for (i = 0; i < n; i++)
+ {
+ x[i] = i;
+ y[i] = 0;
+ }
+ fft = ntt_fft_create(fft_params[_i]);
+ ck_assert(fft->get_size(fft) == n);
+ ck_assert(fft->get_modulus(fft) == q);
+ fft->transform(fft, x, X, FALSE);
+
+ for (j = 0; j < n; j++)
+ {
+ y[j] = 1;
+ fft->transform(fft, y, Y, FALSE);
+
+ for (i = 0; i < n; i++)
+ {
+ Y[i] = ntt_fft_mreduce(X[i] * Y[i], fft_params[_i]);
+ }
+ fft->transform(fft, Y, Y, TRUE);
+
+ for (i = 0; i < n; i++)
+ {
+ ck_assert(Y[i] == ( i < j ? q - n - i + j : i - j));
+ }
+ y[j] = 0;
+ }
+ fft->destroy(fft);
+}
+END_TEST
+
+START_TEST(test_ntt_fft_speed)
+{
+ ntt_fft_t *fft;
+ struct timespec start, stop;
+ int i, m, count = 10000;
+ int n = fft_params[_i]->n;
+ uint32_t x[n], X[n];
+
+ for (i = 0; i < n; i++)
+ {
+ x[i] = i;
+ }
+ fft = ntt_fft_create(fft_params[_i]);
+
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
+ for (m = 0; m < count; m++)
+ {
+ fft->transform(fft, x, X, FALSE);
+ fft->transform(fft, X, x, TRUE);
+ }
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
+
+ DBG0(DBG_LIB, "%d FFT-%d loops in %d ms\n", count, n,
+ (stop.tv_nsec - start.tv_nsec) / 1000000 +
+ (stop.tv_sec - start.tv_sec) * 1000);
+
+ for (i = 0; i < n; i++)
+ {
+ ck_assert(x[i] == i);
+ }
+ fft->destroy(fft);
+}
+END_TEST
+
+Suite *ntt_fft_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ntt_fft");
+
+ tc = tcase_create("impulse");
+ tcase_add_loop_test(tc, test_ntt_fft_impulse, 0, countof(fft_params));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("negative_wrap");
+ tcase_add_loop_test(tc, test_ntt_fft_wrap, 0, countof(fft_params));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("speed");
+ tcase_set_timeout(tc, 10);
+ tcase_add_loop_test(tc, test_ntt_fft_speed, 1, countof(fft_params));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index a1ee0f83e..210d7c227 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 02cd0f832..9e926ac19 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index 576b6dafc..ea41ab353 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 1f092287b..aa3be4220 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 5e1b1f38a..4441558fa 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am
index e2aaaf55c..b2d09427e 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.am
+++ b/src/libstrongswan/plugins/bliss/Makefile.am
@@ -1,5 +1,6 @@
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft
AM_CFLAGS = \
$(PLUGIN_CFLAGS) \
@@ -7,9 +8,12 @@ AM_CFLAGS = \
# these file are also used by bliss_huffman
noinst_LTLIBRARIES = libbliss-params.la
+
libbliss_params_la_SOURCES = \
- bliss_param_set.h bliss_param_set.c \
- bliss_fft_params.h bliss_fft_params.c
+ bliss_param_set.h bliss_param_set.c
+
+libbliss_params_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
# these files are also used by the tests, we can't directly refer to them
# because of the subdirectory, which would cause distclean to fail
@@ -20,12 +24,14 @@ libbliss_la_SOURCES = \
bliss_signature.h bliss_signature.c \
bliss_utils.h bliss_utils.c \
bliss_bitpacker.h bliss_bitpacker.c \
- bliss_fft.h bliss_fft.c \
bliss_huffman_code.h bliss_huffman_code.c \
bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \
bliss_huffman_coder.h bliss_huffman_coder.c \
bliss_sampler.h bliss_sampler.c
-libbliss_la_LIBADD = libbliss-params.la
+
+libbliss_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
if MONOLITHIC
noinst_LTLIBRARIES += libstrongswan-bliss.la
@@ -43,7 +49,10 @@ libstrongswan_bliss_la_LIBADD = libbliss.la
noinst_PROGRAMS = bliss_huffman
bliss_huffman_SOURCES = bliss_huffman.c
-bliss_huffman_LDADD = -lm libbliss-params.la
+
+bliss_huffman_LDADD = -lm \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h
$(AM_V_GEN) \
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index 389e20ed4..746709b23 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -139,17 +139,20 @@ am__uninstall_files_from_dir = { \
}
am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libbliss_params_la_LIBADD =
-am_libbliss_params_la_OBJECTS = bliss_param_set.lo bliss_fft_params.lo
+libbliss_params_la_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+am_libbliss_params_la_OBJECTS = bliss_param_set.lo
libbliss_params_la_OBJECTS = $(am_libbliss_params_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-libbliss_la_DEPENDENCIES = libbliss-params.la
+libbliss_la_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
am_libbliss_la_OBJECTS = bliss_private_key.lo bliss_public_key.lo \
bliss_signature.lo bliss_utils.lo bliss_bitpacker.lo \
- bliss_fft.lo bliss_huffman_code.lo bliss_huffman_code_1.lo \
+ bliss_huffman_code.lo bliss_huffman_code_1.lo \
bliss_huffman_code_3.lo bliss_huffman_code_4.lo \
bliss_huffman_coder.lo bliss_sampler.lo
libbliss_la_OBJECTS = $(am_libbliss_la_OBJECTS)
@@ -166,7 +169,9 @@ libstrongswan_bliss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
PROGRAMS = $(noinst_PROGRAMS)
am_bliss_huffman_OBJECTS = bliss_huffman.$(OBJEXT)
bliss_huffman_OBJECTS = $(am_bliss_huffman_OBJECTS)
-bliss_huffman_DEPENDENCIES = libbliss-params.la
+bliss_huffman_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -370,7 +375,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -404,8 +408,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -459,11 +461,14 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft
AM_CFLAGS = \
$(PLUGIN_CFLAGS) \
@@ -476,8 +481,10 @@ AM_CFLAGS = \
# because of the subdirectory, which would cause distclean to fail
noinst_LTLIBRARIES = libbliss-params.la libbliss.la $(am__append_1)
libbliss_params_la_SOURCES = \
- bliss_param_set.h bliss_param_set.c \
- bliss_fft_params.h bliss_fft_params.c
+ bliss_param_set.h bliss_param_set.c
+
+libbliss_params_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
libbliss_la_SOURCES = \
bliss_private_key.h bliss_private_key.c \
@@ -485,13 +492,15 @@ libbliss_la_SOURCES = \
bliss_signature.h bliss_signature.c \
bliss_utils.h bliss_utils.c \
bliss_bitpacker.h bliss_bitpacker.c \
- bliss_fft.h bliss_fft.c \
bliss_huffman_code.h bliss_huffman_code.c \
bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \
bliss_huffman_coder.h bliss_huffman_coder.c \
bliss_sampler.h bliss_sampler.c
-libbliss_la_LIBADD = libbliss-params.la
+libbliss_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
+
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-bliss.la
libstrongswan_bliss_la_SOURCES = \
bliss_plugin.h bliss_plugin.c
@@ -499,7 +508,10 @@ libstrongswan_bliss_la_SOURCES = \
libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
libstrongswan_bliss_la_LIBADD = libbliss.la
bliss_huffman_SOURCES = bliss_huffman.c
-bliss_huffman_LDADD = -lm libbliss-params.la
+bliss_huffman_LDADD = -lm \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ libbliss-params.la
+
all: all-am
.SUFFIXES:
@@ -609,8 +621,6 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_bitpacker.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft_params.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code_1.Plo@am__quote@
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.c b/src/libstrongswan/plugins/bliss/bliss_fft.c
deleted file mode 100644
index 033c2144e..000000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_fft.h"
-
-typedef struct private_bliss_fft_t private_bliss_fft_t;
-
-/**
- * Private data structure for bliss_fft_t object
- */
-struct private_bliss_fft_t {
- /**
- * Public interface.
- */
- bliss_fft_t public;
-
- /**
- * FFT parameter set used as constants
- */
- bliss_fft_params_t *p;
-
-};
-
-METHOD(bliss_fft_t, get_size, uint16_t,
- private_bliss_fft_t *this)
-{
- return this->p->n;
-}
-
-METHOD(bliss_fft_t, get_modulus, uint16_t,
- private_bliss_fft_t *this)
-{
- return this->p->q;
-}
-
-/**
- * Do an FFT butterfly operation
- *
- * x[i1] ---|+|------- x[i1]
- * \/
- * /\ w[iw]
- * x[i2] ---|-|--|*|-- x[i2]
- *
- */
-static void butterfly(private_bliss_fft_t *this, uint32_t *x, int i1,int i2,
- int iw)
-{
- uint32_t xp, xm;
-
- xp = x[i1] + x[i2];
- xm = x[i1] + (this->p->q - x[i2]);
- if (xp >= this->p->q)
- {
- xp -= this->p->q;
- }
- x[i1] = xp;
- x[i2] = (xm * this->p->w[iw]) % this->p->q;
-}
-
-/**
- * Trivial butterfly operation of last FFT stage
- */
-static void butterfly_last(private_bliss_fft_t *this, uint32_t *x, int i1)
-{
- uint32_t xp, xm;
- int i2 = i1 + 1;
-
- xp = x[i1] + x[i2];
- xm = x[i1] + (this->p->q - x[i2]);
- if (xp >= this->p->q)
- {
- xp -= this->p->q;
- }
- if (xm >= this->p->q)
- {
- xm -= this->p->q;
- }
- x[i1] = xp;
- x[i2] = xm;
-}
-
-METHOD(bliss_fft_t, transform, void,
- private_bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse)
-{
- int stage, i, j, k, m, n, t, iw, i_rev;
- uint16_t q;
- uint32_t tmp;
-
- /* we are going to use the transform size n and the modulus q a lot */
- n = this->p->n;
- q = this->p->q;
-
- if (!inverse)
- {
- /* apply linear phase needed for negative wrapped convolution */
- for (i = 0; i < n; i++)
- {
- b[i] = (a[i] * this->p->w[i]) % q;
- }
- }
- else if (a != b)
- {
- /* copy if input and output array are not the same */
- for (i = 0; i < n; i++)
- {
- b[i] = a[i];
- }
- }
-
- m = n;
- k = 1;
-
- for (stage = this->p->stages; stage > 0; stage--)
- {
- m >>= 1;
- t = 0;
-
- for (j = 0; j < k; j++)
- {
- if (stage == 1)
- {
- butterfly_last(this, b, t);
- }
- else
- {
- for (i = 0; i < m; i++)
- {
- iw = 2 * (inverse ? (n - i * k) : (i * k));
- butterfly(this, b, t + i, t + i + m, iw);
- }
- }
- t += 2*m;
- }
- k <<= 1;
- }
-
- /* Sort output in bit-reverse order */
- for (i = 0; i < n; i++)
- {
- i_rev = this->p->rev[i];
-
- if (i_rev > i)
- {
- tmp = b[i];
- b[i] = b[i_rev];
- b[i_rev] = tmp;
- }
- }
-
- /**
- * Compensate the linear phase needed for negative wrapped convolution
- * and normalize the output array with 1/n mod q after the inverse FFT.
- */
- if (inverse)
- {
- for (i = 0; i < n; i++)
- {
- b[i] = (((b[i] * this->p->w[2*n - i]) % q) * this->p->n_inv) % q;
- }
- }
-}
-
-METHOD(bliss_fft_t, destroy, void,
- private_bliss_fft_t *this)
-{
- free(this);
-}
-
-/**
- * See header.
- */
-bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params)
-{
- private_bliss_fft_t *this;
-
- INIT(this,
- .public = {
- .get_size = _get_size,
- .get_modulus = _get_modulus,
- .transform = _transform,
- .destroy = _destroy,
- },
- .p = params,
- );
-
- return &this->public;
-}
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.h b/src/libstrongswan/plugins/bliss/bliss_fft.h
deleted file mode 100644
index a79edd2be..000000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_fft bliss_fft
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_FFT_H_
-#define BLISS_FFT_H_
-
-#include "bliss_fft_params.h"
-
-#include <library.h>
-
-typedef struct bliss_fft_t bliss_fft_t;
-
-/**
- * Implements a Number Theoretic Transform (NTT) via the FFT algorithm
- */
-struct bliss_fft_t {
-
- /**
- * Get the size of the Number Theoretic Transform
- *
- * @result Transform size
- */
- uint16_t (*get_size)(bliss_fft_t *this);
-
- /**
- * Get the prime modulus of the Number Theoretic Transform
- *
- * @result Prime modulus
- */
- uint16_t (*get_modulus)(bliss_fft_t *this);
-
- /**
- * Compute the [inverse] NTT of a polynomial
- *
- * @param a Coefficient of input polynomial
- * @param b Coefficient of output polynomial
- * @param inverse TRUE if the inverse NTT has to be computed
- */
- void (*transform)(bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse);
-
- /**
- * Destroy bliss_fft_t object
- */
- void (*destroy)(bliss_fft_t *this);
-};
-
-/**
- * Create a bliss_fft_t object for a given FFT parameter set
- *
- * @param params FFT parameters
- */
-bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params);
-
-#endif /** BLISS_FFT_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.c b/src/libstrongswan/plugins/bliss/bliss_fft_params.c
deleted file mode 100644
index c892c06e6..000000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft_params.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_fft_params.h"
-
-/**
- * FFT parameters for q = 12289 and 2n = 1024
- */
-static uint16_t w_12289_1024[] = {
- 1, 49, 2401, 7048, 1260, 295, 2166, 7822, 2319, 3030,
- 1002, 12231, 9447, 8210, 9042, 654, 7468, 9551, 1017, 677,
- 8595, 3329, 3364, 5079, 3091, 3991, 11224, 9260, 11336, 2459,
- 9890, 5339, 3542, 1512, 354, 5057, 2013, 325, 3636, 6118,
- 4846, 3963, 9852, 3477, 10616, 4046, 1630, 6136, 5728, 10314,
- 1537, 1579, 3637, 6167, 7247, 11011, 11112, 3772, 493, 11868,
- 3949, 9166, 6730, 10256, 10984, 9789, 390, 6821, 2426, 8273,
- 12129, 4449, 9088, 2908, 7313, 1956, 9821, 1958, 9919, 6760,
- 11726, 9280, 27, 1323, 3382, 5961, 9442, 7965, 9326, 2281,
- 1168, 8076, 2476, 10723, 9289, 468, 10643, 5369, 5012, 12097,
-
- 2881, 5990, 10863, 3860, 4805, 1954, 9723, 9445, 8112, 4240,
- 11136, 4948, 8961, 8974, 9611, 3957, 9558, 1360, 5195, 8775,
- 12149, 5429, 7952, 8689, 7935, 7856, 3985, 10930, 7143, 5915,
- 7188, 8120, 4632, 5766, 12176, 6752, 11334, 2361, 5088, 3532,
- 1022, 922, 8311, 1702, 9664, 6554, 1632, 6234, 10530, 12121,
- 4057, 2169, 7969, 9522, 11885, 4782, 827, 3656, 7098, 3710,
- 9744, 10474, 9377, 4780, 729, 11143, 5291, 1190, 9154, 6142,
- 6022, 142, 6958, 9139, 5407, 6874, 5023, 347, 4714, 9784,
- 145, 7105, 4053, 1973, 10654, 5908, 6845, 3602, 4452, 9235,
- 10111, 3879, 5736, 10706, 8456, 8807, 1428, 8527, 12286, 12142,
-
- 5086, 3434, 8509, 11404, 5791, 1112, 5332, 3199, 9283, 174,
- 8526, 12237, 9741, 10327, 2174, 8214, 9238, 10258, 11082, 2302,
- 2197, 9341, 3016, 316, 3195, 9087, 2859, 4912, 7197, 8561,
- 1663, 7753, 11227, 9407, 6250, 11314, 1381, 6224, 10040, 400,
- 7311, 1858, 5019, 151, 7399, 6170, 7394, 5925, 7678, 7552,
- 1378, 6077, 2837, 3834, 3531, 973, 10810, 1263, 442, 9369,
- 4388, 6099, 3915, 7500, 11119, 4115, 5011, 12048, 480, 11231,
- 9603, 3565, 2639, 6421, 7404, 6415, 7110, 4298, 1689, 9027,
- 12208, 8320, 2143, 6695, 8541, 683, 8889, 5446, 8785, 350,
- 4861, 4698, 9000, 10885, 4938, 8471, 9542, 576, 3646, 6608,
-
- 4278, 709, 10163, 6427, 7698, 8532, 242, 11858, 3459, 9734,
- 9984, 9945, 8034, 418, 8193, 8209, 8993, 10542, 420, 8291,
- 722, 10800, 773, 1010, 334, 4077, 3149, 6833, 3014, 218,
- 10682, 7280, 339, 4322, 2865, 5206, 9314, 1693, 9223, 9523,
- 11934, 7183, 7875, 4916, 7393, 5876, 5277, 504, 118, 5782,
- 671, 8301, 1212, 10232, 9808, 1321, 3284, 1159, 7635, 5445,
- 8736, 10238, 10102, 3438, 8705, 8719, 9405, 6152, 6512, 11863,
- 3704, 9450, 8357, 3956, 9509, 11248, 10436, 7515, 11854, 3263,
- 130, 6370, 4905, 6854, 4043, 1483, 11222, 9162, 6534, 652,
- 7370, 4749, 11499, 10446, 8005, 11286, 9, 441, 9320, 1987,
-
- 11340, 2655, 7205, 8953, 8582, 2692, 9018, 11767, 11289, 156,
- 7644, 5886, 5767, 12225, 9153, 6093, 3621, 5383, 5698, 8844,
- 3241, 11341, 2704, 9606, 3712, 9842, 2987, 11184, 7300, 1319,
- 3186, 8646, 5828, 2925, 8146, 5906, 6747, 11089, 2645, 6715,
- 9521, 11836, 2381, 6068, 2396, 6803, 1544, 1922, 8155, 6347,
- 3778, 787, 1696, 9370, 4437, 8500, 10963, 8760, 11414, 6281,
- 544, 2078, 3510, 12233, 9545, 723, 10849, 3174, 8058, 1594,
- 4372, 5315, 2366, 5333, 3248, 11684, 7222, 9786, 243, 11907,
- 5860, 4493, 11244, 10240, 10200, 8240, 10512, 11239, 9995, 10484,
- 9867, 4212, 9764, 11454, 8241, 10561, 1351, 4754, 11744, 10162,
-
- 6378, 5297, 1484, 11271, 11563, 1293, 1912, 7665, 6915, 7032,
- 476, 11035, 12288, 12240, 9888, 5241, 11029, 11994, 10123, 4467,
- 9970, 9259, 11287, 58, 2842, 4079, 3247, 11635, 4821, 2738,
- 11272, 11612, 3694, 8960, 8925, 7210, 9198, 8298, 1065, 3029,
- 953, 9830, 2399, 6950, 8747, 10777, 11935, 7232, 10276, 11964,
- 8653, 6171, 7443, 8326, 2437, 8812, 1673, 8243, 10659, 6153,
- 6561, 1975, 10752, 10710, 8652, 6122, 5042, 1278, 1177, 8517,
- 11796, 421, 8340, 3123, 5559, 2033, 1305, 2500, 11899, 5468,
- 9863, 4016, 160, 7840, 3201, 9381, 4976, 10333, 2468, 10331,
- 2370, 5529, 563, 3009, 12262, 10966, 8907, 6328, 2847, 4324,
-
- 2963, 10008, 11121, 4213, 9813, 1566, 3000, 11821, 1646, 6920,
- 7277, 192, 9408, 6299, 1426, 8429, 7484, 10335, 2566, 2844,
- 4177, 8049, 1153, 7341, 3328, 3315, 2678, 8332, 2731, 10929,
- 7094, 3514, 140, 6860, 4337, 3600, 4354, 4433, 8304, 1359,
- 5146, 6374, 5101, 4169, 7657, 6523, 113, 5537, 955, 9928,
- 7201, 8757, 11267, 11367, 3978, 10587, 2625, 5735, 10657, 6055,
- 1759, 168, 8232, 10120, 4320, 2767, 404, 7507, 11462, 8633,
- 5191, 8579, 2545, 1815, 2912, 7509, 11560, 1146, 6998, 11099,
- 3135, 6147, 6267, 12147, 5331, 3150, 6882, 5415, 7266, 11942,
- 7575, 2505, 12144, 5184, 8236, 10316, 1635, 6381, 5444, 8687,
-
- 7837, 3054, 2178, 8410, 6553, 1583, 3833, 3482, 10861, 3762,
- 3, 147, 7203, 8855, 3780, 885, 6498, 11177, 6957, 9090,
- 3006, 12115, 3763, 52, 2548, 1962, 10115, 4075, 3051, 2031,
- 1207, 9987, 10092, 2948, 9273, 11973, 9094, 3202, 9430, 7377,
- 5092, 3728, 10626, 4536, 1062, 2882, 6039, 975, 10908, 6065,
- 2249, 11889, 4978, 10431, 7270, 12138, 4890, 6119, 4895, 6364,
- 4611, 4737, 10911, 6212, 9452, 8455, 8758, 11316, 1479, 11026,
- 11847, 2920, 7901, 6190, 8374, 4789, 1170, 8174, 7278, 241,
- 11809, 1058, 2686, 8724, 9650, 5868, 4885, 5874, 5179, 7991,
- 10600, 3262, 81, 3969, 10146, 5594, 3748, 11606, 3400, 6843,
-
- 3504, 11939, 7428, 7591, 3289, 1404, 7351, 3818, 2747, 11713,
- 8643, 5681, 8011, 11580, 2126, 5862, 4591, 3757, 12047, 431,
- 8830, 2555, 2305, 2344, 4255, 11871, 4096, 4080, 3296, 1747,
- 11869, 3998, 11567, 1489, 11516, 11279, 11955, 8212, 9140, 5456,
- 9275, 12071, 1607, 5009, 11950, 7967, 9424, 7083, 2975, 10596,
- 3066, 2766, 355, 5106, 4414, 7373, 4896, 6413, 7012, 11785,
- 12171, 6507, 11618, 3988, 11077, 2057, 2481, 10968, 9005, 11130,
- 4654, 6844, 3553, 2051, 2187, 8851, 3584, 3570, 2884, 6137,
- 5777, 426, 8585, 2839, 3932, 8333, 2780, 1041, 1853, 4774,
- 435, 9026, 12159, 5919, 7384, 5435, 8246, 10806, 1067, 3127,
-
- 5755, 11637, 4919, 7540, 790, 1843, 4284, 1003, 12280, 11848,
- 2969, 10302, 949, 9634, 5084, 3336, 3707, 9597, 3271, 522,
- 1000, 12133, 4645, 6403, 6522, 64, 3136, 6196, 8668, 6906,
- 6591, 3445, 9048, 948, 9585, 2683, 8577, 2447, 9302, 1105,
- 4989, 10970, 9103, 3643, 6461, 9364, 4143, 6383, 5542, 1200,
- 9644, 5574, 2768, 453, 9908, 6221, 9893, 5486, 10745, 10367,
- 4134, 5942, 8511, 11502, 10593, 2919, 7852, 3789, 1326, 3529,
- 875, 6008, 11745, 10211, 8779, 56, 2744, 11566, 1440, 9115,
- 4231, 10695, 7917, 6974, 9923, 6956, 9041, 605, 5067, 2503,
- 12046, 382, 6429, 7796, 1045, 2049, 2089, 4049, 1777, 1050,
-
- 2294, 1805, 2422, 8077, 2525, 835, 4048, 1728, 10938, 7535,
- 545, 2127, 5911, 6992, 10805, 1018, 726, 10996, 10377, 4624,
- 5374, 5257, 11813, 1254, 1
-};
-
-/**
- * Bit-reversed indices for n = 512
- */
-static uint16_t rev_512[] = {
- 0, 256, 128, 384, 64, 320, 192, 448, 32, 288,
- 160, 416, 96, 352, 224, 480, 16, 272, 144, 400,
- 80, 336, 208, 464, 48, 304, 176, 432, 112, 368,
- 240, 496, 8, 264, 136, 392, 72, 328, 200, 456,
- 40, 296, 168, 424, 104, 360, 232, 488, 24, 280,
- 152, 408, 88, 344, 216, 472, 56, 312, 184, 440,
- 120, 376, 248, 504, 4, 260, 132, 388, 68, 324,
- 196, 452, 36, 292, 164, 420, 100, 356, 228, 484,
- 20, 276, 148, 404, 84, 340, 212, 468, 52, 308,
- 180, 436, 116, 372, 244, 500, 12, 268, 140, 396,
-
- 76, 332, 204, 460, 44, 300, 172, 428, 108, 364,
- 236, 492, 28, 284, 156, 412, 92, 348, 220, 476,
- 60, 316, 188, 444, 124, 380, 252, 508, 2, 258,
- 130, 386, 66, 322, 194, 450, 34, 290, 162, 418,
- 98, 354, 226, 482, 18, 274, 146, 402, 82, 338,
- 210, 466, 50, 306, 178, 434, 114, 370, 242, 498,
- 10, 266, 138, 394, 74, 330, 202, 458, 42, 298,
- 170, 426, 106, 362, 234, 490, 26, 282, 154, 410,
- 90, 346, 218, 474, 58, 314, 186, 442, 122, 378,
- 250, 506, 6, 262, 134, 390, 70, 326, 198, 454,
-
- 38, 294, 166, 422, 102, 358, 230, 486, 22, 278,
- 150, 406, 86, 342, 214, 470, 54, 310, 182, 438,
- 118, 374, 246, 502, 14, 270, 142, 398, 78, 334,
- 206, 462, 46, 302, 174, 430, 110, 366, 238, 494,
- 30, 286, 158, 414, 94, 350, 222, 478, 62, 318,
- 190, 446, 126, 382, 254, 510, 1, 257, 129, 385,
- 65, 321, 193, 449, 33, 289, 161, 417, 97, 353,
- 225, 481, 17, 273, 145, 401, 81, 337, 209, 465,
- 49, 305, 177, 433, 113, 369, 241, 497, 9, 265,
- 137, 393, 73, 329, 201, 457, 41, 297, 169, 425,
-
- 105, 361, 233, 489, 25, 281, 153, 409, 89, 345,
- 217, 473, 57, 313, 185, 441, 121, 377, 249, 505,
- 5, 261, 133, 389, 69, 325, 197, 453, 37, 293,
- 165, 421, 101, 357, 229, 485, 21, 277, 149, 405,
- 85, 341, 213, 469, 53, 309, 181, 437, 117, 373,
- 245, 501, 13, 269, 141, 397, 77, 333, 205, 461,
- 45, 301, 173, 429, 109, 365, 237, 493, 29, 285,
- 157, 413, 93, 349, 221, 477, 61, 317, 189, 445,
- 125, 381, 253, 509, 3, 259, 131, 387, 67, 323,
- 195, 451, 35, 291, 163, 419, 99, 355, 227, 483,
-
- 19, 275, 147, 403, 83, 339, 211, 467, 51, 307,
- 179, 435, 115, 371, 243, 499, 11, 267, 139, 395,
- 75, 331, 203, 459, 43, 299, 171, 427, 107, 363,
- 235, 491, 27, 283, 155, 411, 91, 347, 219, 475,
- 59, 315, 187, 443, 123, 379, 251, 507, 7, 263,
- 135, 391, 71, 327, 199, 455, 39, 295, 167, 423,
- 103, 359, 231, 487, 23, 279, 151, 407, 87, 343,
- 215, 471, 55, 311, 183, 439, 119, 375, 247, 503,
- 15, 271, 143, 399, 79, 335, 207, 463, 47, 303,
- 175, 431, 111, 367, 239, 495, 31, 287, 159, 415,
-
- 95, 351, 223, 479, 63, 319, 191, 447, 127, 383,
- 255, 511
-};
-
-bliss_fft_params_t bliss_fft_12289_512 = {
- 12289, 512, 12265, 9, w_12289_1024, rev_512
-};
-
-/**
- * FFT parameters for q = 17 and n = 16
- */
-static uint16_t w_17_16[] = {
- 1, 3, 9, 10, 13, 5, 15, 11, 16, 14, 8, 7, 4, 12, 2, 6, 1 };
-
-/**
- * Bit-reversed indices for n = 8
- */
-static uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
-
-bliss_fft_params_t bliss_fft_17_8 = { 17, 8, 15, 3, w_17_16, rev_8 };
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.h b/src/libstrongswan/plugins/bliss/bliss_fft_params.h
deleted file mode 100644
index 31b151b67..000000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft_params.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_fft_params bliss_fft_params
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_FFT_PARAMS_H_
-#define BLISS_FFT_PARAMS_H_
-
-#include <library.h>
-
-typedef struct bliss_fft_params_t bliss_fft_params_t;
-
-/**
- * Defines the parameters for an NTT computed via the FFT algorithm
- */
-struct bliss_fft_params_t {
-
- /**
- * Prime modulus
- */
- uint16_t q;
-
- /**
- * Size of the FFT with the condition k * n = q-1
- */
- uint16_t n;
-
- /**
- * Inverse of n mod q used for normalization of the FFT
- */
- uint16_t n_inv;
-
- /**
- * Number of FFT stages stages = log2(n)
- */
- uint16_t stages;
-
- /**
- * FFT twiddle factors (n-th roots of unity)
- */
- uint16_t *w;
-
- /**
- * FFT bit reversal
- */
- uint16_t *rev;
-
-};
-
-/**
- * FFT parameters for q = 12289 and n = 512
- */
-extern bliss_fft_params_t bliss_fft_12289_512;
-
-/**
- * FFT parameters for q = 17 and n = 8
- */
-extern bliss_fft_params_t bliss_fft_17_8;
-
-#endif /** BLISS_FFT_PARAMS_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_huffman.c b/src/libstrongswan/plugins/bliss/bliss_huffman.c
index 647234fd8..71e75d6bf 100644
--- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
+++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
@@ -209,7 +209,7 @@ static void remove_node(node_t *list, node_t **last, node_t *node)
*/
int main(int argc, char *argv[])
{
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
int dx, bliss_type, depth = 1, groups, groups_left, pairs = 1;
int i_max = 9, k_max = 8, index_max = (2*k_max - 1) * i_max;
int i, i_top, k, k_top;
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c
index 3781a588f..b6649d771 100644
--- a/src/libstrongswan/plugins/bliss/bliss_param_set.c
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c
@@ -33,7 +33,7 @@ ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
*
* c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9
*/
-static uint8_t c_bliss_i[] = {
+static const uint8_t c_bliss_i[] = {
255, 255, 75, 191, 247, 94, 30, 51, 147, 246, 89, 59, 99, 248, 26, 128,
255, 254, 151, 128, 109, 166, 88, 143, 30, 175, 149, 20, 240, 81, 138, 111,
255, 253, 47, 2, 214, 243, 188, 76, 236, 235, 40, 62, 54, 35, 33, 205,
@@ -62,7 +62,7 @@ static uint8_t c_bliss_i[] = {
*
* c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5
*/
-static uint8_t c_bliss_iii[] = {
+static const uint8_t c_bliss_iii[] = {
255, 255, 122, 95, 16, 128, 14, 195, 60, 90, 166, 191, 205, 26, 144, 204,
255, 254, 244, 190, 102, 192, 187, 141, 169, 92, 33, 30, 170, 141, 184, 56,
255, 253, 233, 125, 228, 131, 93, 148, 121, 92, 52, 122, 149, 96, 29, 66,
@@ -91,7 +91,7 @@ static uint8_t c_bliss_iii[] = {
*
* c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0
*/
-static uint8_t c_bliss_iv[] = {
+static const uint8_t c_bliss_iv[] = {
255, 255, 142, 111, 102, 2, 141, 87, 150, 42, 18, 70, 6, 224, 18, 70,
255, 255, 28, 222, 254, 102, 20, 78, 133, 78, 189, 107, 29, 7, 23, 193,
255, 254, 57, 190, 198, 79, 181, 181, 108, 75, 142, 145, 45, 238, 193, 29,
@@ -119,7 +119,7 @@ static uint8_t c_bliss_iv[] = {
/**
* BLISS signature parameter set definitions
*/
-static bliss_param_set_t bliss_param_sets[] = {
+static const bliss_param_set_t bliss_param_sets[] = {
/* BLISS-I scheme */
{
@@ -131,7 +131,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 154,
.non_zero2 = 0,
.kappa = 23,
@@ -161,7 +161,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 216,
.non_zero2 = 16,
.kappa = 30,
@@ -191,7 +191,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 231,
.non_zero2 = 31,
.kappa = 39,
@@ -221,7 +221,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 154,
.non_zero2 = 0,
.kappa = 23,
@@ -251,7 +251,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 216,
.non_zero2 = 16,
.kappa = 30,
@@ -281,7 +281,7 @@ static bliss_param_set_t bliss_param_sets[] = {
.q2_inv = 6145,
.n = 512,
.n_bits = 9,
- .fft_params = &bliss_fft_12289_512,
+ .fft_params = &ntt_fft_12289_512,
.non_zero1 = 231,
.non_zero2 = 31,
.kappa = 39,
@@ -306,7 +306,7 @@ static bliss_param_set_t bliss_param_sets[] = {
/**
* See header.
*/
-bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
+const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
{
int i;
@@ -324,7 +324,7 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
/**
* See header.
*/
-bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
+const bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
{
int i;
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h
index 33a8009ff..8c043b925 100644
--- a/src/libstrongswan/plugins/bliss/bliss_param_set.h
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h
@@ -24,7 +24,7 @@
typedef enum bliss_param_set_id_t bliss_param_set_id_t;
typedef struct bliss_param_set_t bliss_param_set_t;
-#include "bliss_fft_params.h"
+#include "ntt_fft_params.h"
#include "bliss_huffman_code.h"
#include <library.h>
@@ -53,132 +53,132 @@ struct bliss_param_set_t {
/**
* BLISS parameter set ID
*/
- bliss_param_set_id_t id;
+ const bliss_param_set_id_t id;
/**
* BLISS parameter set OID
*/
- int oid;
+ const int oid;
/**
* Security strength in bits
*/
- uint16_t strength;
+ const uint16_t strength;
/**
* Prime modulus
*/
- uint16_t q;
+ const uint16_t q;
/**
* Number of bits in q
*/
- uint16_t q_bits;
+ const uint16_t q_bits;
/**
* Inverse of (q + 2) mod 2q
*/
- uint16_t q2_inv;
+ const uint16_t q2_inv;
/**
* Ring dimension equal to the number of polynomial coefficients
*/
- uint16_t n;
+ const uint16_t n;
/**
* Number of bits in n
*/
- uint16_t n_bits;
+ const uint16_t n_bits;
/**
* FFT parameters
*/
- bliss_fft_params_t *fft_params;
+ const ntt_fft_params_t *fft_params;
/**
* Number of [-1, +1] secret key coefficients
*/
- uint16_t non_zero1;
+ const uint16_t non_zero1;
/**
* Number of [-2, +2] secret key coefficients
*/
- uint16_t non_zero2;
+ const uint16_t non_zero2;
/**
* Number of secret key terms that go into Nk(S) norm
*/
- uint16_t kappa;
+ const uint16_t kappa;
/**
* Maximum Nk(S) tolerable NK(S) norm (BLISS only)
*/
- uint32_t nks_max;
+ const uint32_t nks_max;
/**
* Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only)
*/
- uint32_t p_max;
+ const uint32_t p_max;
/**
* Standard deviation sigma
*/
- uint16_t sigma;
+ const uint16_t sigma;
/**
* k_sigma = ceiling[ sqrt(2*ln 2) * sigma ]
*/
- uint16_t k_sigma;
+ const uint16_t k_sigma;
/**
* Number of bits in k_sigma
*/
- uint16_t k_sigma_bits;
+ const uint16_t k_sigma_bits;
/**
* Coefficients for Bernoulli sampling with exponential biases
*/
- uint8_t *c;
+ const uint8_t *c;
/**
* Number of columns in Bernoulli coefficient table
*/
- size_t c_cols;
+ const size_t c_cols;
/**
* Number of rows in Bernoulli coefficient table
*/
- size_t c_rows;
+ const size_t c_rows;
/**
* Number of bits in z1
*/
- uint16_t z1_bits;
+ const uint16_t z1_bits;
/**
* Number of z2 bits to be dropped after rounding
*/
- uint16_t d;
+ const uint16_t d;
/**
* Modulus p = floor(2q / 2^d) applied after bit dropping
*/
- uint16_t p;
+ const uint16_t p;
/**
* M = sigma^2 / alpha_rejection^2
*/
- uint32_t M;
+ const uint32_t M;
/**
* B_infinity bound
*/
- uint16_t B_inf;
+ const uint16_t B_inf;
/**
* B_verify bound
*/
- uint32_t B_l2;
+ const uint32_t B_l2;
};
@@ -188,7 +188,7 @@ struct bliss_param_set_t {
* @param id BLISS parameter set ID
* @return BLISS parameter set
*/
-bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
+const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
/**
* Get BLISS signature parameter set by BLISS parameter set OID
@@ -196,6 +196,6 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
* @param oid BLISS parameter set OID
* @return BLISS parameter set
*/
-bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
+const bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
#endif /** BLISS_PARAM_SET_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 4adcf1e76..cdf3e96ea 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,6 +50,8 @@ METHOD(plugin_t, get_features, int,
PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256),
PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
@@ -57,29 +59,41 @@ METHOD(plugin_t, get_features, int,
/* signature schemes, private */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
/* signature verification schemes */
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
};
*features = f;
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 20bbc6ac5..25253ed37 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -20,9 +20,10 @@
#include "bliss_sampler.h"
#include "bliss_signature.h"
#include "bliss_bitpacker.h"
-#include "bliss_fft.h"
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <asn1/oid.h>
@@ -46,7 +47,7 @@ struct private_bliss_private_key_t {
/**
* BLISS signature parameter set
*/
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
/**
* BLISS secret key S1 (coefficients of polynomial f)
@@ -63,6 +64,11 @@ struct private_bliss_private_key_t {
*/
uint32_t *A;
+ /**
+ * NTT of BLISS public key in Montgomery representation Ar = rA mod
+ */
+ uint32_t *Ar;
+
/**
* reference count
*/
@@ -163,12 +169,12 @@ static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices,
static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
chunk_t data, chunk_t *signature)
{
- bliss_fft_t *fft;
+ ntt_fft_t *fft;
bliss_signature_t *sig;
bliss_sampler_t *sampler = NULL;
rng_t *rng;
hasher_t *hasher;
- hash_algorithm_t mgf1_alg, oracle_alg;
+ ext_out_function_t mgf1_alg, oracle_alg;
size_t mgf1_seed_len;
uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
chunk_t mgf1_seed, data_hash;
@@ -203,12 +209,12 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
/* Set MGF1 hash algorithm and seed length based on security strength */
if (this->set->strength > 160)
{
- mgf1_alg = HASH_SHA256;
+ mgf1_alg = XOF_MGF1_SHA256;
mgf1_seed_len = HASH_SIZE_SHA256;
}
else
{
- mgf1_alg = HASH_SHA1;
+ mgf1_alg = XOF_MGF1_SHA1;
mgf1_seed_len = HASH_SIZE_SHA1;
}
mgf1_seed = chunk_create(mgf1_seed_buf, mgf1_seed_len);
@@ -220,7 +226,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
}
/* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = HASH_SHA512;
+ oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;
@@ -241,7 +247,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
y2 = z2;
ud = z2d;
- fft = bliss_fft_create(this->set->fft_params);
+ fft = ntt_fft_create(this->set->fft_params);
/* Use of the enhanced BLISS-B signature algorithm? */
switch (this->set->id)
@@ -337,7 +343,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
for (i = 0; i < n; i++)
{
- ay[i] = (this->A[i] * ay[i]) % q;
+ ay[i] = ntt_fft_mreduce(this->Ar[i] * ay[i], this->set->fft_params);
}
fft->transform(fft, ay, ay, TRUE);
@@ -668,6 +674,7 @@ METHOD(private_key_t, destroy, void,
free(this->s2);
}
free(this->A);
+ free(this->Ar);
free(this);
}
}
@@ -795,13 +802,13 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa)
/**
* Compute the inverse x1 of x modulo q as x^(-1) = x^(q-2) mod q
*/
-static uint32_t invert(uint32_t x, uint16_t q)
+static uint32_t invert(private_bliss_private_key_t *this, uint32_t x)
{
uint32_t x1, x2;
uint16_t q2;
int i, i_max;
- q2 = q - 2;
+ q2 = this->set->q - 2;
x1 = (q2 & 1) ? x : 1;
x2 = x;
i_max = 15;
@@ -812,11 +819,11 @@ static uint32_t invert(uint32_t x, uint16_t q)
}
for (i = 1; i <= i_max; i++)
{
- x2 = (x2 * x2) % q;
+ x2 = ntt_fft_mreduce(x2 * x2, this->set->fft_params);
if (q2 & (1 << i))
{
- x1 = (x1 * x2) % q;
+ x1 = ntt_fft_mreduce(x1 * x2, this->set->fft_params);
}
}
@@ -827,14 +834,14 @@ static uint32_t invert(uint32_t x, uint16_t q)
* Create a vector with sparse and small coefficients from seed
*/
static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
- hash_algorithm_t alg, chunk_t seed)
+ ext_out_function_t alg, chunk_t seed)
{
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
uint32_t index, sign;
int8_t *vector;
int non_zero;
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
@@ -903,7 +910,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
int i, n;
chunk_t seed;
size_t seed_len;
- hash_algorithm_t alg;
+ ext_out_function_t alg;
n = this->set->n;
*s1 = NULL;
@@ -912,12 +919,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
/* Set MGF1 hash algorithm and seed length based on security strength */
if (this->set->strength > 160)
{
- alg = HASH_SHA256;
+ alg = XOF_MGF1_SHA256;
seed_len = HASH_SIZE_SHA256;
}
else
{
- alg = HASH_SHA1;
+ alg = XOF_MGF1_SHA1;
seed_len = HASH_SIZE_SHA1;
}
seed = chunk_create(seed_buf, seed_len);
@@ -1000,8 +1007,8 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
uint32_t *S1, *S2, *a;
uint16_t q;
bool success = FALSE;
- bliss_param_set_t *set;
- bliss_fft_t *fft;
+ const bliss_param_set_t *set;
+ ntt_fft_t *fft;
rng_t *rng;
while (TRUE)
@@ -1062,13 +1069,14 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
this->set = set;
/* We derive the public key from the private key using the FFT */
- fft = bliss_fft_create(set->fft_params);
+ fft = ntt_fft_create(set->fft_params);
/* Some vectors needed to derive the publi key */
S1 = malloc(n * sizeof(uint32_t));
S2 = malloc(n * sizeof(uint32_t));
a = malloc(n * sizeof(uint32_t));
- this->A = malloc(n * sizeof(uint32_t));
+ this->A = malloc(n * sizeof(uint32_t));
+ this->Ar = malloc(n * sizeof(uint32_t));
/* Instantiate a true random generator */
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
@@ -1091,6 +1099,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
fft->transform(fft, S2, S2, FALSE);
success = TRUE;
+
for (i = 0; i < n; i++)
{
if (S1[i] == 0)
@@ -1103,8 +1112,9 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
success = FALSE;
break;
}
- this->A[i] = invert(S1[i], q);
- this->A[i] = (S2[i] * this->A[i]) % q;
+ this->Ar[i] = invert(this, S1[i]);
+ this->Ar[i] = ntt_fft_mreduce(S2[i] * this->Ar[i], set->fft_params);
+ this->A[i] = ntt_fft_mreduce(this->Ar[i], set->fft_params);
}
}
while (!success && trials < SECRET_KEY_TRIALS_MAX);
@@ -1114,13 +1124,15 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
if (success)
{
- fft->transform(fft, this->A, a, TRUE);
+ fft->transform(fft, this->Ar, a, TRUE);
DBG4(DBG_LIB, " i f g a F G A");
for (i = 0; i < n; i++)
{
DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u",
- i, this->s1[i], this->s2[i], a[i], S1[i], S2[i], this->A[i]);
+ i, this->s1[i], this->s2[i],
+ ntt_fft_mreduce(a[i], set->fft_params),
+ S1[i], S2[i], this->A[i]);
}
}
else
@@ -1167,7 +1179,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
asn1_parser_t *parser;
size_t s_bits = 0;
int8_t s, s_min = 0, s_max = 0;
- uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value;
+ uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value, r2;
bool success = FALSE;
int objectID, oid, i;
@@ -1248,6 +1260,14 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
{
goto end;
}
+ this->Ar = malloc(this->set->n * sizeof(uint32_t));
+ r2 = this->set->fft_params->r2;
+
+ for (i = 0; i < this->set->n; i++)
+ {
+ this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
+ this->set->fft_params);
+ }
break;
case PRIV_KEY_SECRET1:
if (object.len != 1 + (s_bits * this->set->n + 7)/8)
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index 93d1165eb..f7ddbbfd2 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,8 @@
#include "bliss_public_key.h"
#include "bliss_signature.h"
#include "bliss_bitpacker.h"
-#include "bliss_fft.h"
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
#include "bliss_utils.h"
#include <asn1/asn1.h>
@@ -37,13 +38,18 @@ struct private_bliss_public_key_t {
/**
* BLISS signature parameter set
*/
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
/**
* NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f)
*/
uint32_t *A;
+ /**
+ * NTT of BLISS public key in Montgomery representation Ar = rA mod
+ */
+ uint32_t *Ar;
+
/**
* reference counter
*/
@@ -70,8 +76,8 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
uint8_t data_hash_buf[HASH_SIZE_SHA512];
chunk_t data_hash;
hasher_t *hasher;
- hash_algorithm_t oracle_alg;
- bliss_fft_t *fft;
+ ext_out_function_t oracle_alg;
+ ntt_fft_t *fft;
bliss_signature_t *sig;
bool success = FALSE;
@@ -104,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
}
/* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = HASH_SHA512;
+ oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;
@@ -120,12 +126,12 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
{
az[i] = z1[i] < 0 ? q + z1[i] : z1[i];
}
- fft = bliss_fft_create(this->set->fft_params);
+ fft = ntt_fft_create(this->set->fft_params);
fft->transform(fft, az, az, FALSE);
for (i = 0; i < n; i++)
{
- az[i] = (this->A[i] * az[i]) % q;
+ az[i] = ntt_fft_mreduce(this->Ar[i] * az[i], this->set->fft_params);
}
fft->transform(fft, az, az, TRUE);
@@ -279,6 +285,7 @@ METHOD(public_key_t, destroy, void,
{
lib->encoding->clear_cache(lib->encoding, this);
free(this->A);
+ free(this->Ar);
free(this);
}
}
@@ -304,7 +311,8 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
chunk_t blob = chunk_empty, object, param;
asn1_parser_t *parser;
bool success = FALSE;
- int objectID, oid;
+ int objectID, oid, i;
+ uint32_t r2;
while (TRUE)
{
@@ -380,6 +388,14 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
{
goto end;
}
+ this->Ar = malloc(this->set->n * sizeof(uint32_t));
+ r2 = this->set->fft_params->r2;
+
+ for (i = 0; i < this->set->n; i++)
+ {
+ this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
+ this->set->fft_params);
+ }
break;
}
}
@@ -399,7 +415,7 @@ end:
/**
* See header.
*/
-bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
+bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
uint32_t **pubkey)
{
bliss_bitpacker_t *packer;
@@ -438,7 +454,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
/**
* See header.
*/
-chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set)
+chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set)
{
bliss_bitpacker_t *packer;
chunk_t encoding;
@@ -460,7 +476,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set)
* See header.
*/
chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
- bliss_param_set_t *set)
+ const bliss_param_set_t *set)
{
chunk_t encoding, pubkey_encoding;
@@ -479,7 +495,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
* See header.
*/
bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
- bliss_param_set_t *set,
+ const bliss_param_set_t *set,
cred_encoding_type_t type, chunk_t *fp)
{
hasher_t *hasher;
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h
index cd8f231b2..d8dd2df5c 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.h
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.h
@@ -61,7 +61,7 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
* @param pubkey coefficients of public key vector
* @return TRUE if parsing successful
*/
-bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
+bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
uint32_t **pubkey);
/**
@@ -71,7 +71,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
* @param set BLISS parameter set for the public key vector
* @result ASN.1 encoded subjectPublicKey
*/
-chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set);
+chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set);
/**
* Encode a BLISS subjectPublicKeyInfo record in ASN.1 DER format
@@ -82,7 +82,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set);
* @result ASN.1 encoded subjectPublicKeyInfo record
*/
chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
- bliss_param_set_t *set);
+ const bliss_param_set_t *set);
/**
* Generate a BLISS public key fingerprint
@@ -95,7 +95,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
* @result TRUE if generation was successful
*/
bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
- bliss_param_set_t *set,
+ const bliss_param_set_t *set,
cred_encoding_type_t type, chunk_t *fp);
#endif /** BLISS_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.c b/src/libstrongswan/plugins/bliss/bliss_sampler.c
index fa45a2fac..fb29d6622 100644
--- a/src/libstrongswan/plugins/bliss/bliss_sampler.c
+++ b/src/libstrongswan/plugins/bliss/bliss_sampler.c
@@ -17,7 +17,7 @@
typedef struct private_bliss_sampler_t private_bliss_sampler_t;
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
/**
* Private data of a bliss_sampler_t object.
@@ -32,12 +32,12 @@ struct private_bliss_sampler_t {
/**
* BLISS parameter the rejection sampling is to be based on
*/
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
/**
* Bitspender used for random rejection sampling
*/
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
};
@@ -45,7 +45,8 @@ METHOD(bliss_sampler_t, bernoulli_exp, bool,
private_bliss_sampler_t *this, uint32_t x, bool *accepted)
{
uint32_t x_mask;
- uint8_t *c, u;
+ uint8_t u;
+ const uint8_t *c;
int i;
x_mask = 1 << (this->set->c_rows - 1);
@@ -221,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void,
/**
* See header.
*/
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
- bliss_param_set_t *set)
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
+ const bliss_param_set_t *set)
{
private_bliss_sampler_t *this;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.h b/src/libstrongswan/plugins/bliss/bliss_sampler.h
index 2c75d4480..3e6d3d003 100644
--- a/src/libstrongswan/plugins/bliss/bliss_sampler.h
+++ b/src/libstrongswan/plugins/bliss/bliss_sampler.h
@@ -84,11 +84,11 @@ struct bliss_sampler_t {
/**
* Create a bliss_sampler_t object.
*
- * @param alg Hash algorithm to be used for the internal bitspender
+ * @param alg XOF to be used for the internal bitspender
* @param seed Seed used to initialize the internal bitspender
* @param set BLISS parameter set to be used
*/
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
- bliss_param_set_t *set);
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
+ const bliss_param_set_t *set);
#endif /** BLISS_SAMPLER_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.c b/src/libstrongswan/plugins/bliss/bliss_signature.c
index e603da399..f4e1bff30 100644
--- a/src/libstrongswan/plugins/bliss/bliss_signature.c
+++ b/src/libstrongswan/plugins/bliss/bliss_signature.c
@@ -32,7 +32,7 @@ struct private_bliss_signature_t {
/**
* BLISS signature parameter set
*/
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
/**
* BLISS signature vector z1 of size n
@@ -134,7 +134,7 @@ METHOD(bliss_signature_t, destroy, void,
/**
* See header.
