[Pkg-swan-devel] [strongswan] 04/12: Imported Upstream version 5.1.2
Yves-Alexis Perez
corsac at moszumanska.debian.org
Sun Mar 16 14:49:36 UTC 2014
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch master
in repository strongswan.
commit 15fb7904f4431a6e7c305fd08732458f7f885e7e
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Tue Mar 11 20:48:48 2014 +0100
Imported Upstream version 5.1.2
---
Android.common.mk | 2 +-
Android.mk | 3 +-
Doxyfile.in | 2 +-
Makefile.am | 17 +-
Makefile.in | 32 +-
NEWS | 46 +
aclocal.m4 | 272 +++
conf/Makefile.am | 163 ++
conf/Makefile.in | 873 +++++++++
conf/default.conf | 8 +
conf/default.opt | 3 +
conf/format-options.py | 337 ++++
conf/options/attest.conf | 11 +
conf/options/attest.opt | 6 +
conf/options/charon-logging.conf | 62 +
conf/options/charon-logging.opt | 57 +
conf/options/charon.conf | 281 +++
conf/options/charon.opt | 284 +++
conf/options/imcv.conf | 43 +
conf/options/imcv.opt | 28 +
conf/options/manager.conf | 23 +
conf/options/manager.opt | 18 +
conf/options/medsrv.conf | 32 +
conf/options/medsrv.opt | 27 +
conf/options/pacman.conf | 12 +
conf/options/pacman.opt | 7 +
conf/options/pool.conf | 12 +
conf/options/pool.opt | 7 +
conf/options/starter.conf | 10 +
conf/options/starter.opt | 5 +
conf/options/tnc.conf | 11 +
conf/options/tnc.opt | 2 +
conf/options/tools.conf | 21 +
conf/options/tools.opt | 8 +
conf/plugins/android_log.conf | 11 +
conf/plugins/android_log.opt | 2 +
conf/plugins/attr-sql.conf | 16 +
conf/plugins/attr-sql.opt | 6 +
conf/plugins/attr.conf | 14 +
conf/plugins/attr.opt | 14 +
conf/plugins/certexpire.conf | 38 +
conf/plugins/certexpire.opt | 25 +
conf/plugins/coupling.conf | 17 +
conf/plugins/coupling.opt | 8 +
conf/plugins/dhcp.conf | 20 +
conf/plugins/dhcp.opt | 22 +
conf/plugins/dnscert.conf | 11 +
conf/plugins/dnscert.opt | 2 +
conf/plugins/duplicheck.conf | 14 +
conf/plugins/duplicheck.opt | 5 +
conf/plugins/eap-aka-3ggp2.conf | 10 +
conf/plugins/eap-aka-3ggp2.opt | 1 +
conf/plugins/eap-aka.conf | 10 +
conf/plugins/eap-aka.opt | 1 +
conf/plugins/eap-dynamic.conf | 14 +
conf/plugins/eap-dynamic.opt | 13 +
conf/plugins/eap-gtc.conf | 11 +
conf/plugins/eap-gtc.opt | 2 +
conf/plugins/eap-peap.conf | 30 +
conf/plugins/eap-peap.opt | 20 +
conf/plugins/eap-radius.conf | 86 +
conf/plugins/eap-radius.opt | 105 +
conf/plugins/eap-sim.conf | 10 +
conf/plugins/eap-sim.opt | 1 +
conf/plugins/eap-simaka-sql.conf | 12 +
conf/plugins/eap-simaka-sql.opt | 3 +
conf/plugins/eap-tls.conf | 17 +
conf/plugins/eap-tls.opt | 8 +
conf/plugins/eap-tnc.conf | 15 +
conf/plugins/eap-tnc.opt | 6 +
conf/plugins/eap-ttls.conf | 30 +
conf/plugins/eap-ttls.opt | 20 +
conf/plugins/error-notify.conf | 11 +
conf/plugins/error-notify.opt | 2 +
conf/plugins/gcrypt.conf | 11 +
conf/plugins/gcrypt.opt | 2 +
conf/plugins/ha.conf | 32 +
conf/plugins/ha.opt | 23 +
conf/plugins/imc-attestation.conf | 26 +
conf/plugins/imc-attestation.opt | 17 +
conf/plugins/imc-os.conf | 11 +
conf/plugins/imc-os.opt | 2 +
conf/plugins/imc-scanner.conf | 11 +
conf/plugins/imc-scanner.opt | 2 +
conf/plugins/imc-swid.conf | 11 +
conf/plugins/imc-swid.opt | 2 +
conf/plugins/imc-test.conf | 23 +
conf/plugins/imc-test.opt | 14 +
conf/plugins/imv-attestation.conf | 42 +
conf/plugins/imv-attestation.opt | 29 +
conf/plugins/imv-os.conf | 11 +
conf/plugins/imv-os.opt | 2 +
conf/plugins/imv-scanner.conf | 11 +
conf/plugins/imv-scanner.opt | 2 +
conf/plugins/imv-test.conf | 11 +
conf/plugins/imv-test.opt | 2 +
conf/plugins/ipseckey.conf | 11 +
conf/plugins/ipseckey.opt | 2 +
conf/plugins/kernel-klips.conf | 14 +
conf/plugins/kernel-klips.opt | 5 +
conf/plugins/kernel-libipsec.conf | 11 +
conf/plugins/kernel-libipsec.opt | 7 +
conf/plugins/kernel-netlink.conf | 19 +
conf/plugins/kernel-netlink.opt | 18 +
conf/plugins/kernel-pfroute.conf | 12 +