*/
-bliss_signature_t *bliss_signature_create(bliss_param_set_t *set)
+bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set)
{
private_bliss_signature_t *this;
@@ -156,7 +156,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set)
/**
* See header.
*/
-bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
+bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
chunk_t encoding)
{
private_bliss_signature_t *this;
diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.h b/src/libstrongswan/plugins/bliss/bliss_signature.h
index d37f5398b..20ed6c0a2 100644
--- a/src/libstrongswan/plugins/bliss/bliss_signature.h
+++ b/src/libstrongswan/plugins/bliss/bliss_signature.h
@@ -61,7 +61,7 @@ struct bliss_signature_t {
*
* @param set BLISS parameter set
*/
-bliss_signature_t *bliss_signature_create(bliss_param_set_t *set);
+bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set);
/**
* Create a BLISS signature object from encoding.
@@ -69,7 +69,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set);
* @param set BLISS parameter set
* @param encoding binary signature encoding
*/
-bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
+bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
chunk_t encoding);
#endif /** BLISS_SIGNATURE_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.c b/src/libstrongswan/plugins/bliss/bliss_utils.c
index 5e313ff26..5baa1f89a 100644
--- a/src/libstrongswan/plugins/bliss/bliss_utils.c
+++ b/src/libstrongswan/plugins/bliss/bliss_utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -17,7 +17,7 @@
#include <asn1/asn1.h>
#include <crypto/hashers/hasher.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
/**
@@ -39,7 +39,8 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
/**
* See header.
*/
-void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd)
+void bliss_utils_round_and_drop(const bliss_param_set_t *set,
+ int32_t *x, int16_t *xd)
{
int32_t factor;
int i;
@@ -55,8 +56,8 @@ void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd)
/**
* See header.
*/
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
- uint16_t *ud, bliss_param_set_t *set,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
+ uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices)
{
int i, index_trials = 0, index_found = 0;
@@ -64,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
uint32_t index;
uint8_t *seed_pos;
chunk_t seed;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
@@ -79,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
seed_pos += sizeof(uint16_t);
}
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
@@ -117,7 +118,8 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
/**
* See header.
*/
-bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d)
+bool bliss_utils_check_norms(const bliss_param_set_t *set,
+ int32_t *z1, int16_t *z2d)
{
int32_t z2ds[set->n];
int32_t z1_min, z1_max, norm;
diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.h b/src/libstrongswan/plugins/bliss/bliss_utils.h
index 156968dd7..bfaf3c475 100644
--- a/src/libstrongswan/plugins/bliss/bliss_utils.h
+++ b/src/libstrongswan/plugins/bliss/bliss_utils.h
@@ -42,29 +42,31 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n);
* @param x input vector x of size n
* @param xd rounded vector x with d bits dropped
*/
-void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd);
+void bliss_utils_round_and_drop(const bliss_param_set_t *set,
+ int32_t *x, int16_t *xd);
/**
* Generate the binary challenge vector c as an array of kappa indices
*
- * @param alg hash algorithm to be used for the internal oracle
- * @param data_hash hash of the data to be signed
- * @param ud input vector ud of size n
- * @param set BLISS parameter set to be used (n, n_bits, kappa)
- * @param c_indices indexes of non-zero challenge coefficients
+ * @param alg XOF to be used for the internal oracle
+ * @param data_hash hash of the data to be signed
+ * @param ud input vector ud of size n
+ * @param set BLISS parameter set to be used (n, n_bits, kappa)
+ * @param c_indices indexes of non-zero challenge coefficients
*/
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
- uint16_t *ud, bliss_param_set_t *set,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
+ uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices);
/**
* Check the infinity and l2 norms of the vectors z1 and z2d << d
*
- * @param set BLISS parameter set
- * @param z1 input vector
- * @param z2d input vector
- * @result TRUE if infinite and l2 norms do not exceed boundaries
+ * @param set BLISS parameter set
+ * @param z1 input vector
+ * @param z2d input vector
+ * @result TRUE if infinite and l2 norms do not exceed boundaries
*/
-bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d);
+bool bliss_utils_check_norms(const bliss_param_set_t *set,
+ int32_t *z1, int16_t *z2d);
#endif /** BLISS_UTILS_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.am b/src/libstrongswan/plugins/bliss/tests/Makefile.am
index bd87753f5..1ec8d551f 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.am
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.am
@@ -3,7 +3,6 @@ TESTS = bliss_tests
check_PROGRAMS = $(TESTS)
bliss_tests_SOURCES = \
- suites/test_bliss_fft.c \
suites/test_bliss_bitpacker.c \
suites/test_bliss_huffman.c \
suites/test_bliss_keys.c \
@@ -15,6 +14,7 @@ bliss_tests_SOURCES = \
bliss_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
-I$(top_srcdir)/src/libstrongswan/plugins/bliss \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
@@ -24,4 +24,5 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@
bliss_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
../libbliss.la
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 85619c551..05f95dc61 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -110,7 +110,7 @@ CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__EXEEXT_1 = bliss_tests$(EXEEXT)
am__dirstamp = $(am__leading_dot)dirstamp
-am_bliss_tests_OBJECTS = suites/bliss_tests-test_bliss_fft.$(OBJEXT) \
+am_bliss_tests_OBJECTS = \
suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT) \
suites/bliss_tests-test_bliss_huffman.$(OBJEXT) \
suites/bliss_tests-test_bliss_keys.$(OBJEXT) \
@@ -122,6 +122,7 @@ bliss_tests_OBJECTS = $(am_bliss_tests_OBJECTS)
bliss_tests_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
../libbliss.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -353,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,11 +440,12 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
bliss_tests_SOURCES = \
- suites/test_bliss_fft.c \
suites/test_bliss_bitpacker.c \
suites/test_bliss_huffman.c \
suites/test_bliss_keys.c \
@@ -458,6 +457,7 @@ bliss_tests_SOURCES = \
bliss_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
-I$(top_srcdir)/src/libstrongswan/plugins/bliss \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
@@ -467,6 +467,7 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@
bliss_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
../libbliss.la
all: all-am
@@ -517,8 +518,6 @@ suites/$(am__dirstamp):
suites/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) suites/$(DEPDIR)
@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/bliss_tests-test_bliss_fft.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT): \
suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/bliss_tests-test_bliss_huffman.$(OBJEXT): \
@@ -545,7 +544,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_tests-bliss_tests.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_huffman.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_keys.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_sampler.Po@am__quote@
@@ -576,20 +574,6 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-suites/bliss_tests-test_bliss_fft.o: suites/test_bliss_fft.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c
-
-suites/bliss_tests-test_bliss_fft.obj: suites/test_bliss_fft.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.obj -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi`
-
suites/bliss_tests-test_bliss_bitpacker.o: suites/test_bliss_bitpacker.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_bitpacker.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo -c -o suites/bliss_tests-test_bliss_bitpacker.o `test -f 'suites/test_bliss_bitpacker.c' || echo '$(srcdir)/'`suites/test_bliss_bitpacker.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
index f0959cc08..61f37d5a1 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,7 +13,6 @@
* for more details.
*/
-TEST_SUITE(bliss_fft_suite_create)
TEST_SUITE(bliss_bitpacker_suite_create)
TEST_SUITE(bliss_huffman_suite_create)
TEST_SUITE(bliss_keys_suite_create)
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c
deleted file mode 100644
index 009aaf802..000000000
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_fft.h>
-
-static bliss_fft_params_t *fft_params[] = {
- &bliss_fft_17_8,
- &bliss_fft_12289_512
-};
-
-START_TEST(test_bliss_fft_impulse)
-{
- bliss_fft_t *fft;
- uint16_t n = fft_params[_i]->n;
- uint32_t x[n], X[n];
- int i;
-
- for (i = 0; i < n; i++)
- {
- x[i] = 0;
- }
- x[0] = 1;
-
- fft = bliss_fft_create(fft_params[_i]);
- fft->transform(fft, x, X, FALSE);
-
- for (i = 0; i < n; i++)
- {
- ck_assert(X[i] == 1);
- }
- fft->transform(fft, X, x, TRUE);
-
- for (i = 0; i < n; i++)
- {
- ck_assert(x[i] == (i == 0));
- }
- fft->destroy(fft);
-}
-END_TEST
-
-START_TEST(test_bliss_fft_wrap)
-{
- bliss_fft_t *fft;
- uint16_t n = fft_params[_i]->n;
- uint16_t q = fft_params[_i]->q;
- uint32_t x[n],y[n], X[n], Y[n];
- int i, j;
-
- for (i = 0; i < n; i++)
- {
- x[i] = i;
- y[i] = 0;
- }
- fft = bliss_fft_create(fft_params[_i]);
- ck_assert(fft->get_size(fft) == n);
- ck_assert(fft->get_modulus(fft) == q);
- fft->transform(fft, x, X, FALSE);
-
- for (j = 0; j < n; j++)
- {
- y[j] = 1;
- fft->transform(fft, y, Y, FALSE);
-
- for (i = 0; i < n; i++)
- {
- Y[i] = (X[i] * Y[i]) % q;
- }
- fft->transform(fft, Y, Y, TRUE);
-
- for (i = 0; i < n; i++)
- {
- ck_assert(Y[i] == ( i < j ? q - n - i + j : i - j));
- }
- y[j] = 0;
- }
- fft->destroy(fft);
-}
-END_TEST
-
-Suite *bliss_fft_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_fft");
-
- tc = tcase_create("impulse");
- tcase_add_loop_test(tc, test_bliss_fft_impulse, 0, countof(fft_params));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("negative_wrap");
- tcase_add_loop_test(tc, test_bliss_fft_wrap, 0, countof(fft_params));
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
index 1bd1266ad..26c5b60e6 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
@@ -22,16 +22,16 @@ static u_int key_size[] = { 1, 3, 4};
START_TEST(test_bliss_sampler_gaussian)
{
bliss_sampler_t *sampler;
- bliss_param_set_t *set;
+ const bliss_param_set_t *set;
int i, k, count;
uint32_t hist[8], sign[3];
int32_t z;
- hash_algorithm_t alg;
+ ext_out_function_t alg;
size_t seed_len;
chunk_t seed;
set = bliss_param_set_get_by_id(key_size[_i]);
- alg = HASH_SHA256;
+ alg = XOF_MGF1_SHA256;
seed_len = 32;
count = 10000000;
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
index 2a2f48c53..6f566506a 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
@@ -95,8 +95,8 @@ static chunk_t data = chunk_from_chars(
START_TEST(test_bliss_signature_fail)
{
- bliss_param_set_t set2 = { .id = BLISS_B_II };
- bliss_param_set_t *set;
+ const bliss_param_set_t set2 = { .id = BLISS_B_II };
+ const bliss_param_set_t *set;
bliss_signature_t *signature;
chunk_t encoding;
int k;
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index d54331163..895af626b 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index d93b0479c..39caacdcd 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.am b/src/libstrongswan/plugins/chapoly/Makefile.am
index 1753de0c7..d6d577c86 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.am
+++ b/src/libstrongswan/plugins/chapoly/Makefile.am
@@ -15,7 +15,8 @@ libstrongswan_chapoly_la_SOURCES = \
chapoly_plugin.h chapoly_plugin.c \
chapoly_drv.h chapoly_drv.c \
chapoly_drv_portable.h chapoly_drv_portable.c \
- chapoly_aead.h chapoly_aead.c
+ chapoly_aead.h chapoly_aead.c \
+ chapoly_xof.h chapoly_xof.c
noinst_LTLIBRARIES += libchapoly-drv-ssse3.la
libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index d5b77a990..c0de9d83d 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -152,7 +152,7 @@ libchapoly_drv_ssse3_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(LDFLAGS) -o $@
libstrongswan_chapoly_la_DEPENDENCIES = libchapoly-drv-ssse3.la
am_libstrongswan_chapoly_la_OBJECTS = chapoly_plugin.lo chapoly_drv.lo \
- chapoly_drv_portable.lo chapoly_aead.lo
+ chapoly_drv_portable.lo chapoly_aead.lo chapoly_xof.lo
libstrongswan_chapoly_la_OBJECTS = \
$(am_libstrongswan_chapoly_la_OBJECTS)
libstrongswan_chapoly_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
@@ -365,7 +365,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -399,8 +398,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -454,6 +451,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -469,7 +468,8 @@ libstrongswan_chapoly_la_SOURCES = \
chapoly_plugin.h chapoly_plugin.c \
chapoly_drv.h chapoly_drv.c \
chapoly_drv_portable.h chapoly_drv_portable.c \
- chapoly_aead.h chapoly_aead.c
+ chapoly_aead.h chapoly_aead.c \
+ chapoly_xof.h chapoly_xof.c
libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c
@USE_X86X64_TRUE@libchapoly_drv_ssse3_la_CFLAGS = $(PLUGIN_CFLAGS) -mssse3
@@ -573,6 +573,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_drv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_drv_portable.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_xof.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libchapoly_drv_ssse3_la-chapoly_drv_ssse3.Plo@am__quote@
.c.o:
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
index 02e7121d6..447960bd0 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
@@ -15,6 +15,7 @@
#include "chapoly_plugin.h"
#include "chapoly_aead.h"
+#include "chapoly_xof.h"
#include <library.h>
@@ -43,6 +44,8 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_REGISTER(AEAD, chapoly_aead_create),
PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
+ PLUGIN_REGISTER(XOF, chapoly_xof_create),
+ PLUGIN_PROVIDE(XOF, XOF_CHACHA20),
};
*features = f;
return countof(f);
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.c b/src/libstrongswan/plugins/chapoly/chapoly_xof.c
new file mode 100644
index 000000000..2740a55b4
--- /dev/null
+++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "chapoly_xof.h"
+#include "chapoly_drv.h"
+
+typedef struct private_chapoly_xof_t private_chapoly_xof_t;
+
+/**
+ * Private data of an chapoly_xof_t object.
+ */
+struct private_chapoly_xof_t {
+
+ /**
+ * Public chapoly_xof_t interface.
+ */
+ chapoly_xof_t public;
+
+ /**
+ * Latest block of the ChaCha20 stream.
+ */
+ uint8_t stream[CHACHA_BLOCK_SIZE];
+
+ /**
+ * Index pointing to the current position in the stream
+ */
+ u_int stream_index;
+
+ /**
+ * Driver backend
+ */
+ chapoly_drv_t *drv;
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_chapoly_xof_t *this)
+{
+ return XOF_CHACHA20;
+}
+
+METHOD(xof_t, get_bytes, bool,
+ private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer)
+{
+ size_t index = 0, len, blocks;
+
+ /* empty the stream buffer first */
+ len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index);
+ if (len)
+ {
+ memcpy(buffer, this->stream + this->stream_index, len);
+ index += len;
+ this->stream_index += len;
+ }
+
+ /* copy whole stream blocks directly to output buffer */
+ blocks = (out_len - index) / CHACHA_BLOCK_SIZE;
+ while (blocks--)
+ {
+ if (!this->drv->chacha(this->drv, buffer + index))
+ {
+ return FALSE;
+ }
+ index += CHACHA_BLOCK_SIZE;
+ }
+
+ /* refill the stream buffer if some more output bytes are needed */
+ len = out_len - index;
+ if (len)
+ {
+ if (!this->drv->chacha(this->drv, this->stream))
+ {
+ return FALSE;
+ }
+ memcpy(buffer + index, this->stream, len);
+ this->stream_index = len;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+ private_chapoly_xof_t *this, size_t out_len, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+ private_chapoly_xof_t *this)
+{
+ return CHACHA_BLOCK_SIZE;
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+ private_chapoly_xof_t *this)
+{
+ return CHACHA_KEY_SIZE + CHACHA_SALT_SIZE + CHACHA_IV_SIZE;
+}
+
+METHOD(xof_t, set_seed, bool,
+ private_chapoly_xof_t *this, chunk_t seed)
+{
+ this->stream_index = CHACHA_BLOCK_SIZE;
+
+ return seed.len == get_seed_size(this) &&
+ this->drv->set_key(this->drv, "expand 32-byte k",
+ seed.ptr, seed.ptr + CHACHA_KEY_SIZE) &&
+ this->drv->init(this->drv,
+ seed.ptr + CHACHA_KEY_SIZE + CHACHA_SALT_SIZE);
+}
+
+METHOD(xof_t, destroy, void,
+ private_chapoly_xof_t *this)
+{
+ this->drv->destroy(this->drv);
+ free(this);
+}
+
+/**
+ * See header
+ */
+chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm)
+{
+ private_chapoly_xof_t *this;
+ chapoly_drv_t *drv;
+
+ if (algorithm != XOF_CHACHA20)
+ {
+ return NULL;
+ }
+
+ drv = chapoly_drv_probe();
+ if (!drv)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .xof_interface = {
+ .get_type = _get_type,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_seed_size = _get_seed_size,
+ .set_seed = _set_seed,
+ .destroy = _destroy,
+ },
+ },
+ .drv = drv,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.h b/src/libstrongswan/plugins/chapoly/chapoly_xof.h
new file mode 100644
index 000000000..cd0586fad
--- /dev/null
+++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup chapoly_xof chapoly_xof
+ * @{ @ingroup chapoly
+ */
+
+#ifndef CHAPOLY_XOF_H_
+#define CHAPOLY_XOF_H_
+
+#include <crypto/aead.h>
+
+typedef struct chapoly_xof_t chapoly_xof_t;
+
+/**
+ * ChaCha20 XOF implementation
+ *
+ * Based on RFC 7539 ChaCha20 stream initialized with block counter = 1
+ */
+struct chapoly_xof_t {
+
+ /**
+ * Generic xof_t interface for this Extended Output Function (XOF).
+ */
+ xof_t xof_interface;
+};
+
+/**
+ * Create a chapoly_xof instance.
+ *
+ * @param algorithm XOF_CHACHA20
+ * @return chapoly_xof_t object, NULL if not supported
+ */
+chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm);
+
+#endif /** CHAPOLY_XOF_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 2703dc4cc..24702df73 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 90fd6bd6b..56b4835fd 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 94a7f112c..16d177e8a 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 5092c542c..7aad683cc 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index c2e49b66f..78905859b 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 1481f8dd8..327ebd36a 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 7623a9507..4bfe127bb 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 7c2ae7ce5..cceb70548 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index eb4a0aef0..fb649f4b3 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 727cc2497..f2396f4cd 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 938a46490..15b876b3f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return sign_raw(this, data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
case SIGN_RSA_EMSA_PKCS1_MD5:
return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
default:
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 291287a8f..90829e052 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_raw(this, data, signature);
- case SIGN_RSA_EMSA_PKCS1_MD5:
- return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 32d5bebf0..bee1f8042 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index ea75896a1..c75975301 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
/* signature schemes, private */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_DEPENDS(HASHER, HASH_SHA1),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
PLUGIN_DEPENDS(HASHER, HASH_MD5),
/* signature verification schemes */
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_DEPENDS(HASHER, HASH_SHA1),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
PLUGIN_DEPENDS(HASHER, HASH_MD5),
/* en-/decryption schemes */
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e5d418ea4..21b420866 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
default:
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index e738908e2..2b2c7f249 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
- case SIGN_RSA_EMSA_PKCS1_MD5:
- return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 6d8a845c0..c6e4e8d93 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index e290c807d..1f5ae3549 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 429cd9e8e..9c448cd9f 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index fe4c55545..635d5fc0e 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -93,8 +93,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
}
else
{
- DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
- ldap_err2string(ldap_result2error(ldap, entry, 0)));
+ DBG1(DBG_LIB, "finding first LDAP entry failed");
}
return success;
}
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 669856c59..d336a5342 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index d937ca348..a31d0a245 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.am b/src/libstrongswan/plugins/mgf1/Makefile.am
new file mode 100644
index 000000000..8df227f9f
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/Makefile.am
@@ -0,0 +1,17 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-mgf1.la
+else
+plugin_LTLIBRARIES = libstrongswan-mgf1.la
+endif
+
+libstrongswan_mgf1_la_SOURCES = \
+ mgf1_plugin.h mgf1_plugin.c \
+ mgf1_xof.h mgf1_xof.c
+
+libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in
new file mode 100644
index 000000000..189e214d7
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/Makefile.in
@@ -0,0 +1,791 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/mgf1
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_mgf1_la_LIBADD =
+am_libstrongswan_mgf1_la_OBJECTS = mgf1_plugin.lo mgf1_xof.lo
+libstrongswan_mgf1_la_OBJECTS = $(am_libstrongswan_mgf1_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_mgf1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_mgf1_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_mgf1_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_mgf1_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_mgf1_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_mgf1_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mgf1.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mgf1.la
+libstrongswan_mgf1_la_SOURCES = \
+ mgf1_plugin.h mgf1_plugin.c \
+ mgf1_xof.h mgf1_xof.c
+
+libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libstrongswan-mgf1.la: $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_DEPENDENCIES) $(EXTRA_libstrongswan_mgf1_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_mgf1_la_LINK) $(am_libstrongswan_mgf1_la_rpath) $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mgf1_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mgf1_xof.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
new file mode 100644
index 000000000..8df3ac261
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_plugin.h"
+#include "mgf1_xof.h"
+
+#include <library.h>
+
+typedef struct private_mgf1_plugin_t private_mgf1_plugin_t;
+
+/**
+ * private data of mgf1_plugin
+ */
+struct private_mgf1_plugin_t {
+
+ /**
+ * public functions
+ */
+ mgf1_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_mgf1_plugin_t *this)
+{
+ return "mgf1";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_mgf1_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(XOF, mgf1_xof_create),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_mgf1_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *mgf1_plugin_create()
+{
+ private_mgf1_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.h b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h
new file mode 100644
index 000000000..50105ca29
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_p mgf1
+ * @ingroup plugins
+ *
+ * @defgroup mgf1_plugin mgf1_plugin
+ * @{ @ingroup mgf1_p
+ */
+
+#ifndef MGF1_PLUGIN_H_
+#define MGF1_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct mgf1_plugin_t mgf1_plugin_t;
+
+/**
+ * Plugin implementing the MGF1 Mask Generator Function in software.
+ */
+struct mgf1_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** MGF1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.c b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
new file mode 100644
index 000000000..0f5fda952
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
@@ -0,0 +1,285 @@
+/*
+ * Copyright (C) 2013-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_xof.h"
+
+#include "crypto/hashers/hasher.h"
+#include "utils/debug.h"
+
+typedef struct private_mgf1_xof_t private_mgf1_xof_t;
+
+/**
+ * Private data of an mgf1_xof_t object.
+ */
+struct private_mgf1_xof_t {
+
+ /**
+ * Public mgf1_xof_t interface.
+ */
+ mgf1_xof_t public;
+
+ /**
+ * XOF type of the MGF1 Mask Generation Function
+ */
+ ext_out_function_t type;
+
+ /**
+ * Hasher the MGF1 Mask Generation Function is based on
+ */
+ hasher_t *hasher;
+
+ /**
+ * Is the seed hashed before using it as a seed for MGF1 ?
+ */
+ bool hash_seed;
+
+ /**
+ * Counter
+ */
+ uint32_t counter;
+
+ /**
+ * Set if counter has reached 2^32
+ */
+ bool overflow;
+
+ /**
+ * Current state to be hashed
+ */
+ chunk_t state;
+
+ /**
+ * Position of the 4 octet counter string
+ */
+ uint8_t *ctr_str;
+
+ /**
+ * Latest hash block
+ */
+ uint8_t buf[HASH_SIZE_SHA512];
+
+ /**
+ * Index pointing to the current position in the hash block
+ */
+ size_t buf_index;
+
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_mgf1_xof_t *this)
+{
+ return this->type;
+}
+
+static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer)
+{
+ /* detect overflow, set counter string and increment counter */
+ if (this->overflow)
+ {
+ DBG1(DBG_LIB, "MGF1 overflow occurred");
+ return FALSE;
+ }
+ htoun32(this->ctr_str, this->counter++);
+ if (this->counter == 0)
+ {
+ this->overflow = TRUE;
+ }
+
+ /* get the next block from the hash function */
+ if (!this->hasher->get_hash(this->hasher, this->state, buffer))
+ {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, get_bytes, bool,
+ private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer)
+{
+ size_t index = 0, blocks, len, hash_size;
+
+ hash_size = this->hasher->get_hash_size(this->hasher);
+
+ /* empty the current hash block buffer first */
+ len = min(out_len, hash_size - this->buf_index);
+ if (len)
+ {
+ memcpy(buffer, this->buf + this->buf_index, len);
+ index += len;
+ this->buf_index += len;
+ }
+
+ /* copy whole hash blocks directly to output buffer */
+ blocks = (out_len - index) / hash_size;
+ while (blocks--)
+ {
+ if (!get_next_block(this, buffer + index))
+ {
+ return FALSE;
+ }
+ index += hash_size;
+ }
+
+ /* get another hash block if some more output bytes are needed */
+ len = out_len - index;
+ if (len)
+ {
+ if (!get_next_block(this, this->buf))
+ {
+ return FALSE;
+ }
+ memcpy(buffer + index, this->buf, len);
+ this->buf_index = len;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+ private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+ private_mgf1_xof_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+ private_mgf1_xof_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, set_seed, bool,
+ private_mgf1_xof_t *this, chunk_t seed)
+{
+ size_t hash_size, state_len;
+
+ if (seed.len == 0)
+ {
+ DBG1(DBG_LIB, "empty seed for MGF1");
+ return FALSE;
+ }
+
+ /* determine state size and allocate space accordingly */
+ hash_size = this->hasher->get_hash_size(this->hasher);
+ state_len = (this->hash_seed ? hash_size : seed.len) + 4;
+ chunk_clear(&this->state);
+ this->state = chunk_alloc(state_len);
+
+ /* hash block buffer is empty */
+ this->buf_index = hash_size;
+
+ /* reset counter */
+ this->counter = 0;
+
+ /* determine position of the 4 octet counter string */
+ this->ctr_str = this->state.ptr + state_len - 4;
+
+ if (this->hash_seed)
+ {
+ if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr))
+ {
+ DBG1(DBG_LIB, "failed to hash seed for MGF1");
+ return FALSE;
+ }
+ }
+ else
+ {
+ memcpy(this->state.ptr, seed.ptr, seed.len);
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, destroy, void,
+ private_mgf1_xof_t *this)
+{
+ this->hasher->destroy(this->hasher);
+ chunk_clear(&this->state);
+ free(this);
+}
+
+METHOD(mgf1_t, set_hash_seed, void,
+ private_mgf1_xof_t *this, bool yes)
+{
+ this->hash_seed = yes;
+}
+
+/*
+ * Described in header.
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
+{
+ private_mgf1_xof_t *this;
+ hash_algorithm_t hash_alg;
+ hasher_t *hasher;
+
+ switch (algorithm)
+ {
+ case XOF_MGF1_SHA1:
+ hash_alg = HASH_SHA1;
+ break;
+ case XOF_MGF1_SHA256:
+ hash_alg = HASH_SHA256;
+ break;
+ case XOF_MGF1_SHA512:
+ hash_alg = HASH_SHA512;
+ break;
+ default:
+ return NULL;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
+ hash_algorithm_names, hash_alg);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .mgf1_interface = {
+ .xof_interface = {
+ .get_type = _get_type,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_seed_size = _get_seed_size,
+ .set_seed = _set_seed,
+ .destroy = _destroy,
+ },
+ .set_hash_seed = _set_hash_seed,
+ },
+ },
+ .type = algorithm,
+ .hasher = hasher,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.h b/src/libstrongswan/plugins/mgf1/mgf1_xof.h
new file mode 100644
index 000000000..9d60a807d
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_xof mgf1_xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_XOF_H_
+#define MGF1_XOF_H_
+
+typedef struct mgf1_xof_t mgf1_xof_t;
+
+#include <crypto/xofs/mgf1.h>
+
+/**
+ * Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash
+ * function defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_xof_t {
+
+ /**
+ * mgf1_t interface for this Extended Output Function (XOF).
+ */
+ mgf1_t mgf1_interface;
+};
+
+/**
+ * Create an mgf1_xof_t object
+ *
+ * @param algorithm XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512
+ * @return mgf1_xof_t object, NULL if not supported
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm);
+
+#endif /** MGF1_XOF_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 821dbc138..57dab351e 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/newhope/Makefile.am b/src/libstrongswan/plugins/newhope/Makefile.am
new file mode 100644
index 000000000..b01987d22
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/Makefile.am
@@ -0,0 +1,33 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ @COVERAGE_CFLAGS@
+
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libnewhope.la
+libnewhope_la_SOURCES = \
+ newhope_ke.h newhope_ke.c \
+ newhope_noise.h newhope_noise.c \
+ newhope_reconciliation.h newhope_reconciliation.c
+
+libnewhope_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+
+if MONOLITHIC
+noinst_LTLIBRARIES += libstrongswan-newhope.la
+else
+plugin_LTLIBRARIES = libstrongswan-newhope.la
+endif
+
+libstrongswan_newhope_la_SOURCES = \
+ newhope_plugin.h newhope_plugin.c
+
+libstrongswan_newhope_la_LDFLAGS = -module -avoid-version
+
+libstrongswan_newhope_la_LIBADD = libnewhope.la
+
+
diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in
new file mode 100644
index 000000000..be31fb29c
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/Makefile.in
@@ -0,0 +1,818 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@MONOLITHIC_TRUE@am__append_1 = libstrongswan-newhope.la
+subdir = src/libstrongswan/plugins/newhope
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libnewhope_la_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+am_libnewhope_la_OBJECTS = newhope_ke.lo newhope_noise.lo \
+ newhope_reconciliation.lo
+libnewhope_la_OBJECTS = $(am_libnewhope_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_newhope_la_DEPENDENCIES = libnewhope.la
+am_libstrongswan_newhope_la_OBJECTS = newhope_plugin.lo
+libstrongswan_newhope_la_OBJECTS = \
+ $(am_libstrongswan_newhope_la_OBJECTS)
+libstrongswan_newhope_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_newhope_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_newhope_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_newhope_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libnewhope_la_SOURCES) $(libstrongswan_newhope_la_SOURCES)
+DIST_SOURCES = $(libnewhope_la_SOURCES) \
+ $(libstrongswan_newhope_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ @COVERAGE_CFLAGS@
+
+
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libnewhope.la $(am__append_1)
+libnewhope_la_SOURCES = \
+ newhope_ke.h newhope_ke.c \
+ newhope_noise.h newhope_noise.c \
+ newhope_reconciliation.h newhope_reconciliation.c
+
+libnewhope_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-newhope.la
+libstrongswan_newhope_la_SOURCES = \
+ newhope_plugin.h newhope_plugin.c
+
+libstrongswan_newhope_la_LDFLAGS = -module -avoid-version
+libstrongswan_newhope_la_LIBADD = libnewhope.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libnewhope.la: $(libnewhope_la_OBJECTS) $(libnewhope_la_DEPENDENCIES) $(EXTRA_libnewhope_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libnewhope_la_OBJECTS) $(libnewhope_la_LIBADD) $(LIBS)
+
+libstrongswan-newhope.la: $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_DEPENDENCIES) $(EXTRA_libstrongswan_newhope_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_newhope_la_LINK) $(am_libstrongswan_newhope_la_rpath) $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_ke.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_noise.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_reconciliation.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c
new file mode 100644
index 000000000..28956d5fb
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@@ -0,0 +1,622 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "newhope_ke.h"
+#include "newhope_noise.h"
+#include "newhope_reconciliation.h"
+
+#include <ntt_fft.h>
+#include <ntt_fft_reduce.h>
+#include <crypto/diffie_hellman.h>
+#include <utils/debug.h>
+
+static const int seed_len = 32; /* 256 bits */
+static const int poly_len = 1792; /* size of 1024 packed 14-bit coefficients */
+static const int rec_len = 256; /* size of 1024 packed 2-bit coefficients */
+
+typedef struct private_newhope_ke_t private_newhope_ke_t;
+
+/**
+ * Private data of an newhope_ke_t object.
+ */
+struct private_newhope_ke_t {
+
+ /**
+ * Public newhope_ke_t interface.
+ */
+ newhope_ke_t public;
+
+ /**
+ * FFT parameter set
+ */
+ const ntt_fft_params_t *params;
+
+ /**
+ * Secret noise polynomial s
+ */
+ uint32_t *s;
+
+ /**
+ * Output polynomial u = a * NTT(s') + NTT(e')
+ */
+ uint32_t *u;
+
+ /**
+ * Error reconciliation help bits
+ */
+ uint8_t *r;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+
+};
+
+/**
+ * Derive 14-bit coefficients of polynomial a from 256 bit random seed
+ * using the SHAKE128 extended output function
+ */
+static uint32_t* derive_a_poly(private_newhope_ke_t *this, chunk_t seed)
+{
+ uint32_t *a;
+ uint8_t x[2];
+ int i = 0;
+ xof_t *xof;
+
+ xof = lib->crypto->create_xof(lib->crypto, XOF_SHAKE_128);
+ if (!xof)
+ {
+ DBG1(DBG_LIB, "could not instantiate SHAKE128 XOF");
+ return NULL;
+ }
+
+ if (!xof->set_seed(xof, seed))
+ {
+ DBG1(DBG_LIB, "could not set seed of SHAKE128 XOF");
+ xof->destroy(xof);
+ return NULL;
+ }
+
+ /* allocate dynamic memory for polynomial a */
+ a = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+ while (i < this->params->n)
+ {
+ if (!xof->get_bytes(xof, sizeof(x), x))
+ {
+ DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+ xof->destroy(xof);
+ free(a);
+ return NULL;
+ }
+
+ /*
+ * Treat x as a 16 bit unsigned little endian integer
+ * and truncate to 14 bits
+ */
+ a[i] = uletoh16(x) & 0x3fff;
+
+ if (a[i] < this->params->q)
+ {
+ i++;
+ }
+ }
+ xof->destroy(xof);
+
+ return a;
+}
+
+/**
+ * Pack four 14-bit coefficients into seven consecutive bytes
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |L 0 0 0 0 0 0 0|L 1 H 0 0 0 0 0|M 1 1 1 1 1 1 1|L 2 2 2 H 1 1 1|
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |M 2 2 2 2 2 2 2|L 3 3 3 3 3 H 2|H 3 3 3 3 3 3 3|L 0 0 0 0 0 0 0|
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+static void pack_poly(private_newhope_ke_t *this, uint8_t *x, uint32_t *p)
+{
+ int i;
+
+ for (i = 0; i < this->params->n; i += 4)
+ {
+ *x++ = (p[i] & 0xff );
+ *x++ = (p[i] >> 8) | (p[i+1] << 6);
+ *x++ = (p[i+1] >> 2);
+ *x++ = (p[i+1] >> 10) | (p[i+2] << 4);
+ *x++ = (p[i+2] >> 4);
+ *x++ = (p[i+2] >> 12) | (p[i+3] << 2);
+ *x++ = (p[i+3] >> 6);
+ }
+}
+
+/**
+ * Unpack seven consecutive bytes into four 14-bit coefficients
+ */
+static uint32_t* unpack_poly(private_newhope_ke_t * this, uint8_t *x)
+{
+ uint32_t *p;
+ int i;
+
+ p = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+ for (i = 0; i < this->params->n; i += 4)
+ {
+ p[i] = x[0] | (((uint32_t)x[1] & 0x3f) << 8);
+ p[i+1] = (x[1] >> 6) | (((uint32_t)x[2]) << 2)
+ | (((uint32_t)x[3] & 0x0f) << 10);
+ p[i+2] = (x[3] >> 4) | (((uint32_t)x[4]) << 4)
+ | (((uint32_t)x[5] & 0x03) << 12);
+ p[i+3] = (x[5] >> 2) | (((uint32_t)x[6]) << 6);
+ x += 7;
+ }
+ for (i = 0; i < this->params->n; i++)
+ {
+ if (p[i] >= this->params->q)
+ {
+ DBG1(DBG_LIB, "polynomial coefficient must be smaller than %u",
+ this->params->q);
+ free(p);
+ return NULL;
+ }
+ }
+ return p;
+}
+
+/**
+ * Multiply and add polynomials in the frequency domain
+ */
+static uint32_t* multiply_add_poly(private_newhope_ke_t *this,
+ uint32_t *a, uint32_t *e)
+{
+ ntt_fft_t *fft;
+ uint32_t *b, t;
+ int i;
+
+ /* transform s and h to frequency domain */
+ fft = ntt_fft_create(this->params);
+ fft->transform(fft, this->s, this->s, FALSE);
+ fft->transform(fft, e, e, FALSE);
+ fft->destroy(fft);
+
+ b = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+ /* compute b = a * s + e in the frequency domain */
+ for (i = 0; i < this->params->n; i++)
+ {
+ /* convert a[i] to Montgomery domain */
+ t = ntt_fft_mreduce(a[i] * this->params->r2, this->params);
+
+ /* compute b[i] = a[i] * s[i] + e[i] in Montgomery domain */
+ t = ntt_fft_mreduce(t * this->s[i], this->params) + e[i];
+
+ /* exit Montgomery domain before transmitting polynomial b */
+ b[i] = ntt_fft_mreduce(t, this->params);
+ }
+ memwipe(e, this->params->n * sizeof(uint32_t));
+
+ return b;
+}
+
+/**
+ * Multiply polynomials in the frequency domain and return to time domain
+ */
+static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b)
+{
+ ntt_fft_t *fft;
+ uint32_t *v, t;
+ int i;
+
+ v = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+ for (i = 0; i < this->params->n; i++)
+ {
+ /* convert b[i] to Montgomery domain */
+ t = ntt_fft_mreduce(b[i] * this->params->r2, this->params);
+
+ /* compute v[i] = b[i] * s[i] in Montgomery domain */
+ v[i] = ntt_fft_mreduce(t * this->s[i], this->params);
+ }
+
+ /* transform v back to time domain */
+ fft = ntt_fft_create(this->params);
+ fft->transform(fft, v, v, TRUE);
+ fft->destroy(fft);
+
+ return v;
+}
+
+/**
+ * Pack four 2-bit coefficents into one byte
+ */
+static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r)
+{
+ int i;
+
+ for (i = 0; i < this->params->n; i += 4)
+ {
+ *x++ = r[i] | r[i+1] << 2 | r[i+2] << 4 | r[i+3] << 6;
+ }
+}
+
+static uint8_t* unpack_rec(private_newhope_ke_t *this, uint8_t *x)
+{
+ uint8_t *r;
+ int i;
+
+ r = (uint8_t*)malloc(this->params->n);
+
+ for (i = 0; i < this->params->n; i += 4)
+ {
+ r[i] = (*x) & 0x03;
+ r[i+1] = (*x >> 2) & 0x03;
+ r[i+2] = (*x >> 4) & 0x03;
+ r[i+3] = (*x >> 6) & 0x03;
+ x++;
+ }
+
+ return r;
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_newhope_ke_t *this, chunk_t *value)
+{
+ uint16_t n, q;
+ int i;
+
+ /* Define some often-used constants */
+ n = this->params->n;
+ q = this->params->q;
+
+ /* are we the initiator? */
+ if (this->u == NULL)
+ {
+ rng_t *rng;
+ uint32_t *a = NULL, *b = NULL, *e = NULL;
+ uint8_t noise_seed_buf[seed_len];
+ chunk_t noise_seed = { noise_seed_buf, seed_len};
+ chunk_t a_seed;
+ newhope_noise_t *noise = NULL;
+ bool success = FALSE;
+
+ /* allocate space for public output value */
+ *value = chunk_alloc(poly_len + seed_len);
+ a_seed = chunk_create(value->ptr + poly_len, seed_len);
+
+ /* create polynomial a from 256 bit random seed */
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ DBG1(DBG_LIB, "could not instatiate random source");
+ return FALSE;
+ }
+ if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
+ {
+ DBG1(DBG_LIB, "could not generate seed for polynomial a");
+ goto end;
+ }
+
+ a = derive_a_poly(this, a_seed);
+ if (a == NULL)
+ {
+ goto end;
+ }
+
+ /* generate random seed for the derivation of noise polynomials */
+ if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
+ {
+ DBG1(DBG_LIB, "could not generate seed for noise polynomials");
+ goto end;
+ }
+
+ /* create noise polynomial generator */
+ noise = newhope_noise_create(noise_seed);
+ if (!noise)
+ {
+ goto end;
+ }
+
+ /* create noise polynomial s from seed with nonce = 0x00 */
+ this->s = noise->get_binomial_words(noise, 0x00, n, q);
+ if (this->s == NULL)
+ {
+ goto end;
+ }
+
+ /* create noise polynomial e from seed with nonce = 0x01 */
+ e = noise->get_binomial_words(noise, 0x01, n, q);
+ if (e == NULL)
+ {
+ goto end;
+ }
+
+ /* compute b = a * NTT(s) + NTT(e) */
+ b = multiply_add_poly(this, a, e);
+
+ DBG3(DBG_LIB, " i a[i] b[i]");
+ for (i = 0; i < n; i++)
+ {
+ DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]);
+ }
+
+ /* pack coefficients of polynomial b */
+ pack_poly(this, value->ptr, b);
+ success = TRUE;
+
+ end:
+ rng->destroy(rng);
+ DESTROY_IF(noise);
+ free(a);
+ free(b);
+ free(e);
+
+ if (!success)
+ {
+ chunk_free(value);
+ }
+ return success;
+ }
+ else
+ {
+ DBG3(DBG_LIB, " i u[i] r[i]");
+ for (i = 0; i < n; i++)
+ {
+ DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]);
+ }
+
+ /* allocate space for public output value */
+ *value = chunk_alloc(poly_len + rec_len);
+
+ /* pack coefficients of polynomial u */
+ pack_poly(this, value->ptr, this->u);
+
+ /* pack coefficients of polynomial r */
+ pack_rec(this, value->ptr + poly_len, this->r);
+
+ return TRUE;
+ }
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_newhope_ke_t *this, chunk_t *secret)
+{
+ if (this->shared_secret.len == 0)
+ {
+ *secret = chunk_empty;
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_newhope_ke_t *this, chunk_t value)
+{
+ newhope_reconciliation_t * rec;
+ uint16_t n, q;
+ int i;
+
+ /* Define some often-used constants */
+ n = this->params->n;
+ q = this->params->q;
+
+ /* are we the responder? */
+ if (this->s == NULL)
+ {
+ uint32_t *a = NULL, *b = NULL, *e1 = NULL, *e2 = NULL, *v = NULL, t;
+ uint8_t *rbits = NULL;
+ uint8_t noise_seed_buf[seed_len];
+ chunk_t noise_seed = { noise_seed_buf, seed_len };
+ chunk_t a_seed;
+ newhope_noise_t *noise = NULL;
+ rng_t *rng = NULL;
+ bool success = FALSE;
+
+ if (value.len != poly_len + seed_len)
+ {
+ DBG1(DBG_LIB, "received %N KE payload of incorrect size",
+ diffie_hellman_group_names, NH_128_BIT);
+ return FALSE;
+ }
+ a_seed = chunk_create(value.ptr + poly_len, seed_len);
+
+ a = derive_a_poly(this, a_seed);
+ if (a == NULL)
+ {
+ return FALSE;
+ }
+
+ b = unpack_poly(this, value.ptr);
+ if (b == NULL)
+ {
+ goto end;
+ }
+
+ /* debug output of polynomials a and b */
+ DBG3(DBG_LIB, " i a[i] b[i]");
+ for (i = 0; i < n; i++)
+ {
+ DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]);
+ }
+
+ /* generate random seed for the derivation of noise polynomials */
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ DBG1(DBG_LIB, "could not instatiate random source");
+ goto end;
+ }
+ if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
+ {
+ DBG1(DBG_LIB, "could not generate seed for noise polynomials");
+ goto end;
+ }
+
+ /* create noise polynomial generator */
+ noise = newhope_noise_create(noise_seed);
+ if (!noise)
+ {
+ goto end;
+ }
+
+ /* create noise polynomial s' from seed with nonce = 0x00 */
+ this->s = noise->get_binomial_words(noise, 0x00, n, q);
+ if (this->s == NULL)
+ {
+ goto end;
+ }
+
+ /* create noise polynomial e' from seed with nonce = 0x01 */
+ e1 = noise->get_binomial_words(noise, 0x01, n, q);
+ if (e1 == NULL)
+ {
+ goto end;
+ }
+
+ /* create noise polynomial e'' from seed with nonce = 0x02 */
+ e2 = noise->get_binomial_words(noise, 0x02, n, q);
+ if (e2 == NULL)
+ {
+ goto end;
+ }
+
+ /* compute u = a * NTT(s') + NTT(e') */
+ this->u = multiply_add_poly(this, a, e1);
+
+ /* compute v = NTT_inv( b * NTT(s') ) */
+ v = multiply_ntt_inv_poly(this, b);
+
+ /* compute v = v + e'' */
+ for (i = 0; i < n; i++)
+ {
+ t = v[i] + e2[i];
+ v[i] = (t < q) ? t : t - q;
+ }
+ memwipe(e2, n * sizeof(uint32_t));
+
+ /* create uniform noise bytes from seed with nonce = 0x02 */
+ rbits = noise->get_uniform_bytes(noise, 0x03, n/(4*8));
+
+ rec = newhope_reconciliation_create(n, q);
+ this->r = rec->help_reconcile(rec, v, rbits);
+ free(rbits);
+ this->shared_secret = rec->reconcile(rec, v, this->r);
+ rec->destroy(rec);
+
+ DBG4(DBG_LIB, "key: %B", &this->shared_secret);
+ success = TRUE;
+
+ end:
+ DESTROY_IF(rng);
+ DESTROY_IF(noise);
+ free(a);
+ free(b);
+ free(e1);
+ free(e2);
+ free(v);
+
+ return success;
+ }
+ else
+ {
+ uint32_t *v;
+
+ if (value.len != poly_len + rec_len)
+ {
+ DBG1(DBG_LIB, "received %N KE payload of incorrect size",
+ diffie_hellman_group_names, NH_128_BIT);
+ return FALSE;
+ }
+
+ this->u = unpack_poly(this, value.ptr);
+ if (this->u == NULL)
+ {
+ return FALSE;
+ }
+
+ this->r = unpack_rec(this, value.ptr + poly_len);
+ if (this->r == NULL)
+ {
+ return FALSE;
+ }
+
+ DBG3(DBG_LIB, " i u[i] r[i]");
+ for (i = 0; i < n; i++)
+ {
+ DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]);
+ }
+
+ /* compute v' = NTT_inv( u * NTT(s) ) */
+ v = multiply_ntt_inv_poly(this, this->u);
+
+ rec = newhope_reconciliation_create(n, q);
+ this->shared_secret = rec->reconcile(rec, v, this->r);
+ free(v);
+ rec->destroy(rec);
+
+ DBG4(DBG_LIB, "key: %B", &this->shared_secret);
+
+ return TRUE;
+ }
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_newhope_ke_t *this)
+{
+ return NH_128_BIT;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_newhope_ke_t *this)
+{
+ chunk_clear(&this->shared_secret);
+ memwipe(this->s, this->params->n * sizeof(uint32_t));
+ free(this->s);
+ free(this->u);
+ free(this->r);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+ private_newhope_ke_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .params = &ntt_fft_12289_1024,
+
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.h b/src/libstrongswan/plugins/newhope/newhope_ke.h
new file mode 100644
index 000000000..677d04f90
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_ke newhope_ke
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_KE_H_
+#define NEWHOPE_KE_H_
+
+typedef struct newhope_ke_t newhope_ke_t;
+
+#include <library.h>
+
+/**
+ * Implementation of a key exchange algorithm using the New Hope algorithm
+ */
+struct newhope_ke_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new newhope_ke_t object.
+ *
+ * @param group New Hope DH group number
+ * @param g not used
+ * @param p not used
+ * @return newhope_ke_t object, NULL if not supported
+ */
+newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
+#endif /** NEWHOPE_KE_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.c b/src/libstrongswan/plugins/newhope/newhope_noise.c
new file mode 100644
index 000000000..5ba9f94bd
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_noise.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "newhope_noise.h"
+
+typedef struct private_newhope_noise_t private_newhope_noise_t;
+
+static const int seed_len = 32; /* 256 bits */
+static const int nonce_len = 12; /* 96 bits */
+
+/**
+ * Private data of an newhope_noise_t object.
+ */
+struct private_newhope_noise_t {
+
+ /**
+ * Public newhope_noise_t interface.
+ */
+ newhope_noise_t public;
+
+ /**
+ * 256 bit seed and 96 bit nonce (44 bytes)
+ */
+ chunk_t seed;
+
+ /**
+ * ChaCha20 stream
+ */
+ xof_t *xof;
+
+};
+
+METHOD(newhope_noise_t, get_uniform_bytes, uint8_t*,
+ private_newhope_noise_t *this, uint8_t nonce, uint16_t n)
+{
+ uint8_t *bytes;
+
+ this->seed.ptr[seed_len] = nonce;
+ if (!this->xof->set_seed(this->xof, this->seed))
+ {
+ DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF");
+ return NULL;
+ }
+
+ /* allocate dynamic memory for the noise polynomial */
+ bytes = (uint8_t*)malloc(n);
+
+ if (!this->xof->get_bytes(this->xof, n, bytes))
+ {
+ DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+ free(bytes);
+ return NULL;
+ }
+
+ return bytes;
+}
+
+METHOD(newhope_noise_t, get_binomial_words, uint32_t*,
+ private_newhope_noise_t *this, uint8_t nonce, uint16_t n, uint16_t q)
+{
+ uint32_t *np, a, b, d, t;
+ uint8_t x[4];
+ int i = 0, j;
+
+ this->seed.ptr[seed_len] = nonce;
+ if (!this->xof->set_seed(this->xof, this->seed))
+ {
+ DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF");
+ return NULL;
+ }
+
+ /* allocate dynamic memory for the noise polynomial */
+ np = (uint32_t*)malloc(n * sizeof(uint32_t));
+
+ for (i = 0; i < n; i++)
+ {
+ if (!this->xof->get_bytes(this->xof, sizeof(x), x))
+ {
+ DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+ free(np);
+ return NULL;
+ }
+
+ /* Treat x as a 32 bit unsigned little endian integer */
+ t = uletoh32(x);
+
+ /* Compute Psi_16 distribution */
+ d = 0;
+ for (j = 0; j < 8; j++)
+ {
+ d += (t >> j) & 0x01010101;
+ }
+ a = ((d >> 8) & 0xff) + (d & 0xff);
+ b = ((d >> 16) & 0xff) + (d >> 24);
+ np[i] = (a >= b) ? a - b : a + q - b;
+ }
+
+ return np;
+}
+
+METHOD(newhope_noise_t, destroy, void,
+ private_newhope_noise_t *this)
+{
+ this->xof->destroy(this->xof);
+ chunk_free(&this->seed);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_noise_t *newhope_noise_create(chunk_t seed)
+{
+ private_newhope_noise_t *this;
+ xof_t *xof;
+
+ if (seed.len != seed_len)
+ {
+ DBG1(DBG_LIB, "seed for ChaCha20 stream must be 256 bits");
+ return NULL;
+ }
+
+ xof = lib->crypto->create_xof(lib->crypto, XOF_CHACHA20);
+ if (!xof)
+ {
+ DBG1(DBG_LIB, "could not instantiate ChaCha20 stream");
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_uniform_bytes = _get_uniform_bytes,
+ .get_binomial_words = _get_binomial_words,
+ .destroy = _destroy,
+ },
+ .xof = xof,
+ .seed = chunk_alloc(seed_len + nonce_len),
+ );
+
+ /* initialize seed for ChaCha 20 stream */
+ memcpy(this->seed.ptr, seed.ptr, seed_len);
+ memset(this->seed.ptr + seed_len, 0x00, nonce_len);
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.h b/src/libstrongswan/plugins/newhope/newhope_noise.h
new file mode 100644
index 000000000..d7819d3ad
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_noise.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_noise newhope_noise
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_NOISE_H_
+#define NEWHOPE_NOISE_H_
+
+typedef struct newhope_noise_t newhope_noise_t;
+
+#include <library.h>
+
+/**
+ * Generate pseudo random noise using a ChaCha20 stream
+ * initialized with a 256 bit seed and an 8 bit nonce
+ */
+struct newhope_noise_t {
+
+ /**
+ * Return n pseudo random bytes with a uniform distribution
+ *
+ * @param nonce Nonce determining the pseudo random stream
+ * @param n Number of pseudo random bytes to be returned
+ * @return Return array with n peudo random bytes
+ */
+ uint8_t* (*get_uniform_bytes)(newhope_noise_t *this, uint8_t nonce,
+ uint16_t n);
+
+ /**
+ * Return n pseudo random 32-bit words with a Psi16 binomial distribution
+ *
+ * @param nonce Nonce determining the pseudo random stream
+ * @param n Number of pseudo random Psi16 words to be returned
+ * @param q Prime number q determining the ring
+ * @return Return array with n pseudo random 32 bit words
+ */
+ uint32_t* (*get_binomial_words)(newhope_noise_t *this, uint8_t nonce,
+ uint16_t n, uint16_t q);
+
+ /**
+ * Destroy a newhope_noise_t object
+ */
+ void (*destroy)(newhope_noise_t *this);
+};
+
+/**
+ * Creates a new newhope_noise_t object.
+ *
+ * @param seed 256 bit seed (32 byte chunk)
+ * @return newhope_noise_t object, NULL if not supported
+ */
+newhope_noise_t *newhope_noise_create(chunk_t seed);
+
+#endif /** NEWHOPE_NOISE_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/newhope/newhope_plugin.c b/src/libstrongswan/plugins/newhope/newhope_plugin.c
new file mode 100644
index 000000000..444e61a1d
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_plugin.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "newhope_plugin.h"
+#include "newhope_ke.h"
+
+#include <library.h>
+
+typedef struct private_newhope_plugin_t private_newhope_plugin_t;
+
+/**
+ * private data of newhope_plugin
+ */
+struct private_newhope_plugin_t {
+
+ /**
+ * public functions
+ */
+ newhope_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_newhope_plugin_t *this)
+{
+ return "newhope";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_newhope_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(DH, newhope_ke_create),
+ PLUGIN_PROVIDE(DH, NH_128_BIT),
+ PLUGIN_DEPENDS(XOF, XOF_SHAKE_128),
+ PLUGIN_DEPENDS(XOF, XOF_CHACHA20),
+ };
+ *features = f;
+
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_newhope_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *newhope_plugin_create()
+{
+ private_newhope_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_plugin.h b/src/libstrongswan/plugins/newhope/newhope_plugin.h
new file mode 100644
index 000000000..b04792f10
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_p newhope
+ * @ingroup plugins
+ *
+ * @defgroup newhope_plugin newhope_plugin
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_PLUGIN_H_
+#define NEWHOPE_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct newhope_plugin_t newhope_plugin_t;
+
+/**
+ * Plugin implementing New Hope-based key exchange
+ */
+struct newhope_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** NEWHOPE_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.c b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c
new file mode 100644
index 000000000..4aed60e30
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ */
+
+#include "newhope_reconciliation.h"
+
+typedef struct private_newhope_reconciliation_t private_newhope_reconciliation_t;
+
+/**
+ * Private data of an newhope_reconciliation_t object.
+ */
+struct private_newhope_reconciliation_t {
+
+ /**
+ * Public newhope_reconciliation_t interface.
+ */
+ newhope_reconciliation_t public;
+
+ /**
+ * Array sizes
+ */
+ int n, n4;
+
+ /**
+ * Multiples of modulus q
+ */
+ int32_t q, q2, q4, q8, q16;
+};
+
+
+static inline int32_t rec_abs(int32_t v)
+{
+ int32_t mask = v >> 31;
+
+ return (v ^ mask) - mask;
+}
+
+/**
+ * Auxiliary function used by help_reconcile() method
+ */
+static int32_t rec_f(private_newhope_reconciliation_t *this,
+ int32_t v, uint8_t r, int32_t *v0, int32_t *v1)
+{
+ int32_t x, xit, t, b;
+
+ x = 8 * v + 2 * r;
+
+ /* compute t = x/q */
+ b = x * 2730;
+ t = b >> 25;
+ b = x - t * this->q;
+ b = this->q - 1 - b;
+ b >>= 31;
+ t -= b;
+
+ r = t & 0x01;
+ xit = (t >> 1);
+ *v0 = xit + r ; /* v0 = round(x/(2q)) */
+
+ t -= 1;
+ r = t & 0x01;
+ *v1 = ( t>> 1) + r;
+
+ return rec_abs(x - (*v0) * this->q2);
+}
+
+/**
+ * Auxiliary function used by reconcile() method
+ */
+static int32_t rec_g(private_newhope_reconciliation_t *this, int32_t x)
+{
+ int32_t t, r, b;
+
+ /* t = x/(4*q) */
+ b = x * 2730;
+ t = b >> 27;
+ b = x - t * this->q4;
+ b = this->q4 - 1 - b;
+ b >>= 31;
+ t -= b;
+
+ r = t & 0x01;
+ t = (t >> 1) + r; /* t = round(x/(8q)) */
+ t *= this->q8;
+
+ return abs(t - x);
+}
+
+METHOD(newhope_reconciliation_t, help_reconcile, uint8_t*,
+ private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *rbits)
+{
+ int32_t v0[4], v1[4], v_tmp[4], k;
+ int i, i0, i1, i2, i3, j;
+ uint8_t *r, rbit;
+
+ /* allocate output vector */
+ r = (uint8_t*)malloc(this->n);
+
+ for (i = 0; i < this->n4/8; i++)
+ {
+ for (j = 0; j < 8; j++)
+ {
+ i0 = 8*i + j;
+ i1 = i0 + this->n4;
+ i2 = i1 + this->n4;
+ i3 = i2 + this->n4;
+
+ /* iterate through all 256 random bits */
+ rbit = (rbits[i] >> j) & 0x01;
+
+ k = rec_f(this, v[i0], rbit, &v0[0], &v1[0]);
+ k += rec_f(this, v[i1], rbit, &v0[1], &v1[1]);
+ k += rec_f(this, v[i2], rbit, &v0[2], &v1[2]);
+ k += rec_f(this, v[i3], rbit, &v0[3], &v1[3]);
+
+ k = (this->q2 - 1 - k) >> 31;
+
+ v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]);
+ v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]);
+ v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]);
+ v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]);
+
+ r[i0] = (v_tmp[0] - v_tmp[3]) & 0x03;
+ r[i1] = (v_tmp[1] - v_tmp[3]) & 0x03;
+ r[i2] = (v_tmp[2] - v_tmp[3]) & 0x03;
+ r[i3] = (v_tmp[3] - k + v_tmp[3]) & 0x03;
+ }
+ }
+
+ return r;
+}
+
+METHOD(newhope_reconciliation_t, reconcile, chunk_t,
+ private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *r)
+{
+ size_t key_len;
+ uint8_t *key;
+ int32_t tmp[4], t;
+ int i, i0, i1, i2, i3, j;
+
+ key_len = this->n4 / 8;
+ key = (uint8_t*)malloc(key_len);
+ memset(key, 0x00, key_len);
+
+ for (i = 0; i < key_len; i++)
+ {
+ for (j = 0; j < 8; j++)
+ {
+ i0 = 8*i + j;
+ i1 = i0 + this->n4;
+ i2 = i1 + this->n4;
+ i3 = i2 + this->n4;
+
+ tmp[0] = this->q16 + 8 * (int32_t)v[i0] -
+ this->q * (2*r[i0] + r[i3]);
+ tmp[1] = this->q16 + 8 * (int32_t)v[i1] -
+ this->q * (2*r[i1] + r[i3]);
+ tmp[2] = this->q16 + 8 * (int32_t)v[i2] -
+ this->q * (2*r[i2] + r[i3]);
+ tmp[3] = this->q16 + 8 * (int32_t)v[i3] -
+ this->q * ( r[i3]);
+
+ t = rec_g(this, tmp[0]) + rec_g(this, tmp[1]) +
+ rec_g(this, tmp[2]) + rec_g(this, tmp[3]) - this->q8;
+
+ key[i] |= ((t >> 31) & 0x01) << j;
+ }
+ }
+
+ return chunk_create(key, key_len);
+}
+
+METHOD(newhope_reconciliation_t, destroy, void,
+ private_newhope_reconciliation_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q)
+{
+ private_newhope_reconciliation_t *this;
+
+ INIT(this,
+ .public = {
+ .help_reconcile = _help_reconcile,
+ .reconcile = _reconcile,
+ .destroy = _destroy,
+ },
+ .n = n,
+ .n4 = n / 4,
+ .q = q,
+ .q2 = 2 * q,
+ .q4 = 4 * q,
+ .q8 = 8 * q,
+ .q16 = 16 * q,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.h b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h
new file mode 100644
index 000000000..7cbf0d208
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_reconciliation newhope_reconciliation
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_RECONCILIATION_H_
+#define NEWHOPE_RECONCILIATION_H_
+
+typedef struct newhope_reconciliation_t newhope_reconciliation_t;
+
+#include <library.h>
+
+/**
+ * Class assisting the error reconciliation
+ * resulting in a key exchange error rate < 2^(-60)
+ */
+struct newhope_reconciliation_t {
+
+ /**
+ * Generate reconciliation polynomial
+ *
+ * @param v polynomial v
+ * @param rbits pseudo random bit array
+ * @return return array with reconciliation polynomial
+ */
+ uint8_t* (*help_reconcile)(newhope_reconciliation_t *this,
+ uint32_t *v, uint8_t *rbits);
+
+ /**
+ * Use reconciliation polynomial r to derive shared secret
+ *
+ * @param v polynomial v or v'
+ * @param r reconciliation polynomial r
+ * @return Return shared secret
+ */
+ chunk_t (*reconcile)(newhope_reconciliation_t *this,
+ uint32_t *v, uint8_t *r);
+
+ /**
+ * Destroy a newhope_reconciliation_t object
+ */
+ void (*destroy)(newhope_reconciliation_t *this);
+};
+
+/**
+ * Creates a new newhope_reconciliation_t object.
+ *
+ * @param n array size
+ * @param q prime modulus
+ * @return newhope_reconciliation_t object
+ */
+newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q);
+
+#endif /** NEWHOPE_RECONCILIATION_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.am b/src/libstrongswan/plugins/newhope/tests/Makefile.am
new file mode 100644
index 000000000..3992e26d1
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.am
@@ -0,0 +1,25 @@
+TESTS = newhope_tests
+
+check_PROGRAMS = $(TESTS)
+
+newhope_tests_SOURCES = \
+ suites/test_newhope_ke.c \
+ suites/test_newhope_noise.c \
+ suites/test_newhope_reconciliation.c \
+ newhope_tests.h newhope_tests.c
+
+newhope_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+ -I$(top_srcdir)/src/libstrongswan/plugins/newhope \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+newhope_tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ ../libnewhope.la
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in
new file mode 100644
index 000000000..07ded5d9d
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in
@@ -0,0 +1,929 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS = newhope_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = src/libstrongswan/plugins/newhope/tests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 = newhope_tests$(EXEEXT)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_newhope_tests_OBJECTS = \
+ suites/newhope_tests-test_newhope_ke.$(OBJEXT) \
+ suites/newhope_tests-test_newhope_noise.$(OBJEXT) \
+ suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT) \
+ newhope_tests-newhope_tests.$(OBJEXT)
+newhope_tests_OBJECTS = $(am_newhope_tests_OBJECTS)
+newhope_tests_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ ../libnewhope.la
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+newhope_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(newhope_tests_CFLAGS) \
+ $(CFLAGS) $(newhope_tests_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(newhope_tests_SOURCES)
+DIST_SOURCES = $(newhope_tests_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red='�[0;31m'; \
+ grn='�[0;32m'; \
+ lgn='�[1;32m'; \
+ blu='�[1;34m'; \
+ mgn='�[0;35m'; \
+ brg='�[1m'; \
+ std='�[m'; \
+ fi; \
+}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+newhope_tests_SOURCES = \
+ suites/test_newhope_ke.c \
+ suites/test_newhope_noise.c \
+ suites/test_newhope_reconciliation.c \
+ newhope_tests.h newhope_tests.c
+
+newhope_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+ -I$(top_srcdir)/src/libstrongswan/plugins/newhope \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+newhope_tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la \
+ $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+ ../libnewhope.la
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_ke.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_noise.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+
+newhope_tests$(EXEEXT): $(newhope_tests_OBJECTS) $(newhope_tests_DEPENDENCIES) $(EXTRA_newhope_tests_DEPENDENCIES)
+ @rm -f newhope_tests$(EXEEXT)
+ $(AM_V_CCLD)$(newhope_tests_LINK) $(newhope_tests_OBJECTS) $(newhope_tests_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f suites/*.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_tests-newhope_tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+suites/newhope_tests-test_newhope_ke.o: suites/test_newhope_ke.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c
+
+suites/newhope_tests-test_newhope_ke.obj: suites/test_newhope_ke.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi`
+
+suites/newhope_tests-test_newhope_noise.o: suites/test_newhope_noise.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c
+
+suites/newhope_tests-test_newhope_noise.obj: suites/test_newhope_noise.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi`
+
+suites/newhope_tests-test_newhope_reconciliation.o: suites/test_newhope_reconciliation.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c
+
+suites/newhope_tests-test_newhope_reconciliation.obj: suites/test_newhope_reconciliation.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reconciliation.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reconciliation.c'; fi`
+
+newhope_tests-newhope_tests.o: newhope_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.o -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c
+
+newhope_tests-newhope_tests.obj: newhope_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.obj -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/newhope/tests/newhope_tests.c b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c
new file mode 100644
index 000000000..1cc9a2d91
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+#include <library.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#include "newhope_tests.h"
+#undef TEST_SUITE
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#include "newhope_tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ char *plugins, *plugindir;
+
+ plugins = lib->settings->get_str(lib->settings,
+ "tests.load", PLUGINS);
+ plugindir = lib->settings->get_str(lib->settings,
+ "tests.plugindir", PLUGINDIR);
+ plugin_loader_add_plugindirs(plugindir, plugins);
+ if (!lib->plugins->load(lib->plugins, plugins))
+ {
+ return FALSE;
+ }
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ lib->plugins->unload(lib->plugins);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("newhope", tests, test_runner_init);
+}
diff --git a/src/libstrongswan/plugins/newhope/tests/newhope_tests.h b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h
new file mode 100644
index 000000000..3f81434e6
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(newhope_ke_suite_create)
+TEST_SUITE(newhope_noise_suite_create)
+TEST_SUITE(newhope_reconciliation_suite_create)
diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c
new file mode 100644
index 000000000..33b744fe1
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <newhope_ke.h>
+
+#include <library.h>
+
+#include <time.h>
+
+const int count = 1000;
+
+START_TEST(test_newhope_ke_good)
+{
+ chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
+ diffie_hellman_t *i_nh, *r_nh;
+ struct timespec start, stop;
+ int i;
+
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
+
+ for (i = 0; i < count; i++)
+ {
+ i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(i_nh != NULL);
+ ck_assert(i_nh->get_dh_group(i_nh) == NH_128_BIT);
+
+ ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+ ck_assert(i_msg.len = 1824);
+
+ r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(r_nh != NULL);
+
+ ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
+ ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+ ck_assert(r_msg.len == 2048);
+
+ ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
+ ck_assert(r_shared_secret.len == 32);
+
+ ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+ ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
+ ck_assert(i_shared_secret.len == 32);
+ ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
+
+ /* cleanup */
+ chunk_clear(&i_shared_secret);
+ chunk_clear(&r_shared_secret);
+ chunk_free(&i_msg);
+ chunk_free(&r_msg);
+ i_nh->destroy(i_nh);
+ r_nh->destroy(r_nh);
+ }
+
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
+
+ DBG0(DBG_LIB, "%d Newhope DH loops in %d ms\n", count,
+ (stop.tv_nsec - start.tv_nsec) / 1000000 +
+ (stop.tv_sec - start.tv_sec) * 1000);
+}
+END_TEST
+
+START_TEST(test_newhope_ke_wrong)
+{
+ chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
+ diffie_hellman_t *i_nh, *r_nh;
+
+ i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(i_nh != NULL);
+ ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+
+ r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(r_nh != NULL);
+ ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
+ ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+
+ /* destroy 1st instance of i_nh */
+ i_nh->destroy(i_nh);
+ chunk_free(&i_msg);
+
+ /* create 2nd instance of i_nh */
+ i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(i_nh != NULL);
+ ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+ ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+
+ ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
+ ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
+ ck_assert(!chunk_equals(i_shared_secret, r_shared_secret));
+
+ /* cleanup */
+ chunk_clear(&i_shared_secret);
+ chunk_clear(&r_shared_secret);
+ chunk_free(&i_msg);
+ chunk_free(&r_msg);
+ i_nh->destroy(i_nh);
+ r_nh->destroy(r_nh);
+}
+END_TEST
+
+START_TEST(test_newhope_ke_fail_i)
+{
+ diffie_hellman_t *i_nh;
+ char buf_ff[2048];
+ int i;
+
+ chunk_t i_msg;
+
+ chunk_t r_msg[] = {
+ chunk_empty,
+ chunk_from_chars(0x00),
+ chunk_create(buf_ff, 2047),
+ chunk_create(buf_ff, 2048),
+ };
+
+ memset(buf_ff, 0xff, sizeof(buf_ff));
+
+ for (i = 0; i < countof(r_msg); i++)
+ {
+ i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(i_nh != NULL);
+ ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+ ck_assert(!i_nh->set_other_public_value(i_nh, r_msg[i]));
+ chunk_free(&i_msg);
+ i_nh->destroy(i_nh);
+ }
+}
+END_TEST
+
+START_TEST(test_newhope_ke_fail_r)
+{
+ diffie_hellman_t *r_nh;
+ char buf_ff[1824];
+ int i;
+
+ chunk_t i_msg[] = {
+ chunk_empty,
+ chunk_from_chars(0x00),
+ chunk_create(buf_ff, 1823),
+ chunk_create(buf_ff, 1824),
+ };
+
+ memset(buf_ff, 0xff, sizeof(buf_ff));
+
+ for (i = 0; i < countof(i_msg); i++)
+ {
+ r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+ ck_assert(r_nh != NULL);
+ ck_assert(!r_nh->set_other_public_value(r_nh, i_msg[i]));
+ r_nh->destroy(r_nh);
+ }
+}
+END_TEST
+
+Suite *newhope_ke_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("newhope_ke");
+
+ tc = tcase_create("ke_good");
+ test_case_set_timeout(tc, 30);
+ tcase_add_test(tc, test_newhope_ke_good);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ke_wrong");
+ tcase_add_test(tc, test_newhope_ke_wrong);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ke_fail_i");
+ tcase_add_test(tc, test_newhope_ke_fail_i);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ke_fail_r");
+ tcase_add_test(tc, test_newhope_ke_fail_r);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c
new file mode 100644
index 000000000..96dd16787
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c
@@ -0,0 +1,676 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <newhope_noise.h>
+
+#include <library.h>
+
+static const uint16_t n = 1024;
+static const uint16_t q = 12289;
+
+static const size_t seed_len = 32;
+
+typedef struct {
+ uint8_t key;
+ uint8_t nonce;
+ uint8_t uniform[64];
+ uint32_t poly[1024];
+} noise_t;
+
+static noise_t noises[] = {
+ { 0x00, 0x00, /* polynomial s */
+ { 0x9f, 0x07, 0xe7, 0xbe, 0x55, 0x51, 0x38, 0x7a, 0x98, 0xba,
+ 0x97, 0x7c, 0x73, 0x2d, 0x08, 0x0d, 0xcb, 0x0f, 0x29, 0xa0,
+ 0x48, 0xe3, 0x65, 0x69, 0x12, 0xc6, 0x53, 0x3e, 0x32, 0xee,
+ 0x7a, 0xed, 0x29, 0xb7, 0x21, 0x76, 0x9c, 0xe6, 0x4e, 0x43,
+ 0xd5, 0x71, 0x33, 0xb0, 0x74, 0xd8, 0x39, 0xd5, 0x31, 0xed,
+ 0x1f, 0x28, 0x51, 0x0a, 0xfb, 0x45, 0xac, 0xe1, 0x0a, 0x1f,
+ 0x4b, 0x79, 0x4d, 0x6f },
+ { 12286, 12288, 12287, 5, 4, 12288, 12286, 12287, 2, 2,
+ 2, 12288, 2, 12284, 1, 12288, 12288, 12288, 6, 12288,
+ 0, 4, 1, 12285, 12286, 2, 12284, 12287, 1, 5,
+ 5, 12286, 12288, 2, 12286, 0, 3, 1, 0, 2,
+ 0, 0, 4, 12283, 12284, 4, 0, 12288, 3, 12288,
+ 0, 4, 1, 12288, 12286, 0, 3, 1, 12286, 12287,
+ 12285, 3, 2, 3, 12286, 0, 6, 6, 12288, 12284,
+ 0, 12282, 1, 0, 4, 1, 0, 3, 2, 2,
+ 3, 3, 2, 12288, 3, 1, 12287, 12285, 0, 12288,
+ 0, 0, 12288, 12287, 12284, 12286, 0, 12288, 4, 4,
+ 12288, 5, 12286, 2, 12288, 5, 1, 12283, 1, 12288,
+ 1, 12288, 12287, 12285, 2, 2, 12285, 12284, 0, 12285,
+ 12287, 0, 1, 0, 2, 12288, 12288, 12287, 0, 4,
+ 12288, 12285, 12288, 0, 2, 1, 12287, 3, 1, 3,
+ 5, 12286, 1, 0, 12286, 0, 4, 0, 12288, 1,
+ 12288, 4, 5, 12283, 12288, 1, 3, 12283, 12286, 5,
+ 1, 12286, 12287, 12286, 0, 12287, 12285, 1, 0, 0,
+ 1, 3, 0, 0, 0, 12284, 12286, 2, 4, 12288,
+ 6, 1, 2, 12288, 1, 12287, 12286, 12284, 12287, 1,
+ 3, 12284, 0, 0, 6, 12286, 7, 5, 2, 3,
+ 12285, 12287, 12285, 2, 3, 12283, 2, 12284, 12288, 3,
+ 12288, 1, 4, 12287, 2, 12288, 12288, 1, 12286, 12284,
+ 2, 1, 5, 12286, 0, 12288, 0, 0, 0, 12287,
+ 1, 0, 3, 0, 0, 6, 2, 12283, 1, 3,
+ 3, 12284, 3, 1, 12286, 2, 12288, 0, 6, 1,
+ 1, 12285, 12287, 12288, 4, 2, 12288, 3, 12286, 12288,
+ 12287, 3, 3, 2, 7, 4, 12287, 12286, 12287, 2,
+ 2, 12287, 1, 12288, 1, 12287, 12283, 12287, 12288, 1,
+ 12283, 0, 12286, 12288, 4, 12287, 12286, 12286, 2, 2,
+ 12287, 5, 12288, 4, 0, 12287, 1, 3, 12286, 2,
+ 1, 1, 12288, 12287, 5, 12288, 0, 0, 1, 0,
+ 12286, 6, 2, 1, 2, 5, 12286, 6, 12286, 12288,
+ 0, 12286, 3, 12283, 12288, 12284, 0, 7, 2, 6,
+ 1, 12288, 12285, 12284, 1, 0, 0, 2, 12288, 12288,
+ 12288, 3, 3, 1, 3, 12286, 4, 3, 12284, 4,
+ 1, 12287, 12287, 12285, 0, 12287, 12287, 12287, 12286, 12288,
+ 1, 12287, 1, 0, 12288, 2, 0, 4, 0, 12287,
+ 12285, 12285, 5, 3, 12282, 0, 12287, 5, 12287, 1,
+ 12283, 12288, 12288, 3, 1, 1, 3, 12288, 12283, 5,
+ 12288, 12288, 5, 5, 1, 12286, 12286, 12288, 1, 2,
+ 1, 3, 12287, 12288, 12284, 12287, 1, 12287, 0, 12286,
+ 12285, 1, 12287, 12282, 12286, 12287, 0, 12285, 4, 2,
+ 1, 12282, 0, 1, 12288, 12285, 12284, 12286, 12286, 12287,
+ 12288, 1, 12288, 4, 12287, 4, 12287, 12287, 0, 1,
+ 12287, 3, 1, 12286, 12286, 4, 6, 12288, 1, 12285,
+ 12286, 12287, 0, 12287, 12287, 1, 12286, 5, 0, 2,
+ 12283, 12284, 1, 12286, 0, 12287, 12286, 12288, 1, 4,
+ 4, 12283, 2, 6, 1, 12288, 12286, 2, 7, 2,
+ 1, 12288, 5, 12284, 12288, 12288, 1, 7, 3, 12283,
+ 1, 12286, 2, 12288, 12287, 1, 12286, 1, 12286, 12288,
+ 12287, 3, 2, 2, 0, 12284, 12287, 1, 1, 12284,
+ 12286, 1, 2, 1, 0, 12285, 1, 0, 1, 2,
+ 2, 4, 12288, 1, 12288, 5, 0, 12287, 12288, 2,
+ 0, 12288, 12287, 0, 12288, 12288, 0, 0, 12285, 4,
+ 2, 12288, 0, 2, 0, 12288, 1, 3, 12287, 12288,
+ 12288, 12288, 12286, 0, 12285, 12286, 12287, 3, 0, 12286,
+ 2, 1, 12285, 2, 12288, 0, 5, 0, 1, 12288,
+ 12288, 4, 3, 3, 12286, 2, 12288, 4, 12288, 6,
+ 2, 12286, 4, 12287, 2, 12287, 0, 12284, 12288, 0,
+ 12286, 12288, 3, 4, 12286, 12288, 1, 3, 12286, 3,
+ 4, 1, 1, 6, 3, 1, 1, 0, 12288, 4,
+ 0, 12288, 0, 0, 0, 12288, 2, 4, 2, 12287,
+ 0, 0, 3, 2, 3, 4, 0, 3, 2, 12288,
+ 2, 4, 6, 12286, 12284, 12287, 1, 0, 0, 4,
+ 1, 3, 12282, 1, 2, 2, 0, 3, 12282, 2,
+ 12287, 2, 12288, 4, 12288, 3, 3, 12283, 12288, 12288,
+ 12286, 12287, 5, 4, 3, 3, 12288, 12284, 2, 2,
+ 0, 12288, 1, 3, 3, 4, 12284, 12288, 0, 1,
+ 12284, 0, 12286, 12287, 0, 0, 12287, 0, 1, 6,
+ 12288, 1, 12284, 12287, 12282, 12288, 4, 12287, 1, 12286,
+ 1, 12286, 12286, 1, 4, 0, 12288, 1, 12288, 1,
+ 12285, 3, 1, 0, 1, 0, 12288, 12287, 2, 2,
+ 0, 12288, 3, 12284, 2, 12288, 12288, 12288, 12287, 3,
+ 3, 0, 12286, 12286, 1, 2, 12286, 12287, 0, 1,
+ 12288, 12287, 12287, 12288, 12288, 1, 9, 1, 12288, 12287,
+ 2, 1, 1, 0, 12287, 12287, 2, 2, 12288, 12285,
+ 1, 12287, 4, 0, 2, 1, 1, 3, 12284, 12286,
+ 1, 2, 12288, 12287, 4, 1, 12285, 0, 1, 2,
+ 12288, 1, 3, 0, 12286, 0, 12288, 12286, 12287, 12286,
+ 1, 12284, 1, 2, 2, 12288, 0, 12288, 1, 12284,
+ 2, 3, 12287, 1, 12285, 12288, 0, 1, 12284, 2,
+ 12288, 12286, 12286, 3, 12288, 12282, 3, 12287, 12288, 12287,
+ 4, 12287, 1, 2, 9, 12283, 12286, 12286, 0, 4,
+ 12288, 12288, 4, 0, 1, 1, 2, 12284, 1, 1,
+ 0, 12288, 1, 0, 12287, 1, 1, 5, 2, 1,
+ 12288, 3, 12287, 5, 4, 1, 4, 12287, 12285, 3,
+ 12286, 1, 3, 0, 12287, 0, 12286, 12287, 12287, 12287,
+ 3, 2, 12286, 12284, 2, 12288, 1, 1, 12288, 3,
+ 1, 3, 12284, 3, 12282, 12288, 3, 0, 2, 12288,
+ 0, 5, 0, 2, 0, 12281, 12285, 4, 3, 4,
+ 2, 12284, 0, 0, 2, 2, 12287, 12284, 2, 12286,
+ 1, 12288, 1, 12286, 12286, 12287, 4, 0, 6, 3,
+ 0, 3, 12288, 12288, 12288, 12287, 3, 1, 1, 1,
+ 2, 12287, 12284, 3, 12286, 12280, 3, 12284, 12287, 12288,
+ 5, 12288, 12284, 2, 12285, 4, 3, 12286, 6, 2,
+ 1, 12287, 0, 1, 2, 12286, 1, 0, 12287, 0,
+ 1, 1, 12286, 2, 12285, 0, 1, 12288, 0, 1,
+ 12288, 1, 12288, 12287, 12287, 12285, 12282, 12288, 2, 12288,
+ 2, 12284, 1, 12284, 12287, 12286, 12288, 0, 12288, 1,
+ 12283, 12286, 5, 3, 0, 12286, 12286, 3, 1, 0,
+ 1, 12288, 12288, 4, 1, 12286, 12287, 12285, 2, 0,
+ 2, 12287, 1, 12285, 12288, 12286, 12288, 2, 2, 12285,
+ 3, 12286, 12285, 12287 }
+ },
+ { 0x00, 0x01, /* polynomial e */
+ { 0x46, 0xf0, 0xf6, 0xef, 0xee, 0x15, 0xc8, 0xf1, 0xb1, 0x98,
+ 0xcb, 0x49, 0xd9, 0x2b, 0x99, 0x08, 0x67, 0x90, 0x51, 0x59,
+ 0x44, 0x0c, 0xc7, 0x23, 0x91, 0x6d, 0xc0, 0x01, 0x28, 0x26,
+ 0x98, 0x10, 0x39, 0xce, 0x17, 0x66, 0xaa, 0x25, 0x42, 0xb0,
+ 0x5d, 0xb3, 0xbd, 0x80, 0x9a, 0xb1, 0x42, 0x48, 0x9d, 0x5d,
+ 0xbf, 0xe1, 0x27, 0x3e, 0x73, 0x99, 0x63, 0x7b, 0x4b, 0x32,
+ 0x13, 0x76, 0x8a, 0xaa },
+ { 12283, 1, 12288, 4, 0, 12285, 5, 1, 1, 2,
+ 3, 4, 12288, 0, 3, 1, 1, 0, 12286, 6,
+ 1, 0, 1, 0, 4, 2, 12288, 3, 0, 5,
+ 1, 5, 2, 12285, 4, 12288, 3, 2, 12288, 2,
+ 12288, 12285, 12287, 6, 12282, 1, 12286, 7, 12287, 4,
+ 2, 2, 12288, 12285, 0, 2, 0, 12288, 1, 12287,
+ 12287, 2, 1, 2, 1, 12285, 12288, 12286, 1, 2,
+ 12287, 12288, 12288, 1, 0, 12287, 0, 4, 2, 6,
+ 12287, 12285, 12283, 12285, 5, 12283, 12286, 1, 12283, 2,
+ 3, 12286, 12285, 2, 5, 12286, 3, 0, 3, 12286,
+ 5, 12285, 12287, 12288, 1, 5, 3, 5, 1, 1,
+ 1, 12288, 5, 0, 12288, 3, 2, 12288, 12285, 12288,
+ 5, 6, 0, 2, 1, 12287, 12288, 12287, 3, 12284,
+ 2, 0, 3, 0, 0, 12288, 0, 2, 2, 2,
+ 0, 1, 2, 2, 0, 0, 12287, 12285, 0, 4,
+ 1, 12283, 3, 5, 12288, 12286, 12287, 6, 2, 0,
+ 0, 12287, 2, 2, 12288, 0, 2, 12288, 12287, 12288,
+ 12288, 1, 12288, 1, 12288, 2, 4, 2, 1, 1,
+ 0, 12287, 3, 2, 6, 2, 1, 12288, 12285, 6,
+ 0, 1, 12284, 12287, 12287, 12286, 5, 4, 0, 5,
+ 12287, 12286, 12288, 12286, 0, 3, 1, 12287, 12287, 12288,
+ 12288, 12286, 1, 0, 3, 12287, 3, 1, 12283, 1,
+ 12288, 5, 1, 4, 12286, 12287, 2, 0, 0, 0,
+ 12281, 12286, 0, 8, 5, 0, 4, 0, 12287, 5,
+ 1, 3, 2, 12286, 12286, 12288, 12285, 12285, 12287, 0,
+ 12284, 12287, 1, 0, 2, 1, 12286, 12288, 2, 12285,
+ 0, 0, 0, 1, 0, 6, 1, 12288, 12287, 12287,
+ 0, 3, 12288, 12288, 12287, 0, 12287, 1, 3, 0,
+ 0, 12286, 12286, 4, 4, 12287, 1, 3, 4, 12287,
+ 12284, 2, 12288, 12286, 12283, 12285, 1, 3, 1, 12288,
+ 0, 3, 3, 12284, 12285, 5, 3, 12288, 3, 4,
+ 3, 1, 12288, 0, 12288, 1, 0, 0, 3, 0,
+ 3, 2, 12287, 12288, 0, 12288, 0, 2, 12285, 4,
+ 0, 12287, 12287, 1, 1, 1, 12287, 12285, 4, 12282,
+ 3, 1, 1, 12288, 2, 4, 12285, 12286, 3, 1,
+ 0, 12287, 12283, 12285, 2, 5, 1, 1, 12288, 12288,
+ 0, 8, 3, 12287, 12285, 12287, 12286, 12284, 1, 12286,
+ 1, 12288, 2, 3, 12288, 12288, 2, 12288, 12284, 12285,
+ 0, 3, 12288, 12288, 2, 3, 7, 12287, 3, 3,
+ 3, 12284, 0, 0, 1, 12283, 5, 0, 1, 12288,
+ 3, 12286, 12287, 12286, 0, 0, 12287, 12283, 4, 12283,
+ 0, 0, 3, 12285, 5, 12286, 12282, 12288, 1, 12287,
+ 12288, 1, 5, 2, 12287, 2, 12288, 7, 12288, 3,
+ 5, 1, 0, 12287, 1, 12287, 3, 2, 4, 2,
+ 12287, 12286, 12288, 2, 5, 1, 12286, 4, 0, 2,
+ 6, 12286, 2, 12286, 3, 12288, 5, 12285, 0, 2,
+ 12287, 5, 12286, 12284, 7, 12285, 12286, 12284, 12287, 1,
+ 12288, 12284, 12286, 2, 4, 2, 2, 12283, 12286, 2,
+ 2, 12283, 1, 12286, 1, 0, 12284, 3, 0, 4,
+ 1, 0, 4, 12288, 0, 12287, 12287, 12287, 12286, 12284,
+ 12288, 3, 1, 12285, 0, 3, 8, 4, 2, 12288,
+ 3, 12287, 12287, 2, 3, 12288, 12286, 2, 12286, 12288,
+ 0, 1, 12287, 12285, 0, 12285, 12288, 12287, 1, 12287,
+ 0, 12284, 0, 1, 1, 12285, 0, 0, 0, 12287,
+ 12287, 3, 0, 4, 12288, 1, 12288, 12285, 12283, 0,
+ 12286, 12286, 12285, 12285, 12287, 1, 0, 2, 3, 1,
+ 2, 12286, 12288, 3, 12286, 12288, 12288, 6, 2, 2,
+ 0, 12288, 2, 5, 12288, 0, 12284, 12282, 12286, 1,
+ 12288, 12288, 12286, 12288, 3, 12286, 2, 0, 12283, 0,
+ 4, 2, 12288, 0, 12286, 0, 4, 3, 12286, 12287,
+ 4, 12288, 3, 2, 12283, 1, 1, 1, 3, 12286,
+ 4, 0, 12288, 12285, 12287, 0, 0, 12286, 4, 0,
+ 12286, 2, 12288, 12288, 12285, 12283, 5, 3, 12286, 12288,
+ 4, 1, 12283, 0, 12288, 0, 12287, 12287, 0, 3,
+ 12287, 12287, 2, 2, 3, 0, 1, 4, 12288, 3,
+ 3, 0, 12284, 12285, 4, 12288, 1, 12287, 0, 1,
+ 12283, 1, 12284, 12287, 12286, 12285, 0, 0, 3, 12285,
+ 3, 1, 12288, 12287, 12284, 12282, 5, 3, 3, 2,
+ 12285, 4, 12288, 0, 3, 12288, 4, 0, 12283, 12288,
+ 2, 12285, 12288, 12282, 0, 2, 12285, 3, 1, 12284,
+ 1, 5, 7, 12286, 5, 12285, 1, 2, 0, 4,
+ 12283, 12287, 12286, 2, 12280, 12287, 12288, 2, 12285, 12286,
+ 2, 1, 2, 1, 2, 2, 3, 3, 0, 0,
+ 4, 2, 12288, 12286, 4, 0, 1, 12288, 2, 12287,
+ 12288, 12288, 1, 3, 12283, 12288, 1, 12287, 1, 1,
+ 3, 12288, 12288, 1, 2, 1, 1, 12283, 7, 12286,
+ 12288, 1, 12288, 12287, 12284, 7, 2, 12285, 12286, 0,
+ 0, 0, 2, 4, 12288, 0, 12284, 12285, 12286, 2,
+ 12284, 2, 4, 6, 3, 12287, 12288, 12285, 1, 2,
+ 12286, 0, 0, 12287, 12288, 0, 12286, 2, 1, 1,
+ 1, 3, 1, 12285, 4, 0, 12287, 12288, 12287, 0,
+ 12288, 12287, 12288, 12287, 12288, 12288, 0, 12287, 12284, 0,
+ 12288, 12285, 3, 2, 4, 2, 12284, 3, 1, 3,
+ 4, 12288, 12285, 12284, 12287, 1, 4, 0, 2, 12288,
+ 4, 12288, 12287, 3, 1, 0, 0, 12284, 12287, 2,
+ 4, 12287, 2, 12288, 0, 2, 2, 3, 12287, 12286,
+ 8, 12286, 12285, 0, 12285, 2, 3, 5, 12287, 12288,
+ 6, 12288, 12284, 0, 0, 3, 1, 2, 12284, 2,
+ 1, 3, 2, 0, 0, 12288, 12287, 12288, 1, 12288,
+ 4, 3, 12284, 1, 3, 12288, 12283, 12288, 1, 1,
+ 2, 1, 1, 3, 1, 12288, 0, 12288, 2, 0,
+ 0, 12284, 12283, 3, 12288, 0, 2, 12287, 0, 0,
+ 12286, 12286, 0, 0, 2, 4, 12288, 1, 2, 3,
+ 2, 12286, 12286, 1, 2, 4, 12288, 12288, 12284, 12287,
+ 6, 2, 12288, 12286, 0, 0, 3, 12286, 12288, 12287,
+ 12286, 12287, 3, 1, 12286, 0, 4, 3, 12286, 5,
+ 2, 1, 12287, 12286, 4, 12287, 0, 5, 12288, 0,
+ 12288, 2, 2, 1, 1, 0, 0, 12288, 12288, 12288,
+ 0, 0, 12288, 12287, 5, 1, 12288, 1, 10, 1,
+ 0, 0, 2, 2, 2, 0, 12288, 4, 2, 12283,
+ 3, 1, 1, 12285, 2, 12285, 5, 7, 5, 12288,
+ 0, 12287, 5, 1, 12288, 12286, 12287, 0, 0, 0,
+ 12287, 1, 3, 12288 }
+ },
+ { 0x01, 0x00, /* polynomial s' */
+ { 0x3a, 0xeb, 0x52, 0x24, 0xec, 0xf8, 0x49, 0x92, 0x9b, 0x9d,
+ 0x82, 0x8d, 0xb1, 0xce, 0xd4, 0xdd, 0x83, 0x20, 0x25, 0xe8,
+ 0x01, 0x8b, 0x81, 0x60, 0xb8, 0x22, 0x84, 0xf3, 0xc9, 0x49,
+ 0xaa, 0x5a, 0x8e, 0xca, 0x00, 0xbb, 0xb4, 0xa7, 0x3b, 0xda,
+ 0xd1, 0x92, 0xb5, 0xc4, 0x2f, 0x73, 0xf2, 0xfd, 0x4e, 0x27,
+ 0x36, 0x44, 0xc8, 0xb3, 0x61, 0x25, 0xa6, 0x4a, 0xdd, 0xeb,
+ 0x00, 0x6c, 0x13, 0xa0 },
+ { 5, 4, 4, 12288, 12286, 1, 12287, 12288, 2, 12288,
+ 12288, 12287, 2, 2, 12284, 12288, 12288, 3, 2, 3,
+ 12287, 2, 2, 0, 0, 2, 5, 12285, 5, 12287,
+ 2, 12282, 12286, 2, 1, 2, 1, 1, 12288, 12285,
+ 12287, 12286, 2, 0, 0, 12285, 0, 0, 12287, 12286,
+ 12285, 12286, 2, 12288, 12288, 0, 1, 2, 12286, 2,
+ 1, 0, 0, 2, 1, 12288, 1, 12287, 1, 0,
+ 0, 2, 12285, 2, 2, 12288, 12286, 3, 12287, 0,
+ 1, 1, 0, 2, 12287, 2, 1, 2, 3, 0,
+ 0, 1, 12288, 12288, 2, 12287, 12286, 12286, 6, 12288,
+ 0, 0, 4, 0, 12286, 0, 4, 12288, 12288, 5,
+ 12287, 12288, 12285, 2, 12285, 12288, 1, 0, 2, 12288,
+ 12286, 1, 3, 12285, 2, 2, 1, 1, 12288, 12288,
+ 12287, 1, 12288, 3, 0, 12285, 4, 12285, 12287, 2,
+ 2, 12287, 12287, 12286, 12288, 12284, 2, 12286, 4, 1,
+ 0, 12286, 12284, 3, 12286, 3, 12286, 3, 4, 1,
+ 12288, 12282, 2, 2, 12284, 0, 12286, 12283, 3, 0,
+ 4, 2, 4, 2, 12285, 10, 12288, 8, 3, 2,
+ 2, 0, 1, 0, 0, 12286, 2, 12284, 4, 1,
+ 12287, 12287, 1, 1, 12286, 1, 0, 12285, 12288, 12286,
+ 12287, 2, 1, 12284, 12288, 12285, 12285, 3, 0, 1,
+ 4, 4, 1, 0, 2, 1, 12288, 1, 12287, 0,
+ 12286, 4, 2, 3, 3, 12285, 12288, 12288, 5, 2,
+ 0, 4, 3, 12287, 12287, 5, 2, 3, 12284, 0,
+ 8, 1, 1, 0, 5, 12288, 12288, 12288, 12286, 6,
+ 3, 12288, 12286, 12287, 4, 12288, 2, 12288, 12284, 12287,
+ 4, 12288, 0, 0, 3, 0, 4, 4, 12287, 0,
+ 3, 0, 12285, 12287, 12288, 12288, 0, 0, 12287, 12288,
+ 12286, 0, 0, 12285, 12288, 4, 12287, 1, 2, 12288,
+ 12285, 5, 4, 12283, 2, 0, 12288, 2, 0, 0,
+ 12286, 12284, 3, 3, 3, 12287, 1, 1, 0, 1,
+ 3, 12288, 4, 4, 0, 2, 0, 1, 12286, 12284,
+ 2, 2, 12287, 3, 2, 12288, 3, 12286, 2, 12286,
+ 12288, 4, 3, 12288, 2, 12288, 2, 1, 12288, 12288,
+ 7, 12288, 12288, 0, 12288, 1, 12284, 12288, 12288, 12287,
+ 12287, 1, 12285, 12287, 12287, 1, 0, 2, 12286, 3,
+ 12288, 12288, 12287, 3, 5, 0, 0, 12287, 2, 12287,
+ 12288, 8, 12287, 1, 2, 12288, 12284, 3, 0, 12287,
+ 12284, 3, 0, 2, 1, 3, 4, 12287, 12286, 12288,
+ 12286, 0, 0, 12287, 12285, 0, 12286, 2, 1, 12287,
+ 12288, 5, 12287, 12287, 12286, 2, 12283, 0, 0, 12286,
+ 2, 12284, 5, 0, 1, 12287, 0, 3, 1, 12285,
+ 12288, 0, 3, 12287, 2, 12286, 0, 1, 12288, 1,
+ 12284, 12281, 12284, 12288, 12285, 2, 5, 4, 12286, 0,
+ 12287, 12288, 12286, 12285, 3, 12282, 1, 12287, 2, 0,
+ 6, 12288, 4, 12286, 3, 12288, 12286, 12284, 3, 1,
+ 6, 3, 2, 1, 2, 1, 1, 12288, 12287, 1,
+ 3, 3, 1, 0, 0, 12288, 3, 12284, 12285, 12284,
+ 1, 3, 12286, 0, 1, 12285, 12287, 1, 12285, 2,
+ 0, 1, 12287, 1, 4, 3, 1, 12287, 0, 5,
+ 1, 12288, 2, 1, 1, 4, 3, 12286, 3, 3,
+ 2, 12287, 3, 12286, 0, 12288, 12285, 2, 3, 12286,
+ 0, 12287, 5, 4, 1, 1, 12287, 12288, 2, 0,
+ 0, 0, 2, 0, 12286, 4, 12288, 12288, 12285, 12286,
+ 2, 12288, 12288, 0, 12288, 12286, 12284, 12287, 1, 5,
+ 0, 12285, 12287, 2, 4, 3, 12285, 12287, 12288, 0,
+ 12288, 12287, 12286, 2, 12288, 12286, 12284, 1, 2, 12287,
+ 4, 1, 4, 4, 12284, 2, 0, 12288, 3, 1,
+ 0, 4, 1, 6, 0, 12286, 12288, 12287, 12287, 0,
+ 12284, 12285, 2, 12286, 1, 0, 3, 12288, 1, 2,
+ 12284, 12286, 12285, 12283, 12285, 0, 12285, 2, 0, 2,
+ 1, 3, 1, 12286, 12288, 1, 4, 0, 0, 12287,
+ 12287, 12286, 0, 1, 12286, 0, 2, 12288, 2, 12287,
+ 0, 0, 12286, 12287, 4, 6, 12286, 0, 12288, 0,
+ 0, 12287, 2, 3, 4, 1, 3, 12286, 4, 0,
+ 12288, 12286, 12287, 12287, 12288, 4, 12285, 1, 12286, 12286,
+ 2, 12288, 0, 0, 1, 5, 12285, 1, 12281, 3,
+ 12281, 2, 3, 0, 12284, 12288, 5, 0, 0, 12288,
+ 0, 0, 12288, 12286, 3, 12287, 0, 2, 12288, 0,
+ 3, 12288, 12286, 0, 12286, 12287, 12284, 0, 12286, 1,
+ 12287, 12282, 12287, 12288, 0, 5, 12288, 2, 1, 12288,
+ 1, 12285, 5, 2, 12286, 12285, 12287, 0, 2, 12288,
+ 1, 12288, 1, 12286, 0, 2, 12287, 12287, 6, 12286,
+ 12288, 0, 12286, 4, 6, 12287, 12287, 2, 2, 12285,
+ 1, 12288, 12285, 12286, 5, 12288, 1, 2, 1, 7,
+ 12286, 5, 12288, 12287, 12286, 12284, 1, 2, 12287, 4,
+ 1, 1, 0, 1, 2, 12285, 2, 12288, 12284, 1,
+ 1, 12287, 12286, 12285, 12287, 1, 12287, 3, 1, 12286,
+ 0, 12286, 3, 3, 12288, 2, 12288, 5, 12288, 1,
+ 2, 0, 12287, 1, 12287, 7, 2, 3, 0, 12287,
+ 2, 12284, 12284, 12281, 12286, 12285, 12287, 12287, 0, 12288,
+ 3, 4, 3, 2, 3, 1, 12288, 12286, 0, 12288,
+ 12286, 1, 12286, 6, 12287, 1, 6, 5, 3, 1,
+ 12286, 2, 1, 3, 1, 12286, 12285, 3, 2, 0,
+ 0, 12284, 1, 1, 3, 3, 1, 1, 12288, 0,
+ 12284, 1, 12288, 0, 0, 12287, 0, 4, 12285, 0,
+ 4, 12283, 1, 1, 0, 12285, 0, 12286, 0, 0,
+ 1, 0, 12286, 0, 12288, 3, 4, 0, 2, 1,
+ 12287, 2, 12288, 1, 0, 12288, 0, 12288, 6, 12288,
+ 12287, 12286, 3, 12284, 0, 12288, 12284, 12286, 12287, 12288,
+ 12288, 12288, 4, 0, 2, 6, 12286, 1, 4, 12288,
+ 2, 1, 0, 5, 2, 1, 12285, 0, 0, 12285,
+ 4, 12286, 5, 1, 3, 2, 12287, 2, 0, 2,
+ 7, 12283, 12288, 12288, 3, 0, 3, 12288, 3, 12286,
+ 12288, 12287, 12288, 3, 0, 2, 4, 1, 12284, 2,
+ 12288, 12286, 12287, 1, 1, 12288, 0, 12288, 12283, 6,
+ 2, 1, 12288, 3, 12287, 12288, 1, 1, 12285, 0,
+ 12286, 12287, 12288, 1, 2, 12287, 0, 4, 0, 12286,
+ 2, 1, 12288, 12285, 12287, 0, 2, 12287, 6, 2,
+ 0, 12287, 12288, 2, 12288, 12284, 12288, 12285, 4, 1,
+ 12288, 12284, 12287, 4, 12284, 1, 3, 12284, 12282, 0,
+ 12286, 12287, 2, 12286, 3, 4, 2, 12288, 3, 3,
+ 1, 3, 12287, 12283 }
+ },
+ { 0x01, 0x01, /* polynomial e' */
+ { 0x58, 0xd8, 0x6a, 0xcd, 0xe2, 0x79, 0x61, 0x98, 0xfd, 0xea,
+ 0xcf, 0x2a, 0xc0, 0xfd, 0xf0, 0x72, 0x86, 0x32, 0xdc, 0xe9,
+ 0xc6, 0x45, 0x81, 0x80, 0x67, 0x06, 0x72, 0x28, 0xa6, 0xfe,
+ 0x41, 0x2b, 0x78, 0x88, 0x58, 0x6d, 0x58, 0x47, 0x3e, 0xb7,
+ 0x46, 0x60, 0xd8, 0x2f, 0xa0, 0x83, 0xe4, 0xbc, 0x81, 0xdd,
+ 0xc6, 0x29, 0x8b, 0xee, 0xf9, 0xec, 0x90, 0x39, 0x9d, 0x46,
+ 0xbf, 0x2d, 0x7c, 0xdf },
+ { 12287, 3, 3, 1, 12285, 4, 1, 5, 12287, 12285,
+ 12285, 12285, 1, 12288, 12287, 12288, 2, 3, 12283, 12288,
+ 12285, 0, 0, 12286, 12287, 12288, 12288, 12288, 12288, 1,
+ 12288, 2, 2, 5, 5, 0, 12287, 12286, 3, 3,
+ 2, 2, 1, 0, 2, 12287, 12285, 3, 1, 3,
+ 5, 2, 12287, 12287, 2, 0, 4, 2, 0, 0,
+ 1, 5, 12288, 6, 4, 12287, 1, 0, 12283, 0,
+ 1, 12286, 2, 0, 2, 1, 12284, 12282, 0, 6,
+ 1, 2, 5, 12288, 6, 12288, 12284, 2, 1, 2,
+ 12288, 12283, 12288, 3, 12288, 12288, 2, 12286, 12283, 1,
+ 12285, 0, 0, 12286, 12288, 12286, 12288, 12286, 4, 0,
+ 1, 12285, 3, 1, 2, 12285, 12287, 12284, 12287, 12285,
+ 12286, 1, 12288, 3, 5, 5, 3, 12285, 12286, 12288,
+ 0, 1, 12287, 12284, 2, 4, 12288, 12287, 0, 12288,
+ 12288, 12285, 12288, 12284, 3, 0, 2, 0, 2, 0,
+ 1, 1, 1, 12287, 1, 12284, 12285, 0, 12284, 1,
+ 12284, 2, 12288, 5, 4, 1, 1, 12284, 1, 3,
+ 2, 6, 3, 2, 3, 12284, 0, 0, 4, 2,
+ 6, 2, 2, 2, 6, 12288, 0, 1, 12286, 1,
+ 5, 1, 12283, 2, 0, 12284, 1, 12286, 4, 1,
+ 2, 4, 6, 12288, 12288, 12284, 1, 0, 3, 12286,
+ 1, 0, 3, 12288, 12287, 2, 2, 0, 12285, 12286,
+ 0, 12288, 4, 2, 12282, 12287, 1, 12288, 12287, 12286,
+ 12284, 1, 4, 2, 7, 12288, 12283, 12288, 5, 12288,
+ 12288, 12287, 3, 2, 12287, 5, 12287, 12286, 12288, 12287,
+ 0, 12282, 12288, 12288, 0, 3, 12287, 2, 12287, 12284,
+ 6, 12285, 2, 3, 3, 12284, 2, 4, 12286, 5,
+ 0, 2, 12287, 3, 0, 12284, 12286, 0, 2, 12286,
+ 12287, 3, 1, 4, 1, 12286, 12288, 1, 2, 0,
+ 12285, 12287, 2, 0, 0, 0, 3, 12286, 12287, 2,
+ 0, 0, 0, 12286, 4, 1, 12287, 0, 0, 2,
+ 5, 0, 12284, 1, 1, 12288, 2, 12286, 12288, 2,
+ 2, 12282, 1, 12286, 4, 12286, 3, 12287, 12287, 12286,
+ 5, 5, 0, 12288, 3, 12285, 1, 12287, 7, 12286,
+ 2, 12287, 1, 12285, 2, 12287, 12288, 0, 4, 12281,
+ 0, 12286, 3, 1, 12285, 2, 2, 12285, 5, 0,
+ 12285, 2, 12288, 1, 3, 12287, 1, 12288, 1, 5,
+ 12287, 1, 0, 3, 2, 12286, 12286, 12288, 3, 0,
+ 12287, 12288, 0, 12286, 12285, 0, 12286, 12288, 3, 12287,
+ 12288, 2, 6, 0, 2, 12285, 1, 1, 7, 7,
+ 12284, 12284, 5, 0, 12288, 12288, 4, 3, 1, 2,
+ 12287, 0, 12288, 12284, 2, 5, 1, 2, 0, 12288,
+ 1, 12284, 2, 3, 0, 12287, 12285, 2, 12288, 12288,
+ 7, 1, 12287, 1, 12286, 2, 3, 4, 12288, 12288,
+ 12286, 12286, 3, 12288, 1, 12286, 12286, 0, 12283, 12288,
+ 2, 0, 7, 2, 12287, 0, 0, 12286, 4, 1,
+ 12288, 12288, 1, 2, 12287, 12282, 3, 5, 0, 12288,
+ 12288, 12286, 12286, 12286, 4, 2, 0, 1, 12284, 3,
+ 12283, 5, 12287, 2, 2, 12288, 1, 12284, 1, 0,
+ 1, 3, 12288, 2, 12287, 1, 12286, 12288, 0, 12287,
+ 12288, 2, 2, 12286, 0, 12287, 12288, 12284, 0, 2,
+ 2, 2, 1, 3, 12285, 12285, 1, 12285, 2, 6,
+ 2, 0, 12288, 0, 0, 3, 2, 12287, 1, 12286,
+ 0, 12287, 0, 1, 12285, 12287, 6, 12288, 2, 0,
+ 12286, 2, 4, 12288, 2, 5, 12285, 12286, 0, 12284,
+ 12288, 3, 3, 3, 12287, 4, 2, 0, 12283, 2,
+ 12287, 0, 1, 12287, 2, 12288, 12287, 3, 2, 7,
+ 7, 1, 12287, 12288, 2, 6, 1, 3, 2, 0,
+ 2, 2, 3, 12288, 3, 4, 2, 0, 5, 12285,
+ 3, 12285, 3, 12285, 1, 1, 12287, 12285, 2, 12285,
+ 5, 0, 7, 2, 12284, 0, 12285, 7, 1, 12288,
+ 12288, 0, 12288, 12287, 5, 0, 2, 0, 2, 12286,
+ 1, 12286, 0, 12286, 12285, 4, 12286, 2, 12288, 12287,
+ 12287, 1, 12286, 12287, 12287, 12286, 12287, 12288, 6, 5,
+ 2, 5, 12283, 12286, 12286, 12288, 1, 0, 3, 12286,
+ 5, 0, 12287, 12288, 12288, 12287, 12286, 2, 1, 0,
+ 1, 2, 3, 1, 12286, 2, 1, 6, 12288, 1,
+ 12286, 1, 12288, 0, 1, 0, 12283, 0, 2, 12288,
+ 3, 1, 12287, 12288, 4, 0, 3, 12286, 0, 1,
+ 12283, 4, 1, 4, 12287, 5, 0, 12287, 12288, 3,
+ 3, 12282, 1, 4, 2, 3, 0, 2, 6, 12282,
+ 12285, 12288, 12287, 12288, 2, 12285, 1, 0, 12287, 12288,
+ 12286, 0, 0, 4, 12288, 12287, 1, 0, 2, 5,
+ 2, 12287, 1, 7, 12284, 0, 12287, 12286, 2, 1,
+ 12287, 0, 1, 12284, 12287, 12287, 12285, 12285, 3, 12282,
+ 12286, 1, 1, 12288, 12282, 12287, 1, 1, 2, 2,
+ 3, 1, 12287, 5, 12282, 0, 0, 12287, 1, 3,
+ 12288, 3, 12285, 12286, 2, 0, 12288, 12288, 5, 12285,
+ 4, 12288, 12287, 0, 1, 4, 1, 2, 12288, 0,
+ 2, 1, 12288, 4, 6, 12288, 1, 12287, 4, 1,
+ 12285, 12288, 3, 0, 12288, 12285, 2, 0, 12286, 2,
+ 1, 12288, 1, 12288, 12284, 3, 0, 2, 2, 12288,
+ 12287, 12286, 4, 12288, 2, 0, 0, 3, 4, 0,
+ 12288, 12282, 6, 2, 12283, 12287, 2, 6, 1, 2,
+ 12288, 2, 12283, 3, 12287, 3, 4, 0, 0, 12285,
+ 0, 12288, 12287, 12284, 12286, 3, 1, 12286, 2, 0,
+ 12287, 12286, 12286, 12288, 5, 2, 12288, 12286, 0, 12287,
+ 0, 3, 2, 12287, 12286, 0, 1, 12287, 2, 0,
+ 12286, 5, 12285, 12288, 12288, 12288, 12286, 4, 1, 12285,
+ 12284, 12288, 12286, 1, 1, 12287, 2, 12286, 3, 2,
+ 12283, 12283, 4, 2, 12283, 5, 0, 1, 0, 5,
+ 12287, 1, 1, 0, 3, 10, 12287, 3, 12288, 12288,
+ 12287, 2, 2, 0, 4, 12288, 12283, 12288, 1, 12287,
+ 3, 0, 0, 1, 12288, 12284, 0, 12286, 12287, 0,
+ 12287, 2, 1, 7, 12288, 12287, 0, 4, 12287, 12286,
+ 3, 4, 12287, 12288, 12285, 12287, 12288, 12285, 12286, 7,
+ 1, 1, 12288, 3, 12287, 3, 1, 4, 2, 5,
+ 12282, 3, 0, 12286, 12288, 0, 12285, 0, 2, 3,
+ 0, 12286, 3, 2, 12285, 0, 0, 12287, 1, 0,
+ 0, 6, 2, 12287, 12284, 7, 5, 0, 1, 6,
+ 2, 4, 1, 12286, 12288, 2, 12287, 3, 4, 12283,
+ 0, 12288, 2, 2, 12286, 0, 2, 2, 12288, 12285,
+ 12287, 12285, 12288, 0 }
+ },
+ { 0x01, 0x02, /* polynomial e'' */
+ { 0x20, 0x37, 0x77, 0x8a, 0x9c, 0x19, 0xde, 0xf0, 0x65, 0x9e,
+ 0x0f, 0xa5, 0xfc, 0x0e, 0x78, 0xfe, 0x55, 0x89, 0xc9, 0x88,
+ 0x41, 0xa2, 0x5a, 0x1e, 0xa4, 0x66, 0xcd, 0x3a, 0x29, 0x42,
+ 0xd1, 0x25, 0xf2, 0x84, 0xd7, 0xee, 0xd5, 0x53, 0x86, 0x5b,
+ 0xa3, 0x93, 0x4e, 0xee, 0xc7, 0x5b, 0xe5, 0x52, 0x68, 0x19,
+ 0xdf, 0x63, 0xfb, 0x91, 0x3d, 0xe9, 0x5d, 0xd6, 0xeb, 0x81,
+ 0x3d, 0xac, 0xf1, 0xad },
+ { 12286, 12286, 1, 12287, 1, 12286, 12287, 12287, 12284, 1,
+ 12287, 2, 12284, 0, 2, 12288, 0, 1, 0, 12285,
+ 12288, 4, 2, 12287, 12282, 12288, 12285, 12288, 2, 12288,
+ 6, 7, 12286, 12286, 1, 4, 12287, 12287, 3, 1,
+ 3, 3, 2, 12285, 0, 1, 12288, 1, 1, 12287,
+ 0, 0, 1, 0, 12287, 12283, 12283, 12288, 12287, 0,
+ 0, 2, 12286, 3, 3, 0, 12286, 12282, 3, 6,
+ 3, 3, 12285, 1, 1, 12288, 1, 0, 12288, 0,
+ 12287, 4, 1, 0, 12285, 12288, 1, 1, 1, 3,
+ 12286, 0, 12288, 0, 12287, 12287, 3, 5, 1, 12287,
+ 12287, 0, 0, 0, 12283, 0, 0, 12288, 0, 12287,
+ 12286, 12284, 12286, 0, 12286, 3, 5, 12287, 0, 12287,
+ 1, 3, 2, 6, 1, 12287, 1, 1, 12285, 4,
+ 12282, 12288, 12288, 3, 2, 12287, 3, 3, 12288, 12286,
+ 2, 5, 12288, 12287, 12288, 3, 0, 12283, 3, 3,
+ 1, 0, 12288, 2, 2, 12287, 12286, 4, 12287, 12288,
+ 0, 0, 12286, 1, 4, 4, 12286, 12287, 4, 12288,
+ 2, 1, 1, 12288, 12287, 3, 12287, 12286, 12285, 12288,
+ 4, 1, 0, 12287, 3, 12286, 12287, 4, 0, 12287,
+ 12286, 12287, 3, 1, 1, 12285, 12287, 0, 12285, 2,
+ 5, 2, 12285, 3, 2, 12285, 12287, 2, 0, 12288,
+ 2, 5, 2, 12283, 1, 1, 0, 12286, 12288, 3,
+ 1, 12286, 12283, 0, 1, 2, 2, 1, 12287, 12287,
+ 4, 4, 1, 0, 0, 12288, 12287, 12284, 12284, 7,
+ 0, 12288, 5, 4, 12288, 12288, 1, 0, 1, 1,
+ 2, 12288, 12288, 5, 1, 0, 12287, 3, 3, 0,
+ 1, 12288, 12288, 3, 12285, 12288, 3, 5, 4, 1,
+ 12285, 12285, 12288, 12285, 12288, 12285, 4, 1, 3, 12285,
+ 4, 0, 12288, 12286, 5, 12287, 12285, 12288, 4, 12288,
+ 0, 12287, 12286, 0, 12286, 12283, 0, 12287, 12284, 1,
+ 12288, 12288, 3, 12286, 1, 2, 12286, 3, 1, 12285,
+ 12286, 12285, 0, 12285, 12288, 0, 2, 12283, 0, 1,
+ 2, 1, 2, 3, 3, 12285, 0, 0, 0, 12288,
+ 12283, 4, 12286, 2, 1, 3, 3, 12284, 2, 4,
+ 3, 12286, 12282, 12286, 0, 12286, 12287, 3, 12288, 12288,
+ 2, 12287, 12286, 3, 0, 12286, 1, 1, 0, 12287,
+ 2, 0, 0, 1, 12286, 1, 0, 12283, 0, 12288,
+ 2, 5, 12288, 12287, 2, 1, 12288, 2, 2, 5,
+ 2, 12286, 12286, 2, 12284, 12287, 0, 12284, 0, 12284,
+ 12286, 12286, 12288, 12287, 12287, 2, 1, 12287, 12287, 1,
+ 5, 0, 0, 12288, 2, 12285, 6, 2, 12288, 12288,
+ 12286, 2, 12285, 0, 0, 0, 12288, 3, 12286, 1,
+ 1, 0, 3, 0, 12286, 12288, 12287, 3, 2, 12287,
+ 12288, 1, 12288, 12282, 2, 0, 12288, 12286, 12285, 12281,
+ 4, 1, 7, 12283, 12287, 12288, 1, 6, 0, 12288,
+ 5, 1, 1, 12286, 12286, 0, 12287, 12285, 12287, 1,
+ 12288, 12286, 12286, 12288, 2, 12287, 12287, 12288, 12286, 12288,
+ 12282, 12284, 12286, 0, 12285, 12285, 3, 12288, 12287, 12288,
+ 2, 0, 2, 0, 12288, 12286, 3, 12288, 12286, 12287,
+ 1, 1, 1, 0, 5, 5, 12285, 12288, 3, 12286,
+ 1, 2, 12285, 1, 4, 12288, 1, 4, 1, 3,
+ 4, 12286, 0, 7, 2, 12288, 2, 12287, 0, 2,
+ 12283, 12286, 0, 12288, 12286, 4, 1, 12284, 7, 12285,
+ 0, 12284, 12287, 0, 0, 3, 4, 12284, 0, 1,
+ 0, 1, 12285, 1, 12286, 12284, 12287, 0, 7, 1,
+ 4, 12282, 12288, 0, 2, 12285, 12288, 12287, 12287, 12283,
+ 0, 1, 3, 12285, 12286, 3, 12288, 12288, 12284, 12286,
+ 12288, 1, 0, 2, 12287, 0, 12286, 4, 12288, 0,
+ 12284, 0, 0, 2, 12286, 0, 0, 12286, 12287, 1,
+ 12288, 0, 12284, 1, 12288, 12288, 1, 1, 12282, 12284,
+ 12288, 12285, 12285, 12288, 1, 12286, 2, 0, 0, 12284,
+ 2, 12288, 0, 0, 12285, 0, 3, 0, 0, 12285,
+ 12286, 5, 3, 12287, 5, 2, 12287, 0, 1, 12286,
+ 12287, 1, 12286, 1, 12288, 0, 0, 12282, 5, 12282,
+ 12287, 12288, 12287, 1, 0, 3, 4, 6, 1, 1,
+ 12287, 12284, 12286, 12287, 12286, 2, 1, 12288, 3, 0,
+ 3, 0, 12286, 1, 0, 12288, 1, 12284, 4, 0,
+ 4, 12288, 1, 4, 1, 12286, 4, 0, 2, 1,
+ 1, 4, 12287, 2, 1, 12288, 4, 3, 2, 12287,
+ 0, 1, 12287, 1, 12285, 12286, 2, 2, 0, 12286,
+ 12287, 0, 12288, 12285, 5, 12288, 0, 0, 12288, 3,
+ 12288, 0, 4, 0, 12288, 12286, 12287, 0, 0, 2,
+ 12283, 0, 12281, 1, 1, 3, 4, 2, 12284, 5,
+ 12288, 2, 3, 4, 12287, 3, 12288, 12287, 12288, 2,
+ 12286, 2, 0, 12286, 12286, 5, 12288, 2, 12288, 7,
+ 12286, 12286, 4, 12288, 12288, 12288, 5, 12287, 7, 12286,
+ 12282, 2, 12284, 0, 12288, 0, 2, 12283, 2, 5,
+ 4, 1, 12288, 12283, 5, 12288, 12288, 0, 0, 0,
+ 6, 1, 12286, 6, 4, 12287, 2, 12288, 12287, 12286,
+ 4, 5, 0, 1, 2, 1, 4, 12286, 1, 2,
+ 1, 1, 0, 12288, 12282, 1, 1, 3, 12284, 12288,
+ 0, 12287, 1, 12286, 12288, 6, 1, 5, 12287, 12285,
+ 2, 12288, 12288, 12284, 0, 12287, 2, 3, 5, 1,
+ 12286, 1, 12287, 0, 12284, 1, 5, 12283, 1, 1,
+ 12287, 12283, 12288, 0, 12287, 3, 0, 12288, 12286, 12287,
+ 8, 0, 0, 12288, 1, 3, 2, 3, 12287, 9,
+ 2, 3, 4, 12288, 3, 0, 12288, 12283, 0, 0,
+ 2, 4, 12287, 2, 12287, 12286, 12287, 2, 12287, 2,
+ 3, 1, 3, 1, 0, 1, 1, 5, 3, 12285,
+ 1, 12281, 12287, 12286, 1, 4, 12287, 12286, 12285, 4,
+ 2, 0, 12288, 12288, 12286, 12287, 12288, 1, 3, 4,
+ 0, 1, 12285, 4, 3, 12284, 1, 12288, 12285, 12288,
+ 0, 12281, 12288, 12285, 12285, 1, 12284, 12286, 12287, 0,
+ 0, 12287, 1, 12282, 4, 4, 12288, 1, 4, 12286,
+ 5, 4, 1, 5, 3, 1, 0, 6, 12288, 0,
+ 12288, 2, 12286, 12287, 6, 0, 12288, 0, 12287, 1,
+ 4, 0, 12282, 4, 1, 12286, 1, 12282, 3, 12285,
+ 12283, 12286, 12288, 4, 12284, 12286, 12286, 0, 12286, 0,
+ 0, 1, 12286, 1, 1, 4, 12284, 0, 3, 2,
+ 12288, 1, 2, 12287, 2, 1, 12288, 0, 1, 2,
+ 12286, 0, 6, 12285, 0, 1, 4, 0, 0, 3,
+ 2, 12287, 12285, 7, 1, 3, 1, 0, 12286, 12288,
+ 0, 12287, 1, 12286 }
+ }
+};
+
+START_TEST(test_newhope_noise_uniform)
+{
+ newhope_noise_t *noise;
+ uint8_t seed_buf[seed_len], *uniform;
+ chunk_t seed = { seed_buf, seed_len };
+
+ memset(seed_buf, 0x00, seed_len - 1);
+ seed_buf[seed_len - 1] = noises[_i].key;
+
+ noise = newhope_noise_create(seed);
+ ck_assert(noise != NULL);
+ uniform = noise->get_uniform_bytes(noise, noises[_i].nonce, 64);
+ ck_assert(uniform != NULL);
+ ck_assert(memeq(uniform, noises[_i].uniform, 64));
+ free(uniform);
+ noise->destroy(noise);
+}
+END_TEST
+
+START_TEST(test_newhope_noise_poly)
+{
+ newhope_noise_t *noise;
+ uint8_t seed_buf[seed_len];
+ uint32_t *poly;
+ int i;
+ chunk_t seed = { seed_buf, seed_len };
+
+ memset(seed_buf, 0x00, seed_len - 1);
+ seed_buf[seed_len - 1] = noises[_i].key;
+
+ noise = newhope_noise_create(seed);
+ ck_assert(noise != NULL);
+ poly = noise->get_binomial_words(noise, noises[_i].nonce, n, q);
+ ck_assert(poly != NULL);
+ for (i = 0; i < n; i++)
+ {
+ ck_assert(poly[i] == noises[_i].poly[i]);
+ }
+ free(poly);
+ noise->destroy(noise);
+}
+END_TEST
+
+static size_t seed_lengths[] = { 0, 1, 31, 33 };
+
+START_TEST(test_newhope_noise_fail)
+{
+ newhope_noise_t *noise;
+ chunk_t seed;
+
+ seed = chunk_alloc(seed_lengths[_i]);
+ memset(seed.ptr, 0x00, seed.len);
+
+ noise = newhope_noise_create(seed);
+ ck_assert(noise == NULL);
+ chunk_free(&seed);
+}
+END_TEST
+
+Suite *newhope_noise_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("newhope_noise");
+
+ tc = tcase_create("noise_uniform");
+ tcase_add_loop_test(tc, test_newhope_noise_uniform, 0, countof(noises));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("noise_poly");
+ tcase_add_loop_test(tc, test_newhope_noise_poly, 0, countof(noises));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("noise_fail");
+ tcase_add_loop_test(tc, test_newhope_noise_fail, 0, countof(seed_lengths));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c
new file mode 100644
index 000000000..4432e34d6
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c
@@ -0,0 +1,344 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <newhope_reconciliation.h>
+
+#include <library.h>
+
+static const uint16_t n = 1024;
+static const uint16_t q = 12289;
+
+static uint32_t r_v[] = {
+ 7832, 2714, 1942, 12135, 6869, 11272, 11601, 1783, 9639, 1465,
+ 4603, 8158, 1418, 6162, 3907, 6653, 1091, 3026, 4540, 4797,
+ 2751, 29, 768, 5580, 1304, 5262, 1644, 11294, 12257, 10466,
+ 170, 8458, 7185, 6850, 8790, 11277, 10980, 5507, 10693, 9766,
+ 7230, 3980, 796, 11125, 8042, 9022, 10207, 7577, 5041, 192,
+ 10308, 7905, 8520, 3814, 3372, 11772, 11290, 418, 2744, 4782,
+ 3072, 10921, 10721, 6100, 1021, 7943, 7426, 2142, 6618, 757,
+ 5033, 9336, 9332, 3410, 6613, 11776, 1525, 9567, 5371, 1290,
+ 3685, 11054, 11228, 10703, 70, 11215, 8992, 2855, 2962, 10104,
+ 10083, 8146, 7599, 3428, 4316, 10056, 1245, 9776, 7867, 1381,
+ 6540, 11273, 6626, 3708, 5348, 4521, 3760, 1771, 12037, 2681,
+ 3044, 10226, 5133, 5013, 7851, 7187, 1965, 6776, 223, 3003,
+ 4800, 10128, 9592, 8917, 10664, 7076, 2081, 5621, 2694, 8245,
+ 10979, 929, 10593, 10429, 6890, 6222, 5891, 6633, 12124, 1508,
+ 508, 9650, 2480, 10302, 3958, 4519, 5309, 8675, 6963, 5281,
+ 8265, 4851, 7173, 2537, 1176, 259, 6422, 6782, 1429, 7231,
+ 4948, 8137, 11341, 12090, 5395, 8087, 3098, 6724, 7462, 9973,
+ 149, 7331, 562, 9753, 1227, 768, 7520, 12107, 6199, 6503,
+ 9876, 306, 3876, 1903, 6306, 10288, 10184, 9401, 68, 5246,
+ 630, 10136, 133, 12082, 648, 8537, 3896, 4482, 12011, 5407,
+ 5305, 4301, 6551, 714, 5902, 11915, 3121, 5428, 5441, 5140,
+ 10139, 2091, 875, 9478, 11576, 8663, 10514, 1018, 8780, 6445,
+ 2501, 4204, 1276, 7474, 10594, 3808, 4367, 11469, 4875, 1899,
+ 9136, 1507, 6235, 6367, 3851, 7341, 9925, 4629, 9588, 3150,
+ 4739, 6109, 4850, 9944, 11565, 4995, 8383, 9623, 6248, 3020,
+ 1730, 3368, 3431, 8617, 6478, 7182, 8720, 1927, 6493, 9285,
+ 9779, 2800, 3730, 1754, 3772, 3124, 7569, 10008, 9240, 2493,
+ 4402, 5851, 2050, 8630, 5054, 8421, 1536, 7671, 5467, 9075,
+ 5881, 4355, 4554, 11354, 4048, 10335, 11033, 4252, 2558, 4363,
+ 10448, 327, 1675, 4755, 8227, 7705, 398, 10398, 9913, 4129,
+ 6571, 10743, 280, 6634, 796, 7264, 3916, 11349, 1415, 1187,
+ 692, 9980, 1647, 4267, 1001, 12229, 6040, 268, 1308, 531,
+ 3141, 7209, 1941, 4684, 10261, 1415, 8381, 4919, 11450, 1494,
+ 8237, 11023, 3380, 4448, 10101, 9232, 11040, 7799, 4958, 741,
+ 2234, 10436, 11442, 5073, 2908, 2355, 31, 7222, 5457, 3746,
+ 8920, 122, 8960, 5708, 1750, 11161, 4847, 3199, 7954, 2151,
+ 9419, 11678, 8997, 12016, 9690, 9605, 10718, 3735, 1617, 9574,
+ 10384, 11604, 9311, 687, 7145, 11891, 6529, 5052, 1342, 8735,
+ 7644, 6062, 6338, 8563, 2502, 5284, 220, 5224, 3771, 11067,
+ 11609, 2972, 3799, 2566, 7488, 6369, 7704, 6095, 3598, 12112,
+ 8545, 2026, 746, 3206, 2814, 8740, 1491, 5950, 8413, 4043,
+ 12036, 6082, 4131, 1941, 6942, 9396, 11267, 8912, 7344, 10371,
+ 9205, 9520, 12038, 4345, 8024, 10999, 8408, 4673, 6682, 8893,
+ 8668, 10099, 7658, 11896, 4276, 2042, 10707, 9793, 3152, 11961,
+ 3269, 5512, 5736, 5938, 9457, 10439, 10777, 6656, 3174, 9043,
+ 6046, 2519, 11912, 5244, 6214, 2071, 11317, 5285, 891, 6184,
+ 3819, 1563, 1474, 654, 5147, 2380, 10760, 4816, 3378, 1414,
+ 7784, 10067, 1809, 6320, 4789, 9359, 2747, 9424, 9074, 9473,
+ 3300, 6244, 104, 7612, 1105, 4276, 573, 1988, 923, 12047,
+ 7948, 4860, 3949, 4971, 6956, 2831, 2034, 289, 10946, 6970,
+ 3191, 5122, 2175, 1300, 6198, 256, 6433, 11646, 9119, 9723,
+ 1046, 5967, 1124, 6449, 2817, 692, 4649, 3089, 5050, 11261,
+ 2220, 3052, 12012, 10110, 1394, 2877, 10089, 11696, 4462, 5504,
+ 66, 2500, 5384, 7461, 5712, 8649, 9536, 7670, 2385, 3469,
+ 782, 2876, 7772, 6118, 142, 5396, 10951, 10556, 3450, 10602,
+ 1604, 7909, 3323, 39, 10258, 2262, 7113, 11313, 10203, 10846,
+ 9275, 4316, 965, 6006, 4458, 7926, 3171, 1797, 4659, 5336,
+ 5543, 250, 9230, 10720, 11970, 4511, 4311, 11763, 1283, 4044,
+ 2643, 3744, 4490, 5984, 8868, 8760, 11738, 6037, 9164, 7601,
+ 7544, 11117, 7322, 2081, 4034, 10791, 11491, 7027, 1615, 5338,
+ 8528, 3424, 2126, 927, 1650, 6068, 3812, 10958, 7574, 11032,
+ 6954, 6132, 2598, 9458, 11346, 1974, 3273, 1040, 10331, 8587,
+ 11017, 6864, 8246, 5328, 11330, 6779, 8761, 4342, 4595, 8610,
+ 161, 4622, 6411, 10708, 7896, 11431, 12097, 9500, 3376, 9561,
+ 10730, 2248, 3069, 1434, 8838, 566, 6397, 5881, 4956, 4203,
+ 8362, 6047, 3484, 4784, 9901, 8989, 862, 8817, 12186, 9876,
+ 9748, 1905, 5696, 9028, 5721, 2940, 10235, 2326, 2134, 6167,
+ 1019, 10851, 1253, 5588, 9149, 6532, 3959, 11598, 4068, 3299,
+ 8264, 9787, 7089, 2829, 6755, 6156, 455, 5900, 2839, 5921,
+ 2140, 7428, 2688, 11175, 9247, 6727, 11711, 1762, 6244, 3336,
+ 2308, 9922, 7883, 7007, 10890, 7013, 8452, 2743, 1482, 6927,
+ 7846, 6128, 5114, 4868, 7487, 4584, 6785, 460, 6747, 8894,
+ 9855, 12242, 3365, 1450, 6614, 3974, 5200, 3247, 2779, 8695,
+ 828, 10940, 2304, 376, 3027, 3898, 10351, 1879, 10262, 2512,
+ 5487, 4280, 10297, 8480, 9481, 7905, 197, 8361, 4927, 705,
+ 9671, 6722, 2589, 8772, 1078, 333, 8696, 6267, 7420, 4471,
+ 8994, 5038, 5318, 1846, 2574, 8779, 10724, 825, 7399, 7073,
+ 4422, 8385, 5171, 8849, 11344, 10735, 8483, 2241, 11738, 6581,
+ 10699, 2777, 6531, 4678, 7608, 10871, 3501, 9239, 7252, 11828,
+ 7873, 9606, 4526, 5958, 8505, 11233, 9638, 2421, 5652, 3095,
+ 9049, 11347, 6274, 1405, 11114, 11208, 5703, 10774, 3011, 11633,
+ 5741, 9601, 5507, 4527, 3501, 5707, 8698, 178, 12091, 325,
+ 6056, 635, 3772, 12169, 10509, 6528, 3573, 3675, 3389, 3161,
+ 1148, 2687, 3509, 6639, 10452, 11804, 5355, 1085, 9580, 7106,
+ 1396, 8279, 4881, 3402, 7803, 8801, 6142, 7623, 4386, 9291,
+ 1502, 500, 11809, 6655, 2674, 10061, 1650, 5422, 8936, 10011,
+ 1193, 9619, 1435, 8285, 4038, 9984, 9732, 4477, 1251, 7106,
+ 7817, 10062, 3378, 5608, 2395, 2563, 1957, 3768, 4160, 7267,
+ 11631, 2171, 4771, 6927, 4330, 10482, 6204, 11022, 7895, 1924,
+ 3648, 1991, 6628, 10136, 2916, 5416, 7827, 1479, 2312, 9991,
+ 7915, 5431, 10911, 10979, 4527, 436, 10521, 5725, 2201, 10198,
+ 662, 1691, 8867, 10008, 9359, 5291, 567, 5725, 10329, 4772,
+ 2813, 7323, 5646, 1861, 9922, 1831, 9356, 1219, 4107, 9999,
+ 4569, 9092, 833, 1602, 4258, 1443, 1484, 4036, 5415, 3767,
+ 9992, 412, 9343, 2251, 10513, 9067, 1494, 11893, 744, 1978,
+ 11259, 3614, 7459, 5254, 4232, 5148, 4119, 11550, 6425, 4933,
+ 4292, 10521, 9657, 9632, 4613, 7738, 5561, 8806, 3501, 3731,
+ 11329, 2693, 11581, 6393, 10176, 10773, 1790, 1809, 9186, 12085,
+ 5418, 7223, 1077, 1527, 10917, 4236, 7668, 11754, 6655, 7696,
+ 1809, 11512, 3618, 5857, 7512, 1044, 7970, 6825, 4897, 2870,
+ 126, 8619, 10445, 3883, 4238, 4051, 399, 1580, 9893, 11046,
+ 2955, 6520, 5435, 1891, 1254, 12135, 4122, 10512, 11960, 6196,
+ 3443, 10118, 1689, 10877
+};
+
+static uint32_t i_v[] = {
+ 8355, 2010, 1416, 12110, 6361, 11296, 11668, 1446, 9822, 947,
+ 5422, 8211, 1824, 6158, 3458, 6435, 685, 2707, 4804, 4929,
+ 3204, 12158, 674, 5703, 1125, 5085, 1358, 10956, 12216, 11164,
+ 12112, 8359, 7018, 7038, 9099, 11789, 10574, 5991, 10736, 9335,
+ 7898, 4429, 587, 11156, 7912, 9063, 9673, 6792, 5530, 648,
+ 10203, 7284, 7935, 4177, 3514, 11488, 10998, 12254, 2913, 4827,
+ 2446, 10965, 10718, 5569, 1023, 8150, 7440, 1928, 6384, 802,
+ 4726, 9738, 10374, 3842, 6761, 11788, 1133, 9413, 5818, 1099,
+ 3710, 11315, 11667, 10285, 12431, 11195, 9193, 2842, 2267, 9902,
+ 10076, 7409, 6751, 3748, 4487, 9961, 1547, 10060, 7443, 1276,
+ 6827, 10798, 6323, 4038, 5508, 4006, 3300, 1774, 255, 2688,
+ 3238, 10275, 4911, 5648, 7842, 7506, 1769, 6425, 195, 3176,
+ 4455, 10337, 9451, 8912, 10445, 7646, 2837, 5109, 3033, 8668,
+ 10295, 744, 10869, 10204, 6825, 6326, 6299, 7208, 11886, 1246,
+ 704, 9626, 2538, 10932, 3903, 4545, 5111, 9006, 6698, 5008,
+ 8464, 4679, 7230, 2223, 707, 705, 6592, 6207, 1114, 7645,
+ 5374, 7595, 11064, 746, 5585, 8248, 2921, 7004, 6595, 9985,
+ 506, 7147, 793, 9605, 596, 962, 8223, 11771, 6438, 6663,
+ 9519, 12013, 4302, 2216, 6633, 10351, 10096, 9645, 347, 4601,
+ 596, 10448, 12051, 12376, 1544, 8939, 5114, 4052, 11408, 5947,
+ 5368, 4270, 6747, 423, 6283, 11211, 2574, 5974, 5533, 5143,
+ 9757, 2155, 729, 9776, 11989, 8808, 11057, 1519, 9187, 5996,
+ 2966, 3865, 1409, 8023, 10648, 4397, 5082, 10832, 4769, 2068,
+ 9226, 1790, 5911, 6534, 3780, 7312, 9388, 5014, 9054, 3445,
+ 4659, 6203, 5234, 9490, 11060, 4214, 8978, 9789, 6201, 3088,
+ 1988, 3057, 3762, 8725, 7322, 7583, 8233, 1394, 6534, 9221,
+ 9736, 2738, 3837, 2595, 4012, 3674, 7505, 10231, 8080, 2402,
+ 3977, 5928, 1942, 8421, 5507, 8422, 1238, 6909, 5800, 9613,
+ 6083, 4382, 4669, 11670, 4032, 10762, 11623, 4387, 3728, 4656,
+ 9701, 722, 1255, 4495, 8158, 7762, 792, 10307, 9813, 3904,
+ 6081, 11003, 12045, 6718, 1089, 7327, 4381, 11188, 943, 1740,
+ 563, 10251, 756, 5027, 848, 325, 6547, 12288, 1222, 12189,
+ 3641, 7314, 2049, 5254, 10043, 1068, 7906, 4741, 11639, 1981,
+ 7660, 10911, 2746, 4536, 10068, 9700, 11057, 8114, 5556, 253,
+ 2292, 10686, 11848, 5306, 3092, 2570, 12167, 7101, 5245, 3463,
+ 8627, 12513, 9010, 5356, 1633, 10462, 4545, 3614, 7245, 1887,
+ 9738, 11902, 8716, 12035, 9958, 9421, 11063, 3759, 883, 9754,
+ 10730, 11706, 9132, 540, 6726, 11382, 7038, 4407, 1225, 8606,
+ 7689, 5894, 6553, 7908, 2454, 4939, 613, 5811, 3580, 11792,
+ 11364, 3153, 3698, 2604, 7470, 6053, 7699, 6018, 4289, 11497,
+ 8580, 2249, 718, 2444, 2972, 8812, 1710, 6317, 8718, 4194,
+ 12288, 5837, 3698, 2216, 7402, 9045, 11194, 8500, 7238, 10686,
+ 9409, 9867, 12264, 3859, 7673, 11659, 8496, 4618, 6465, 8811,
+ 9114, 10740, 7738, 11850, 4142, 2493, 11136, 9623, 3071, 11701,
+ 2925, 5043, 6151, 6221, 9642, 10846, 11145, 6315, 3741, 9123,
+ 5131, 2585, 11337, 4786, 5844, 1485, 11505, 5205, 797, 5955,
+ 3717, 1756, 1551, 1122, 5057, 2585, 10857, 5129, 3557, 1254,
+ 7750, 9688, 2462, 6415, 4345, 9460, 2957, 8793, 9210, 9242,
+ 3487, 6506, 11888, 7563, 1078, 4486, 406, 2261, 867, 11965,
+ 7979, 4533, 3654, 4747, 6636, 3166, 2114, 380, 9715, 7132,
+ 2982, 5024, 1817, 1231, 6210, 12377, 6280, 10882, 9937, 9587,
+ 633, 5668, 899, 6176, 2431, 956, 5022, 3094, 4658, 11168,
+ 2989, 2654, 11990, 10494, 1691, 3017, 10044, 11882, 4020, 5342,
+ 11911, 2426, 5748, 7592, 6340, 9214, 9357, 7169, 2109, 3210,
+ 415, 3024, 7791, 5684, 246, 5134, 11335, 10092, 3133, 10427,
+ 1502, 7739, 3272, 169, 9521, 2550, 7327, 11309, 10815, 10146,
+ 9157, 4579, 1022, 6447, 4233, 8488, 2958, 1715, 4215, 4965,
+ 5728, 551, 8942, 10845, 11881, 4472, 4331, 304, 1183, 3798,
+ 1968, 3993, 4889, 6145, 8841, 8816, 11283, 6578, 9212, 8161,
+ 7003, 11574, 7764, 1678, 4138, 10444, 11880, 7101, 1390, 4743,
+ 8320, 3026, 2338, 1203, 1562, 6502, 3103, 10770, 7608, 11097,
+ 6745, 6037, 2926, 9489, 10782, 1853, 3482, 524, 11063, 8299,
+ 11092, 6838, 7779, 4598, 11245, 7274, 8908, 3886, 4440, 8651,
+ 11949, 5344, 6954, 11015, 8333, 11347, 12677, 8716, 3514, 9892,
+ 10366, 2029, 2875, 1540, 9013, 250, 6393, 5618, 4565, 3687,
+ 8340, 6420, 3632, 5032, 9408, 9738, 961, 8653, 12315, 10459,
+ 9883, 2074, 5357, 9341, 4850, 2514, 9746, 2605, 2394, 5928,
+ 808, 10443, 1589, 5673, 9176, 6593, 3404, 12254, 4230, 3630,
+ 7958, 10065, 7471, 2432, 6626, 6517, 382, 6131, 2888, 5440,
+ 1571, 7341, 2841, 11202, 9462, 7180, 11206, 1433, 6183, 3882,
+ 2105, 9906, 8076, 7074, 10572, 7262, 8456, 2979, 1095, 6891,
+ 8025, 5914, 5380, 4300, 7363, 4989, 6788, 1043, 6836, 8710,
+ 10099, 12310, 3997, 2102, 7002, 4041, 4948, 2601, 2958, 8665,
+ 984, 10820, 1940, 541, 3377, 3533, 9357, 2049, 10721, 2732,
+ 5355, 4280, 10281, 8056, 9557, 7749, 611, 8255, 4854, 708,
+ 9199, 7033, 2582, 8343, 820, 944, 8651, 5547, 7052, 4723,
+ 8972, 5594, 5314, 1938, 2539, 8789, 10341, 12368, 7475, 6903,
+ 4436, 8346, 5391, 8336, 10864, 10397, 8517, 2078, 12127, 6612,
+ 10511, 2970, 6576, 5166, 7744, 10934, 3186, 9515, 6831, 12085,
+ 7284, 9791, 4755, 6341, 8713, 11526, 9392, 2122, 5743, 2776,
+ 9581, 11396, 7006, 1465, 11235, 10997, 5776, 10401, 2929, 11732,
+ 5847, 9512, 6068, 3934, 3730, 5813, 9195, 410, 11698, 896,
+ 6321, 1310, 3478, 11649, 10201, 6850, 3612, 3451, 3569, 3266,
+ 747, 3151, 3352, 6497, 10445, 11501, 5306, 1026, 9712, 7294,
+ 813, 8005, 5090, 2905, 7903, 8358, 6290, 7756, 3955, 9471,
+ 1858, 699, 11847, 7292, 2165, 10556, 1038, 5289, 8693, 9698,
+ 1702, 10228, 1412, 8681, 3330, 10042, 8888, 4257, 1201, 7422,
+ 7956, 10019, 3011, 5956, 2188, 2407, 1986, 3847, 4345, 7427,
+ 12091, 1763, 3885, 6731, 4172, 10828, 6129, 10972, 7878, 2189,
+ 3988, 2125, 6536, 10663, 3100, 5129, 7656, 1053, 2303, 10149,
+ 8087, 5666, 11151, 10962, 4905, 779, 10113, 5451, 1509, 9590,
+ 735, 1626, 8419, 10607, 9293, 5778, 907, 5527, 10408, 5454,
+ 2266, 7131, 6332, 2055, 10105, 1188, 9842, 2059, 4417, 10026,
+ 4339, 9779, 680, 1731, 4958, 1589, 1866, 3797, 5058, 3735,
+ 9899, 543, 9330, 2436, 10757, 9010, 1270, 12232, 1122, 2222,
+ 10945, 3733, 7454, 5251, 4185, 5118, 4331, 12022, 5900, 4767,
+ 4393, 10252, 9957, 9653, 4674, 7705, 5694, 9123, 3882, 3137,
+ 11627, 2712, 11985, 6346, 9990, 10760, 1869, 1778, 8899, 12168,
+ 5207, 7250, 1088, 1131, 11567, 4337, 8286, 11660, 7152, 8010,
+ 2286, 11335, 2984, 5740, 7114, 806, 7579, 7119, 5122, 2917,
+ 541, 7913, 10555, 3684, 4720, 3954, 517, 1526, 9712, 10854,
+ 1921, 6897, 4704, 2141, 1602, 11880, 4548, 10569, 11521, 6408,
+ 3609, 9752, 1960, 10934
+};
+
+static uint8_t rbits[] = {
+ 0x3f, 0xff, 0xaf, 0x0f, 0x6b, 0xb2, 0xb8, 0x46, 0x53, 0x44,
+ 0x95, 0x98, 0x0a, 0x85, 0x0c, 0xfc, 0xc4, 0x86, 0xcc, 0x69,
+ 0xc6, 0xd9, 0xfa, 0xee, 0x19, 0xa6, 0x34, 0x0f, 0x35, 0xc4,
+ 0xdc, 0x08
+};
+
+static uint8_t r_ref[] = {
+ 0, 3, 3, 1, 1, 1, 0, 1, 0, 3, 2, 0, 1, 1, 3, 0, 2, 1, 0, 3,
+ 2, 1, 2, 3, 3, 0, 2, 0, 1, 3, 3, 2, 3, 3, 0, 3, 0, 2, 2, 0,
+ 1, 1, 2, 0, 1, 1, 2, 1, 3, 0, 0, 3, 1, 1, 0, 0, 0, 2, 0, 1,
+ 0, 2, 3, 1, 3, 0, 3, 1, 0, 0, 2, 1, 3, 3, 1, 3, 2, 1, 0, 2,
+ 0, 0, 3, 3, 0, 1, 2, 2, 0, 1, 0, 3, 2, 2, 1, 1, 3, 0, 3, 3,
+ 2, 2, 0, 2, 1, 0, 0, 0, 3, 0, 3, 1, 2, 1, 1, 0, 3, 3, 2, 1,
+ 3, 3, 2, 2, 1, 3, 0, 0, 2, 2, 3, 1, 1, 2, 2, 2, 0, 2, 0, 2,
+ 0, 0, 1, 2, 2, 2, 3, 1, 2, 0, 3, 0, 1, 3, 2, 3, 3, 1, 1, 2,
+ 0, 0, 2, 1, 2, 2, 0, 2, 2, 2, 2, 1, 1, 3, 1, 3, 3, 1, 2, 2,
+ 3, 0, 1, 0, 0, 2, 2, 1, 3, 2, 2, 2, 3, 1, 1, 0, 0, 3, 2, 3,
+ 0, 0, 3, 3, 2, 2, 2, 2, 1, 1, 0, 1, 2, 1, 3, 2, 0, 3, 0, 2,
+ 3, 3, 3, 3, 2, 3, 3, 3, 3, 2, 1, 0, 2, 3, 2, 1, 2, 0, 3, 0,
+ 2, 2, 1, 1, 2, 1, 2, 0, 1, 2, 1, 3, 0, 0, 2, 3, 0, 3, 1, 0,
+ 2, 2, 2, 1, 2, 0, 3, 1, 0, 0, 3, 0, 2, 3, 1, 0, 2, 3, 3, 0,
+ 0, 0, 3, 0, 2, 3, 2, 0, 2, 2, 1, 0, 1, 2, 1, 3, 3, 3, 1, 2,
+ 1, 2, 3, 1, 1, 2, 2, 0, 3, 0, 3, 3, 1, 3, 3, 3, 1, 3, 0, 3,
+ 0, 0, 1, 2, 1, 0, 3, 0, 0, 2, 1, 3, 3, 3, 1, 1, 2, 3, 1, 0,
+ 1, 1, 3, 3, 0, 3, 1, 3, 1, 2, 2, 2, 1, 3, 1, 2, 1, 3, 0, 1,
+ 2, 2, 2, 3, 3, 2, 2, 3, 1, 2, 2, 1, 2, 1, 0, 0, 0, 1, 3, 2,
+ 0, 3, 1, 1, 2, 1, 3, 2, 3, 2, 0, 1, 0, 1, 3, 0, 2, 3, 1, 3,
+ 0, 1, 1, 3, 1, 1, 1, 0, 2, 3, 2, 1, 2, 0, 3, 3, 2, 0, 1, 0,
+ 3, 3, 3, 1, 2, 2, 1, 0, 3, 3, 0, 2, 3, 1, 1, 1, 3, 3, 1, 3,
+ 3, 0, 1, 0, 2, 0, 1, 1, 0, 0, 3, 2, 2, 3, 0, 2, 2, 0, 1, 1,
+ 1, 3, 1, 1, 1, 0, 1, 2, 3, 2, 2, 3, 1, 1, 3, 3, 3, 1, 2, 0,
+ 0, 0, 2, 2, 2, 3, 2, 0, 0, 1, 3, 0, 0, 0, 2, 0, 1, 0, 3, 0,
+ 3, 1, 0, 1, 1, 1, 2, 2, 2, 0, 0, 2, 2, 0, 3, 1, 0, 2, 2, 0,
+ 2, 0, 0, 1, 1, 0, 1, 2, 3, 2, 3, 2, 3, 3, 3, 0, 2, 1, 2, 2,
+ 1, 0, 1, 1, 1, 2, 1, 3, 2, 0, 3, 3, 0, 0, 1, 1, 1, 2, 2, 2,
+ 0, 1, 1, 2, 0, 2, 0, 1, 2, 0, 1, 3, 2, 2, 3, 0, 0, 1, 1, 2,
+ 3, 1, 2, 0, 3, 0, 2, 1, 0, 0, 0, 1, 1, 1, 1, 3, 0, 0, 0, 3,
+ 2, 3, 2, 1, 0, 3, 1, 1, 1, 1, 3, 0, 0, 1, 1, 1, 0, 3, 2, 2,
+ 3, 1, 1, 3, 0, 1, 1, 3, 0, 3, 2, 2, 0, 3, 1, 3, 1, 0, 0, 1,
+ 1, 0, 0, 1, 0, 3, 2, 2, 0, 1, 3, 0, 1, 3, 3, 2, 1, 3, 1, 1,
+ 3, 3, 2, 1, 1, 3, 1, 0, 2, 1, 1, 3, 3, 3, 1, 3, 1, 3, 0, 1,
+ 2, 2, 0, 3, 3, 2, 1, 1, 1, 3, 0, 2, 0, 3, 3, 1, 2, 3, 1, 3,
+ 0, 0, 0, 1, 3, 3, 0, 2, 3, 0, 1, 3, 0, 0, 3, 0, 2, 2, 3, 3,
+ 3, 3, 2, 1, 0, 3, 1, 1, 1, 2, 2, 0, 3, 2, 0, 2, 2, 3, 1, 0,
+ 3, 3, 1, 2, 3, 0, 1, 1, 0, 3, 3, 1, 1, 3, 0, 2, 1, 2, 2, 2,
+ 2, 3, 2, 3, 0, 0, 3, 1, 1, 0, 3, 2, 3, 2, 3, 3, 2, 2, 3, 1,
+ 3, 2, 1, 0, 1, 0, 2, 2, 1, 3, 1, 2, 3, 3, 1, 3, 2, 1, 3, 2,
+ 2, 3, 1, 1, 3, 3, 3, 3, 2, 0, 0, 3, 3, 3, 2, 3, 2, 0, 3, 0,
+ 3, 1, 2, 0, 3, 0, 2, 2, 2, 3, 1, 2, 2, 1, 3, 3, 0, 1, 3, 0,
+ 0, 1, 3, 2, 1, 1, 0, 1, 3, 3, 1, 1, 0, 1, 2, 2, 2, 0, 2, 3,
+ 1, 2, 1, 1, 3, 2, 3, 3, 1, 0, 1, 3, 2, 3, 2, 2, 1, 2, 3, 1,
+ 3, 2, 3, 1, 3, 3, 0, 3, 1, 1, 3, 2, 1, 2, 2, 0, 1, 1, 2, 3,
+ 1, 3, 0, 0, 3, 0, 3, 0, 1, 2, 0, 2, 2, 3, 2, 0, 0, 0, 3, 0,
+ 2, 0, 0, 2, 2, 2, 3, 1, 3, 2, 3, 2, 0, 1, 2, 1, 1, 3, 0, 3,
+ 2, 0, 2, 2, 3, 2, 1, 0, 1, 1, 0, 2, 0, 3, 2, 0, 2, 3, 1, 3,
+ 2, 2, 2, 2, 3, 1, 0, 2, 3, 3, 3, 2, 0, 0, 3, 3, 1, 2, 2, 3,
+ 0, 1, 1, 1, 3, 2, 1, 0, 0, 1, 2, 3, 3, 0, 1, 1, 1, 1, 0, 1,
+ 0, 2, 3, 3, 3, 3, 0, 2, 3, 0, 1, 0, 0, 1, 1, 3, 2, 2, 0, 0,
+ 2, 2, 1, 3
+};
+
+static chunk_t shared_secret = chunk_from_chars(
+ 0x14, 0x22, 0x06, 0xe3, 0x48, 0xf3, 0xfa, 0xfc, 0x21, 0x0d,
+ 0x5d, 0x51, 0x19, 0x7f, 0x16, 0x4e, 0xe6, 0xd3, 0x10, 0xa9,
+ 0xf5, 0xab, 0xfc, 0x96, 0x11, 0x1b, 0xc3, 0x4a, 0x89, 0xf9,
+ 0x66, 0x55
+);
+
+START_TEST(test_newhope_rec_good)
+{
+ newhope_reconciliation_t *rec;
+ chunk_t i_shared_secret, r_shared_secret;
+ uint8_t *r;
+
+ rec = newhope_reconciliation_create(n, q);
+ ck_assert(rec != NULL);
+
+ r = rec->help_reconcile(rec, r_v, rbits);
+ ck_assert(memeq(r, r_ref, n));
+
+ r_shared_secret = rec->reconcile(rec, r_v, r);
+ ck_assert(chunk_equals(r_shared_secret, shared_secret));
+
+ i_shared_secret = rec->reconcile(rec, i_v, r);
+ ck_assert(chunk_equals(i_shared_secret, shared_secret));
+
+ /* cleanup */
+ rec->destroy(rec);
+ chunk_free(&i_shared_secret);
+ chunk_free(&r_shared_secret);
+ free(r);
+}
+END_TEST
+
+Suite *newhope_reconciliation_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("newhope_reconciliation");
+
+ tc = tcase_create("rec_good");
+ tcase_add_test(tc, test_newhope_rec_good);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 58a27509b..a19b2c4c0 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index fd123a118..5cbba3920 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
index efc660bed..17309b149 100644
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -25,22 +25,22 @@
typedef struct private_ntru_ke_t private_ntru_ke_t;
/* Best bandwidth and speed, no X9.98 compatibility */
-static ntru_param_set_id_t param_sets_optimum[] = {
+static const ntru_param_set_id_t param_sets_optimum[] = {
NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1
};
/* X9.98/IEEE 1363.1 parameter sets for best speed */
-static ntru_param_set_id_t param_sets_x9_98_speed[] = {
+static const ntru_param_set_id_t param_sets_x9_98_speed[] = {
NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1
};
/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-static ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
+static const ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2
};
/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-static ntru_param_set_id_t param_sets_x9_98_balance[] = {
+static const ntru_param_set_id_t param_sets_x9_98_balance[] = {
NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1
};
@@ -61,7 +61,7 @@ struct private_ntru_ke_t {
/**
* NTRU Parameter Set
*/
- ntru_param_set_t *param_set;
+ const ntru_param_set_t *param_set;
/**
* Cryptographical strength in bits of the NTRU Parameter Set
@@ -243,7 +243,8 @@ METHOD(diffie_hellman_t, destroy, void,
ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
{
private_ntru_ke_t *this;
- ntru_param_set_id_t *param_sets, param_set_id;
+ const ntru_param_set_id_t *param_sets;
+ ntru_param_set_id_t param_set_id;
rng_t *entropy;
ntru_drbg_t *drbg;
char *parameter_set;
diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.c b/src/libstrongswan/plugins/ntru/ntru_param_set.c
index 4af1e3091..3b2716e28 100644
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.c
+++ b/src/libstrongswan/plugins/ntru/ntru_param_set.c
@@ -41,7 +41,7 @@ ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1,
/**
* NTRU encryption parameter set definitions
*/
-static ntru_param_set_t ntru_param_sets[] = {
+static const ntru_param_set_t ntru_param_sets[] = {
/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
{
@@ -340,7 +340,7 @@ static ntru_param_set_t ntru_param_sets[] = {
/**
* See header.
*/
-ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
+const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
{
int i;
@@ -358,7 +358,7 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
/**
* See header.
*/
-ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
+const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
{
int i;
diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.h b/src/libstrongswan/plugins/ntru/ntru_param_set.h
index df4e55333..3ec0f833f 100644
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.h
+++ b/src/libstrongswan/plugins/ntru/ntru_param_set.h
@@ -80,23 +80,81 @@ extern enum_name_t *ntru_param_set_id_names;
* NTRU encryption parameter set definitions
*/
struct ntru_param_set_t {
- ntru_param_set_id_t id; /* NTRU parameter set ID */
- uint8_t oid[NTRU_OID_LEN]; /* pointer to OID */
- uint8_t der_id; /* parameter-set DER id */
- uint8_t N_bits; /* no. of bits in N (i.e. in an index */
- uint16_t N; /* ring dimension */
- uint16_t sec_strength_len; /* no. of octets of security strength */
- uint16_t q; /* big modulus */
- uint8_t q_bits; /* no. of bits in q (i.e. in a coefficient */
- bool is_product_form; /* if product form used */
- uint32_t dF_r; /* no. of +1 or -1 coefficients in ring elements
- F, r */
- uint16_t dg; /* no. - 1 of +1 coefficients or
- no. of -1 coefficients in ring element g */
- uint16_t m_len_max; /* max no. of plaintext octets */
- uint16_t min_msg_rep_wt; /* min. message representative weight */
- uint8_t c_bits; /* no. bits in candidate for deriving an index */
- uint8_t m_len_len; /* no. of octets to hold mLenOctets */
+
+ /**
+ * NTRU parameter set ID
+ */
+ const ntru_param_set_id_t id;
+
+ /**
+ * pointer to OID
+ */
+ const uint8_t oid[NTRU_OID_LEN];
+
+ /**
+ * parameter-set DER id
+ */
+ const uint8_t der_id;
+
+ /**
+ * no. of bits in N (i.e. in an index
+ */
+ const uint8_t N_bits;
+
+ /**
+ * ring dimension
+ */
+ const uint16_t N;
+
+ /**
+ * no. of octets of security strength
+ */
+ const uint16_t sec_strength_len;
+
+ /**
+ * big modulus
+ */
+ const uint16_t q;
+
+ /**
+ * no. of bits in q (i.e. in a coefficient)
+ */
+ const uint8_t q_bits;
+
+ /**
+ * if product form used
+ */
+ const bool is_product_form;
+
+ /**
+ * no. of +1 or -1 coefficients in ring elements F, r
+ */
+ const uint32_t dF_r;
+
+ /**
+ * no. - 1 of +1 coefficients or no. of -1 coefficients in ring element g
+ */
+ const uint16_t dg;
+
+ /**
+ * max no. of plaintext octets
+ */
+ const uint16_t m_len_max;
+
+ /**
+ * min. message representative weight
+ */
+ const uint16_t min_msg_rep_wt;
+
+ /**
+ * no. bits in candidate for deriving an index
+ */
+ const uint8_t c_bits;
+
+ /**
+ * no. of octets to hold mLenOctets
+ */
+ const uint8_t m_len_len;
};
/**
@@ -105,7 +163,7 @@ struct ntru_param_set_t {
* @param id NTRU parameter set ID
* @return NTRU parameter set
*/
-ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
+const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
/**
* Get NTRU encryption parameter set by NTRU parameter set OID
@@ -113,6 +171,6 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
* @param oid NTRU parameter set OID
* @return NTRU parameter set
*/
-ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid);
+const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid);
#endif /** NTRU_PARAM_SET_H_ @}*/
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c
index 66be7c75b..dc6bd3167 100644
--- a/src/libstrongswan/plugins/ntru/ntru_plugin.c
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -43,13 +43,21 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_REGISTER(DH, ntru_ke_create),
PLUGIN_PROVIDE(DH, NTRU_112_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
PLUGIN_PROVIDE(DH, NTRU_128_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
PLUGIN_PROVIDE(DH, NTRU_192_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
PLUGIN_PROVIDE(DH, NTRU_256_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
- PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_SDEPEND(HASHER, HASH_SHA1)
+ PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
};
*features = f;
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
index cb11601cd..b2fca2f7f 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.c
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@@ -17,7 +17,7 @@
#include "ntru_poly.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
@@ -290,8 +290,9 @@ static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q,
/*
* Described in header.
*/
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
- uint8_t c_bits, uint16_t N, uint16_t q,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
+ chunk_t seed, uint8_t c_bits,
+ uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,
bool is_product_form)
@@ -300,9 +301,9 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
int n, num_indices, index_i = 0;
uint32_t index, limit;
uint8_t *used;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+ bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
if (!bitspender)
{
return NULL;
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
index 87c77103c..765b72bdd 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.h
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
typedef struct ntru_poly_t ntru_poly_t;
#include <library.h>
+#include <crypto/xofs/xof.h>
/**
* Implements a trinary polynomial storing the indices of non-zero coefficients
@@ -63,9 +64,9 @@ struct ntru_poly_t {
};
/**
- * Create a trits polynomial from a seed using MGF1 with a base hash function
+ * Create a trits polynomial from a seed using MGF1
*
- * @param alg hash algorithm to be used by MGF1
+ * @param alg MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
* @param N ring dimension, number of polynomial coefficients
* @param q large modulus
@@ -74,7 +75,7 @@ struct ntru_poly_t {
* @param indices_len_m number of indices for -1 coefficients
* @param is_product_form generate multiple polynomials
*/
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg, chunk_t seed,
uint8_t c_bits, uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,
diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c
index fa87fe9c3..844c8baf3 100644
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.c
+++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@@ -38,7 +38,7 @@ struct private_ntru_private_key_t {
/**
* NTRU Parameter Set
*/
- ntru_param_set_t *params;
+ const ntru_param_set_t *params;
/**
* Polynomial F which is the private key
@@ -178,7 +178,7 @@ bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt)
METHOD(ntru_private_key_t, decrypt, bool,
private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
{
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
@@ -206,9 +206,9 @@ METHOD(ntru_private_key_t, decrypt, bool,
Mtrin = (uint8_t *)t1;
M = Mtrin + this->params->N;
- /* set hash algorithm based on security strength */
- hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
- HASH_SHA256;
+ /* set MGF1 algorithm type based on security strength */
+ alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
@@ -307,7 +307,7 @@ METHOD(ntru_private_key_t, decrypt, bool,
ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
/* form mask */
- mask = ntru_trits_create(this->params->N, hash_algid, seed);
+ mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");
@@ -390,9 +390,8 @@ METHOD(ntru_private_key_t, decrypt, bool,
/* generate cr */
DBG2(DBG_LIB, "generate polynomial r");
- r_poly = ntru_poly_create_from_seed(hash_algid, seed,
- this->params->c_bits, this->params->N,
- this->params->q, this->params->dF_r,
+ r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
+ this->params->N, this->params->q, this->params->dF_r,
this->params->dF_r, this->params->is_product_form);
if (!r_poly)
{
@@ -642,13 +641,13 @@ static bool ring_inv(uint16_t *a, uint16_t N, uint16_t q, uint16_t *t,
* Described in header.
*/
ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
- ntru_param_set_t *params)
+ const ntru_param_set_t *params)
{
private_ntru_private_key_t *this;
size_t t_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask;
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
ntru_poly_t *g_poly;
chunk_t seed;
int i;
@@ -667,14 +666,8 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
);
/* set hash algorithm and seed length based on security strength */
- if (params->sec_strength_len <= 20)
- {
- hash_algid = HASH_SHA1;
- }
- else
- {
- hash_algid = HASH_SHA256;
- }
+ alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
seed =chunk_alloc(params->sec_strength_len + 8);
/* get random seed for generating trinary F as a list of indices */
@@ -685,7 +678,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
}
DBG2(DBG_LIB, "generate polynomial F");
- this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q,
params->dF_r, params->dF_r,
params->is_product_form);
@@ -729,7 +722,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
}
DBG2(DBG_LIB, "generate polynomial g");
- g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q, params->dg + 1,
params->dg, FALSE);
if (!g_poly)
@@ -775,7 +768,7 @@ ntru_private_key_t *ntru_private_key_create_from_data(ntru_drbg_t *drbg,
size_t privkey_packed_trits_len, privkey_packed_indices_len;
uint8_t *privkey_packed, tag;
uint16_t *indices, dF;
- ntru_param_set_t *params;
+ const ntru_param_set_t *params;
header_len = 2 + NTRU_OID_LEN;
diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.h b/src/libstrongswan/plugins/ntru/ntru_private_key.h
index c6f08440f..ced806d7a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.h
+++ b/src/libstrongswan/plugins/ntru/ntru_private_key.h
@@ -77,7 +77,8 @@ struct ntru_private_key_t {
* @param drbg Digital Random Bit Generator used for key generation
* @param params NTRU encryption parameter set to be used
*/
-ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, ntru_param_set_t *params);
+ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
+ const ntru_param_set_t *params);
/**
* Creates an NTRU encryption private key from encoding
diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.c b/src/libstrongswan/plugins/ntru/ntru_public_key.c
index a2ff1b2b0..36d9abf0a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.c
+++ b/src/libstrongswan/plugins/ntru/ntru_public_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@@ -37,7 +37,7 @@ struct private_ntru_public_key_t {
/**
* NTRU Parameter Set
*/
- ntru_param_set_t *params;
+ const ntru_param_set_t *params;
/**
* Polynomial h which is the public key
@@ -102,7 +102,7 @@ extern bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt);
METHOD(ntru_public_key_t, encrypt, bool,
private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
{
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t = NULL;
uint8_t b[MAX_SEC_STRENGTH_LEN];
@@ -139,8 +139,8 @@ METHOD(ntru_public_key_t, encrypt, bool,
M = Mtrin + this->params->N;
/* set hash algorithm based on security strength */
- hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
- HASH_SHA256;
+ alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
@@ -173,7 +173,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
seed.len = seed2_len;
DBG2(DBG_LIB, "generate polynomial r");
- r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits,
+ r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
this->params->N, this->params->q,
this->params->dF_r, this->params->dF_r,
this->params->is_product_form);
@@ -191,7 +191,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
seed.len = seed1_len;
/* form mask */
- mask = ntru_trits_create(this->params->N, hash_algid, seed);
+ mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");
@@ -320,7 +320,7 @@ METHOD(ntru_public_key_t, destroy, void,
* Described in header.
*/
ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg,
- ntru_param_set_t *params,
+ const ntru_param_set_t *params,
uint16_t *pubkey)
{
private_ntru_public_key_t *this;
@@ -357,7 +357,7 @@ ntru_public_key_t *ntru_public_key_create_from_data(ntru_drbg_t *drbg,
{
private_ntru_public_key_t *this;
size_t header_len, pubkey_packed_len;
- ntru_param_set_t *params;
+ const ntru_param_set_t *params;
header_len = 2 + NTRU_OID_LEN;
diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.h b/src/libstrongswan/plugins/ntru/ntru_public_key.h
index baa8eabcd..4f098f28c 100644
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.h
+++ b/src/libstrongswan/plugins/ntru/ntru_public_key.h
@@ -71,7 +71,7 @@ struct ntru_public_key_t {
* @param pubkey Coefficients of public key polynomial h
*/
ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg,
- ntru_param_set_t *params,
+ const ntru_param_set_t *params,
uint16_t *pubkey);
/**
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
index 57b3532ef..0bbbcc178 100644
--- a/src/libstrongswan/plugins/ntru/ntru_trits.c
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
#include "ntru_trits.h"
#include "ntru_convert.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
@@ -67,14 +67,15 @@ METHOD(ntru_trits_t, destroy, void,
/*
* Described in header.
*/
-ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
+ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
+ chunk_t seed)
{
private_ntru_trits_t *this;
uint8_t octet, buf[5], *trits;
size_t trits_needed;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+ bitspender = xof_bitspender_create(alg, seed, TRUE);
if (!bitspender)
{
return NULL;
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h
index 524c51bac..e489aae7a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_trits.h
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
typedef struct ntru_trits_t ntru_trits_t;
#include <library.h>
+#include <crypto/xofs/xof.h>
/**
* Implements an array of trinary elements (trits)
@@ -52,10 +53,11 @@ struct ntru_trits_t {
* Create a trits array from a seed using MGF1 with a base hash function
*
* @param size size of the trits array
- * @param alg hash algorithm to be used by MGF1
+ * @param alg MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
*/
-ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
+ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
+ chunk_t seed);
#endif /** NTRU_TRITS_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index f453f43b5..dd8a17ed7 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -449,6 +446,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 24fe623eb..22bbf6dc7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -304,7 +304,26 @@ static private_openssl_ec_private_key_t *create_empty(void)
return this;
}
-/**
+/*
+ * See header.
+ */
+private_key_t *openssl_ec_private_key_create(EVP_PKEY *key)
+{
+ private_openssl_ec_private_key_t *this;
+ EC_KEY *ec;
+
+ ec = EVP_PKEY_get1_EC_KEY(key);
+ EVP_PKEY_free(key);
+ if (!ec)
+ {
+ return NULL;
+ }
+ this = create_empty();
+ this->ec = ec;
+ return &this->public.key;
+}
+
+/*
* See header.
*/
openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type,
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index f56c95aa1..84314f671 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -21,6 +21,8 @@
#ifndef OPENSSL_EC_PRIVATE_KEY_H_
#define OPENSSL_EC_PRIVATE_KEY_H_
+#include <openssl/evp.h>
+
#include <credentials/builder.h>
#include <credentials/keys/private_key.h>
@@ -61,4 +63,12 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type,
openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
va_list args);
+/**
+ * Wrap an EVP_PKEY object of type EVP_PKEY_EC
+ *
+ * @param key EVP_PKEY_EC key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+private_key_t *openssl_ec_private_key_create(EVP_PKEY *key);
+
#endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 6bbe4af95..5ef885b16 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo,
key_size = 16;
/* FALL */
case 16:
- this->cipher = EVP_get_cipherbyname("aes-128-gcm");
+ this->cipher = EVP_aes_128_gcm();
break;
case 24:
- this->cipher = EVP_get_cipherbyname("aes-192-gcm");
+ this->cipher = EVP_aes_192_gcm();
break;
case 32:
- this->cipher = EVP_get_cipherbyname("aes-256-gcm");
+ this->cipher = EVP_aes_256_gcm();
break;
default:
free(this);
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
index 705e96c69..bbd400cac 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
@@ -23,10 +23,6 @@
#include <library.h>
#include <credentials/sets/mem_cred.h>
-#ifdef OPENSSL_IS_BORINGSSL
-#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type)
-#endif
-
typedef struct private_pkcs12_t private_pkcs12_t;
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 3e3b986df..ab73d718f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2013 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -269,6 +269,53 @@ static bool seed_rng()
return TRUE;
}
+/**
+ * Generic key loader
+ */
+static private_key_t *openssl_private_key_load(key_type_t type, va_list args)
+{
+ chunk_t blob = chunk_empty;
+ EVP_PKEY *key;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (blob.ptr)
+ {
+ key = d2i_AutoPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
+ if (key)
+ {
+ switch (EVP_PKEY_base_id(key))
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ return openssl_rsa_private_key_create(key);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ case EVP_PKEY_EC:
+ return openssl_ec_private_key_create(key);
+#endif
+ default:
+ EVP_PKEY_free(key);
+ break;
+ }
+ }
+ }
+ return NULL;
+}
+
METHOD(plugin_t, get_name, char*,
private_openssl_plugin_t *this)
{
@@ -438,16 +485,16 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
#endif
#ifndef OPENSSL_NO_SHA256
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
#endif
#ifndef OPENSSL_NO_SHA512
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
#endif
#ifndef OPENSSL_NO_MD5
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
@@ -504,6 +551,9 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
#endif
#endif /* OPENSSL_NO_ECDSA */
+ /* generic key loader */
+ PLUGIN_REGISTER(PRIVKEY, openssl_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
PLUGIN_REGISTER(RNG, openssl_rng_create),
PLUGIN_PROVIDE(RNG, RNG_STRONG),
PLUGIN_PROVIDE(RNG, RNG_WEAK),
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 485e0bbc7..54ecf2542 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -1,7 +1,7 @@
/*
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
@@ -327,7 +327,7 @@ static private_openssl_rsa_private_key_t *create_empty()
return this;
}
-/**
+/*
* See header.
*/
openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
@@ -383,7 +383,26 @@ error:
return NULL;
}
-/**
+/*
+ * See header
+ */
+private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key)
+{
+ private_openssl_rsa_private_key_t *this;
+ RSA *rsa;
+
+ rsa = EVP_PKEY_get1_RSA(key);
+ EVP_PKEY_free(key);
+ if (!rsa)
+ {
+ return NULL;
+ }
+ this = create_empty();
+ this->rsa = rsa;
+ return &this->public.key;
+}
+
+/*
* See header
*/
openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
@@ -528,7 +547,7 @@ static bool login(ENGINE *engine, chunk_t keyid)
}
#endif /* OPENSSL_NO_ENGINE */
-/**
+/*
* See header.
*/
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 60889d651..34ce4c776 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -21,6 +21,8 @@
#ifndef OPENSSL_RSA_PRIVATE_KEY_H_
#define OPENSSL_RSA_PRIVATE_KEY_H_
+#include <openssl/evp.h>
+
#include <credentials/builder.h>
#include <credentials/keys/private_key.h>
@@ -61,6 +63,14 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
va_list args);
+/**
+ * Wrap an EVP_PKEY object of type EVP_PKEY_RSA
+ *
+ * @param key EVP_PKEY_RSA key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key);
+
/**
* Connect to a RSA private key on a smartcard.
*
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index d66d5016e..d3a644f72 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool,
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index f4186e8c4..7c5c367f7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -135,6 +135,13 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj);
*/
time_t openssl_asn1_to_time(ASN1_TIME *time);
+/**
+ * Compatibility macros
+ */
+#ifdef OPENSSL_IS_BORINGSSL
+#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type)
+#endif
+
/**
* Macros to define fallback getters/setters to access keys (BIGNUM*) for types
* that were made opaque with OpenSSL 1.1.0.
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index e1cf497c8..abca5f79b 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 107ade09b..30040da39 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -16,7 +16,6 @@
#include <string.h>
#include <arpa/inet.h>
-#include <byteswap.h>
#include "padlock_sha1_hasher.h"
@@ -66,11 +65,11 @@ static void sha1(chunk_t data, uint32_t *digest)
padlock_sha1(data.len, data.ptr, (u_char*)hash);
- digest[0] = bswap_32(hash[0]);
- digest[1] = bswap_32(hash[1]);
- digest[2] = bswap_32(hash[2]);
- digest[3] = bswap_32(hash[3]);
- digest[4] = bswap_32(hash[4]);
+ digest[0] = __builtin_bswap32(hash[0]);
+ digest[1] = __builtin_bswap32(hash[1]);
+ digest[2] = __builtin_bswap32(hash[2]);
+ digest[3] = __builtin_bswap32(hash[3]);
+ digest[4] = __builtin_bswap32(hash[4]);
}
/**
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 3e6b8d0bb..8cafb9e32 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index e9c85e57f..0bddf9ccf 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index a61eb1ab2..708f5a68c 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 767b3acf2..766832d39 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -1,8 +1,8 @@
/*
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2008-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2000-2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -204,7 +204,6 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
case PRIV_KEY_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1(DBG_ASN, "PKCS#1 private key format is not version 1");
goto end;
}
break;
@@ -248,6 +247,63 @@ end:
BUILD_RSA_EXP2, exp2, BUILD_RSA_COEFF, coeff, BUILD_END);
}
+/**
+ * Check if the ASN.1 structure looks like an EC private key according to
+ * RFC 5915.
+ *
+ * ECPrivateKey :=: SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ *
+ * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
+ * paramaters MUST be included and publicKey SHOULD be.
+ */
+static bool is_ec_private_key(chunk_t blob)
+{
+ chunk_t data;
+ return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+ asn1_unwrap(&blob, &data) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(data) == 1 &&
+ asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
+ asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+}
+
+/**
+ * Check if the ASN.1 structure looks like a BLISS private key.
+ */
+static bool is_bliss_private_key(chunk_t blob)
+{
+ chunk_t data;
+ return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+ asn1_unwrap(&blob, &data) == ASN1_OID &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING;
+}
+
+/**
+ * Load a private key from an ASN.1 encoded blob trying to detect the type
+ * automatically.
+ */
+static private_key_t *parse_private_key(chunk_t blob)
+{
+ if (is_ec_private_key(blob))
+ {
+ return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+ }
+ else if (is_bliss_private_key(blob))
+ {
+ return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+ }
+ return parse_rsa_private_key(blob);
+}
+
/**
* See header.
*/
@@ -301,6 +357,14 @@ private_key_t *pkcs1_private_key_load(key_type_t type, va_list args)
}
break;
}
- return parse_rsa_private_key(blob);
+ switch (type)
+ {
+ case KEY_ANY:
+ return parse_private_key(blob);
+ case KEY_RSA:
+ return parse_rsa_private_key(blob);
+ default:
+ return NULL;
+ }
}
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index eb0903d47..ec1bdf565 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -42,6 +42,10 @@ METHOD(plugin_t, get_features, int,
private_pkcs1_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 61919e3dd..6c10c0812 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index aec4550ce..1d1016911 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2016 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2010 Martin Willi
@@ -15,6 +15,27 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
+/*
+ * Copyright (C) 2016 EDF S.A.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
#include "pkcs11_private_key.h"
@@ -112,13 +133,13 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme,
} mappings[] = {
{SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_256, {CKM_SHA256_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_384, {CKM_SHA384_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_512, {CKM_SHA512_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
{SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
@@ -495,6 +516,120 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot,
return found;
}
+/**
+ * Find the PKCS#11 lib and CKA_ID of the certificate object of a given
+ * subjectKeyIdentifier and optional slot
+ */
+static pkcs11_library_t* find_lib_and_keyid_by_skid(chunk_t keyid_chunk,
+ chunk_t *ckaid, int *slot)
+{
+ CK_OBJECT_CLASS class = CKO_CERTIFICATE;
+ CK_CERTIFICATE_TYPE type = CKC_X_509;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
+ };
+ CK_ATTRIBUTE attr[] = {
+ {CKA_VALUE, NULL, 0},
+ {CKA_ID, NULL, 0},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator, *certs;
+ identification_t *keyid;
+ pkcs11_library_t *p11, *found = NULL;
+ CK_SLOT_ID current;
+ linked_list_t *raw;
+ certificate_t *cert;
+ struct {
+ chunk_t value;
+ chunk_t ckaid;
+ } *entry;
+
+ manager = lib->get(lib, "pkcs11-manager");
+ if (!manager)
+ {
+ return NULL;
+ }
+
+ keyid = identification_create_from_encoding(ID_KEY_ID, keyid_chunk);
+ /* store result in a temporary list, avoid recursive operation */
+ raw = linked_list_create();
+
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, ¤t))
+ {
+ if (*slot != -1 && *slot != current)
+ {
+ continue;
+ }
+ rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+ ck_rv_names, rv);
+ continue;
+ }
+ certs = p11->create_object_enumerator(p11, session, tmpl, countof(tmpl),
+ attr, countof(attr));
+ while (certs->enumerate(certs, &object))
+ {
+ INIT(entry,
+ .value = chunk_clone(
+ chunk_create(attr[0].pValue, attr[0].ulValueLen)),
+ .ckaid = chunk_clone(
+ chunk_create(attr[1].pValue, attr[1].ulValueLen)),
+ );
+ raw->insert_last(raw, entry);
+ }
+ certs->destroy(certs);
+
+ while (raw->remove_first(raw, (void**)&entry) == SUCCESS)
+ {
+ if (!found)
+ {
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_X509, BUILD_BLOB_ASN1_DER,
+ entry->value, BUILD_END);
+ if (cert)
+ {
+ if (cert->has_subject(cert, keyid))
+ {
+ DBG1(DBG_CFG, "found cert with keyid '%#B' on PKCS#11 "
+ "token '%s':%d", &keyid_chunk, p11->get_name(p11),
+ current);
+ found = p11;
+ *ckaid = chunk_clone(entry->ckaid);
+ *slot = current;
+ }
+ cert->destroy(cert);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "parsing cert with CKA_ID '%#B' on PKCS#11 "
+ "token '%s':%d failed", &entry->ckaid,
+ p11->get_name(p11), current);
+ }
+ }
+ chunk_free(&entry->value);
+ chunk_free(&entry->ckaid);
+ free(entry);
+ }
+ p11->f->C_CloseSession(session);
+ if (found)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ keyid->destroy(keyid);
+ raw->destroy(raw);
+ return found;
+}
+
/**
* Find the key on the token
*/
@@ -645,7 +780,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
{
private_pkcs11_private_key_t *this;
char *module = NULL;
- chunk_t keyid = chunk_empty;
+ chunk_t keyid = chunk_empty, ckaid = chunk_empty;
int slot = -1;
CK_RV rv;
@@ -712,6 +847,10 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
this->lib = find_lib_by_keyid(keyid, &slot, CKO_CERTIFICATE);
}
if (!this->lib)
+ {
+ this->lib = find_lib_and_keyid_by_skid(keyid, &ckaid, &slot);
+ }
+ if (!this->lib)
{
DBG1(DBG_CFG, "no PKCS#11 module found having a keyid %#B", &keyid);
free(this);
@@ -738,8 +877,17 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
return NULL;
}
+ if (ckaid.ptr)
+ {
+ DBG1(DBG_CFG, "using CKA_ID '%#B' for key with keyid '%#B'",
+ &ckaid, &keyid);
+ keyid = ckaid;
+ }
+
if (!find_key(this, keyid))
{
+ DBG1(DBG_CFG, "did not find the key with %s '%#B'",
+ ckaid.ptr ? "CKA_ID" : "keyid", &keyid);
destroy(this);
return NULL;
}
@@ -751,11 +899,11 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
if (!this->pubkey)
{
DBG1(DBG_CFG, "no public key or certificate found for private key "
- "on '%s':%d", module, slot);
+ "(%s '%#B') on '%s':%d", ckaid.ptr ? "CKA_ID" : "keyid",
+ &keyid, module, slot);
destroy(this);
return NULL;
}
}
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 02b7d2902..7e81b05bc 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 5a758aa14..cbd1996f4 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 92f751a61..3d27d61f1 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c
index 4c92c412c..39d86c82a 100644
--- a/src/libstrongswan/plugins/plugin_feature.c
+++ b/src/libstrongswan/plugins/plugin_feature.c
@@ -30,6 +30,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM,
"SIGNER",
"HASHER",
"PRF",
+ "XOF",
"DH",
"RNG",
"NONCE_GEN",
@@ -87,6 +88,9 @@ uint32_t plugin_feature_hash(plugin_feature_t *feature)
case FEATURE_PRF:
data = chunk_from_thing(feature->arg.prf);
break;
+ case FEATURE_XOF:
+ data = chunk_from_thing(feature->arg.xof);
+ break;
case FEATURE_DH:
data = chunk_from_thing(feature->arg.dh_group);
break;
@@ -160,6 +164,8 @@ bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b)
return a->arg.hasher == b->arg.hasher;
case FEATURE_PRF:
return a->arg.prf == b->arg.prf;
+ case FEATURE_XOF:
+ return a->arg.xof == b->arg.xof;
case FEATURE_DH:
return a->arg.dh_group == b->arg.dh_group;
case FEATURE_RNG:
@@ -218,6 +224,7 @@ bool plugin_feature_equals(plugin_feature_t *a, plugin_feature_t *b)
case FEATURE_SIGNER:
case FEATURE_HASHER:
case FEATURE_PRF:
+ case FEATURE_XOF:
case FEATURE_DH:
case FEATURE_NONCE_GEN:
case FEATURE_RESOLVER:
@@ -305,6 +312,13 @@ char* plugin_feature_get_string(plugin_feature_t *feature)
return str;
}
break;
+ case FEATURE_XOF:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ ext_out_function_names, feature->arg.xof) > 0)
+ {
+ return str;
+ }
+ break;
case FEATURE_DH:
if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
diffie_hellman_group_names, feature->arg.dh_group) > 0)
@@ -465,6 +479,10 @@ bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature,
lib->crypto->add_prf(lib->crypto, feature->arg.prf,
name, reg->arg.reg.f);
break;
+ case FEATURE_XOF:
+ lib->crypto->add_xof(lib->crypto, feature->arg.xof,
+ name, reg->arg.reg.f);
+ break;
case FEATURE_DH:
lib->crypto->add_dh(lib->crypto, feature->arg.dh_group,
name, reg->arg.reg.f);
@@ -552,6 +570,9 @@ bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature,
case FEATURE_PRF:
lib->crypto->remove_prf(lib->crypto, reg->arg.reg.f);
break;
+ case FEATURE_XOF:
+ lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f);
+ break;
case FEATURE_DH:
lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f);
break;
diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h
index ee7808a94..8cc6277eb 100644
--- a/src/libstrongswan/plugins/plugin_feature.h
+++ b/src/libstrongswan/plugins/plugin_feature.h
@@ -110,6 +110,8 @@ struct plugin_feature_t {
FEATURE_HASHER,
/** prf_t */
FEATURE_PRF,
+ /** xof_t */
+ FEATURE_XOF,
/** diffie_hellman_t */
FEATURE_DH,
/** rng_t */
@@ -171,6 +173,8 @@ struct plugin_feature_t {
integrity_algorithm_t signer;
/** FEATURE_PRF */
pseudo_random_function_t prf;
+ /** FEATURE_XOFF */
+ ext_out_function_t xof;
/** FEATURE_HASHER */
hash_algorithm_t hasher;
/** FEATURE_DH */
@@ -278,6 +282,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_SIGNER(kind, alg) __PLUGIN_FEATURE(kind, SIGNER, .signer = alg)
#define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg)
#define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg)
+#define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg)
#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group)
#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
#define _PLUGIN_FEATURE_NONCE_GEN(kind, ...) __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL)
@@ -310,6 +315,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_REGISTER_SIGNER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index c5decc3a4..40fd6264d 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index b78e62732..edd8edaf3 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index 51f6a17a7..0fd1ad902 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index ff853b691..88bc0af77 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index e6ce51936..4ec73eff5 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index fdcb9902b..f2e3cdd83 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -403,6 +403,26 @@ static bool verify_crl(certificate_t *crl)
return verified;
}
+/**
+ * Report the given CRL's validity and cache it if valid and requested
+ */
+static bool is_crl_valid(certificate_t *crl, bool cache)
+{
+ time_t valid_until;
+
+ if (crl->get_validity(crl, NULL, NULL, &valid_until))
+ {
+ DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE);
+ if (cache)
+ {
+ lib->credmgr->cache_cert(lib->credmgr, crl);
+ }
+ return TRUE;
+ }
+ DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE);
+ return FALSE;
+}
+
/**
* Get the better of two CRLs, and check for usable CRL info
*/
@@ -411,7 +431,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
bool cache, crl_t *base)
{
enumerator_t *enumerator;
- time_t revocation, valid_until;
+ time_t revocation;
crl_reason_t reason;
chunk_t serial;
crl_t *crl = (crl_t*)cand;
@@ -447,8 +467,6 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
{
if (chunk_equals(serial, subject->get_serial(subject)))
{
- DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
- &revocation, TRUE, crl_reason_names, reason);
if (reason != CRL_REASON_CERTIFICATE_HOLD)
{
*valid = VALIDATION_REVOKED;
@@ -458,6 +476,9 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
/* if the cert is on hold, a newer CRL might not contain it */
*valid = VALIDATION_ON_HOLD;
}
+ is_crl_valid(cand, cache);
+ DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
+ &revocation, TRUE, crl_reason_names, reason);
enumerator->destroy(enumerator);
DESTROY_IF(best);
return cand;
@@ -470,18 +491,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
{
DESTROY_IF(best);
best = cand;
- if (best->get_validity(best, NULL, NULL, &valid_until))
+ if (is_crl_valid(best, cache))
{
- DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE);
*valid = VALIDATION_GOOD;
- if (cache)
- { /* we cache non-stale crls only, as a stale crls are refetched */
- lib->credmgr->cache_cert(lib->credmgr, best);
- }
}
else
{
- DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE);
*valid = VALIDATION_STALE;
}
}
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 14d3430a6..1933aa0c0 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index de341503b..3fbb08157 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/sha3/Makefile.am b/src/libstrongswan/plugins/sha3/Makefile.am
index 7ccf58ce6..a776b1de0 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.am
+++ b/src/libstrongswan/plugins/sha3/Makefile.am
@@ -11,6 +11,9 @@ plugin_LTLIBRARIES = libstrongswan-sha3.la
endif
libstrongswan_sha3_la_SOURCES = \
- sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h
+ sha3_plugin.h sha3_plugin.c \
+ sha3_hasher.c sha3_hasher.h \
+ sha3_shake.h sha3_shake.c \
+ sha3_keccak.h sha3_keccak.c
libstrongswan_sha3_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index 0d29fcb4b..9e237a933 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -137,7 +137,8 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_sha3_la_LIBADD =
-am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo
+am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo \
+ sha3_shake.lo sha3_keccak.lo
libstrongswan_sha3_la_OBJECTS = $(am_libstrongswan_sha3_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -350,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -451,7 +451,10 @@ AM_CFLAGS = \
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha3.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha3.la
libstrongswan_sha3_la_SOURCES = \
- sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h
+ sha3_plugin.h sha3_plugin.c \
+ sha3_hasher.c sha3_hasher.h \
+ sha3_shake.h sha3_shake.c \
+ sha3_keccak.h sha3_keccak.c
libstrongswan_sha3_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -544,7 +547,9 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_keccak.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_shake.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.c b/src/libstrongswan/plugins/sha3/sha3_hasher.c
index b34a02594..0fbcbb8dc 100644
--- a/src/libstrongswan/plugins/sha3/sha3_hasher.c
+++ b/src/libstrongswan/plugins/sha3/sha3_hasher.c
@@ -1,53 +1,25 @@
/*
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
- * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely,
- * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and
- * Ronny Van Keer, hereby denoted as "the implementer".
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
- * To the extent possible under law, the implementer has waived all copyright
- * and related or neighboring rights to the source code in this file.
- * http://creativecommons.org/publicdomain/zero/1.0/
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
*/
#include <string.h>
#include "sha3_hasher.h"
+#include "sha3_keccak.h"
typedef struct private_sha3_hasher_t private_sha3_hasher_t;
-#define KECCAK_STATE_SIZE 200 /* bytes */
-#define KECCAK_MAX_RATE 144 /* bytes */
-#define DELIMITED_SUFFIX 0x06
-
-static const uint64_t round_constants[] = {
- 0x0000000000000001ULL,
- 0x0000000000008082ULL,
- 0x800000000000808aULL,
- 0x8000000080008000ULL,
- 0x000000000000808bULL,
- 0x0000000080000001ULL,
- 0x8000000080008081ULL,
- 0x8000000000008009ULL,
- 0x000000000000008aULL,
- 0x0000000000000088ULL,
- 0x0000000080008009ULL,
- 0x000000008000000aULL,
- 0x000000008000808bULL,
- 0x800000000000008bULL,
- 0x8000000000008089ULL,
- 0x8000000000008003ULL,
- 0x8000000000008002ULL,
- 0x8000000000000080ULL,
- 0x000000000000800aULL,
- 0x800000008000000aULL,
- 0x8000000080008081ULL,
- 0x8000000000008080ULL,
- 0x0000000080000001ULL,
- 0x8000000080008008ULL
-};
-
/**
* Private data structure with hashing context for SHA-3
*/
@@ -64,309 +36,16 @@ struct private_sha3_hasher_t {
hash_algorithm_t algorithm;
/**
- * Internal state of 1600 bits as defined by FIPS-202
- */
- uint8_t state[KECCAK_STATE_SIZE];
-
- /**
- * Rate in bytes
+ * SHA-3 Keccak state
*/
- u_int rate;
-
- /**
- * Rate input buffer
- */
- uint8_t rate_buffer[KECCAK_MAX_RATE];
-
- /**
- * Index pointing to the current position in the rate buffer
- */
- u_int rate_index;
+ sha3_keccak_t *keccak;
};
-#if BYTE_ORDER != LITTLE_ENDIAN
-/**
- * Function to load a 64-bit value using the little-endian (LE) convention.
- * On a LE platform, this could be greatly simplified using a cast.
- */
-static uint64_t load64(const uint8_t *x)
-{
- int i;
- uint64_t u = 0;
-
- for (i = 7; i >= 0; --i)
- {
- u <<= 8;
- u |= x[i];
- }
- return u;
-}
-
-/**
- * Function to store a 64-bit value using the little-endian (LE) convention.
- * On a LE platform, this could be greatly simplified using a cast.
- */
-static void store64(uint8_t *x, uint64_t u)
-{
- u_int i;
-
- for (i = 0; i < 8; ++i)
- {
- x[i] = u;
- u >>= 8;
- }
-}
-
-/**
- * Function to XOR into a 64-bit value using the little-endian (LE) convention.
- * On a LE platform, this could be greatly simplified using a cast.
- */
-static void xor64(uint8_t *x, uint64_t u)
-{
- u_int i;
-
- for (i = 0; i < 8; ++i)
- {
- x[i] ^= u;
- u >>= 8;
- }
-}
-#endif
-
-/**
- * Some macros used by the Keccak-f[1600] permutation.
- */
-#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset)))
-
-#if BYTE_ORDER == LITTLE_ENDIAN
- #define readLane(i) (((uint64_t*)state)[i])
- #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane)
- #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane)
-#elif BYTE_ORDER == BIG_ENDIAN
- #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i))
- #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane)
- #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane)
-#endif
-
-/**
- * Function that computes the Keccak-f[1600] permutation on the given state.
- */
-static void keccak_f1600_state_permute(void *state)
-{
- int round;
-
- for (round = 0; round < 24; round++)
- {
- { /* θ step (see [Keccak Reference, Section 2.3.2]) */
-
- uint64_t C[5], D;
-
- /* Compute the parity of the columns */
- C[0] = readLane(0) ^ readLane( 5) ^ readLane(10)
- ^ readLane(15) ^ readLane(20);
- C[1] = readLane(1) ^ readLane( 6) ^ readLane(11)
- ^ readLane(16) ^ readLane(21);
- C[2] = readLane(2) ^ readLane( 7) ^ readLane(12)
- ^ readLane(17) ^ readLane(22);
- C[3] = readLane(3) ^ readLane( 8) ^ readLane(13)
- ^ readLane(18) ^ readLane(23);
- C[4] = readLane(4) ^ readLane( 9) ^ readLane(14)
- ^ readLane(19) ^ readLane(24);
-
- /* Compute and add the θ effect to the whole column */
- D = C[4] ^ ROL64(C[1], 1);
- XORLane( 0, D);
- XORLane( 5, D);
- XORLane(10, D);
- XORLane(15, D);
- XORLane(20, D);
-
- D = C[0] ^ ROL64(C[2], 1);
- XORLane( 1, D);
- XORLane( 6, D);
- XORLane(11, D);
- XORLane(16, D);
- XORLane(21, D);
-
- D = C[1] ^ ROL64(C[3], 1);
- XORLane( 2, D);
- XORLane( 7, D);
- XORLane(12, D);
- XORLane(17, D);
- XORLane(22, D);
-
- D = C[2] ^ ROL64(C[4], 1);
- XORLane( 3, D);
- XORLane( 8, D);
- XORLane(13, D);
- XORLane(18, D);
- XORLane(23, D);
-
- D = C[3] ^ ROL64(C[0], 1);
- XORLane( 4, D);
- XORLane( 9, D);
- XORLane(14, D);
- XORLane(19, D);
- XORLane(24, D);
- }
-
- { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */
-
- uint64_t t1, t2;
-
- t1 = readLane( 1);
-
- t2 = readLane(10);
- writeLane(10, ROL64(t1, 1));
-
- t1 = readLane( 7);
- writeLane( 7, ROL64(t2, 3));
-
- t2 = readLane(11);
- writeLane(11, ROL64(t1, 6));
-
- t1 = readLane(17);
- writeLane(17, ROL64(t2, 10));
-
- t2 = readLane(18);
- writeLane(18, ROL64(t1, 15));
-
- t1 = readLane( 3);
- writeLane( 3, ROL64(t2, 21));
-
- t2 = readLane( 5);
- writeLane( 5, ROL64(t1, 28));
-
- t1 = readLane(16);
- writeLane(16, ROL64(t2, 36));
-
- t2 = readLane( 8);
- writeLane( 8, ROL64(t1, 45));
-
- t1 = readLane(21);
- writeLane(21, ROL64(t2, 55));
-
- t2 = readLane(24);
- writeLane(24, ROL64(t1, 2));
-
- t1 = readLane( 4);
- writeLane( 4, ROL64(t2, 14));
-
- t2 = readLane(15);
- writeLane(15, ROL64(t1, 27));
-
- t1 = readLane(23);
- writeLane(23, ROL64(t2, 41));
-
- t2 = readLane(19);
- writeLane(19, ROL64(t1, 56));
-
- t1 = readLane(13);
- writeLane(13, ROL64(t2, 8));
-
- t2 = readLane(12);
- writeLane(12, ROL64(t1, 25));
-
- t1 = readLane( 2);
- writeLane( 2, ROL64(t2, 43));
-
- t2 = readLane(20);
- writeLane(20, ROL64(t1, 62));
-
- t1 = readLane(14);
- writeLane(14, ROL64(t2, 18));
-
- t2 = readLane(22);
- writeLane(22, ROL64(t1, 39));
-
- t1 = readLane( 9);
- writeLane( 9, ROL64(t2, 61));
-
- t2 = readLane( 6);
- writeLane( 6, ROL64(t1, 20));
-
- writeLane( 1, ROL64(t2, 44));
- }
-
- { /* χ step (see [Keccak Reference, Section 2.3.1]) */
-
- uint64_t t[5];
-
- t[0] = readLane(0);
- t[1] = readLane(1);
- t[2] = readLane(2);
- t[3] = readLane(3);
- t[4] = readLane(4);
-
- writeLane(0, t[0] ^ ((~t[1]) & t[2]));
- writeLane(1, t[1] ^ ((~t[2]) & t[3]));
- writeLane(2, t[2] ^ ((~t[3]) & t[4]));
- writeLane(3, t[3] ^ ((~t[4]) & t[0]));
- writeLane(4, t[4] ^ ((~t[0]) & t[1]));
-
- t[0] = readLane(5);
- t[1] = readLane(6);
- t[2] = readLane(7);
- t[3] = readLane(8);
- t[4] = readLane(9);
-
- writeLane(5, t[0] ^ ((~t[1]) & t[2]));
- writeLane(6, t[1] ^ ((~t[2]) & t[3]));
- writeLane(7, t[2] ^ ((~t[3]) & t[4]));
- writeLane(8, t[3] ^ ((~t[4]) & t[0]));
- writeLane(9, t[4] ^ ((~t[0]) & t[1]));
-
- t[0] = readLane(10);
- t[1] = readLane(11);
- t[2] = readLane(12);
- t[3] = readLane(13);
- t[4] = readLane(14);
-
- writeLane(10, t[0] ^ ((~t[1]) & t[2]));
- writeLane(11, t[1] ^ ((~t[2]) & t[3]));
- writeLane(12, t[2] ^ ((~t[3]) & t[4]));
- writeLane(13, t[3] ^ ((~t[4]) & t[0]));
- writeLane(14, t[4] ^ ((~t[0]) & t[1]));
-
- t[0] = readLane(15);
- t[1] = readLane(16);
- t[2] = readLane(17);
- t[3] = readLane(18);
- t[4] = readLane(19);
-
- writeLane(15, t[0] ^ ((~t[1]) & t[2]));
- writeLane(16, t[1] ^ ((~t[2]) & t[3]));
- writeLane(17, t[2] ^ ((~t[3]) & t[4]));
- writeLane(18, t[3] ^ ((~t[4]) & t[0]));
- writeLane(19, t[4] ^ ((~t[0]) & t[1]));
-
- t[0] = readLane(20);
- t[1] = readLane(21);
- t[2] = readLane(22);
- t[3] = readLane(23);
- t[4] = readLane(24);
-
- writeLane(20, t[0] ^ ((~t[1]) & t[2]));
- writeLane(21, t[1] ^ ((~t[2]) & t[3]));
- writeLane(22, t[2] ^ ((~t[3]) & t[4]));
- writeLane(23, t[3] ^ ((~t[4]) & t[0]));
- writeLane(24, t[4] ^ ((~t[0]) & t[1]));
- }
-
- { /* ι step (see [Keccak Reference, Section 2.3.5]) */
-
- XORLane(0, round_constants[round]);
- }
- }
-}
-
METHOD(hasher_t, reset, bool,
private_sha3_hasher_t *this)
{
- memset(this->state, 0x00, KECCAK_STATE_SIZE);
- this->rate_index = 0;
-
+ this->keccak->reset(this->keccak);
return TRUE;
}
@@ -388,79 +67,17 @@ METHOD(hasher_t, get_hash_size, size_t,
}
}
-static void sha3_absorb(private_sha3_hasher_t *this, chunk_t data)
-{
- uint64_t *buffer_lanes, *state_lanes;
- size_t len, rate_lanes;
- int i;
-
- buffer_lanes = (uint64_t*)this->rate_buffer;
- state_lanes = (uint64_t*)this->state;
- rate_lanes = this->rate / sizeof(uint64_t);
-
- while (data.len)
- {
- len = min(data.len, this->rate - this->rate_index);
- memcpy(this->rate_buffer + this->rate_index, data.ptr, len);
- this->rate_index += len;
- data.ptr += len;
- data.len -= len;
-
- if (this->rate_index == this->rate)
- {
- for (i = 0; i < rate_lanes; i++)
- {
- state_lanes[i] ^= buffer_lanes[i];
- }
- this->rate_index = 0;
-
- keccak_f1600_state_permute(this->state);
- }
- }
-}
-
-static void sha3_final(private_sha3_hasher_t *this)
-{
- uint64_t *buffer_lanes, *state_lanes;
- size_t rate_lanes, remainder;
- int i;
-
- /* Add the delimitedSuffix as the first bit of padding */
- this->rate_buffer[this->rate_index++] = DELIMITED_SUFFIX;
-
- buffer_lanes = (uint64_t*)this->rate_buffer;
- state_lanes = (uint64_t*)this->state;
- rate_lanes = this->rate_index / sizeof(uint64_t);
-
- remainder = this->rate_index - rate_lanes * sizeof(uint64_t);
- if (remainder)
- {
- memset(this->rate_buffer + this->rate_index, 0x00,
- sizeof(uint64_t) - remainder);
- rate_lanes++;
- }
- for (i = 0; i < rate_lanes; i++)
- {
- state_lanes[i] ^= buffer_lanes[i];
- }
-
- /* Add the second bit of padding */
- this->state[this->rate - 1] ^= 0x80;
-
- /* Switch to the squeezing phase */
- keccak_f1600_state_permute(this->state);
-}
METHOD(hasher_t, get_hash, bool,
private_sha3_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
- sha3_absorb(this, chunk);
+ this->keccak->absorb(this->keccak, chunk);
if (buffer != NULL)
{
- sha3_final(this);
- memcpy(buffer, this->state, get_hash_size(this));
- reset(this);
+ this->keccak->finalize(this->keccak);
+ this->keccak->squeeze(this->keccak, get_hash_size(this), buffer);
+ this->keccak->reset(this->keccak);
}
return TRUE;
}
@@ -470,22 +87,24 @@ METHOD(hasher_t, allocate_hash, bool,
{
chunk_t allocated_hash;
- sha3_absorb(this, chunk);
+ this->keccak->absorb(this->keccak, chunk);
if (hash != NULL)
{
- sha3_final(this);
+ this->keccak->finalize(this->keccak);
allocated_hash = chunk_alloc(get_hash_size(this));
- memcpy(allocated_hash.ptr, this->state, allocated_hash.len);
- reset(this);
+ this->keccak->squeeze(this->keccak, allocated_hash.len,
+ allocated_hash.ptr);
+ this->keccak->reset(this->keccak);
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, destroy, void,
- sha3_hasher_t *this)
+ private_sha3_hasher_t *this)
{
+ this->keccak->destroy(this->keccak);
free(this);
}
@@ -510,18 +129,22 @@ sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm)
INIT(this,
.public = {
.hasher_interface = {
- .reset = _reset,
- .get_hash_size = _get_hash_size,
- .get_hash = _get_hash,
- .allocate_hash = _allocate_hash,
- .destroy = _destroy,
+ .reset = _reset,
+ .get_hash_size = _get_hash_size,
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .destroy = _destroy,
},
},
.algorithm = algorithm,
);
- this->rate = KECCAK_STATE_SIZE - 2*get_hash_size(this);
- reset(this);
+ this->keccak = sha3_keccak_create(2*get_hash_size(this), 0x06);
+ if (!this->keccak)
+ {
+ free(this);
+ return NULL;
+ }
return &this->public;
}
diff --git a/src/libstrongswan/plugins/sha3/sha3_keccak.c b/src/libstrongswan/plugins/sha3/sha3_keccak.c
new file mode 100644
index 000000000..1be1db160
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_keccak.c
@@ -0,0 +1,498 @@
+/*
+ * Copyright (C) 2015-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely,
+ * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and
+ * Ronny Van Keer, hereby denoted as "the implementer".
+ *
+ * To the extent possible under law, the implementer has waived all copyright
+ * and related or neighboring rights to the source code in this file.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+#include <string.h>
+
+#include "sha3_keccak.h"
+
+typedef struct private_sha3_keccak_t private_sha3_keccak_t;
+
+#define KECCAK_STATE_SIZE 200 /* bytes */
+#define KECCAK_MAX_RATE 168 /* bytes */
+
+static const uint64_t round_constants[] = {
+ 0x0000000000000001ULL,
+ 0x0000000000008082ULL,
+ 0x800000000000808aULL,
+ 0x8000000080008000ULL,
+ 0x000000000000808bULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008009ULL,
+ 0x000000000000008aULL,
+ 0x0000000000000088ULL,
+ 0x0000000080008009ULL,
+ 0x000000008000000aULL,
+ 0x000000008000808bULL,
+ 0x800000000000008bULL,
+ 0x8000000000008089ULL,
+ 0x8000000000008003ULL,
+ 0x8000000000008002ULL,
+ 0x8000000000000080ULL,
+ 0x000000000000800aULL,
+ 0x800000008000000aULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008080ULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008008ULL
+};
+
+/**
+ * Private data structure with hashing context for SHA-3
+ */
+struct private_sha3_keccak_t {
+
+ /**
+ * Public interface for this hasher.
+ */
+ sha3_keccak_t public;
+
+ /**
+ * Internal state of 1600 bits as defined by FIPS-202
+ */
+ uint8_t state[KECCAK_STATE_SIZE];
+
+ /**
+ * Rate in bytes
+ */
+ u_int rate;
+
+ /**
+ * Rate input buffer
+ */
+ uint8_t rate_buffer[KECCAK_MAX_RATE];
+
+ /**
+ * Index pointing to the current position in the rate buffer
+ */
+ u_int rate_index;
+
+ /**
+ * Suffix delimiting the input message
+ */
+ uint8_t delimited_suffix;
+
+};
+
+#if BYTE_ORDER != LITTLE_ENDIAN
+/**
+ * Function to load a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static uint64_t load64(const uint8_t *x)
+{
+ int i;
+ uint64_t u = 0;
+
+ for (i = 7; i >= 0; --i)
+ {
+ u <<= 8;
+ u |= x[i];
+ }
+ return u;
+}
+
+/**
+ * Function to store a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static void store64(uint8_t *x, uint64_t u)
+{
+ u_int i;
+
+ for (i = 0; i < 8; ++i)
+ {
+ x[i] = u;
+ u >>= 8;
+ }
+}
+
+/**
+ * Function to XOR into a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static void xor64(uint8_t *x, uint64_t u)
+{
+ u_int i;
+
+ for (i = 0; i < 8; ++i)
+ {
+ x[i] ^= u;
+ u >>= 8;
+ }
+}
+#endif
+
+/**
+ * Some macros used by the Keccak-f[1600] permutation.
+ */
+#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset)))
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ #define readLane(i) (((uint64_t*)state)[i])
+ #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane)
+ #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane)
+#elif BYTE_ORDER == BIG_ENDIAN
+ #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i))
+ #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane)
+ #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane)
+#endif
+
+/**
+ * Function that computes the Keccak-f[1600] permutation on the given state.
+ */
+static void keccak_f1600_state_permute(void *state)
+{
+ int round;
+
+ for (round = 0; round < 24; round++)
+ {
+ { /* θ step (see [Keccak Reference, Section 2.3.2]) */
+
+ uint64_t C[5], D;
+
+ /* Compute the parity of the columns */
+ C[0] = readLane(0) ^ readLane( 5) ^ readLane(10)
+ ^ readLane(15) ^ readLane(20);
+ C[1] = readLane(1) ^ readLane( 6) ^ readLane(11)
+ ^ readLane(16) ^ readLane(21);
+ C[2] = readLane(2) ^ readLane( 7) ^ readLane(12)
+ ^ readLane(17) ^ readLane(22);
+ C[3] = readLane(3) ^ readLane( 8) ^ readLane(13)
+ ^ readLane(18) ^ readLane(23);
+ C[4] = readLane(4) ^ readLane( 9) ^ readLane(14)
+ ^ readLane(19) ^ readLane(24);
+
+ /* Compute and add the θ effect to the whole column */
+ D = C[4] ^ ROL64(C[1], 1);
+ XORLane( 0, D);
+ XORLane( 5, D);
+ XORLane(10, D);
+ XORLane(15, D);
+ XORLane(20, D);
+
+ D = C[0] ^ ROL64(C[2], 1);
+ XORLane( 1, D);
+ XORLane( 6, D);
+ XORLane(11, D);
+ XORLane(16, D);
+ XORLane(21, D);
+
+ D = C[1] ^ ROL64(C[3], 1);
+ XORLane( 2, D);
+ XORLane( 7, D);
+ XORLane(12, D);
+ XORLane(17, D);
+ XORLane(22, D);
+
+ D = C[2] ^ ROL64(C[4], 1);
+ XORLane( 3, D);
+ XORLane( 8, D);
+ XORLane(13, D);
+ XORLane(18, D);
+ XORLane(23, D);
+
+ D = C[3] ^ ROL64(C[0], 1);
+ XORLane( 4, D);
+ XORLane( 9, D);
+ XORLane(14, D);
+ XORLane(19, D);
+ XORLane(24, D);
+ }
+
+ { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */
+
+ uint64_t t1, t2;
+
+ t1 = readLane( 1);
+
+ t2 = readLane(10);
+ writeLane(10, ROL64(t1, 1));
+
+ t1 = readLane( 7);
+ writeLane( 7, ROL64(t2, 3));
+
+ t2 = readLane(11);
+ writeLane(11, ROL64(t1, 6));
+
+ t1 = readLane(17);
+ writeLane(17, ROL64(t2, 10));
+
+ t2 = readLane(18);
+ writeLane(18, ROL64(t1, 15));
+
+ t1 = readLane( 3);
+ writeLane( 3, ROL64(t2, 21));
+
+ t2 = readLane( 5);
+ writeLane( 5, ROL64(t1, 28));
+
+ t1 = readLane(16);
+ writeLane(16, ROL64(t2, 36));
+
+ t2 = readLane( 8);
+ writeLane( 8, ROL64(t1, 45));
+
+ t1 = readLane(21);
+ writeLane(21, ROL64(t2, 55));
+
+ t2 = readLane(24);
+ writeLane(24, ROL64(t1, 2));
+
+ t1 = readLane( 4);
+ writeLane( 4, ROL64(t2, 14));
+
+ t2 = readLane(15);
+ writeLane(15, ROL64(t1, 27));
+
+ t1 = readLane(23);
+ writeLane(23, ROL64(t2, 41));
+
+ t2 = readLane(19);
+ writeLane(19, ROL64(t1, 56));
+
+ t1 = readLane(13);
+ writeLane(13, ROL64(t2, 8));
+
+ t2 = readLane(12);
+ writeLane(12, ROL64(t1, 25));
+
+ t1 = readLane( 2);
+ writeLane( 2, ROL64(t2, 43));
+
+ t2 = readLane(20);
+ writeLane(20, ROL64(t1, 62));
+
+ t1 = readLane(14);
+ writeLane(14, ROL64(t2, 18));
+
+ t2 = readLane(22);
+ writeLane(22, ROL64(t1, 39));
+
+ t1 = readLane( 9);
+ writeLane( 9, ROL64(t2, 61));
+
+ t2 = readLane( 6);
+ writeLane( 6, ROL64(t1, 20));
+
+ writeLane( 1, ROL64(t2, 44));
+ }
+
+ { /* χ step (see [Keccak Reference, Section 2.3.1]) */
+
+ uint64_t t[5];
+
+ t[0] = readLane(0);
+ t[1] = readLane(1);
+ t[2] = readLane(2);
+ t[3] = readLane(3);
+ t[4] = readLane(4);
+
+ writeLane(0, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(1, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(2, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(3, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(4, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(5);
+ t[1] = readLane(6);
+ t[2] = readLane(7);
+ t[3] = readLane(8);
+ t[4] = readLane(9);
+
+ writeLane(5, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(6, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(7, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(8, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(9, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(10);
+ t[1] = readLane(11);
+ t[2] = readLane(12);
+ t[3] = readLane(13);
+ t[4] = readLane(14);
+
+ writeLane(10, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(11, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(12, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(13, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(14, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(15);
+ t[1] = readLane(16);
+ t[2] = readLane(17);
+ t[3] = readLane(18);
+ t[4] = readLane(19);
+
+ writeLane(15, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(16, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(17, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(18, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(19, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(20);
+ t[1] = readLane(21);
+ t[2] = readLane(22);
+ t[3] = readLane(23);
+ t[4] = readLane(24);
+
+ writeLane(20, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(21, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(22, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(23, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(24, t[4] ^ ((~t[0]) & t[1]));
+ }
+
+ { /* ι step (see [Keccak Reference, Section 2.3.5]) */
+
+ XORLane(0, round_constants[round]);
+ }
+ }
+}
+
+METHOD(sha3_keccak_t, get_rate, u_int,
+ private_sha3_keccak_t *this)
+{
+ return this->rate;
+}
+
+METHOD(sha3_keccak_t, reset, void,
+ private_sha3_keccak_t *this)
+{
+ memset(this->state, 0x00, KECCAK_STATE_SIZE);
+ this->rate_index = 0;
+}
+
+
+METHOD(sha3_keccak_t, absorb, void,
+ private_sha3_keccak_t *this, chunk_t data)
+{
+ uint64_t *buffer_lanes, *state_lanes;
+ size_t len, rate_lanes;
+ int i;
+
+ buffer_lanes = (uint64_t*)this->rate_buffer;
+ state_lanes = (uint64_t*)this->state;
+ rate_lanes = this->rate / sizeof(uint64_t);
+
+ while (data.len)
+ {
+ len = min(data.len, this->rate - this->rate_index);
+ memcpy(this->rate_buffer + this->rate_index, data.ptr, len);
+ this->rate_index += len;
+ data.ptr += len;
+ data.len -= len;
+
+ if (this->rate_index == this->rate)
+ {
+ for (i = 0; i < rate_lanes; i++)
+ {
+ state_lanes[i] ^= buffer_lanes[i];
+ }
+ this->rate_index = 0;
+
+ keccak_f1600_state_permute(this->state);
+ }
+ }
+}
+
+METHOD(sha3_keccak_t, finalize, void,
+ private_sha3_keccak_t *this)
+{
+ uint64_t *buffer_lanes, *state_lanes;
+ size_t rate_lanes, remainder;
+ int i;
+
+ /* Add the delimitedSuffix as the first bit of padding */
+ this->rate_buffer[this->rate_index++] = this->delimited_suffix;
+
+ buffer_lanes = (uint64_t*)this->rate_buffer;
+ state_lanes = (uint64_t*)this->state;
+ rate_lanes = this->rate_index / sizeof(uint64_t);
+
+ remainder = this->rate_index - rate_lanes * sizeof(uint64_t);
+ if (remainder)
+ {
+ memset(this->rate_buffer + this->rate_index, 0x00,
+ sizeof(uint64_t) - remainder);
+ rate_lanes++;
+ }
+ for (i = 0; i < rate_lanes; i++)
+ {
+ state_lanes[i] ^= buffer_lanes[i];
+ }
+
+ /* Add the second bit of padding */
+ this->state[this->rate - 1] ^= 0x80;
+
+ /* Switch to the squeezing phase */
+ keccak_f1600_state_permute(this->state);
+ this->rate_index = 0;
+}
+
+METHOD(sha3_keccak_t, squeeze, void,
+ private_sha3_keccak_t *this, size_t out_len, uint8_t *out)
+{
+ size_t index = 0, len;
+
+ while (index < out_len)
+ {
+ if (this->rate_index == this->rate)
+ {
+ keccak_f1600_state_permute(this->state);
+ this->rate_index = 0;
+ }
+ len = min(out_len - index, this->rate - this->rate_index);
+ memcpy(out, &this->state[this->rate_index], len);
+ out += len;
+ index += len;
+ this->rate_index += len;
+ }
+}
+
+METHOD(sha3_keccak_t, destroy, void,
+ private_sha3_keccak_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+sha3_keccak_t *sha3_keccak_create(u_int capacity, uint8_t delimited_suffix)
+{
+ private_sha3_keccak_t *this;
+ int rate;
+
+ rate = KECCAK_STATE_SIZE - capacity;
+
+ if (rate <= 0 || rate > KECCAK_MAX_RATE)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_rate = _get_rate,
+ .reset = _reset,
+ .absorb = _absorb,
+ .finalize = _finalize,
+ .squeeze = _squeeze,
+ .destroy = _destroy,
+ },
+ .rate = rate,
+ .delimited_suffix = delimited_suffix,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/sha3/sha3_keccak.h b/src/libstrongswan/plugins/sha3/sha3_keccak.h
new file mode 100644
index 000000000..eeea9d7fd
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_keccak.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+n */
+
+/**
+ * @defgroup sha3_keccak sha3_keccak
+ * @{ @ingroup sha3_p
+ */
+
+#ifndef SHA3_KECCAK_H_
+#define SHA3_KECCAK_H_
+
+typedef struct sha3_keccak_t sha3_keccak_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Implements the Keccak-f[1600] sponge function as defined by FIPS-202.
+ */
+struct sha3_keccak_t {
+
+ /**
+ * Get the available rate in bytes
+ *
+ * @return rate in bytes
+ */
+ u_int (*get_rate)(sha3_keccak_t *this);
+
+ /**
+ * Resets the internal Keccak state
+ */
+ void (*reset)(sha3_keccak_t *this);
+
+ /**
+ * Absorbs data into the Keccak state
+ *
+ * @param data data to be absorbed
+ */
+ void (*absorb)(sha3_keccak_t *this, chunk_t data);
+
+ /**
+ * Finalize the absorption phase and switch to the squeeze phase
+ */
+ void (*finalize)(sha3_keccak_t *this);
+
+ /**
+ * Squeeze the Keccak state to get output data
+ * Can be called multiple times
+ *
+ * @param out_len number of output bytes requested
+ * @param out output buffer, must comprise at least out_len bytes
+ */
+ void (*squeeze)(sha3_keccak_t *this, size_t out_len, uint8_t *out);
+
+ /**
+ * Destroy the sha3_keccak_t object
+ */
+ void (*destroy)(sha3_keccak_t *this);
+
+};
+
+/**
+ * Creates a new sha3_keccak_t.
+ *
+ * @param capacity required capacity to achieve a given security level
+ * @param delimited_suffix bits delimiting the input message
+ * @return sha3_keccak_t object, NULL if capacity too big
+ */
+sha3_keccak_t *sha3_keccak_create(u_int capacity, uint8_t delimited_suffix);
+
+#endif /** SHA3_KECCAK_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.c b/src/libstrongswan/plugins/sha3/sha3_plugin.c
index 28068f38e..8268e67c3 100644
--- a/src/libstrongswan/plugins/sha3/sha3_plugin.c
+++ b/src/libstrongswan/plugins/sha3/sha3_plugin.c
@@ -14,9 +14,10 @@
*/
#include "sha3_plugin.h"
+#include "sha3_hasher.h"
+#include "sha3_shake.h"
#include <library.h>
-#include "sha3_hasher.h"
typedef struct private_sha3_plugin_t private_sha3_plugin_t;
@@ -46,6 +47,9 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
+ PLUGIN_REGISTER(XOF, sha3_shake_create),
+ PLUGIN_PROVIDE(XOF, XOF_SHAKE_128),
+ PLUGIN_PROVIDE(XOF, XOF_SHAKE_256),
};
*features = f;
return countof(f);
diff --git a/src/libstrongswan/plugins/sha3/sha3_shake.c b/src/libstrongswan/plugins/sha3/sha3_shake.c
new file mode 100644
index 000000000..0f1af39f5
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_shake.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "sha3_shake.h"
+#include "sha3_keccak.h"
+
+typedef struct private_sha3_shake_t private_sha3_shake_t;
+
+
+/**
+ * Private data structure with hashing context for SHA-3
+ */
+struct private_sha3_shake_t {
+
+ /**
+ * Public interface for this hasher.
+ */
+ sha3_shake_t public;
+
+ /**
+ * XOF algorithm to be used (XOF_SHAKE_128 or XOF_SHAKE_256)
+ */
+ ext_out_function_t algorithm;
+
+ /**
+ * SHA-3 Keccak state
+ */
+ sha3_keccak_t *keccak;
+
+ /**
+ * Capacity in bytes of the SHA-3 Keccak state
+ */
+ u_int capacity;
+
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_sha3_shake_t *this)
+{
+ return this->algorithm;
+}
+
+METHOD(xof_t, get_bytes, bool,
+ private_sha3_shake_t *this, size_t out_len, uint8_t *buffer)
+{
+ this->keccak->squeeze(this->keccak, out_len, buffer);
+ return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+ private_sha3_shake_t *this, size_t out_len, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(out_len);
+ this->keccak->squeeze(this->keccak, out_len, chunk->ptr);
+ return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+ private_sha3_shake_t *this)
+{
+ return this->keccak->get_rate(this->keccak);
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+ private_sha3_shake_t *this)
+{
+ return this->capacity;
+}
+
+METHOD(xof_t, set_seed, bool,
+ private_sha3_shake_t *this, chunk_t seed)
+{
+ this->keccak->reset(this->keccak);
+ this->keccak->absorb(this->keccak, seed);
+ this->keccak->finalize(this->keccak);
+ return TRUE;
+}
+
+
+METHOD(xof_t, destroy, void,
+ private_sha3_shake_t *this)
+{
+ this->keccak->destroy(this->keccak);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm)
+{
+ private_sha3_shake_t *this;
+ u_int capacity = 0;
+
+ switch (algorithm)
+ {
+ case XOF_SHAKE_128:
+ capacity = 32;
+ break;
+ case XOF_SHAKE_256:
+ capacity = 64;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .xof_interface = {
+ .get_type = _get_type,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_seed_size = _get_seed_size,
+ .set_seed = _set_seed,
+ .destroy = _destroy,
+ },
+ },
+ .algorithm = algorithm,
+ .capacity = capacity,
+ );
+
+ this->keccak = sha3_keccak_create(capacity, 0x1f);
+ if (!this->keccak)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/sha3/sha3_shake.h b/src/libstrongswan/plugins/sha3/sha3_shake.h
new file mode 100644
index 000000000..a8643edd7
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_shake.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup sha3_shake sha3_shake
+ * @{ @ingroup sha3_p
+ */
+
+#ifndef SHA3_SHAKE_H_
+#define SHA3_SHAKE_H_
+
+typedef struct sha3_shake_t sha3_shake_t;
+
+#include <crypto/xofs/xof.h>
+
+/**
+ * Implementation of xof_t interface using the SHA-3 XOF algorithm family
+ * SHAKE128 and SHAKE256 as defined by FIPS-202.
+ */
+struct sha3_shake_t {
+
+ /**
+ * Generic xof_t interface for this Extended Output Function (XOF).
+ */
+ xof_t xof_interface;
+};
+
+/**
+ * Creates a new sha3_shake_t.
+ *
+ * @param algorithm XOF_SHAKE_128 or XOF_SHAKE_256
+ * @return sha3_shake_t object, NULL if not supported
+ */
+sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm);
+
+#endif /** SHA3_SHAKE_H_ @}*/
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 6563f8335..97ab30763 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 268730e14..4551ff766 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index d50b29565..47e2234c4 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index ab540e78e..c29b6fd1e 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -20,6 +20,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/aes_ccm.c \
test_vectors/aes_gcm.c \
test_vectors/chacha20poly1305.c \
+ test_vectors/chacha20_xof.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
test_vectors/camellia_ctr.c \
@@ -41,6 +42,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/sha2.c \
test_vectors/sha2_hmac.c \
test_vectors/sha3.c \
+ test_vectors/sha3_shake.c \
test_vectors/fips_prf.c \
test_vectors/modp.c \
test_vectors/modpsub.c \
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 6721909f0..56ae8dcab 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -143,18 +143,19 @@ am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
test_vectors/aes_ctr.lo test_vectors/aes_xcbc.lo \
test_vectors/aes_cmac.lo test_vectors/aes_ccm.lo \
test_vectors/aes_gcm.lo test_vectors/chacha20poly1305.lo \
- test_vectors/blowfish.lo test_vectors/camellia_cbc.lo \
- test_vectors/camellia_ctr.lo test_vectors/camellia_xcbc.lo \
- test_vectors/cast.lo test_vectors/des.lo test_vectors/idea.lo \
- test_vectors/null.lo test_vectors/rc2.lo test_vectors/rc5.lo \
+ test_vectors/chacha20_xof.lo test_vectors/blowfish.lo \
+ test_vectors/camellia_cbc.lo test_vectors/camellia_ctr.lo \
+ test_vectors/camellia_xcbc.lo test_vectors/cast.lo \
+ test_vectors/des.lo test_vectors/idea.lo test_vectors/null.lo \
+ test_vectors/rc2.lo test_vectors/rc5.lo \
test_vectors/serpent_cbc.lo test_vectors/twofish_cbc.lo \
test_vectors/md2.lo test_vectors/md4.lo test_vectors/md5.lo \
test_vectors/md5_hmac.lo test_vectors/sha1.lo \
test_vectors/sha1_hmac.lo test_vectors/sha2.lo \
test_vectors/sha2_hmac.lo test_vectors/sha3.lo \
- test_vectors/fips_prf.lo test_vectors/modp.lo \
- test_vectors/modpsub.lo test_vectors/ecp.lo \
- test_vectors/ecpbp.lo test_vectors/rng.lo
+ test_vectors/sha3_shake.lo test_vectors/fips_prf.lo \
+ test_vectors/modp.lo test_vectors/modpsub.lo \
+ test_vectors/ecp.lo test_vectors/ecpbp.lo test_vectors/rng.lo
libstrongswan_test_vectors_la_OBJECTS = \
$(am_libstrongswan_test_vectors_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
@@ -369,7 +370,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -403,8 +403,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -458,6 +456,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -479,6 +479,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/aes_ccm.c \
test_vectors/aes_gcm.c \
test_vectors/chacha20poly1305.c \
+ test_vectors/chacha20_xof.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
test_vectors/camellia_ctr.c \
@@ -500,6 +501,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/sha2.c \
test_vectors/sha2_hmac.c \
test_vectors/sha3.c \
+ test_vectors/sha3_shake.c \
test_vectors/fips_prf.c \
test_vectors/modp.c \
test_vectors/modpsub.c \
@@ -609,6 +611,8 @@ test_vectors/aes_gcm.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/chacha20poly1305.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
+test_vectors/chacha20_xof.lo: test_vectors/$(am__dirstamp) \
+ test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/blowfish.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/camellia_cbc.lo: test_vectors/$(am__dirstamp) \
@@ -651,6 +655,8 @@ test_vectors/sha2_hmac.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/sha3.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
+test_vectors/sha3_shake.lo: test_vectors/$(am__dirstamp) \
+ test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/fips_prf.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/modp.lo: test_vectors/$(am__dirstamp) \
@@ -688,6 +694,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/camellia_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/camellia_xcbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/cast.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/chacha20_xof.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/chacha20poly1305.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/ecp.Plo@am__quote@
@@ -710,6 +717,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2_hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3_shake.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/twofish_cbc.Plo@am__quote@
.c.o:
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index 3ff211da8..43633e3ff 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -258,6 +258,21 @@ TEST_VECTOR_PRF(sha512_hmac_p5)
TEST_VECTOR_PRF(sha512_hmac_p6)
TEST_VECTOR_PRF(fips_prf_1)
+TEST_VECTOR_XOF(shake_128_0)
+TEST_VECTOR_XOF(shake_128_32)
+TEST_VECTOR_XOF(shake_128_167)
+TEST_VECTOR_XOF(shake_128_168)
+TEST_VECTOR_XOF(shake_128_255)
+TEST_VECTOR_XOF(shake_256_0)
+TEST_VECTOR_XOF(shake_256_64)
+TEST_VECTOR_XOF(shake_256_135)
+TEST_VECTOR_XOF(shake_256_136)
+TEST_VECTOR_XOF(shake_256_255)
+TEST_VECTOR_XOF(chacha20_xof_1)
+TEST_VECTOR_XOF(chacha20_xof_2)
+TEST_VECTOR_XOF(chacha20_xof_3)
+TEST_VECTOR_XOF(chacha20_xof_4)
+
TEST_VECTOR_RNG(rng_monobit_1)
TEST_VECTOR_RNG(rng_monobit_2)
TEST_VECTOR_RNG(rng_monobit_3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c b/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c
new file mode 100644
index 000000000..2c602c6a3
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * ChaCha20 Stream Test Vector from RFC 7539, Section 2.3.2
+ */
+xof_test_vector_t chacha20_xof_1 = {
+ .alg = XOF_CHACHA20, .len = 44,
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x00\x00\x00\x09\x00\x00\x00\x4a\x00\x00\x00\x00",
+ .out_len = 64,
+ .out = "\x10\xf1\xe7\xe4\xd1\x3b\x59\x15\x50\x0f\xdd\x1f\xa3\x20\x71\xc4"
+ "\xc7\xd1\xf4\xc7\x33\xc0\x68\x03\x04\x22\xaa\x9a\xc3\xd4\x6c\x4e"
+ "\xd2\x82\x64\x46\x07\x9f\xaa\x09\x14\xc2\xd7\x05\xd9\x8b\x02\xa2"
+ "\xb5\x12\x9c\xd1\xde\x16\x4e\xb9\xcb\xd0\x83\xe8\xa2\x50\x3c\x4e"
+};
+
+/**
+ * ChaCha20 Stream Test Vector from RFC 7539, Section 2.4.2
+ */
+xof_test_vector_t chacha20_xof_2 = {
+ .alg = XOF_CHACHA20, .len = 44,
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x00\x00\x00\x00\x00\x00\x00\x4a\x00\x00\x00\x00",
+ .out_len = 114,
+ .out = "\x22\x4f\x51\xf3\x40\x1b\xd9\xe1\x2f\xde\x27\x6f\xb8\x63\x1d\xed"
+ "\x8c\x13\x1f\x82\x3d\x2c\x06\xe2\x7e\x4f\xca\xec\x9e\xf3\xcf\x78"
+ "\x8a\x3b\x0a\xa3\x72\x60\x0a\x92\xb5\x79\x74\xcd\xed\x2b\x93\x34"
+ "\x79\x4c\xba\x40\xc6\x3e\x34\xcd\xea\x21\x2c\x4c\xf0\x7d\x41\xb7"
+ "\x69\xa6\x74\x9f\x3f\x63\x0f\x41\x22\xca\xfe\x28\xec\x4d\xc4\x7e"
+ "\x26\xd4\x34\x6d\x70\xb9\x8c\x73\xf3\xe9\xc5\x3a\xc4\x0c\x59\x45"
+ "\x39\x8b\x6e\xda\x1a\x83\x2c\x89\xc1\x67\xea\xcd\x90\x1d\x7e\x2b"
+ "\xf3\x63"
+};
+
+/**
+ * ChaCha20 Stream Test Vector #2 from RFC 7539, Section A1.
+ */
+xof_test_vector_t chacha20_xof_3 = {
+ .alg = XOF_CHACHA20, .len = 44,
+ .seed = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .out_len = 64,
+ .out = "\x9f\x07\xe7\xbe\x55\x51\x38\x7a\x98\xba\x97\x7c\x73\x2d\x08\x0d"
+ "\xcb\x0f\x29\xa0\x48\xe3\x65\x69\x12\xc6\x53\x3e\x32\xee\x7a\xed"
+ "\x29\xb7\x21\x76\x9c\xe6\x4e\x43\xd5\x71\x33\xb0\x74\xd8\x39\xd5"
+ "\x31\xed\x1f\x28\x51\x0a\xfb\x45\xac\xe1\x0a\x1f\x4b\x79\x4d\x6f"
+};
+
+/**
+ * ChaCha20 Stream Test Vector #3 from RFC 7539, Section A1.
+ */
+xof_test_vector_t chacha20_xof_4 = {
+ .alg = XOF_CHACHA20, .len = 44,
+ .seed = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .out_len = 64,
+ .out = "\x3a\xeb\x52\x24\xec\xf8\x49\x92\x9b\x9d\x82\x8d\xb1\xce\xd4\xdd"
+ "\x83\x20\x25\xe8\x01\x8b\x81\x60\xb8\x22\x84\xf3\xc9\x49\xaa\x5a"
+ "\x8e\xca\x00\xbb\xb4\xa7\x3b\xda\xd1\x92\xb5\xc4\x2f\x73\xf2\xfd"
+ "\x4e\x27\x36\x44\xc8\xb3\x61\x25\xa6\x4a\xdd\xeb\x00\x6c\x13\xa0"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c
index e659f66f4..d8212f8df 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c
@@ -23,7 +23,6 @@ hasher_test_vector_t sha3_224_0 = {
.data = "",
.hash = "\x6B\x4E\x03\x42\x36\x67\xDB\xB7\x3B\x6E\x15\x45\x4F\x0E\xB1\xAB"
"\xD4\x59\x7F\x9A\x1B\x07\x8E\x3F\x5B\x5A\x6B\xC7"
-
};
hasher_test_vector_t sha3_224_1 = {
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c
new file mode 100644
index 000000000..0150d0a80
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHAKE-128 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+xof_test_vector_t shake_128_0 = {
+ .alg = XOF_SHAKE_128, .len = 0,
+ .seed = "",
+ .out_len = 512,
+ .out = "\x7F\x9C\x2B\xA4\xE8\x8F\x82\x7D\x61\x60\x45\x50\x76\x05\x85\x3E"
+ "\xD7\x3B\x80\x93\xF6\xEF\xBC\x88\xEB\x1A\x6E\xAC\xFA\x66\xEF\x26"
+ "\x3C\xB1\xEE\xA9\x88\x00\x4B\x93\x10\x3C\xFB\x0A\xEE\xFD\x2A\x68"
+ "\x6E\x01\xFA\x4A\x58\xE8\xA3\x63\x9C\xA8\xA1\xE3\xF9\xAE\x57\xE2"
+ "\x35\xB8\xCC\x87\x3C\x23\xDC\x62\xB8\xD2\x60\x16\x9A\xFA\x2F\x75"
+ "\xAB\x91\x6A\x58\xD9\x74\x91\x88\x35\xD2\x5E\x6A\x43\x50\x85\xB2"
+ "\xBA\xDF\xD6\xDF\xAA\xC3\x59\xA5\xEF\xBB\x7B\xCC\x4B\x59\xD5\x38"
+ "\xDF\x9A\x04\x30\x2E\x10\xC8\xBC\x1C\xBF\x1A\x0B\x3A\x51\x20\xEA"
+ "\x17\xCD\xA7\xCF\xAD\x76\x5F\x56\x23\x47\x4D\x36\x8C\xCC\xA8\xAF"
+ "\x00\x07\xCD\x9F\x5E\x4C\x84\x9F\x16\x7A\x58\x0B\x14\xAA\xBD\xEF"
+ "\xAE\xE7\xEE\xF4\x7C\xB0\xFC\xA9\x76\x7B\xE1\xFD\xA6\x94\x19\xDF"
+ "\xB9\x27\xE9\xDF\x07\x34\x8B\x19\x66\x91\xAB\xAE\xB5\x80\xB3\x2D"
+ "\xEF\x58\x53\x8B\x8D\x23\xF8\x77\x32\xEA\x63\xB0\x2B\x4F\xA0\xF4"
+ "\x87\x33\x60\xE2\x84\x19\x28\xCD\x60\xDD\x4C\xEE\x8C\xC0\xD4\xC9"
+ "\x22\xA9\x61\x88\xD0\x32\x67\x5C\x8A\xC8\x50\x93\x3C\x7A\xFF\x15"
+ "\x33\xB9\x4C\x83\x4A\xDB\xB6\x9C\x61\x15\xBA\xD4\x69\x2D\x86\x19"
+ "\xF9\x0B\x0C\xDF\x8A\x7B\x9C\x26\x40\x29\xAC\x18\x5B\x70\xB8\x3F"
+ "\x28\x01\xF2\xF4\xB3\xF7\x0C\x59\x3E\xA3\xAE\xEB\x61\x3A\x7F\x1B"
+ "\x1D\xE3\x3F\xD7\x50\x81\xF5\x92\x30\x5F\x2E\x45\x26\xED\xC0\x96"
+ "\x31\xB1\x09\x58\xF4\x64\xD8\x89\xF3\x1B\xA0\x10\x25\x0F\xDA\x7F"
+ "\x13\x68\xEC\x29\x67\xFC\x84\xEF\x2A\xE9\xAF\xF2\x68\xE0\xB1\x70"
+ "\x0A\xFF\xC6\x82\x0B\x52\x3A\x3D\x91\x71\x35\xF2\xDF\xF2\xEE\x06"
+ "\xBF\xE7\x2B\x31\x24\x72\x1D\x4A\x26\xC0\x4E\x53\xA7\x5E\x30\xE7"
+ "\x3A\x7A\x9C\x4A\x95\xD9\x1C\x55\xD4\x95\xE9\xF5\x1D\xD0\xB5\xE9"
+ "\xD8\x3C\x6D\x5E\x8C\xE8\x03\xAA\x62\xB8\xD6\x54\xDB\x53\xD0\x9B"
+ "\x8D\xCF\xF2\x73\xCD\xFE\xB5\x73\xFA\xD8\xBC\xD4\x55\x78\xBE\xC2"
+ "\xE7\x70\xD0\x1E\xFD\xE8\x6E\x72\x1A\x3F\x7C\x6C\xCE\x27\x5D\xAB"
+ "\xE6\xE2\x14\x3F\x1A\xF1\x8D\xA7\xEF\xDD\xC4\xC7\xB7\x0B\x5E\x34"
+ "\x5D\xB9\x3C\xC9\x36\xBE\xA3\x23\x49\x1C\xCB\x38\xA3\x88\xF5\x46"
+ "\xA9\xFF\x00\xDD\x4E\x13\x00\xB9\xB2\x15\x3D\x20\x41\xD2\x05\xB4"
+ "\x43\xE4\x1B\x45\xA6\x53\xF2\xA5\xC4\x49\x2C\x1A\xDD\x54\x45\x12"
+ "\xDD\xA2\x52\x98\x33\x46\x2B\x71\xA4\x1A\x45\xBE\x97\x29\x0B\x6F"
+};
+
+xof_test_vector_t shake_128_32 = {
+ .alg = XOF_SHAKE_128, .len = 32,
+ .seed = "\x9F\x2F\xCC\x7C\x90\xDE\x09\x0D\x6B\x87\xCD\x7E\x97\x18\xC1\xEA"
+ "\x6C\xB2\x11\x18\xFC\x2D\x5D\xE9\xF9\x7E\x5D\xB6\xAC\x1E\x9C\x10",
+ .out_len = 512,
+ .out = "\xFC\xDE\xAD\x82\xF3\x9C\xDF\xCE\xF9\x9C\x1B\xAB\xB6\x74\xA9\xA8"
+ "\xE2\x4A\xC5\x94\x64\x6C\x31\xD0\x20\xA4\xCD\x2B\xC2\x55\x4A\xFD"
+ "\x78\xC4\xE4\x13\xF7\x80\x4F\xA1\x70\x8B\x9F\x40\x00\xFD\x86\x0E"
+ "\x30\x70\xF2\xE1\xBA\x9E\xEE\x38\x05\x35\x2A\xAD\x65\x5B\x4B\x0A"
+ "\x72\x8F\x2D\x5F\xCC\x43\x24\x38\x25\xBC\x0D\xCE\x33\xCA\x71\x66"
+ "\x26\xDC\x76\xE9\x20\xD7\x25\x75\xE2\x6D\xDD\x71\x10\xD0\xF9\x91"
+ "\xA9\x12\x00\xB5\x13\xAE\xE2\x3A\xC9\xBC\x70\x43\xA1\x52\xAC\xE0"
+ "\xCD\x0B\x49\x18\x1D\x2B\xB6\xBD\x36\xE9\x3C\x0B\x62\x7A\xCA\x9C"
+ "\x6A\xB6\xC8\x5E\xD7\x0C\xE7\x62\x42\x9C\x8F\x26\x27\x08\x10\x32"
+ "\x84\xC0\xA7\x92\x13\x8F\x10\xE8\x56\x8E\xFB\x23\x99\xB3\x8A\x31"
+ "\x05\x5C\x11\x88\xBA\x59\x34\x4E\x6A\x2B\x73\xD5\xC0\x4A\xA5\x24"
+ "\x05\x66\x49\x84\x4D\x1D\xAD\xCD\x07\xD3\x5D\xF5\xD8\x51\xEB\xAF"
+ "\xFC\xA5\x70\x3B\x80\x15\x3E\xA6\x27\xB1\xBA\xDF\xB2\x88\x5F\x70"
+ "\xF7\x86\xD3\x4F\x56\x50\xFE\x73\xE3\x69\x0A\x8A\x96\x61\x00\x59"
+ "\x25\x3D\xD3\xAB\xB5\xFA\x7C\x54\xCF\x6E\x77\x69\x5D\x24\xA6\x59"
+ "\x40\x77\xEE\x4D\x36\x73\xF9\xFC\x56\xC6\x2F\xC7\xF7\x10\xCF\x87"
+ "\x20\x14\xC0\xA7\xDE\x8B\x1C\xA6\xAE\x8C\xEF\xAA\xDE\xAF\x5F\x4D"
+ "\x05\x5F\xF7\x65\xAD\x41\x87\x13\xF2\xDD\x08\xEA\xFB\x5E\x16\xEE"
+ "\xD9\xFE\x34\x4E\xE8\xD4\x38\x8F\xDC\x22\x35\x1F\x63\x83\x40\x17"
+ "\xB5\x39\xE3\xFF\x14\x3F\x39\x4B\x5B\x74\xD0\x6F\x65\xE9\x6A\x7A"
+ "\x3D\x02\x8F\xD1\x4F\x6C\x70\x01\xEB\x7A\xD2\xDC\xFC\xF4\xB2\x44"
+ "\x7A\xA1\x73\xA2\xAE\x8E\xDB\x58\x1B\x5B\xBD\x89\xE8\xA4\x68\xFE"
+ "\x0A\x38\x50\x75\x30\xB9\x79\x5D\xA3\xBC\xEC\x6D\xDE\xBC\xE9\xEB"
+ "\x31\x32\xEF\x18\xC9\xC2\xA8\xB9\x36\xA4\x31\xC8\xB1\x21\xFA\x99"
+ "\x6F\xF9\xBA\x5C\xE5\x22\x98\x6B\x67\x8A\x5E\xC9\x9A\x10\x3A\x91"
+ "\xCF\x33\x19\x6E\x08\xC8\x2D\xC6\x5E\x68\xAE\xD2\x38\xA9\x31\x6A"
+ "\x73\xE7\x1C\xF5\xA6\x7C\xE4\x40\xB9\x3B\xDB\x84\x5B\x3A\x60\x53"
+ "\x9E\xCC\xDC\xE4\x1B\xC7\x23\xEC\x9A\x14\xEE\x4E\x08\x2F\x60\xC0"
+ "\xBE\x3D\x5E\x50\xDF\xC8\xBE\x1E\x86\xA9\x7E\xCE\xE9\xD8\x8E\x2B"
+ "\xB2\xA3\xAF\xF4\x7F\xBD\x6D\x66\x75\xD8\x1E\xFE\x07\x08\x92\x6B"
+ "\x81\xAB\x31\x4A\x52\x4F\xC7\x45\x09\x01\x62\xD2\xAC\x72\x3C\x43"
+ "\x26\xE0\xF9\xE1\x6F\xBD\xBA\x2B\x1E\x99\x14\xBB\xEE\xDF\xF9\x6B"
+};
+
+xof_test_vector_t shake_128_167 = {
+ .alg = XOF_SHAKE_128, .len = 167,
+ .seed = "\x0D\x8D\x09\xAE\xD1\x9F\x10\x13\x96\x9C\xE5\xE7\xEB\x92\xF8\x3A"
+ "\x20\x9A\xE7\x6B\xE3\x1C\x75\x48\x44\xEA\x91\x16\xCE\xB3\x9A\x22"
+ "\xEB\xB6\x00\x30\x17\xBB\xCF\x26\x55\x5F\xA6\x62\x41\x85\x18\x7D"
+ "\xB8\xF0\xCB\x35\x64\xB8\xB1\xC0\x6B\xF6\x85\xD4\x7F\x32\x86\xED"
+ "\xA2\x0B\x83\x35\x8F\x59\x9D\x20\x44\xBB\xF0\x58\x3F\xAB\x8D\x78"
+ "\xF8\x54\xFE\x0A\x59\x61\x83\x23\x0C\x5E\xF8\xE5\x44\x26\x75\x0E"
+ "\xAF\x2C\xC4\xE2\x9D\x3B\xDD\x03\x7E\x73\x4D\x86\x3C\x2B\xD9\x78"
+ "\x9B\x4C\x24\x30\x96\x13\x8F\x76\x72\xC2\x32\x31\x4E\xFF\xDF\xC6"
+ "\x51\x34\x27\xE2\xDA\x76\x91\x6B\x52\x48\x93\x3B\xE3\x12\xEB\x5D"
+ "\xDE\x4C\xF7\x08\x04\xFB\x25\x8A\xC5\xFB\x82\xD5\x8D\x08\x17\x7A"
+ "\xC6\xF4\x75\x60\x17\xFF\xF5",
+ .out_len = 512,
+ .out = "\xC7\x3D\x8F\xAA\xB5\xD0\xB4\xD6\x60\xBD\x50\x82\xE4\x4C\x3C\xAC"
+ "\x97\xE6\x16\x48\xBE\x0A\x04\xB1\x16\x72\x4E\x6F\x6B\x65\x76\x84"
+ "\x67\x4B\x4B\x0E\x90\xD0\xAE\x96\xC0\x85\x3E\xBD\x83\x7B\xD8\x24"
+ "\x9A\xDB\xD3\xB6\x0A\x1A\xD1\xFC\xF8\xA6\xAB\x8E\x2F\x5A\xA7\xFF"
+ "\x19\x7A\x3D\x7D\xBE\xDE\xFB\x43\x3B\x61\x35\x36\xAE\xC4\xD6\x55"
+ "\xB7\xBC\xD7\x78\x52\x6B\xE6\x67\x84\x7A\xCD\x2E\x05\x64\xD9\x6C"
+ "\xE5\x14\x0C\x91\x35\x7F\xAD\xE0\x00\xEF\xCB\x40\x45\x7E\x1B\x6C"
+ "\xED\x41\xFA\x10\x2E\x36\xE7\x99\x79\x2D\xB0\x3E\x9A\x40\xC7\x99"
+ "\xBC\xA9\x12\x62\x94\x8E\x17\x60\x50\x65\xFB\xF6\x38\xFB\x40\xA1"
+ "\x57\xB4\x5C\xF7\x91\x1A\x75\x3D\x0D\x20\x5D\xF8\x47\x16\xA5\x71"
+ "\x12\xBE\xAB\x44\xF6\x20\x1F\xF7\x5A\xAD\xE0\xBA\xFB\xA5\x04\x74"
+ "\x5C\xFE\x23\xE4\xE6\x0E\x67\xE3\x99\x36\x22\xAE\xD7\x3A\x1D\xD6"
+ "\xA4\x65\xBD\x45\x3D\xD3\xC5\xBA\x7D\x2C\xDF\x3F\x1D\x39\x37\x6A"
+ "\x67\xC2\x3E\x55\x5F\x5A\xCF\x25\xBC\xE1\xE5\x5F\x30\x72\x52\xB9"
+ "\xAA\xC2\xC0\xA3\x9C\x88\x5C\x7E\x44\xF2\x04\xCB\x82\x1C\x0D\x37"
+ "\xA2\x2D\xE3\xA7\x1F\x3A\x19\x09\xB1\x1B\x71\x81\xC4\x2B\xE9\xB7"
+ "\x8A\xA0\xD0\xA1\x54\x44\xF3\x30\x00\x75\x54\xBC\xFC\xC0\xD8\xFD"
+ "\x87\xD6\x43\x1F\xB9\x3C\x7C\xC3\x87\x67\xA5\x5D\x30\xD3\x54\x55"
+ "\x60\xBD\x38\x0D\xB8\xC4\xC0\xED\xA9\x39\x9F\x68\xF8\x54\x64\x42"
+ "\x66\xC1\xB7\x95\x8B\x27\x0E\x75\xB7\x91\x34\xAA\x01\xE7\xDC\xF1"
+ "\xE6\xFD\xB6\xD9\xAE\x5D\x02\xCC\xE8\xCE\x8E\x48\x04\x75\xE9\x61"
+ "\x7C\xC4\x2A\x91\xC0\x8D\x9A\xF6\xE5\x10\x1B\x8A\xC5\x83\x4A\xDB"
+ "\x2C\x66\x98\x7F\x42\xA5\x80\xBB\x50\x3A\x4B\x34\xA9\xF1\x5A\xDC"
+ "\xD0\xE2\x3D\x0D\x40\x29\x47\x97\x64\x83\x1D\x06\xB5\xCA\xF3\xF1"
+ "\x4B\x91\x44\x9F\x15\xA2\x91\xF4\xAC\x25\x0B\x27\x0B\x6C\xB3\xC3"
+ "\x04\x72\x5C\x99\xE3\x26\x45\xE1\xFC\x02\xA0\xCD\xDD\x9E\x71\x79"
+ "\x11\xF2\x34\x2D\x94\x82\xF8\xE0\x97\x99\x85\xA0\x17\x0D\x72\x5D"
+ "\xAB\x4E\xA6\x6D\x44\xF6\x26\xBA\x47\x59\x25\xFA\x39\xFC\x9D\xEE"
+ "\x92\x9C\x06\xD0\x09\x41\x6C\x0A\xDC\x1D\x98\x7C\xD6\x25\xA2\x0A"
+ "\xCB\xA4\xCC\x87\xF7\x2F\x61\x08\x67\xC3\xA7\xA9\x28\xA3\xA0\x37"
+ "\x96\x76\xE8\xFE\x25\x71\x07\xAB\x2F\x5C\x03\x0B\xD2\x48\x0E\x3D"
+ "\x18\x63\x56\x2E\x1F\xD0\x79\x02\x80\x33\x3E\xD9\xD5\xDD\x5A\x5C"
+};
+
+xof_test_vector_t shake_128_168 = {
+ .alg = XOF_SHAKE_128, .len = 168,
+ .seed = "\xC3\x23\x6B\x73\xDE\xB7\x66\x2B\xF3\xF3\xDA\xA5\x8F\x13\x7B\x35"
+ "\x8B\xA6\x10\x56\x0E\xF7\x45\x57\x85\xA9\xBE\xFD\xB0\x35\xA0\x66"
+ "\xE9\x07\x04\xF9\x29\xBD\x96\x89\xCE\xF0\xCE\x3B\xDA\x5A\xCF\x44"
+ "\x80\xBC\xEB\x8D\x09\xD1\x0B\x09\x8A\xD8\x50\x0D\x9B\x60\x71\xDF"
+ "\xC3\xA1\x4A\xF6\xC7\x75\x11\xD8\x1E\x3A\xA8\x84\x49\x86\xC3\xBE"
+ "\xA6\xF4\x69\xF9\xE0\x21\x94\xC9\x28\x68\xCD\x5F\x51\x64\x62\x56"
+ "\x79\x8F\xF0\x42\x49\x54\xC1\x43\x4B\xDF\xED\x9F\xAC\xB3\x90\xB0"
+ "\x7D\x34\x2E\x99\x29\x36\xE0\xF8\x8B\xFD\x0E\x88\x4A\x0D\xDB\x67"
+ "\x9D\x05\x47\xCC\xDE\xC6\x38\x42\x85\xA4\x54\x29\xD1\x15\xAC\x7D"
+ "\x23\x5A\x71\x72\x42\x02\x1D\x1D\xC3\x56\x41\xF5\xF0\xA4\x8E\x84"
+ "\x45\xDB\xA5\x8E\x6C\xB2\xC8\xEA",
+ .out_len = 512,
+ .out = "\x4A\x05\xF2\xEF\x1A\xAD\x5F\xF4\x30\x64\x29\xEC\x0F\x19\x04\x40"
+ "\x77\xFB\x64\xBF\xE1\xDC\xC5\x0F\x74\xC3\xF0\x45\xE9\xA9\xC3\xDE"
+ "\x4A\x3B\x59\x63\xAE\xF7\x71\xB0\x49\x11\x1B\x7B\x46\x40\xE2\x0B"
+ "\x1B\xA8\x4E\xD7\xAF\xEE\x32\x55\x71\xAC\xF3\x47\xE3\x11\xF3\x3C"
+ "\x1D\x42\x1F\x21\xD6\x63\x06\x5C\x4D\xAD\xDB\xD1\x78\x5C\x5D\xAC"
+ "\x0D\x55\x4C\xED\xB1\xA4\x5A\x32\xE2\x81\x45\xE9\x8F\x49\xDE\xE2"
+ "\x85\xB3\x3D\xE1\x4C\x33\x6D\x10\x95\x0E\xCC\x30\x96\x6B\x79\xE8"
+ "\x61\x3F\xFE\xBB\x70\x2F\xCC\x00\xA1\xC4\x25\x0D\xD3\x85\xAB\xB5"
+ "\x37\xA2\x84\xE9\x10\x8D\x16\xB6\xF0\x8F\x4E\x10\x3F\x2C\x5E\x9E"
+ "\x5C\x87\x9C\xB5\x09\x55\x34\x15\x1E\x3C\x9A\x31\x6D\x06\xDC\xE5"
+ "\x3B\x7F\x01\xB4\x24\xD3\x75\xB5\x64\xFE\x68\x39\xD1\xD1\xF0\x0A"
+ "\x2E\x62\x60\x40\x60\xA9\x74\x8B\xCD\xC8\x14\x37\x37\x95\x9F\xAB"
+ "\xBC\xAE\x18\x51\x21\x3E\x6D\xC2\x8B\xEF\xDA\x48\x14\x9D\xE6\xAA"
+ "\xF4\xA6\x0D\x46\x15\xBE\xD6\x7D\x11\x79\x6F\x61\x73\xC3\xDC\xF1"
+ "\x39\x03\x7B\x31\xEE\xC9\xA8\x40\x4D\xF0\x75\x97\xBC\x26\x6D\x3C"
+ "\x7D\x9E\xB9\xA7\xCA\xBF\x74\x9F\xB4\x4E\x40\xD7\x46\xD0\xE9\xDF"
+ "\xB5\xC8\xBB\xEB\x25\xE3\xF1\x61\x2D\x03\xD3\xEB\x0C\x15\x4D\xE4"
+ "\xB2\x70\x8C\x4F\x8A\x89\x76\x2E\x17\x1F\x74\x45\x18\xAE\xC1\x34"
+ "\xA0\x2E\xEA\xF4\x9D\xB2\xE2\xC6\xC9\x91\x47\x11\x28\x8D\x6B\x0C"
+ "\xE8\x77\x86\x1D\x9B\x10\xAC\xFC\xC1\x96\x43\x73\x82\x87\xDA\x00"
+ "\x52\x82\xF3\xFC\x82\xF9\xF5\x0A\xA6\x81\xF2\xF5\x5F\xE1\x80\x9C"
+ "\x9E\x23\xA3\xA5\x9E\x51\xC2\xE8\x94\xF7\x18\x37\x2F\x9F\xA1\x56"
+ "\x4B\x47\xAB\x3F\x43\xF0\x74\x7A\x17\x83\x9E\x93\x33\x69\xB6\x77"
+ "\x80\x53\xE1\x76\x4F\x52\xC5\xF3\x19\xE3\x3C\x8B\x25\x67\x8F\x72"
+ "\x33\x2E\x33\xCC\xA9\x7C\x68\xF1\x9E\x05\x8E\x70\xC3\x14\x10\xDF"
+ "\x4D\xE7\xE0\x81\x69\xD6\x09\x6B\x7B\x4E\xA4\x82\x71\xEB\x68\x4F"
+ "\xEE\x9F\xC8\xB5\x61\xC3\xFE\xE2\xDC\xE8\x3D\x09\x2B\x14\x2B\xEC"
+ "\x14\x78\xD2\x6B\x48\xC3\xC6\xE5\x97\xA7\xB2\xE4\x40\x27\xE1\xEC"
+ "\xA2\x31\x78\xD3\xAF\xCC\x67\xBB\x53\x0A\x52\x9C\x7E\x13\x36\xE1"
+ "\xAD\xAE\x74\xEF\x0B\xE9\xCD\x61\xE9\x1C\x6A\xEA\x57\xF7\xCC\xB2"
+ "\x3B\x64\xB2\xF8\x48\x61\xCE\x15\x92\x09\xFE\xF7\xA8\x97\xA1\x6A"
+ "\x87\x1A\xA9\x9E\x63\xA5\x12\x6D\xF2\xB0\x33\x87\xE4\x2C\x3D\x18"
+};
+
+xof_test_vector_t shake_128_255 = {
+ .alg = XOF_SHAKE_128, .len = 255,
+ .seed = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .out_len = 512,
+ .out = "\x14\x23\x6E\x75\xB9\x78\x4D\xF4\xF5\x79\x35\xF9\x45\x35\x6C\xBE"
+ "\x38\x3F\xE5\x13\xED\x30\x28\x6F\x91\x06\x07\x59\xBC\xB0\xEF\x4B"
+ "\xAA\xC8\x58\xEC\xAE\x7C\x6E\x7E\xDD\x49\x8F\x01\xA0\x82\xB6\x3F"
+ "\xA5\x7D\x22\x54\x02\x31\xE2\xE2\x5C\x83\xEF\xB3\xB3\xF2\x95\x3A"
+ "\x5F\x67\x45\x02\xAB\x63\x52\x26\x44\x6B\x84\x93\x76\x43\xDC\xD5"
+ "\x78\x9E\xE7\x3F\x1D\x73\x4B\xC8\xFE\x5F\x7F\x08\x83\xAB\x10\x96"
+ "\x1B\x9A\x31\xFF\x60\xDE\xE1\x61\x59\xBC\x69\x82\xEF\xB0\x85\x45"
+ "\x98\x4B\xF7\x1F\xED\x1C\x4C\xD8\x1C\x09\x14\xB4\xC1\x9F\xCF\xEE"
+ "\xF5\x4A\xF4\xBB\xE3\x72\xF1\x8C\xFC\xD3\xA1\x86\x57\xF5\xB9\x45"
+ "\x0F\x99\xA7\x8F\x0F\xA2\xC3\xCD\xCA\x74\x61\xC4\xED\x75\x69\x53"
+ "\x68\x83\xB6\x6C\xD8\x7E\x9C\x20\x09\x62\x90\x2E\xAA\x16\xA5\x4D"
+ "\xB6\xA0\xA5\xCC\x26\xD8\x89\x03\x8C\x07\x60\x81\x0B\x5B\xB4\xF3"
+ "\x3F\x1E\x5D\x63\x9B\x6F\x9B\xC7\xCA\x62\xBA\x6F\x8C\x9F\x8D\xE7"
+ "\x70\x26\x0A\xFE\x47\xF4\xE0\xF8\x2F\x10\x21\x98\xEB\xA2\x7F\x54"
+ "\x32\x52\xAC\x8D\xDD\x83\xE1\xB8\xDB\x0A\x91\xAC\x65\x63\x3F\xD1"
+ "\x2A\x55\x0E\xBE\x96\xF9\x3A\xA6\x70\x4E\xD5\x90\x5C\x23\x4F\xA6"
+ "\xD9\x20\x39\x10\xCB\xD0\x2D\xE1\x66\xC4\xC3\x34\x8F\xB8\x1E\xF7"
+ "\xB8\x4A\xE1\x45\x5F\xE3\x18\xB5\xFD\x17\x08\x83\xF4\x9B\xA2\xF2"
+ "\x42\x89\xC4\x79\xA2\xC7\x53\x14\x06\xBA\x98\x9B\xEA\xEF\x3A\x79"
+ "\xF6\x59\x02\x86\x42\xE9\xB0\x33\xF7\xDE\xB9\xEC\xEC\x3A\x7A\x9F"
+ "\x1D\xBD\x24\x51\xFC\xB4\x7C\x81\xE2\x1E\x91\xD2\x0B\x92\x4C\x6B"
+ "\xD0\x4C\x1F\x0B\x27\x10\xD2\xE5\x70\xCD\x24\xBA\xD5\xB5\xDE\x4E"
+ "\x49\xAA\x80\xB6\xAD\xD5\x50\x7B\x4D\x2E\x51\x03\x70\xC7\xAF\xA8"
+ "\x14\xD7\xE1\xA7\xE2\x78\xE5\x3D\x7C\xCF\x49\xA0\xA8\x66\xCA\x3A"
+ "\x7B\x5B\xB7\x1E\xF3\x42\x5E\x46\x0F\xEE\xB2\x91\x49\xF2\x17\x06"
+ "\x66\x13\x69\x5F\x85\x50\x6A\x09\x46\xCF\x68\x97\x9F\x04\xAE\x07"
+ "\x3A\xF8\x02\x89\x76\xBF\x0C\x5B\xDC\x22\x12\xE8\xC3\x64\x58\x3D"
+ "\xE9\xFB\xD0\x3B\x34\xDD\xEE\x5E\xC4\xCF\xA8\xED\x8C\xE5\x92\x97"
+ "\x1D\x01\x08\xFA\xF7\x6C\x89\x40\xE2\x5E\x6C\x5F\x86\x55\x84\xC3"
+ "\x4A\x23\x3C\x14\xF0\x05\x32\x67\x3F\xDB\xE3\x88\xCC\x7E\x98\xA5"
+ "\xB8\x67\xB1\xC5\x91\x30\x7A\x90\x15\x11\x2B\x56\x7F\xF6\xB4\xF3"
+ "\x18\x11\x41\x11\xFC\x95\xE5\xBD\x7C\x9C\x60\xB7\x4C\x1F\x87\x25"
+};
+
+/**
+ * SHAKE-256 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+xof_test_vector_t shake_256_0 = {
+ .alg = XOF_SHAKE_256, .len = 0,
+ .seed = "",
+ .out_len = 512,
+ .out = "\x46\xB9\xDD\x2B\x0B\xA8\x8D\x13\x23\x3B\x3F\xEB\x74\x3E\xEB\x24"
+ "\x3F\xCD\x52\xEA\x62\xB8\x1B\x82\xB5\x0C\x27\x64\x6E\xD5\x76\x2F"
+ "\xD7\x5D\xC4\xDD\xD8\xC0\xF2\x00\xCB\x05\x01\x9D\x67\xB5\x92\xF6"
+ "\xFC\x82\x1C\x49\x47\x9A\xB4\x86\x40\x29\x2E\xAC\xB3\xB7\xC4\xBE"
+ "\x14\x1E\x96\x61\x6F\xB1\x39\x57\x69\x2C\xC7\xED\xD0\xB4\x5A\xE3"
+ "\xDC\x07\x22\x3C\x8E\x92\x93\x7B\xEF\x84\xBC\x0E\xAB\x86\x28\x53"
+ "\x34\x9E\xC7\x55\x46\xF5\x8F\xB7\xC2\x77\x5C\x38\x46\x2C\x50\x10"
+ "\xD8\x46\xC1\x85\xC1\x51\x11\xE5\x95\x52\x2A\x6B\xCD\x16\xCF\x86"
+ "\xF3\xD1\x22\x10\x9E\x3B\x1F\xDD\x94\x3B\x6A\xEC\x46\x8A\x2D\x62"
+ "\x1A\x7C\x06\xC6\xA9\x57\xC6\x2B\x54\xDA\xFC\x3B\xE8\x75\x67\xD6"
+ "\x77\x23\x13\x95\xF6\x14\x72\x93\xB6\x8C\xEA\xB7\xA9\xE0\xC5\x8D"
+ "\x86\x4E\x8E\xFD\xE4\xE1\xB9\xA4\x6C\xBE\x85\x47\x13\x67\x2F\x5C"
+ "\xAA\xAE\x31\x4E\xD9\x08\x3D\xAB\x4B\x09\x9F\x8E\x30\x0F\x01\xB8"
+ "\x65\x0F\x1F\x4B\x1D\x8F\xCF\x3F\x3C\xB5\x3F\xB8\xE9\xEB\x2E\xA2"
+ "\x03\xBD\xC9\x70\xF5\x0A\xE5\x54\x28\xA9\x1F\x7F\x53\xAC\x26\x6B"
+ "\x28\x41\x9C\x37\x78\xA1\x5F\xD2\x48\xD3\x39\xED\xE7\x85\xFB\x7F"
+ "\x5A\x1A\xAA\x96\xD3\x13\xEA\xCC\x89\x09\x36\xC1\x73\xCD\xCD\x0F"
+ "\xAB\x88\x2C\x45\x75\x5F\xEB\x3A\xED\x96\xD4\x77\xFF\x96\x39\x0B"
+ "\xF9\xA6\x6D\x13\x68\xB2\x08\xE2\x1F\x7C\x10\xD0\x4A\x3D\xBD\x4E"
+ "\x36\x06\x33\xE5\xDB\x4B\x60\x26\x01\xC1\x4C\xEA\x73\x7D\xB3\xDC"
+ "\xF7\x22\x63\x2C\xC7\x78\x51\xCB\xDD\xE2\xAA\xF0\xA3\x3A\x07\xB3"
+ "\x73\x44\x5D\xF4\x90\xCC\x8F\xC1\xE4\x16\x0F\xF1\x18\x37\x8F\x11"
+ "\xF0\x47\x7D\xE0\x55\xA8\x1A\x9E\xDA\x57\xA4\xA2\xCF\xB0\xC8\x39"
+ "\x29\xD3\x10\x91\x2F\x72\x9E\xC6\xCF\xA3\x6C\x6A\xC6\xA7\x58\x37"
+ "\x14\x30\x45\xD7\x91\xCC\x85\xEF\xF5\xB2\x19\x32\xF2\x38\x61\xBC"
+ "\xF2\x3A\x52\xB5\xDA\x67\xEA\xF7\xBA\xAE\x0F\x5F\xB1\x36\x9D\xB7"
+ "\x8F\x3A\xC4\x5F\x8C\x4A\xC5\x67\x1D\x85\x73\x5C\xDD\xDB\x09\xD2"
+ "\xB1\xE3\x4A\x1F\xC0\x66\xFF\x4A\x16\x2C\xB2\x63\xD6\x54\x12\x74"
+ "\xAE\x2F\xCC\x86\x5F\x61\x8A\xBE\x27\xC1\x24\xCD\x8B\x07\x4C\xCD"
+ "\x51\x63\x01\xB9\x18\x75\x82\x4D\x09\x95\x8F\x34\x1E\xF2\x74\xBD"
+ "\xAB\x0B\xAE\x31\x63\x39\x89\x43\x04\xE3\x58\x77\xB0\xC2\x8A\x9B"
+ "\x1F\xD1\x66\xC7\x96\xB9\xCC\x25\x8A\x06\x4A\x8F\x57\xE2\x7F\x2A"
+};
+
+xof_test_vector_t shake_256_64 = {
+ .alg = XOF_SHAKE_256, .len = 64,
+ .seed = "\xE9\x26\xAE\x8B\x0A\xF6\xE5\x31\x76\xDB\xFF\xCC\x2A\x6B\x88\xC6"
+ "\xBD\x76\x5F\x93\x9D\x3D\x17\x8A\x9B\xDE\x9E\xF3\xAA\x13\x1C\x61"
+ "\xE3\x1C\x1E\x42\xCD\xFA\xF4\xB4\xDC\xDE\x57\x9A\x37\xE1\x50\xEF"
+ "\xBE\xF5\x55\x5B\x4C\x1C\xB4\x04\x39\xD8\x35\xA7\x24\xE2\xFA\xE7",
+ .out_len = 512,
+ .out = "\x77\xB7\x49\x6E\xD0\x8C\x39\x33\xBD\x75\x98\x3C\x0C\x04\x94\xBD"
+ "\xD8\x26\x24\x93\xA4\xB5\x5D\xDC\xCC\x64\x16\x7E\x67\xEA\xC0\xF6"
+ "\xE6\x30\x7A\xCC\x15\xC3\x3F\x39\x63\x74\x4E\x26\xCA\x6C\x50\x4D"
+ "\x39\x3B\x3E\xE8\x16\x5E\x4D\x49\xEB\x3B\x6E\x64\x92\x07\x65\x30"
+ "\x48\xF8\xB8\x22\xFF\x88\x4D\xC7\x49\x37\x44\x3B\x1C\x4A\x88\x8C"
+ "\x7A\x76\x8C\x63\xD5\xB5\xD2\x9E\x74\x46\x87\x39\x23\xB9\xD7\xA5"
+ "\x6F\xA5\xD9\xE9\x07\x60\xAB\x86\xD5\x71\x8E\x34\x64\x82\x1B\x79"
+ "\xEB\x46\xD1\x69\x14\x1F\xF1\x61\x20\xBF\xB6\x50\xC7\x6D\x4B\x3E"
+ "\x5B\x3F\x6C\xE6\x1F\xEB\xDB\xE0\x9A\xED\x7F\x4C\x91\x06\x6D\x90"
+ "\x3A\xF6\xE5\x65\x31\xE8\xFF\x71\x54\x95\x08\xB6\xE4\x20\xCA\xC6"
+ "\xBE\xDF\xE0\xCB\xEA\xE6\xBC\x22\x84\x76\xBC\x8C\x00\xEA\xE4\x3D"
+ "\x40\xC8\x2C\xBD\xF6\xB4\x60\xC3\x76\xD7\xC1\x16\x48\xEB\x28\x15"
+ "\xB6\x50\x6A\xBD\x43\x39\xB2\x5D\x58\xD4\x5C\xDD\x0A\x0B\x9E\x35"
+ "\xA8\x8E\x25\x1F\xDC\x34\xD4\x81\x0D\x65\x9D\x17\x9F\x59\xEB\xD0"
+ "\x37\x17\xFD\x31\xA6\x39\x4C\xE1\x2C\xD5\x56\x90\x66\xE1\x38\x88"
+ "\x5C\xB2\xBD\xEB\xBA\x06\x36\x75\x57\xCE\x84\x9E\xB8\x69\xF3\xCA"
+ "\xC3\x88\x00\xD5\x1C\x22\xB6\x66\xAE\x27\x01\xE5\x80\x79\x63\x94"
+ "\xDF\xA0\x2F\x49\x10\xBF\x5F\x86\xAA\xB5\x39\x51\x23\x33\x64\xEA"
+ "\x20\xCD\xA3\x5A\xFB\xAB\x44\x5B\xE7\xF6\x86\x64\x38\x56\xF8\x25"
+ "\x39\x4B\xE7\xB4\xB6\xD2\xC9\x18\xD0\x15\x1F\x46\xFB\x9A\xEE\x8A"
+ "\x7B\xA2\xD7\x06\xE4\x8C\xB0\xBC\x42\x9B\x06\x42\x62\xC1\xA0\xEB"
+ "\x35\x24\xFF\x14\x63\x2F\x51\x84\x57\x5C\x15\xF6\xF4\xA3\x44\x6E"
+ "\x93\xCB\x4E\x86\xB6\xA9\x31\xBA\x26\x84\x09\xCE\x30\xB4\x59\x5F"
+ "\xD2\x05\x9A\x27\x18\x3B\x3B\xA8\xD0\xAC\xE8\xE4\x82\x86\x6D\x5C"
+ "\x7D\x5B\x03\xDB\x8D\xBD\x24\xB9\x9D\x59\xEB\x6E\xEF\xFD\x20\x9E"
+ "\x12\x45\x35\xD1\x54\xB9\x8F\x99\x91\xD8\x4F\xE1\xAA\x76\x3C\x51"
+ "\x33\xD4\x1E\xCC\x23\x39\x30\x95\x7D\xCE\xB7\x89\x6A\xF7\x0F\x73"
+ "\x5A\x2F\x5C\x1E\x79\x48\x0A\xFD\x50\x94\x3B\xC5\x01\x4B\xCF\x0A"
+ "\x73\x54\xAA\x7F\x71\x31\x63\xB5\x5A\x1E\x41\xBD\xD0\x5F\xBB\xA9"
+ "\xC1\xDB\x2C\x69\x04\x3E\xD9\xEE\xA4\xFA\x45\xC9\x90\xCC\xB4\xA8"
+ "\xDC\x41\xAF\xAB\x18\x16\x40\x18\xE5\x4C\x47\xAC\x5B\xD6\x98\x0F"
+ "\xD7\x96\xAC\xF0\xDD\xB4\x2C\x70\x42\xA4\x87\x7E\x8B\xE3\xDE\x29"
+};
+
+xof_test_vector_t shake_256_135 = {
+ .alg = XOF_SHAKE_256, .len = 135,
+ .seed = "\xB7\x71\xD5\xCE\xF5\xD1\xA4\x1A\x93\xD1\x56\x43\xD7\x18\x1D\x2A"
+ "\x2E\xF0\xA8\xE8\x4D\x91\x81\x2F\x20\xED\x21\xF1\x47\xBE\xF7\x32"
+ "\xBF\x3A\x60\xEF\x40\x67\xC3\x73\x4B\x85\xBC\x8C\xD4\x71\x78\x0F"
+ "\x10\xDC\x9E\x82\x91\xB5\x83\x39\xA6\x77\xB9\x60\x21\x8F\x71\xE7"
+ "\x93\xF2\x79\x7A\xEA\x34\x94\x06\x51\x28\x29\x06\x5D\x37\xBB\x55"
+ "\xEA\x79\x6F\xA4\xF5\x6F\xD8\x89\x6B\x49\xB2\xCD\x19\xB4\x32\x15"
+ "\xAD\x96\x7C\x71\x2B\x24\xE5\x03\x2D\x06\x52\x32\xE0\x2C\x12\x74"
+ "\x09\xD2\xED\x41\x46\xB9\xD7\x5D\x76\x3D\x52\xDB\x98\xD9\x49\xD3"
+ "\xB0\xFE\xD6\xA8\x05\x2F\xBB",
+ .out_len = 512,
+ .out = "\x6C\x60\x95\x5D\xCB\x8A\x66\x3B\x6D\xC7\xF5\xEF\x7E\x06\x9C\xA8"
+ "\xFE\x3D\xA9\x9A\x66\xDF\x65\x96\x92\x5D\x55\x7F\xED\x91\xF4\x70"
+ "\x91\x40\x7D\x6F\xDE\x32\x02\x3B\x57\xE2\xEE\x4C\x6A\xC9\x7B\x07"
+ "\x76\x24\xFA\xC2\x5F\x6E\x13\xF4\x19\x16\x96\xB4\x0A\x4D\xF7\x5F"
+ "\x61\xCD\x55\x21\xD9\x82\xC6\xD0\x9D\x83\x42\xC1\x7A\x36\x6E\xC6"
+ "\x34\x6E\x35\x28\xB2\x6C\xFF\x91\x5B\xE9\x44\x2B\x9E\xBC\xC3\x0F"
+ "\xF2\xF6\xAD\xD0\xE8\x2B\xA9\x04\xC7\x37\x00\xCC\x99\xAC\xFF\x48"
+ "\x0C\xAF\x04\x87\xCE\xE5\x4C\xBA\x37\x53\xB6\xA5\xDD\x6F\x0D\xFE"
+ "\x65\x71\xF0\x11\x5E\x87\x37\xB0\x71\x03\x10\x23\xB6\xBB\x0D\x79"
+ "\x86\x4C\x3F\x33\x16\x2E\x78\x26\x9C\xEE\x23\xFC\xE4\x7B\x91\xB4"
+ "\xFD\xF9\x1F\x98\x46\x4A\x1D\x21\xE7\x99\xD1\x7F\x76\xC1\xBB\x80"
+ "\x7D\xEE\x66\x7B\x0B\x27\x30\x54\xBE\x29\x82\x99\xBD\x12\xB7\xA8"
+ "\x0F\xB3\x54\xCE\x3E\x6D\x1A\xCF\x98\x44\x38\x79\xA5\x54\xEC\xA6"
+ "\xB9\x6D\xF0\x61\xD0\x4A\x11\x7C\x98\xAE\xEC\x1C\xDE\x1A\xFA\x9C"
+ "\xEF\x62\xDD\x68\x6D\xA9\x1B\xB2\xB1\xF1\x23\x79\xBB\xDC\x9F\xA3"
+ "\x2A\x6B\x69\x98\xB7\x7E\x8E\xB0\xB5\x05\x07\x86\x2A\xFA\x77\x99"
+ "\xD0\x18\xE2\x72\x09\x1F\x51\xCA\xDD\x81\xAD\xB5\x87\xEF\x67\xBA"
+ "\x67\x61\x8C\x45\xD1\xF3\xD5\x59\xDB\xD2\x99\xAB\xC2\x6E\xC7\x12"
+ "\xDA\x8F\xA3\x4B\xA3\x3B\xFF\x40\x0D\x1F\x0F\x8B\x63\x45\xCF\x57"
+ "\x26\x9B\x85\x85\x78\xC0\x07\x2A\x91\xA6\x3E\xF8\x5F\x9D\x37\x89"
+ "\x00\xCD\x1A\x55\xD2\xBD\x46\x30\xDB\x82\x9E\xB4\x84\xD8\x9C\xE7"
+ "\xA4\x14\xAC\xA1\x73\xC5\x25\x34\xAD\x5F\x93\x55\xE8\x0E\x39\x5E"
+ "\x79\x15\x6D\x75\x1A\x93\x0F\x7F\x8B\x5D\x9F\x4D\x5A\x2C\x9A\x75"
+ "\x37\x23\x08\x3C\x5E\x8E\xC6\xCB\x24\xD8\xEF\x93\xC8\xFE\xF2\xD1"
+ "\xBE\x4E\xCA\x22\x2C\x6E\x6C\x2A\xCF\xD6\x84\x89\x3C\xEA\x65\xCB"
+ "\xF5\xB0\x96\xB3\xD8\x66\x00\x71\x36\x12\x6A\x33\xEF\x49\x6B\xF2"
+ "\x31\x0F\x29\x3B\xFA\x4C\x93\xAB\x82\x68\x21\xE2\xB9\x32\x59\xC4"
+ "\x64\xE0\xAE\xB0\x6D\x6D\xF8\xFF\xA3\x0B\x1C\x1E\x7E\x38\x4C\x7E"
+ "\x42\x7A\x2B\xA3\xD9\x9F\xF8\xA6\x66\x38\x0C\x5C\x1B\x67\x8F\x74"
+ "\x2C\x57\xB0\xC3\xB0\x88\x49\xFD\x65\x30\x0D\xF1\x34\x99\xDD\x89"
+ "\x4E\xFC\x33\x11\x6E\x7D\x07\x74\x06\x43\x31\xFD\xD4\x07\x48\x74"
+ "\x17\xD1\x3B\xBA\x42\x85\x29\x9A\xF6\x50\xD3\x06\x5D\x95\x11\x31"
+};
+
+xof_test_vector_t shake_256_136 = {
+ .alg = XOF_SHAKE_256, .len = 136,
+ .seed = "\xB3\x2D\x95\xB0\xB9\xAA\xD2\xA8\x81\x6D\xE6\xD0\x6D\x1F\x86\x00"
+ "\x85\x05\xBD\x8C\x14\x12\x4F\x6E\x9A\x16\x3B\x5A\x2A\xDE\x55\xF8"
+ "\x35\xD0\xEC\x38\x80\xEF\x50\x70\x0D\x3B\x25\xE4\x2C\xC0\xAF\x05"
+ "\x0C\xCD\x1B\xE5\xE5\x55\xB2\x30\x87\xE0\x4D\x7B\xF9\x81\x36\x22"
+ "\x78\x0C\x73\x13\xA1\x95\x4F\x87\x40\xB6\xEE\x2D\x3F\x71\xF7\x68"
+ "\xDD\x41\x7F\x52\x04\x82\xBD\x3A\x08\xD4\xF2\x22\xB4\xEE\x9D\xBD"
+ "\x01\x54\x47\xB3\x35\x07\xDD\x50\xF3\xAB\x42\x47\xC5\xDE\x9A\x8A"
+ "\xBD\x62\xA8\xDE\xCE\xA0\x1E\x3B\x87\xC8\xB9\x27\xF5\xB0\x8B\xEB"
+ "\x37\x67\x4C\x6F\x8E\x38\x0C\x04",
+ .out_len = 512,
+ .out = "\xCC\x2E\xAA\x04\xEE\xF8\x47\x9C\xDA\xE8\x56\x6E\xB8\xFF\xA1\x10"
+ "\x0A\x40\x79\x95\xBF\x99\x9A\xE9\x7E\xDE\x52\x66\x81\xDC\x34\x90"
+ "\x61\x6F\x28\x44\x2D\x20\xDA\x92\x12\x4C\xE0\x81\x58\x8B\x81\x49"
+ "\x1A\xED\xF6\x5C\xAA\xF0\xD2\x7E\x82\xA4\xB0\xE1\xD1\xCA\xB2\x38"
+ "\x33\x32\x8F\x1B\x8D\xA4\x30\xC8\xA0\x87\x66\xA8\x63\x70\xFA\x84"
+ "\x8A\x79\xB5\x99\x8D\xB3\xCF\xFD\x05\x7B\x96\xE1\xE2\xEE\x0E\xF2"
+ "\x29\xEC\xA1\x33\xC1\x55\x48\xF9\x83\x99\x02\x04\x37\x30\xE4\x4B"
+ "\xC5\x2C\x39\xFA\xDC\x1D\xDE\xEA\xD9\x5F\x99\x39\xF2\x20\xCA\x30"
+ "\x06\x61\x54\x0D\xF7\xED\xD9\xAF\x37\x8A\x5D\x4A\x19\xB2\xB9\x3E"
+ "\x6C\x78\xF4\x9C\x35\x33\x43\xA0\xB5\xF1\x19\x13\x2B\x53\x12\xD0"
+ "\x04\x83\x1D\x01\x76\x9A\x31\x6D\x2F\x51\xBF\x64\xCC\xB2\x0A\x21"
+ "\xC2\xCF\x7A\xC8\xFB\x6F\x6E\x90\x70\x61\x26\xBD\xAE\x06\x11\xDD"
+ "\x13\x96\x2E\x8B\x53\xD6\xEA\xE2\x6C\x7B\x0D\x25\x51\xDA\xF6\x24"
+ "\x8E\x9D\x65\x81\x73\x82\xB0\x4D\x23\x39\x2D\x10\x8E\x4D\x34\x43"
+ "\xDE\x5A\xDC\x72\x73\xC7\x21\xA8\xF8\x32\x0E\xCF\xE8\x17\x7A\xC0"
+ "\x67\xCA\x8A\x50\x16\x9A\x6E\x73\x00\x0E\xBC\xDC\x1E\x4E\xE6\x33"
+ "\x9F\xC8\x67\xC3\xD7\xAE\xAB\x84\x14\x63\x98\xD7\xBA\xDE\x12\x1D"
+ "\x19\x89\xFA\x45\x73\x35\x56\x4E\x97\x57\x70\xA3\xA0\x02\x59\xCA"
+ "\x08\x70\x61\x08\x26\x1A\xA2\xD3\x4D\xE0\x0F\x8C\xAC\x7D\x45\xD3"
+ "\x5E\x5A\xA6\x3E\xA6\x9E\x1D\x1A\x2F\x7D\xAB\x39\x00\xD5\x1E\x0B"
+ "\xC6\x53\x48\xA2\x55\x54\x00\x70\x39\xA5\x2C\x3C\x30\x99\x80\xD1"
+ "\x7C\xAD\x20\xF1\x15\x63\x10\xA3\x9C\xD3\x93\x76\x0C\xFE\x58\xF6"
+ "\xF8\xAD\xE4\x21\x31\x28\x82\x80\xA3\x5E\x1D\xB8\x70\x81\x83\xB9"
+ "\x1C\xFA\xF5\x82\x7E\x96\xB0\xF7\x74\xC4\x50\x93\xB4\x17\xAF\xF9"
+ "\xDD\x64\x17\xE5\x99\x64\xA0\x1B\xD2\xA6\x12\xFF\xCF\xBA\x18\xA0"
+ "\xF1\x93\xDB\x29\x7B\x9A\x6C\xC1\xD2\x70\xD9\x7A\xAE\x8F\x8A\x3A"
+ "\x6B\x26\x69\x5A\xB6\x64\x31\xC2\x02\xE1\x39\xD6\x3D\xD3\xA2\x47"
+ "\x78\x67\x6C\xEF\xE3\xE2\x1B\x02\xEC\x4E\x8F\x5C\xFD\x66\x58\x7A"
+ "\x12\xB4\x40\x78\xFC\xD3\x9E\xEE\x44\xBB\xEF\x4A\x94\x9A\x63\xC0"
+ "\xDF\xD5\x8C\xF2\xFB\x2C\xD5\xF0\x02\xE2\xB0\x21\x92\x66\xCF\xC0"
+ "\x31\x81\x74\x86\xDE\x70\xB4\x28\x5A\x8A\x70\xF3\xD3\x8A\x61\xD3"
+ "\x15\x5D\x99\xAA\xF4\xC2\x53\x90\xD7\x36\x45\xAB\x3E\x8D\x80\xF0"
+};
+
+xof_test_vector_t shake_256_255 = {
+ .alg = XOF_SHAKE_256, .len = 255,
+ .seed = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .out_len = 512,
+ .out = "\x8A\x51\x99\xB4\xA7\xE1\x33\xE2\x64\xA8\x62\x02\x72\x06\x55\x89"
+ "\x4D\x48\xCF\xF3\x44\xA9\x28\xCF\x83\x47\xF4\x83\x79\xCE\xF3\x47"
+ "\xDF\xC5\xBC\xFF\xAB\x99\xB2\x7B\x1F\x89\xAA\x27\x35\xE2\x3D\x30"
+ "\x08\x8F\xFA\x03\xB9\xED\xB0\x2B\x96\x35\x47\x0A\xB9\xF1\x03\x89"
+ "\x85\xD5\x5F\x9C\xA7\x74\x57\x2D\xD0\x06\x47\x0E\xA6\x51\x45\x46"
+ "\x96\x09\xF9\xFA\x08\x31\xBF\x1F\xFD\x84\x2D\xC2\x4A\xCA\xDE\x27"
+ "\xBD\x98\x16\xE3\xB5\xBF\x28\x76\xCB\x11\x22\x32\xA0\xEB\x44\x75"
+ "\xF1\xDF\xF9\xF5\xC7\x13\xD9\xFF\xD4\xCC\xB8\x9A\xE5\x60\x7F\xE3"
+ "\x57\x31\xDF\x06\x31\x79\x49\xEE\xF6\x46\xE9\x59\x1C\xF3\xBE\x53"
+ "\xAD\xD6\xB7\xDD\x2B\x60\x96\xE2\xB3\xFB\x06\xE6\x62\xEC\x8B\x2D"
+ "\x77\x42\x2D\xAA\xD9\x46\x3C\xD1\x55\x20\x4A\xCD\xBD\x38\xE3\x19"
+ "\x61\x3F\x39\xF9\x9B\x6D\xFB\x35\xCA\x93\x65\x16\x00\x66\xDB\x19"
+ "\x83\x58\x88\xC2\x24\x1F\xF9\xA7\x31\xA4\xAC\xBB\x56\x63\x72\x7A"
+ "\xAC\x34\xA4\x01\x24\x7F\xBA\xA7\x49\x9E\x7D\x5E\xE5\xB6\x9D\x31"
+ "\x02\x5E\x63\xD0\x4C\x35\xC7\x98\xBC\xA1\x26\x2D\x56\x73\xA9\xCF"
+ "\x09\x30\xB5\xAD\x89\xBD\x48\x55\x99\xDC\x18\x45\x28\xDA\x47\x90"
+ "\xF0\x88\xEB\xD1\x70\xB6\x35\xD9\x58\x16\x32\xD2\xFF\x90\xDB\x79"
+ "\x66\x5C\xED\x43\x00\x89\xAF\x13\xC9\xF2\x1F\x6D\x44\x3A\x81\x80"
+ "\x64\xF1\x7A\xEC\x9E\x9C\x54\x57\x00\x1F\xA8\xDC\x6A\xFB\xAD\xBE"
+ "\x31\x38\xF3\x88\xD8\x9D\x0E\x6F\x22\xF6\x66\x71\x25\x5B\x21\x07"
+ "\x54\xED\x63\xD8\x1D\xCE\x75\xCE\x8F\x18\x9B\x53\x4E\x6D\x6B\x35"
+ "\x39\xAA\x51\xE8\x37\xC4\x2D\xF9\xDF\x59\xC7\x1E\x61\x71\xCD\x49"
+ "\x02\xFE\x1B\xDC\x73\xFB\x17\x75\xB5\xC7\x54\xA1\xED\x4E\xA7\xF3"
+ "\x10\x5F\xC5\x43\xEE\x04\x18\xDA\xD2\x56\xF3\xF6\x11\x8E\xA7\x71"
+ "\x14\xA1\x6C\x15\x35\x5B\x42\x87\x7A\x1D\xB2\xA7\xDF\x0E\x15\x5A"
+ "\xE1\xD8\x67\x0A\xBC\xEC\x34\x50\xF4\xE2\xEE\xC9\x83\x8F\x89\x54"
+ "\x23\xEF\x63\xD2\x61\x13\x8B\xAA\xF5\xD9\xF1\x04\xCB\x5A\x95\x7A"
+ "\xEA\x06\xC0\xB9\xB8\xC7\x8B\x0D\x44\x17\x96\xDC\x03\x50\xDD\xEA"
+ "\xBB\x78\xA3\x3B\x6F\x1F\x9E\x68\xED\xE3\xD1\x80\x5C\x7B\x7E\x2C"
+ "\xFD\x54\xE0\xFA\xD6\x2F\x0D\x8C\xA6\x7A\x77\x5D\xC4\x54\x6A\xF9"
+ "\x09\x6F\x2E\xDB\x22\x1D\xB4\x28\x43\xD6\x53\x27\x86\x12\x82\xDC"
+ "\x94\x6A\x0B\xA0\x1A\x11\x86\x3A\xB2\xD1\xDF\xD1\x6E\x39\x73\xD4"
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index 0505e2c40..c4d71848d 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -24,6 +24,7 @@
#define TEST_VECTOR_SIGNER(x) extern signer_test_vector_t x;
#define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x;
#define TEST_VECTOR_PRF(x) extern prf_test_vector_t x;
+#define TEST_VECTOR_XOF(x) extern xof_test_vector_t x;
#define TEST_VECTOR_RNG(x) extern rng_test_vector_t x;
#define TEST_VECTOR_DH(x) extern dh_test_vector_t x;
@@ -34,6 +35,7 @@
#undef TEST_VECTOR_SIGNER
#undef TEST_VECTOR_HASHER
#undef TEST_VECTOR_PRF
+#undef TEST_VECTOR_XOF
#undef TEST_VECTOR_RNG
#undef TEST_VECTOR_DH
@@ -42,6 +44,7 @@
#define TEST_VECTOR_SIGNER(x)
#define TEST_VECTOR_HASHER(x)
#define TEST_VECTOR_PRF(x)
+#define TEST_VECTOR_XOF(x)
#define TEST_VECTOR_RNG(x)
#define TEST_VECTOR_DH(x)
@@ -86,6 +89,14 @@ static prf_test_vector_t *prf[] = {
#undef TEST_VECTOR_PRF
#define TEST_VECTOR_PRF(x)
+#undef TEST_VECTOR_XOF
+#define TEST_VECTOR_XOF(x) &x,
+static xof_test_vector_t *xof[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_XOF
+#define TEST_VECTOR_XOF(x)
+
#undef TEST_VECTOR_RNG
#define TEST_VECTOR_RNG(x) &x,
static rng_test_vector_t *rng[] = {
@@ -181,6 +192,11 @@ plugin_t *test_vectors_plugin_create()
lib->crypto->add_test_vector(lib->crypto,
PSEUDO_RANDOM_FUNCTION, prf[i]);
}
+ for (i = 0; i < countof(xof); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ EXTENDED_OUTPUT_FUNCTION, xof[i]);
+ }
for (i = 0; i < countof(rng); i++)
{
lib->crypto->add_test_vector(lib->crypto,
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index ea27fd384..665f77006 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/unbound/unbound_response.c b/src/libstrongswan/plugins/unbound/unbound_response.c
index 6f6c25e89..950df344c 100644
--- a/src/libstrongswan/plugins/unbound/unbound_response.c
+++ b/src/libstrongswan/plugins/unbound/unbound_response.c
@@ -189,7 +189,7 @@ unbound_response_t *unbound_response_create_frm_libub_response(
*/
rr_list = linked_list_create();
- orig_rr_list = ldns_pkt_get_section_clone(dns_pkt, LDNS_SECTION_ANSWER);
+ orig_rr_list = ldns_pkt_answer(dns_pkt);
orig_rr_count = ldns_rr_list_rr_count(orig_rr_list);
for (i = 0; i < orig_rr_count; i++)
@@ -253,7 +253,6 @@ unbound_response_t *unbound_response_create_frm_libub_response(
this->rr_set = rr_set_create(rr_list, rrsig_list);
ldns_pkt_free(dns_pkt);
- ldns_rr_list_free(orig_rr_list);
}
return &this->public;
}
diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.c b/src/libstrongswan/plugins/unbound/unbound_rr.c
index fc69eed00..91b5cdb33 100644
--- a/src/libstrongswan/plugins/unbound/unbound_rr.c
+++ b/src/libstrongswan/plugins/unbound/unbound_rr.c
@@ -154,11 +154,13 @@ unbound_rr_t *unbound_rr_create_frm_ldns_rr(ldns_rr *rr)
if (status != LDNS_STATUS_OK)
{
DBG1(DBG_LIB, "failed to get the RDATA field of a DNS RR");
+ ldns_buffer_free(buf);
_destroy(this);
return NULL;
}
this->rdata = ldns_buffer_export(buf);
+ ldns_buffer_free(buf);
return &this->public;
}
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 0bf311c38..672ff5f4c 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 6288e0f40..c96dac089 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 98fad6f8f..44021e4cd 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index b7628501a..df6066b19 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -27,6 +30,7 @@
#include <fcntl.h>
typedef struct private_watcher_t private_watcher_t;
+typedef struct entry_t entry_t;
/**
* Private data of an watcher_t object.
@@ -39,9 +43,19 @@ struct private_watcher_t {
watcher_t public;
/**
- * List of registered FDs, as entry_t
+ * List of registered FDs
*/
- linked_list_t *fds;
+ entry_t *fds;
+
+ /**
+ * Last registered FD
+ */
+ entry_t *last;
+
+ /**
+ * Number of registered FDs
+ */
+ u_int count;
/**
* Pending update of FD list?
@@ -77,7 +91,7 @@ struct private_watcher_t {
/**
* Entry for a registered file descriptor
*/
-typedef struct {
+struct entry_t {
/** file descriptor */
int fd;
/** events to watch */
@@ -88,7 +102,53 @@ typedef struct {
void *data;
/** callback(s) currently active? */
int in_callback;
-} entry_t;
+ /** next registered fd */
+ entry_t *next;
+};
+
+/**
+ * Adds the given entry at the end of the list
+ */
+static void add_entry(private_watcher_t *this, entry_t *entry)
+{
+ if (this->last)
+ {
+ this->last->next = entry;
+ this->last = entry;
+ }
+ else
+ {
+ this->fds = this->last = entry;
+ }
+ this->count++;
+}
+
+/**
+ * Removes and frees the given entry
+ *
+ * Updates the previous entry and returns the next entry in the list, if any.
+ */
+static entry_t *remove_entry(private_watcher_t *this, entry_t *entry,
+ entry_t *prev)
+{
+ entry_t *next = entry->next;
+
+ if (prev)
+ {
+ prev->next = next;
+ }
+ else
+ {
+ this->fds = next;
+ }
+ if (this->last == entry)
+ {
+ this->last = prev;
+ }
+ this->count--;
+ free(entry);
+ return next;
+}
/**
* Data we pass on for an async notification
@@ -153,13 +213,11 @@ static job_requeue_t notify_async(notify_data_t *data)
static void notify_end(notify_data_t *data)
{
private_watcher_t *this = data->this;
- enumerator_t *enumerator;
- entry_t *entry;
+ entry_t *entry, *prev = NULL;
/* reactivate the disabled entry */
this->mutex->lock(this->mutex);
- enumerator = this->fds->create_enumerator(this->fds);
- while (enumerator->enumerate(enumerator, &entry))
+ for (entry = this->fds; entry; prev = entry, entry = entry->next)
{
if (entry->fd == data->fd)
{
@@ -168,8 +226,7 @@ static void notify_end(notify_data_t *data)
entry->events &= ~data->event;
if (!entry->events)
{
- this->fds->remove_at(this->fds, enumerator);
- free(entry);
+ remove_entry(this, entry, prev);
break;
}
}
@@ -177,8 +234,6 @@ static void notify_end(notify_data_t *data)
break;
}
}
- enumerator->destroy(enumerator);
-
update(this);
this->condvar->broadcast(this->condvar);
this->mutex->unlock(this->mutex);
@@ -219,19 +274,16 @@ static void notify(private_watcher_t *this, entry_t *entry,
*/
static void activate_all(private_watcher_t *this)
{
- enumerator_t *enumerator;
entry_t *entry;
/* When the watcher thread gets cancelled, we have to reactivate any entry
* and signal threads in remove() to go on. */
this->mutex->lock(this->mutex);
- enumerator = this->fds->create_enumerator(this->fds);
- while (enumerator->enumerate(enumerator, &entry))
+ for (entry = this->fds; entry; entry = entry->next)
{
entry->in_callback = 0;
}
- enumerator->destroy(enumerator);
this->state = WATCHER_STOPPED;
this->condvar->broadcast(this->condvar);
this->mutex->unlock(this->mutex);
@@ -240,7 +292,7 @@ static void activate_all(private_watcher_t *this)
/**
* Find flagged revents in a pollfd set by fd
*/
-static int find_revents(struct pollfd *pfd, int count, int fd)
+static inline int find_revents(struct pollfd *pfd, int count, int fd)
{
int i;
@@ -257,7 +309,8 @@ static int find_revents(struct pollfd *pfd, int count, int fd)
/**
* Check if entry is waiting for a specific event, and if it got signaled
*/
-static bool entry_ready(entry_t *entry, watcher_event_t event, int revents)
+static inline bool entry_ready(entry_t *entry, watcher_event_t event,
+ int revents)
{
if (entry->events & event)
{
@@ -279,7 +332,6 @@ static bool entry_ready(entry_t *entry, watcher_event_t event, int revents)
*/
static job_requeue_t watch(private_watcher_t *this)
{
- enumerator_t *enumerator;
entry_t *entry;
struct pollfd *pfd;
int count = 0, res;
@@ -287,8 +339,8 @@ static job_requeue_t watch(private_watcher_t *this)
this->mutex->lock(this->mutex);
- count = this->fds->get_count(this->fds);
- if (count == 0)
+ count = this->count;
+ if (!count)
{
this->state = WATCHER_STOPPED;
this->mutex->unlock(this->mutex);
@@ -304,8 +356,7 @@ static job_requeue_t watch(private_watcher_t *this)
pfd[0].events = POLLIN;
count = 1;
- enumerator = this->fds->create_enumerator(this->fds);
- while (enumerator->enumerate(enumerator, &entry))
+ for (entry = this->fds; entry; entry = entry->next)
{
if (!entry->in_callback)
{
@@ -329,7 +380,6 @@ static job_requeue_t watch(private_watcher_t *this)
count++;
}
}
- enumerator->destroy(enumerator);
this->mutex->unlock(this->mutex);
while (!rebuild)
@@ -378,8 +428,7 @@ static job_requeue_t watch(private_watcher_t *this)
}
this->mutex->lock(this->mutex);
- enumerator = this->fds->create_enumerator(this->fds);
- while (enumerator->enumerate(enumerator, &entry))
+ for (entry = this->fds; entry; entry = entry->next)
{
if (entry->in_callback)
{
@@ -406,7 +455,6 @@ static job_requeue_t watch(private_watcher_t *this)
}
}
}
- enumerator->destroy(enumerator);
this->mutex->unlock(this->mutex);
if (this->jobs->get_count(this->jobs))
@@ -446,7 +494,7 @@ METHOD(watcher_t, add, void,
);
this->mutex->lock(this->mutex);
- this->fds->insert_last(this->fds, entry);
+ add_entry(this, entry);
if (this->state == WATCHER_STOPPED)
{
this->state = WATCHER_QUEUED;
@@ -464,16 +512,15 @@ METHOD(watcher_t, add, void,
METHOD(watcher_t, remove_, void,
private_watcher_t *this, int fd)
{
- enumerator_t *enumerator;
- entry_t *entry;
+ entry_t *entry, *prev = NULL;
this->mutex->lock(this->mutex);
while (TRUE)
{
bool is_in_callback = FALSE;
- enumerator = this->fds->create_enumerator(this->fds);
- while (enumerator->enumerate(enumerator, &entry))
+ entry = this->fds;
+ while (entry)
{
if (entry->fd == fd)
{
@@ -482,11 +529,12 @@ METHOD(watcher_t, remove_, void,
is_in_callback = TRUE;
break;
}
- this->fds->remove_at(this->fds, enumerator);
- free(entry);
+ entry = remove_entry(this, entry, prev);
+ continue;
}
+ prev = entry;
+ entry = entry->next;
}
- enumerator->destroy(enumerator);
if (!is_in_callback)
{
break;
@@ -515,7 +563,6 @@ METHOD(watcher_t, destroy, void,
{
this->mutex->destroy(this->mutex);
this->condvar->destroy(this->condvar);
- this->fds->destroy(this->fds);
if (this->notify[0] != -1)
{
close(this->notify[0]);
@@ -590,7 +637,6 @@ watcher_t *watcher_create()
.get_state = _get_state,
.destroy = _destroy,
},
- .fds = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
.jobs = linked_list_create(),
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 4e5321755..51ba9c0d1 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -390,7 +390,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -424,8 +423,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -479,6 +476,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
index e046725b8..139b73021 100644
--- a/src/libstrongswan/tests/suites/test_auth_cfg.c
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -22,19 +22,19 @@ struct {
signature_scheme_t sig[5];
signature_scheme_t ike[5];
} sig_constraints_tests[] = {
- { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
- { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+ { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
+ { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
{ "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
- { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+ { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+ { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
{ "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
{ "rsa4096-sha256", {0}, {0}},
{ "sha256", {0}, {0}},
{ "ike:sha256", {0}, {0}},
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 067abf0d9..de285ca09 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -87,29 +87,33 @@ typedef struct {
}hasher_sig_scheme_t;
static hasher_sig_scheme_t sig_schemes[] = {
- { SIGN_UNKNOWN, HASH_UNKNOWN },
- { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
- { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
- { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 },
- { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 },
- { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 },
- { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 },
- { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 },
- { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
- { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
- { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
- { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 },
- { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN },
- { SIGN_ECDSA_256, HASH_SHA256 },
- { SIGN_ECDSA_384, HASH_SHA384 },
- { SIGN_ECDSA_521, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
- { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
- { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
- { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
- { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
- { 30, HASH_UNKNOWN }
+ { SIGN_UNKNOWN, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
+ { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+ { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
+ { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
+ { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
+ { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 },
+ { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN },
+ { SIGN_ECDSA_256, HASH_SHA256 },
+ { SIGN_ECDSA_384, HASH_SHA384 },
+ { SIGN_ECDSA_521, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
+ { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
+ { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
+ { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
+ { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
+ { 30, HASH_UNKNOWN }
};
START_TEST(test_hasher_from_sig_scheme)
diff --git a/src/libstrongswan/tests/suites/test_mgf1.c b/src/libstrongswan/tests/suites/test_mgf1.c
index 9388b95d4..6945f5c7f 100644
--- a/src/libstrongswan/tests/suites/test_mgf1.c
+++ b/src/libstrongswan/tests/suites/test_mgf1.c
@@ -17,11 +17,12 @@
#include <tests/utils/test_rng.h>
#include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof.h>
+#include <crypto/xofs/xof_bitspender.h>
+#include <crypto/xofs/mgf1.h>
typedef struct {
- hash_algorithm_t alg;
+ ext_out_function_t alg;
size_t hash_size;
size_t ml1, ml2, ml3, seed_len;
chunk_t seed;
@@ -34,7 +35,7 @@ typedef struct {
* MGF1 Mask Generation Function Test Vectors
*/
mgf1_test_t mgf1_tests[] = {
- { HASH_SHA1, 20, 60, 20, 15, 24,
+ { XOF_MGF1_SHA1, 20, 60, 20, 15, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@@ -73,7 +74,7 @@ mgf1_test_t mgf1_tests[] = {
{ 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403,
0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B },
},
- { HASH_SHA256, 32, 64, 32, 33, 40,
+ { XOF_MGF1_SHA256, 32, 64, 32, 33, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@@ -127,6 +128,7 @@ mgf1_test_t mgf1_tests[] = {
START_TEST(mgf1_test_mgf1)
{
+ xof_t *xof;
mgf1_t *mgf1;
chunk_t mask, mask1, mask2, mask3;
@@ -137,72 +139,88 @@ START_TEST(mgf1_test_mgf1)
mask2.len = mgf1_tests[_i].ml2;
mask3.len = mgf1_tests[_i].ml3;
- mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1 == NULL);
+ /* unknown XOF */
+ xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED);
+ ck_assert(xof == NULL);
- mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
- ck_assert(mgf1 == NULL);
+ /* create MGF1 XOF */
+ xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg);
+ ck_assert(xof);
- /* return mask in allocated chunk */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1);
+ /* hash the seed */
+ mgf1 = (mgf1_t*)xof;
+ mgf1->set_hash_seed(mgf1, TRUE);
- /* check hash size */
- ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
+ /* check MGF1 type */
+ ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg);
- /* get zero number of octets */
- ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
+ /* check seed size */
+ ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size);
+
+ /* check block size */
+ ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size);
+
+ /* empty seed */
+ ck_assert(!xof->set_seed(xof, chunk_empty));
+
+ /* initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
+
+ /* allocate zero number of octets */
+ ck_assert(xof->allocate_bytes(xof, 0, &mask));
ck_assert(mask.len == 0 && mask.ptr == NULL);
- /* get non-zero number of octets */
- ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
+ /* allocate non-zero number of octets */
+ ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
- mgf1->destroy(mgf1);
+
+ /* re-initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
/* copy mask to pre-allocated buffer */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1);
- ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
- mgf1->destroy(mgf1);
- /* get mask in batches without hashing the seed */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
- ck_assert(mgf1);
+ /* do not hash the seed */
+ mgf1->set_hash_seed(mgf1, FALSE);
+
+ /* re-initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed));
/* first batch */
- ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr));
mask.len = mask1.len;
ck_assert(chunk_equals(mask, mask1));
/* second batch */
- ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr));
mask.len = mask2.len;
ck_assert(chunk_equals(mask, mask2));
/* third batch */
- ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr));
mask.len = mask3.len;
ck_assert(chunk_equals(mask, mask3));
- mgf1->destroy(mgf1);
+ /* clean up */
+ xof->destroy(xof);
chunk_free(&mask);
}
END_TEST
START_TEST(mgf1_test_bitspender)
{
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
uint32_t bits;
uint8_t byte;
int j;
- bitspender = mgf1_bitspender_create(HASH_UNKNOWN,
- mgf1_tests[_i].hashed_seed, FALSE);
+ bitspender = xof_bitspender_create(XOF_UNDEFINED,
+ mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender == NULL);
- bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg,
- mgf1_tests[_i].hashed_seed, FALSE);
+ bitspender = xof_bitspender_create(mgf1_tests[_i].alg,
+ mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender);
for (j = 0; j < 15; j++)
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
index 0a6d24d04..0b432e24c 100644
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -17,7 +17,7 @@
#include <tests/utils/test_rng.h>
#include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
+#include <crypto/xofs/xof.h>
#include <plugins/ntru/ntru_drbg.h>
#include <plugins/ntru/ntru_trits.h>
#include <plugins/ntru/ntru_poly.h>
@@ -28,10 +28,10 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
uint32_t strength, chunk_t pers_str, rng_t *entropy)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
- size_t len, hash_algorithm_t alg, chunk_t seed)
+ size_t len, ext_out_function_t alg, chunk_t seed)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
- hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
+ ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
uint16_t N, uint16_t q, uint32_t indices_len_p,
uint32_t indices_len_m, bool is_product_form)
@@ -329,7 +329,7 @@ typedef struct {
} poly_test_t;
typedef struct {
- hash_algorithm_t alg;
+ ext_out_function_t alg;
size_t hash_size;
size_t seed_len;
chunk_t seed;
@@ -384,7 +384,7 @@ uint16_t indices_ees1171ep1[] = {
* Trits and Polynomial Test Vectors
*/
static trits_test_t trits_tests[] = {
- { HASH_SHA1, 20, 24,
+ { XOF_MGF1_SHA1, 20, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@@ -432,7 +432,7 @@ static trits_test_t trits_tests[] = {
}
}
},
- { HASH_SHA256, 32, 40,
+ { XOF_MGF1_SHA256, 32, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@@ -501,7 +501,7 @@ START_TEST(test_ntru_trits)
chunk_t trits;
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
- HASH_UNKNOWN, trits_tests[_i].seed);
+ XOF_UNDEFINED, trits_tests[_i].seed);
ck_assert(mask == NULL);
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
@@ -539,7 +539,7 @@ START_TEST(test_ntru_poly)
seed.len = trits_tests[_i].seed_len;
p = &trits_tests[_i].poly_test[0];
- poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
+ poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
p->is_product_form);
ck_assert(poly == NULL);
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 2c1c6fb8d..41e783521 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = {
SIGN_RSA_EMSA_PKCS1_NULL,
SIGN_RSA_EMSA_PKCS1_MD5,
SIGN_RSA_EMSA_PKCS1_SHA1,
- SIGN_RSA_EMSA_PKCS1_SHA224,
- SIGN_RSA_EMSA_PKCS1_SHA256,
- SIGN_RSA_EMSA_PKCS1_SHA384,
- SIGN_RSA_EMSA_PKCS1_SHA512,
+ SIGN_RSA_EMSA_PKCS1_SHA2_224,
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512,
};
/**
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 1eb3c8bc3..de7b470d2 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -858,15 +858,22 @@ static struct {
int size;
signature_scheme_t expected[4];
} scheme_data[] = {
- {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+ {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ SIGN_UNKNOWN }},
+ {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
+ SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+ {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
+ SIGN_UNKNOWN }},
{KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
- {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
+ SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
+ SIGN_UNKNOWN }},
{KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
};
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index 824c88022..fabfaa8f8 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -46,7 +46,7 @@ TEST_SUITE(pen_suite_create)
TEST_SUITE(asn1_suite_create)
TEST_SUITE(asn1_parser_suite_create)
TEST_SUITE(test_rng_suite_create)
-TEST_SUITE_DEPEND(mgf1_sha1_suite_create, HASHER, HASH_SHA1)
-TEST_SUITE_DEPEND(mgf1_sha256_suite_create, HASHER, HASH_SHA256)
+TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
+TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index d0f646c31..ad67c0380 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -494,7 +494,7 @@ static bool register_hooks()
* List of functions using static allocation buffers or should be suppressed
* otherwise on leak report.
*/
-char *whitelist[] = {
+static char *whitelist[] = {
/* backtraces, including own */
"backtrace_create",
"strerror_safe",
@@ -551,6 +551,15 @@ char *whitelist[] = {
"xmlInitParserCtxt",
/* libcurl */
"Curl_client_write",
+ /* libsoup */
+ "soup_message_headers_append",
+ "soup_message_headers_clear",
+ "soup_message_headers_get_list",
+ "soup_message_headers_get_one",
+ "soup_session_abort",
+ "soup_session_get_type",
+ /* libldap */
+ "ldap_int_initialize",
/* ClearSilver */
"nerr_init",
/* libgcrypt */
@@ -575,17 +584,28 @@ char *whitelist[] = {
/* libapr */
"apr_pool_create_ex",
/* glib */
+ "g_output_stream_write",
+ "g_resolver_lookup_by_name",
+ "g_signal_connect_data",
+ "g_socket_connection_factory_lookup_type",
"g_type_init_with_debug_flags",
"g_type_register_static",
"g_type_class_ref",
"g_type_create_instance",
"g_type_add_interface_static",
"g_type_interface_add_prerequisite",
- "g_socket_connection_factory_lookup_type",
+ "g_private_set",
+ "g_queue_pop_tail",
/* libgpg */
"gpg_err_init",
/* gnutls */
"gnutls_global_init",
+ /* Ada runtime */
+ "system__tasking__initialize",
+ "system__tasking__initialization__abort_defer",
+ "system__tasking__stages__create_task",
+ /* in case external threads call into our code */
+ "thread_current_id",
};
/**
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index 18b17b120..0aed842b1 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -22,16 +22,20 @@
#ifndef UTILS_H_
#define UTILS_H_
+#define _GNU_SOURCE
#include <sys/types.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/time.h>
#include <string.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
#ifdef WIN32
# include "compat/windows.h"
#else
-# define _GNU_SOURCE
# include <arpa/inet.h>
# include <sys/socket.h>
# include <netdb.h>
diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h
index 7c7e53420..0665ef363 100644
--- a/src/libstrongswan/utils/utils/byteorder.h
+++ b/src/libstrongswan/utils/utils/byteorder.h
@@ -44,6 +44,21 @@
#define BITFIELD5(t, a, b, c, d, e,...) struct { t e; t d; t c; t b; t a; __VA_ARGS__}
#endif
+#ifndef le16toh
+# if BYTE_ORDER == BIG_ENDIAN
+# define le16toh(x) __builtin_bswap16(x)
+# else
+# define le16toh(x) (x)
+# endif
+#endif
+#ifndef htole16
+# if BYTE_ORDER == BIG_ENDIAN
+# define htole16(x) __builtin_bswap16(x)
+# else
+# define htole16(x) (x)
+# endif
+#endif
+
#ifndef le32toh
# if BYTE_ORDER == BIG_ENDIAN
# define le32toh(x) __builtin_bswap32(x)
@@ -176,6 +191,33 @@ static inline uint64_t untoh64(void *network)
return be64toh(tmp);
}
+/**
+ * Read a 16-bit value in little-endian order from unaligned address.
+ *
+ * @param p unaligned address to read little endian value from
+ * @return host order value
+ */
+static inline uint16_t uletoh16(void *p)
+{
+ uint16_t ret;
+
+ memcpy(&ret, p, sizeof(ret));
+ ret = le16toh(ret);
+ return ret;
+}
+
+/**
+ * Write a 16-bit value in little-endian to an unaligned address.
+ *
+ * @param p host order 16-bit value
+ * @param v unaligned address to write little endian value to
+ */
+static inline void htoule16(void *p, uint16_t v)
+{
+ v = htole16(v);
+ memcpy(p, &v, sizeof(v));
+}
+
/**
* Read a 32-bit value in little-endian order from unaligned address.
*
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 0bd5f741e..ca49a0a73 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -403,7 +403,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -437,8 +436,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -492,6 +489,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index e00de3f47..7d8975adf 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -347,7 +347,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -381,8 +380,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -436,6 +433,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 6bbd95873..84b511f53 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1215,16 +1215,16 @@ static struct {
tls_hash_algorithm_t hash;
signature_scheme_t scheme;
} schemes[] = {
- { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
- { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA256 },
- { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA384 },
- { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA512 },
- { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA224 },
- { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
- { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
+ { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA2_256 },
+ { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA2_384 },
+ { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA2_512 },
+ { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA2_224 },
+ { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
+ { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
};
METHOD(tls_crypto_t, get_signature_algorithms, void,
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index af02b7549..1f4f22fb6 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -407,7 +407,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -441,8 +440,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -496,6 +493,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index d93bded57..f8797f3eb 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 3987e79cf..811dd0ad0 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index b4357b911..048c7cdc3 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 653e1f4d4..2580d2f09 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -365,7 +365,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -399,8 +398,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -454,6 +451,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 1a50c7b23..43ab69a7b 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -368,7 +368,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -402,8 +401,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -457,6 +454,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index 59efdbb9b..0d9a6414e 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index 9d7ba9a1a..d3c74a22c 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -317,7 +317,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -351,8 +350,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -406,6 +403,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am
index 8fcb44f6a..e2c159710 100644
--- a/src/libtpmtss/Makefile.am
+++ b/src/libtpmtss/Makefile.am
@@ -1,6 +1,9 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+ $(tss2_CFLAGS)
+
AM_LDFLAGS = \
-no-undefined
@@ -16,7 +19,7 @@ libtpmtss_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la
if USE_TSS2
-libtpmtss_la_LIBADD += -ltctisocket -ltss2
+libtpmtss_la_LIBADD += $(tss2_LIBS)
endif
if USE_TROUSERS
diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in
index fcee04fc3..46d8cf6a7 100644
--- a/src/libtpmtss/Makefile.in
+++ b/src/libtpmtss/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-@USE_TSS2_TRUE@am__append_1 = -ltctisocket -ltss2
+@USE_TSS2_TRUE@am__append_1 = $(tss2_LIBS)
@USE_TROUSERS_TRUE@am__append_2 = -ltspi
subdir = src/libtpmtss
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -139,9 +139,10 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(ipseclibdir)"
LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
+@USE_TSS2_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
libtpmtss_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \
tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo
libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS)
@@ -350,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,12 +437,17 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+ $(tss2_CFLAGS)
+
AM_LDFLAGS = \
-no-undefined
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c
index 39d9f2e4d..d0f76ac45 100644
--- a/src/libtpmtss/tpm_tss_tss2.c
+++ b/src/libtpmtss/tpm_tss_tss2.c
@@ -22,8 +22,8 @@
#include <asn1/oid.h>
#include <bio/bio_reader.h>
-#include <tss2/tpm20.h>
-#include <tcti/tcti_socket.h>
+#include <tpm20.h>
+#include <tcti_socket.h>
#define LABEL "TPM 2.0 -"
@@ -276,7 +276,8 @@ static void finalize_context(private_tpm_tss_tss2_t *this)
{
if (this->tcti_context)
{
- TeardownSocketTcti(this->tcti_context);
+ tss2_tcti_finalize(this->tcti_context);
+ free(this->tcti_context);
}
if (this->sys_context)
{
diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names.c
index 9185aa374..a613ac566 100644
--- a/src/libtpmtss/tpm_tss_tss2_names.c
+++ b/src/libtpmtss/tpm_tss_tss2_names.c
@@ -17,7 +17,7 @@
#ifdef TSS_TSS2
-#include <tss2/tpm20.h>
+#include <tpm20.h>
#ifndef TPM_ALG_ECMQV
#define TPM_ALG_ECMQV (TPM_ALG_ID)0x001D
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index a1ad709f4..90e2d5ea0 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -369,7 +369,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -403,8 +402,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -458,6 +455,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 44ed9f82f..bd88b0da5 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -358,7 +358,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -392,8 +391,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -447,6 +444,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 7b900f238..d9ffbf8cf 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -371,7 +371,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -405,8 +404,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -460,6 +457,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index fdc43d705..b15f90199 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -117,6 +117,11 @@ static int issue()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (!streq(arg, "pub"))
{
error = "invalid input type";
@@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
- {"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
+ {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 3bc62e74d..f79120b31 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -26,7 +26,7 @@
static int keyid()
{
credential_type_t type = CRED_PRIVATE_KEY;
- int subtype = KEY_RSA;
+ int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@@ -42,21 +42,29 @@ static int keyid()
case 'h':
return command_usage(NULL);
case 't':
- if (streq(arg, "rsa-priv"))
+ if (streq(arg, "rsa") ||
+ streq(arg, "rsa-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_RSA;
}
- else if (streq(arg, "ecdsa-priv"))
+ else if (streq(arg, "ecdsa") ||
+ streq(arg, "ecdsa-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
- else if (streq(arg, "bliss-priv"))
+ else if (streq(arg, "bliss") ||
+ streq(arg, "bliss-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@@ -169,11 +177,11 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ keyid, 'k', "keyid",
"calculate key identifiers of a key/certificate",
- {"[--in file] [--type rsa-priv|ecdsa-priv|bliss-priv|pub|pkcs10|x509]"},
+ {"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
- {"type", 't', 1, "type of key, default: rsa-priv"},
+ {"type", 't', 1, "type of key, default: priv"},
}
});
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index c367a21a9..8cb0a7b5d 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -89,17 +89,25 @@ static int print()
type = CRED_CERTIFICATE;
subtype = CERT_TRUSTED_PUBKEY;
}
- else if (streq(arg, "rsa-priv"))
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
+ else if (streq(arg, "rsa") ||
+ streq(arg, "rsa-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_RSA;
}
- else if (streq(arg, "ecdsa-priv"))
+ else if (streq(arg, "ecdsa") ||
+ streq(arg, "ecdsa-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
- else if (streq(arg, "bliss-priv"))
+ else if (streq(arg, "bliss") ||
+ streq(arg, "bliss-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
@@ -173,7 +181,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ print, 'a', "print",
"print a credential in a human readable form",
- {"[--in file] [--type rsa-priv|ecdsa-priv|bliss-priv|pub|x509|crl|ac]"},
+ {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index ccc3c4251..1d876f6f7 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -28,7 +28,7 @@ static int pub()
{
cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
credential_type_t type = CRED_PRIVATE_KEY;
- int subtype = KEY_RSA;
+ int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@@ -59,6 +59,11 @@ static int pub()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
"[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
- {"type", 't', 1, "type of credential, default: rsa"},
+ {"type", 't', 1, "type of credential, default: priv"},
{"outform", 'f', 1, "encoding of extracted public key, default: der"},
}
});
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 68d611250..23d07a28d 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -30,7 +30,7 @@
static int req()
{
cred_encoding_type_t form = CERT_ASN1_DER;
- key_type_t type = KEY_RSA;
+ key_type_t type = KEY_ANY;
hash_algorithm_t digest = HASH_UNKNOWN;
certificate_t *cert = NULL;
private_key_t *private = NULL;
@@ -62,6 +62,10 @@ static int req()
{
type = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = KEY_ANY;
+ }
else
{
error = "invalid input type";
@@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
+ {" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
- {"type", 't', 1, "type of input key, default: rsa"},
+ {"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject distinguished name"},
{"san", 'a', 1, "subjectAltName to include in cert request"},
{"password",'p', 1, "challengePassword to include in cert request"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index f4e83c76c..6fb7b75ae 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -94,6 +94,10 @@ static int self()
{
type = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = KEY_ANY;
+ }
else
{
error = "invalid input type";
@@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
+ {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
- {"type", 't', 1, "type of input key, default: rsa"},
+ {"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject and issuer distinguished name"},
{"san", 'a', 1, "subjectAltName to include in certificate"},
{"lifetime", 'l', 1, "days the certificate is valid, default: 1095"},
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 6c27289f9..b9cf9c466 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -369,18 +369,22 @@ static int sign_crl()
}
else
{
- crl_serial = chunk_from_chars(0x00);
+ if (!crl_serial.ptr)
+ {
+ crl_serial = chunk_from_chars(0x00);
+ }
lastenum = enumerator_create_empty();
}
- /* remove superfluous leading zeros */
- while (crl_serial.len > 1 && crl_serial.ptr[0] == 0x00 &&
- (crl_serial.ptr[1] & 0x80) == 0x00)
+ if (!crl_serial.len || crl_serial.ptr[0] & 0x80)
+ { /* add leading 0x00 to handle potential overflow if serial is encoded
+ * incorrectly */
+ crl_serial = chunk_cat("cc", chunk_from_chars(0x00), crl_serial);
+ }
+ else
{
- crl_serial = chunk_skip_zero(crl_serial);
+ crl_serial = chunk_clone(crl_serial);
}
- crl_serial = chunk_clone(crl_serial);
-
/* increment the serial number by one */
chunk_increment(crl_serial);
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 8cc633a95..dd667fb34 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -59,6 +60,18 @@ static int verify()
has_ca = TRUE;
creds->add_cert(creds, TRUE, cert);
continue;
+ case 'l':
+ cert = lib->creds->create(lib->creds,
+ CRED_CERTIFICATE, CERT_X509_CRL,
+ BUILD_FROM_FILE, arg, BUILD_END);
+ if (!cert)
+ {
+ fprintf(stderr, "parsing CRL failed\n");
+ goto end;
+ }
+ online = TRUE;
+ creds->add_crl(creds, (crl_t*)cert);
+ continue;
case 'o':
online = TRUE;
continue;
@@ -173,11 +186,12 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
verify, 'v', "verify",
"verify a certificate using the CA certificate",
- {"[--in file] [--cacert file]"},
+ {"[--in file] [--cacert file] [--crl file]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "X.509 certificate to verify, default: stdin"},
{"cacert", 'c', 1, "CA certificate for trustchain verification"},
+ {"crl", 'l', 1, "CRL for trustchain verification"},
{"online", 'o', 0, "enable online CRL/OCSP revocation checking"},
}
});
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index 982a1175f..030d6be53 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -308,7 +308,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -342,8 +341,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -397,6 +394,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
index 20238b73d..bfc7bb1a5 100644
--- a/src/pki/man/pki---issue.1.in
+++ b/src/pki/man/pki---issue.1.in
@@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the
key/request is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
-Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key),
-\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request),
-defaults to \fIpub\fR.
+Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
+\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
+private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
+\fIpub\fR.
.TP
.BI "\-k, \-\-cakey " file
CA private key file. Either this or
diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in
index 490f7afea..c69f7cbc7 100644
--- a/src/pki/man/pki---keyid.1.in
+++ b/src/pki/man/pki---keyid.1.in
@@ -44,9 +44,10 @@ Read command line options from \fIfile\fR.
Input file. If not given the input is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
-Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA
-private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate
-request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
+\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
+\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
.
.SH "EXAMPLES"
.
diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in
index 434d4ea16..09f81cdaa 100644
--- a/src/pki/man/pki---print.1.in
+++ b/src/pki/man/pki---print.1.in
@@ -44,10 +44,11 @@ Read command line options from \fIfile\fR.
Input file. If not given the input is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
-Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA
-private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR
-(Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate),
-defaults to \fIx509\fR.
+Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
+Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
+\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
+key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
+\fIx509\fR.
.
.SH "SEE ALSO"
.
diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in
index c57e03a40..fe6c520f4 100644
--- a/src/pki/man/pki---pub.1.in
+++ b/src/pki/man/pki---pub.1.in
@@ -47,10 +47,9 @@ Read command line options from \fIfile\fR.
Input file. If not given the input is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
-Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIpub\fR (public key),
-\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
-defaults to \fIrsa\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10
+certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
.TP
.BI "\-f, \-\-outform " encoding
Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in
index a6f6a480a..4a39c5c94 100644
--- a/src/pki/man/pki---req.1.in
+++ b/src/pki/man/pki---req.1.in
@@ -49,7 +49,8 @@ Read command line options from \fIfile\fR.
Private key input file. If not given the key is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject distinguished name (DN). Required.
diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in
index 53f53f816..9461e3eff 100644
--- a/src/pki/man/pki---self.1.in
+++ b/src/pki/man/pki---self.1.in
@@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
Key ID of a private key on a smartcard.
.TP
.BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject and issuer distinguished name (DN). Required.
diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in
index dd0c0e928..74adaf150 100644
--- a/src/pki/man/pki---verify.1.in
+++ b/src/pki/man/pki---verify.1.in
@@ -1,4 +1,4 @@
-.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-VERIFY" 1 "2016-08-19" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@@ -9,6 +9,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate
.SY pki\ \-\-verify
.OP \-\-in file
.OP \-\-cacert file
+.OP \-\-crl file
.OP \-\-debug level
.OP \-\-online
.YS
@@ -48,6 +49,9 @@ X.509 certificate to verify. If not given it is read from \fISTDIN\fR.
CA certificate to use for trustchain verification. If not given the certificate
is assumed to be self\-signed.
.TP
+.BI "\-l, \-\-crl " file
+Local CRL to use for trustchain verification. Implies \fB-o\fR.
+.TP
.BI "\-o, \-\-online
Enable online CRL/OCSP revocation checking.
.
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index 8b73403e7..9ad2445cb 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/pool/pool.c b/src/pool/pool.c
index 265974860..cd9fb6293 100644
--- a/src/pool/pool.c
+++ b/src/pool/pool.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2011-2016 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -23,6 +24,7 @@
#include <utils/debug.h>
#include <library.h>
+#include <collections/array.h>
#include <networking/host.h>
#include <utils/identification.h>
#include <attributes/attributes.h>
@@ -586,11 +588,11 @@ static void resize(char *name, host_t *end)
/**
* create the lease query using the filter string
*/
-static enumerator_t *create_lease_query(char *filter)
+static enumerator_t *create_lease_query(char *filter, array_t **to_free)
{
enumerator_t *query;
- identification_t *id = NULL;
- host_t *addr = NULL;
+ chunk_t id_chunk = chunk_empty, addr_chunk = chunk_empty;
+ id_type_t id_type = 0;
u_int tstamp = 0;
bool online = FALSE, valid = FALSE, expired = FALSE;
char *value, *pos, *pool = NULL;
@@ -635,18 +637,29 @@ static enumerator_t *create_lease_query(char *filter)
case FIL_ID:
if (value)
{
+ identification_t *id;
+
id = identification_create_from_string(value);
+ id_type = id->get_type(id);
+ id_chunk = chunk_clone(id->get_encoding(id));
+ array_insert_create(to_free, ARRAY_TAIL, id_chunk.ptr);
+ id->destroy(id);
}
break;
case FIL_ADDR:
if (value)
{
+ host_t *addr;
+
addr = host_create_from_string(value, 0);
- }
- if (!addr)
- {
- fprintf(stderr, "invalid 'addr' in filter string.\n");
- exit(EXIT_FAILURE);
+ if (!addr)
+ {
+ fprintf(stderr, "invalid 'addr' in filter string.\n");
+ exit(EXIT_FAILURE);
+ }
+ addr_chunk = chunk_clone(addr->get_address(addr));
+ array_insert_create(to_free, ARRAY_TAIL, addr_chunk.ptr);
+ addr->destroy(addr);
}
break;
case FIL_TSTAMP:
@@ -710,11 +723,11 @@ static enumerator_t *create_lease_query(char *filter)
"AND (? OR (identities.type = ? AND identities.data = ?)) "
"AND (? OR address = ?)",
DB_INT, pool == NULL, DB_TEXT, pool,
- DB_INT, id == NULL,
- DB_INT, id ? id->get_type(id) : 0,
- DB_BLOB, id ? id->get_encoding(id) : chunk_empty,
- DB_INT, addr == NULL,
- DB_BLOB, addr ? addr->get_address(addr) : chunk_empty,
+ DB_INT, !id_chunk.ptr,
+ DB_INT, id_type,
+ DB_BLOB, id_chunk,
+ DB_INT, !addr_chunk.ptr,
+ DB_BLOB, addr_chunk,
DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp,
DB_INT, !valid, DB_INT, time(NULL),
DB_INT, !expired, DB_INT, time(NULL),
@@ -722,14 +735,13 @@ static enumerator_t *create_lease_query(char *filter)
/* union */
DB_INT, !(valid || expired),
DB_INT, pool == NULL, DB_TEXT, pool,
- DB_INT, id == NULL,
- DB_INT, id ? id->get_type(id) : 0,
- DB_BLOB, id ? id->get_encoding(id) : chunk_empty,
- DB_INT, addr == NULL,
- DB_BLOB, addr ? addr->get_address(addr) : chunk_empty,
+ DB_INT, !id_chunk.ptr,
+ DB_INT, id_type,
+ DB_BLOB, id_chunk,
+ DB_INT, !addr_chunk.ptr,
+ DB_BLOB, addr_chunk,
/* res */
DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT);
- /* id and addr leak but we can't destroy them until query is destroyed. */
return query;
}
@@ -739,6 +751,7 @@ static enumerator_t *create_lease_query(char *filter)
static void leases(char *filter, bool utc)
{
enumerator_t *query;
+ array_t *to_free = NULL;
chunk_t address_chunk, identity_chunk;
int identity_type;
char *name;
@@ -748,7 +761,7 @@ static void leases(char *filter, bool utc)
identification_t *identity;
bool found = FALSE;
- query = create_lease_query(filter);
+ query = create_lease_query(filter, &to_free);
if (!query)
{
fprintf(stderr, "querying leases failed.\n");
@@ -809,6 +822,10 @@ static void leases(char *filter, bool utc)
identity->destroy(identity);
}
query->destroy(query);
+ if (to_free)
+ {
+ array_destroy_function(to_free, (void*)free, NULL);
+ }
if (!found)
{
fprintf(stderr, "no matching leases found.\n");
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index b2c9c9598..3a8ffb8fd 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -322,7 +322,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -356,8 +355,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -411,6 +408,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index b91997ddd..6f200c316 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -42,7 +42,7 @@ static void usage(FILE *out)
{
fprintf(out,
"Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
- " [--cert <file>]+ [--key <file>]\n"
+ " [--cert <file>]+ [--key <file>] [--key-type rsa|ecdsa]\n"
" [--client <client-id>] [--secret <password>]\n"
" [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
}
@@ -121,11 +121,11 @@ static bool load_certificate(char *filename)
/**
* Load private key from file
*/
-static bool load_key(char *filename)
+static bool load_key(char *filename, key_type_t type)
{
private_key_t *key;
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_FROM_FILE, filename, BUILD_END);
if (!key)
{
@@ -255,7 +255,8 @@ static void init()
int main(int argc, char *argv[])
{
- char *address = NULL, *identity = "%any", *secret = NULL;
+ char *address = NULL, *identity = "%any", *secret = NULL, *key_file = NULL;
+ key_type_t key_type = KEY_RSA;
int port = PT_TLS_PORT;
init();
@@ -270,6 +271,7 @@ int main(int argc, char *argv[])
{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' },
+ {"key-type", required_argument, NULL, 't' },
{"mutual", no_argument, NULL, 'm' },
{"quiet", no_argument, NULL, 'q' },
{"debug", required_argument, NULL, 'd' },
@@ -290,9 +292,20 @@ int main(int argc, char *argv[])
}
continue;
case 'k': /* --key <file> */
- if (!load_key(optarg))
+ key_file = optarg;
+ continue;
+ case 't': /* --key-type <type> */
+ if (strcaseeq(optarg, "ecdsa"))
{
- return 1;
+ key_type = KEY_ECDSA;
+ }
+ else if (strcaseeq(optarg, "rsa"))
+ {
+ key_type = KEY_RSA;
+ }
+ else
+ {
+ key_type = KEY_ANY;
}
continue;
case 'c': /* --connect <hostname|address> */
@@ -339,12 +352,15 @@ int main(int argc, char *argv[])
usage(stderr);
return 1;
}
+ if (key_file && !load_key(key_file, key_type))
+ {
+ return 1;
+ }
if (secret)
{
creds->add_shared(creds, shared_key_create(SHARED_EAP,
chunk_clone(chunk_from_str(secret))),
identification_create_from_string(identity), NULL);
}
-
return client(address, port, identity);
}
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 1fdea8a7b..1b36b91a0 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 873c20ace..a3c58126e 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -39,7 +39,7 @@ starter_LDADD = \
libstarter.la \
$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
-EXTRA_DIST = keywords.txt ipsec.conf Android.mk
+EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
MAINTAINERCLEANFILES = keywords.c
BUILT_SOURCES = keywords.c parser/parser.h
@@ -47,10 +47,6 @@ if USE_LOAD_WARNING
AM_CPPFLAGS += -DLOAD_WARNING
endif
-if USE_SCEPCLIENT
- AM_CPPFLAGS += -DGENERATE_SELFCERT
-endif
-
keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
$(AM_V_GEN) \
$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
@@ -66,3 +62,4 @@ install-exec-local :
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 19753de4f..4cc0ab54e 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -91,7 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = starter$(EXEEXT)
@USE_LOAD_WARNING_TRUE@am__append_1 = -DLOAD_WARNING
-@USE_SCEPCLIENT_TRUE@am__append_2 = -DGENERATE_SELFCERT
subdir = src/starter
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -396,7 +395,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -430,8 +428,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -485,6 +481,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -509,8 +507,7 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_SCRIPT=\"${ipsec_script}\" \
-DDEV_RANDOM=\"${random_device}\" \
-DDEV_URANDOM=\"${urandom_device}\" \
- -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \
- $(am__append_2)
+ -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1)
AM_CFLAGS = \
@COVERAGE_CFLAGS@
@@ -521,7 +518,7 @@ starter_LDADD = \
libstarter.la \
$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
-EXTRA_DIST = keywords.txt ipsec.conf Android.mk
+EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
MAINTAINERCLEANFILES = keywords.c
BUILT_SOURCES = keywords.c parser/parser.h
all: $(BUILT_SOURCES)
@@ -1007,6 +1004,7 @@ install-exec-local :
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 33924b065..3fb750e51 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -222,6 +222,7 @@ static void conn_defaults(starter_conn_t *conn)
conn->dpd_delay = 30; /* seconds */
conn->dpd_timeout = 150; /* seconds */
conn->replay_window = SA_REPLAY_WINDOW_DEFAULT;
+ conn->fragmentation = FRAGMENTATION_YES;
conn->left.sendcert = CERT_SEND_IF_ASKED;
conn->right.sendcert = CERT_SEND_IF_ASKED;
diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
new file mode 100644
index 000000000..dae7709a1
--- /dev/null
+++ b/src/starter/ipsec.secrets
@@ -0,0 +1 @@
+# ipsec.secrets - strongSwan IPsec secrets file
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 45c28d3cc..51a42a504 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -257,68 +257,6 @@ static void fatal_signal_handler(int signal)
abort();
}
-#ifdef GENERATE_SELFCERT
-static void generate_selfcert()
-{
- const char *secrets_file;
- struct stat stb;
-
- secrets_file = lib->settings->get_str(lib->settings,
- "charon.plugins.stroke.secrets_file", SECRETS_FILE);
-
- /* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(secrets_file, &stb) != 0)
- {
- mode_t oldmask;
- FILE *f;
- uid_t uid = 0;
- gid_t gid = 0;
-
-#ifdef IPSEC_GROUP
- {
- char buf[1024];
- struct group group, *grp;
-
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
- {
- gid = grp->gr_gid;
- }
- }
-#endif
-#ifdef IPSEC_USER
- {
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
- {
- uid = pwp->pw_uid;
- }
- }
-#endif
- ignore_result(setegid(gid));
- ignore_result(seteuid(uid));
- ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
- ignore_result(seteuid(0));
- ignore_result(setegid(0));
-
- /* ipsec.secrets is root readable only */
- oldmask = umask(0066);
-
- f = fopen(secrets_file, "w");
- if (f)
- {
- fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
- fprintf(f, "\n");
- fprintf(f, ": RSA myKey.der\n");
- fclose(f);
- }
- ignore_result(chown(secrets_file, uid, gid));
- umask(oldmask);
- }
-}
-#endif /* GENERATE_SELFCERT */
-
static bool check_pid(char *pid_file)
{
struct stat stb;
@@ -604,10 +542,6 @@ int main (int argc, char **argv)
exit(LSB_RC_SUCCESS);
}
-#ifdef GENERATE_SELFCERT
- generate_selfcert();
-#endif
-
/* fork if we're not debugging stuff */
if (!no_fork)
{
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index 25e3e7488..46d200f95 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -347,7 +347,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -381,8 +380,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -436,6 +433,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 4673f5961..39ca9fdd5 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -321,7 +321,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -355,8 +354,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -410,6 +407,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 37a0224c3..9ca759ea3 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -13,6 +13,7 @@ swanctl_SOURCES = \
commands/list_certs.c \
commands/list_pools.c \
commands/list_algs.c \
+ commands/flush_certs.c \
commands/load_all.c \
commands/load_authorities.h commands/load_authorities.c \
commands/load_conns.c commands/load_conns.h \
@@ -69,6 +70,7 @@ install-data-local: swanctl.conf
test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true
test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true
test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true
+ test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true
test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true
test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true
test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index ebe1aba0d..ff9dca09d 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -119,7 +119,7 @@ am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \
commands/list_authorities.$(OBJEXT) \
commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \
commands/list_pools.$(OBJEXT) commands/list_algs.$(OBJEXT) \
- commands/load_all.$(OBJEXT) \
+ commands/flush_certs.$(OBJEXT) commands/load_all.$(OBJEXT) \
commands/load_authorities.$(OBJEXT) \
commands/load_conns.$(OBJEXT) commands/load_creds.$(OBJEXT) \
commands/load_pools.$(OBJEXT) commands/log.$(OBJEXT) \
@@ -370,7 +370,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -404,8 +403,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -459,6 +456,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -475,6 +474,7 @@ swanctl_SOURCES = \
commands/list_certs.c \
commands/list_pools.c \
commands/list_algs.c \
+ commands/flush_certs.c \
commands/load_all.c \
commands/load_authorities.h commands/load_authorities.c \
commands/load_conns.c commands/load_conns.h \
@@ -621,6 +621,8 @@ commands/list_pools.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/list_algs.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
+commands/flush_certs.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
commands/load_all.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/load_authorities.$(OBJEXT): commands/$(am__dirstamp) \
@@ -653,6 +655,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/swanctl.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/flush_certs.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/initiate.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/install.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_algs.Po@am__quote@
@@ -1037,6 +1040,7 @@ install-data-local: swanctl.conf
test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true
test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true
test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true
+ test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true
test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true
test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true
test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 8d0a2e6b9..7b92ae91a 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 23
+#define MAX_COMMANDS 24
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/flush_certs.c b/src/swanctl/commands/flush_certs.c
new file mode 100644
index 000000000..527419f88
--- /dev/null
+++ b/src/swanctl/commands/flush_certs.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <errno.h>
+
+#include "command.h"
+
+static int flush_certs(vici_conn_t *conn)
+{
+ vici_req_t *req;
+ vici_res_t *res;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ char *arg, *type = NULL;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 't':
+ type = arg;
+ continue;
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --flush-certs option");
+ }
+ break;
+ }
+ req = vici_begin("flush-certs");
+
+ if (type)
+ {
+ vici_add_key_valuef(req, "type", "%s", type);
+ }
+ res = vici_submit(req, conn);
+
+ if (!res)
+ {
+ ret = errno;
+ fprintf(stderr, "flush-certs request failed: %s\n", strerror(errno));
+ return ret;
+ }
+ if (format & COMMAND_FORMAT_RAW)
+ {
+ vici_dump(res, "flush-certs reply", format & COMMAND_FORMAT_PRETTY,
+ stdout);
+ }
+ vici_free_res(res);
+
+ return 0;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ flush_certs, 'f', "flush-certs", "flush cached certificates",
+ {"[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]",
+ "[--raw|--pretty]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"type", 't', 1, "filter by certificate type"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 87526bc79..2e443a94a 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -221,7 +221,7 @@ static bool load_conn(vici_conn_t *conn, settings_t *cfg,
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
- char buf[128];
+ char buf[BUF_LEN];
snprintf(buf, sizeof(buf), "%s.%s", "connections", section);
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 4647934f7..6278f66b4 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -2,6 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format,
req = vici_begin("load-key");
- if (streq(type, "pkcs8"))
+ if (streq(type, "private") ||
+ streq(type, "pkcs8"))
{ /* as used by vici */
vici_add_key_valuef(req, "type", "any");
}
@@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype,
credential_type_t credtype;
int subtype;
} map[] = {
+ { "private", CRED_PRIVATE_KEY, KEY_ANY, },
{ "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, },
{ "rsa", CRED_PRIVATE_KEY, KEY_RSA, },
{ "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, },
@@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg,
"eap",
"xauth",
"ike",
+ "private",
"rsa",
"ecdsa",
"bliss",
@@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR);
- load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
- load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
- load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
- load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
+ load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR);
+ load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+ load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+ load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
+ load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR);
diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
index a3074601e..9c5a5a03d 100644
--- a/src/swanctl/swanctl.8.in
+++ b/src/swanctl/swanctl.8.in
@@ -38,11 +38,9 @@ output.
initiate a connection
.TP
.B "\-t, \-\-terminate"
-\-\-terminate\fR
terminate a connection
.TP
.B "\-d, \-\-redirect"
-\-\-redirect\fR
redirect an IKE_SA
.TP
.B "\-p, \-\-install"
@@ -93,7 +91,10 @@ trace logging output
.B "\-S, \-\-stats"
show daemon infos and statistics
.TP
-.B "\-r, \-\-reload-settings"
+.B "\-f, \-\-flush\-certs"
+flush cached certificates
+.TP
+.B "\-r, \-\-reload\-settings"
reload strongswan.conf(5) configuration
.TP
.B "\-v, \-\-version"
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 6bc81becf..eb46005e1 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -44,7 +44,7 @@
# dpd_timeout = 0s
# Use IKE UDP datagram fragmentation. (yes, no or force).
- # fragmentation = no
+ # fragmentation = yes
# Send certificate requests payloads (yes or no).
# send_certreq = yes
@@ -201,6 +201,9 @@
# Whether to install IPsec policies or not.
# policies = yes
+ # Whether to install outbound FWD IPsec policies or not.
+ # policies_fwd_out = no
+
# Action to perform on DPD timeout (clear, trap or restart).
# dpd_action = clear
@@ -278,6 +281,18 @@
# }
+ # Private key decryption passphrase for a key in the private folder.
+ # private<suffix> {
+
+ # File name in the private folder for which this passphrase should be
+ # used.
+ # file =
+
+ # Value of decryption passphrase for private key.
+ # secret =
+
+ # }
+
# Private key decryption passphrase for a key in the rsa folder.
# rsa<suffix> {
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 013e35fb7..697bd406a 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -151,22 +151,23 @@ compatibility reasons, with IKEv1 a custom interval may be specified; this
option has no effect on connections using IKE2.
.TP
-.BR connections.<conn>.fragmentation " [no]"
+.BR connections.<conn>.fragmentation " [yes]"
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation). Acceptable values are
-.RI "" "yes" ","
+.RI "" "yes" ""
+(the default),
.RI "" "force" ""
and
-.RI "" "no" ""
-(the default).
-Fragmented IKE messages sent by a peer are always accepted irrespective of the
-value of this option. If set to
+.RI "" "no" "."
+Fragmented IKE messages sent by a peer are always accepted irrespective of
+the value of this option. If set to
.RI "" "yes" ","
-and the peer supports it, oversized IKE
-messages will be sent in fragments. If set to
+and the peer supports it,
+oversized IKE messages will be sent in fragments. If set to
.RI "" "force" ""
-(only supported for
-IKEv1) the initial IKE message will already be fragmented if required.
+(only
+supported for IKEv1) the initial IKE message will already be fragmented if
+required.
.TP
.BR connections.<conn>.send_certreq " [yes]"
@@ -594,7 +595,9 @@ the CHILD_SA configuration, which must be unique within the connection.
AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For
AH, this includes an integrity algorithm and an optional Diffie\-Hellman group.
If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation
-uses a separate Diffie\-Hellman exchange using the specified group.
+uses a separate Diffie\-Hellman exchange using the specified group (refer to
+.RI "" "esp_proposals" ""
+for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single
proposal, from which one gets selected. In IKEv1, only one algorithm per kind is
@@ -617,14 +620,19 @@ algorithm, an optional Diffie\-Hellman group and an optional Extended Sequence
Number Mode indicator. For AEAD proposals, a combined mode algorithm is used
instead of the separate encryption/integrity algorithms.
-If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non
-IKE_AUTH piggybacked) negotiation uses a separate Diffie\-Hellman exchange using
-the specified group. Extended Sequence Number support may be indicated with the
+If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation
+use a separate Diffie\-Hellman exchange using the specified group. However, for
+IKEv2, the keys of the CHILD_SA created implicitly with the IKE_SA will always
+be derived from the IKE_SA's key material. So any DH group specified here will
+only apply when the CHILD_SA is later rekeyed or is created with a separate
+CREATE_CHILD_SA exchange. A proposal mismatch might, therefore, not immediately
+be noticed when the SA is established, but may later cause rekeying to fail.
+
+Extended Sequence Number support may be indicated with the
.RI "" "esn" ""
and
.RI "" "noesn" ""
-values, both may be included to indicate support for both
-modes. If omitted,
+values, both may be included to indicate support for both modes. If omitted,
.RI "" "noesn" ""
is assumed.
@@ -820,6 +828,12 @@ defined traffic from IPsec processing or drop it, respectively.
Whether to install IPsec policies or not. Disabling this can be useful in some
scenarios e.g. MIPv6, where policies are not managed by the IKE daemon.
+.TP
+.BR connections.<conn>.children.<child>.policies_fwd_out " [no]"
+Whether to install outbound FWD IPsec policies or not. Enabling this is required
+in case there is a drop policy that would match and block forwarded traffic for
+this CHILD_SA.
+
.TP
.BR connections.<conn>.children.<child>.dpd_action " [clear]"
Action to perform for this CHILD_SA on DPD timeout. The default
@@ -1021,6 +1035,23 @@ be specified, each having an
prefix, if a secret is shared between multiple
peers.
+.TP
+.B secrets.private<suffix>
+.br
+Private key decryption passphrase for a key in the
+.RI "" "private" ""
+folder.
+
+.TP
+.BR secrets.private<suffix>.file " []"
+File name in the
+.RI "" "private" ""
+folder for which this passphrase should be used.
+
+.TP
+.BR secrets.private<suffix>.secret " []"
+Value of decryption passphrase for private key.
+
.TP
.B secrets.rsa<suffix>
.br
diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h
index 560e89513..eac1fc6d0 100644
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@@ -2,6 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -64,6 +65,11 @@
*/
#define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
+/**
+ * Directory for private keys
+ */
+#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
+
/**
* Directory for RSA private keys
*/
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index fe5b293fb..a7d6d9fc3 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -139,12 +139,12 @@ connections.<conn>.dpd_timeout = 0s
checking. For compatibility reasons, with IKEv1 a custom interval may be
specified; this option has no effect on connections using IKE2.
-connections.<conn>.fragmentation = no
+connections.<conn>.fragmentation = yes
Use IKE UDP datagram fragmentation. (_yes_, _no_ or _force_).
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
- fragmentation). Acceptable values are _yes_, _force_ and _no_ (the
- default). Fragmented IKE messages sent by a peer are always accepted
+ fragmentation). Acceptable values are _yes_ (the default), _force_ and
+ _no_. Fragmented IKE messages sent by a peer are always accepted
irrespective of the value of this option. If set to _yes_, and the peer
supports it, oversized IKE messages will be sent in fragments. If set to
_force_ (only supported for IKEv1) the initial IKE message will already
@@ -472,7 +472,7 @@ connections.<conn>.children.<child>.ah_proposals =
For AH, this includes an integrity algorithm and an optional Diffie-Hellman
group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
negotiation uses a separate Diffie-Hellman exchange using the specified
- group.
+ group (refer to _esp_proposals_ for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single
proposal, from which one gets selected. In IKEv1, only one algorithm per
@@ -495,11 +495,18 @@ connections.<conn>.children.<child>.esp_proposals = default
mode algorithm is used instead of the separate encryption/integrity
algorithms.
- If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non
- IKE_AUTH piggybacked) negotiation uses a separate Diffie-Hellman exchange
- using the specified group. Extended Sequence Number support may be indicated
- with the _esn_ and _noesn_ values, both may be included to indicate support
- for both modes. If omitted, _noesn_ is assumed.
+ If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
+ negotiation use a separate Diffie-Hellman exchange using the specified
+ group. However, for IKEv2, the keys of the CHILD_SA created implicitly with
+ the IKE_SA will always be derived from the IKE_SA's key material. So any DH
+ group specified here will only apply when the CHILD_SA is later rekeyed or
+ is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch
+ might, therefore, not immediately be noticed when the SA is established, but
+ may later cause rekeying to fail.
+
+ Extended Sequence Number support may be indicated with the _esn_ and _noesn_
+ values, both may be included to indicate support for both modes. If omitted,
+ _noesn_ is assumed.
In IKEv2, multiple algorithms of the same kind can be specified in a single
proposal, from which one gets selected. In IKEv1, only one algorithm per
@@ -652,6 +659,13 @@ connections.<conn>.children.<child>.policies = yes
Whether to install IPsec policies or not. Disabling this can be useful in
some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon.
+connections.<conn>.children.<child>.policies_fwd_out = no
+ Whether to install outbound FWD IPsec policies or not.
+
+ Whether to install outbound FWD IPsec policies or not. Enabling this is
+ required in case there is a drop policy that would match and block forwarded
+ traffic for this CHILD_SA.
+
connections.<conn>.children.<child>.dpd_action = clear
Action to perform on DPD timeout (_clear_, _trap_ or _restart_).
@@ -821,6 +835,15 @@ secrets.ike<suffix>.id<suffix> =
may be specified, each having an _id_ prefix, if a secret is shared between
multiple peers.
+secrets.private<suffix> { # }
+ Private key decryption passphrase for a key in the _private_ folder.
+
+secrets.private<suffix>.file =
+ File name in the _private_ folder for which this passphrase should be used.
+
+secrets.private<suffix>.secret
+ Value of decryption passphrase for private key.
+
secrets.rsa<suffix> { # }
Private key decryption passphrase for a key in the _rsa_ folder.
--
cgit v1.2.3