conf/plugins/kernel-pfroute.opt | 3 +
conf/plugins/led.conf | 12 +
conf/plugins/led.opt | 3 +
conf/plugins/load-tester.conf | 138 ++
conf/plugins/load-tester.opt | 128 ++
conf/plugins/lookip.conf | 11 +
conf/plugins/lookip.opt | 2 +
conf/plugins/ntru.conf | 17 +
conf/plugins/ntru.opt | 8 +
conf/plugins/openssl.conf | 14 +
conf/plugins/openssl.opt | 5 +
conf/plugins/pkcs11.conf | 37 +
conf/plugins/pkcs11.opt | 26 +
conf/plugins/radattr.conf | 15 +
conf/plugins/radattr.opt | 9 +
conf/plugins/random.conf | 18 +
conf/plugins/random.opt | 9 +
conf/plugins/resolve.conf | 18 +
conf/plugins/resolve.opt | 11 +
conf/plugins/socket-default.conf | 20 +
conf/plugins/socket-default.opt | 11 +
conf/plugins/sql.conf | 15 +
conf/plugins/sql.opt | 6 +
conf/plugins/stroke.conf | 24 +
conf/plugins/stroke.opt | 15 +
conf/plugins/systime-fix.conf | 22 +
conf/plugins/systime-fix.opt | 12 +
conf/plugins/tnc-ifmap.conf | 30 +
conf/plugins/tnc-ifmap.opt | 21 +
conf/plugins/tnc-imc.conf | 14 +
conf/plugins/tnc-imc.opt | 5 +
conf/plugins/tnc-imv.conf | 14 +
conf/plugins/tnc-imv.opt | 5 +
conf/plugins/tnc-pdp.conf | 41 +
conf/plugins/tnc-pdp.opt | 24 +
conf/plugins/tnccs-11.conf | 11 +
conf/plugins/tnccs-11.opt | 2 +
conf/plugins/tnccs-20.conf | 14 +
conf/plugins/tnccs-20.opt | 5 +
conf/plugins/unbound.conf | 17 +
conf/plugins/unbound.opt | 17 +
conf/plugins/updown.conf | 12 +
conf/plugins/updown.opt | 7 +
conf/plugins/whitelist.conf | 14 +
conf/plugins/whitelist.opt | 6 +
conf/plugins/xauth-eap.conf | 11 +
conf/plugins/xauth-eap.opt | 2 +
conf/plugins/xauth-pam.conf | 18 +
conf/plugins/xauth-pam.opt | 9 +
conf/strongswan.conf | 14 +
conf/strongswan.conf.5.head.in | 127 ++
conf/strongswan.conf.5.main | 1664 ++++++++++++++++
conf/strongswan.conf.5.tail.in | 470 +++++
config.h.in | 17 +-
configure | 548 ++++--
configure.ac | 102 +-
init/Makefile.in | 12 +-
init/systemd/Makefile.in | 12 +-
man/Makefile.am | 3 +-
man/Makefile.in | 22 +-
man/ipsec.conf.5.in | 4 +-
man/strongswan.conf.5.in | 1745 -----------------
scripts/Makefile.in | 12 +-
scripts/aes-test.c | 4 +-
scripts/crypt_burn.c | 2 +-
scripts/dh_speed.c | 2 +-
scripts/dnssec.c | 2 +-
scripts/fetch.c | 2 +-
scripts/hash_burn.c | 2 +-
scripts/key2keyid.c | 2 +-
scripts/keyid2sql.c | 2 +-
scripts/malloc_speed.c | 2 +-
scripts/pubkey_speed.c | 2 +-
scripts/tls_test.c | 2 +-
src/Makefile.am | 16 +-
src/Makefile.in | 47 +-
src/_copyright/Makefile.in | 12 +-
src/_copyright/_copyright.c | 14 +-
src/_updown/Makefile.in | 12 +-
src/_updown/_updown.in | 34 +
src/_updown_espmark/Makefile.in | 12 +-
src/charon-cmd/Makefile.in | 12 +-
src/charon-cmd/charon-cmd.8.in | 18 +
src/charon-cmd/charon-cmd.c | 7 +-
src/charon-cmd/cmd/cmd_connection.c | 97 +-
src/charon-cmd/cmd/cmd_options.c | 6 +
src/charon-cmd/cmd/cmd_options.h | 3 +
src/charon-nm/Makefile.in | 12 +-
src/charon-nm/charon-nm.c | 6 +-
src/charon-nm/nm/nm_backend.c | 12 -
src/charon-nm/nm/nm_service.c | 16 +-
src/charon-tkm/Makefile.am | 40 +-
src/charon-tkm/Makefile.in | 52 +-
src/charon-tkm/build_common.gpr | 2 +-
src/charon-tkm/build_tests.gpr | 6 +-
src/charon-tkm/src/charon-tkm.c | 17 +-
src/charon-tkm/src/tkm/tkm.c | 4 +-
src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 108 +-
src/charon-tkm/src/tkm/tkm_diffie_hellman.h | 13 +
src/charon-tkm/src/tkm/tkm_id_manager.c | 1 -
src/charon-tkm/tests/chunk_map_tests.c | 17 +-
src/charon-tkm/tests/diffie_hellman_tests.c | 18 +-
src/charon-tkm/tests/id_manager_tests.c | 20 +-
src/charon-tkm/tests/kernel_sad_tests.c | 23 +-
src/charon-tkm/tests/keymat_tests.c | 18 +-
src/charon-tkm/tests/nonceg_tests.c | 21 +-
src/charon-tkm/tests/test_runner.c | 84 -
src/charon-tkm/tests/test_runner.h | 30 -
src/charon-tkm/tests/tests.c | 114 ++
src/charon-tkm/tests/tests.h | 23 +
src/charon-tkm/tests/utils_tests.c | 15 +-
src/charon/Android.mk | 1 -
src/charon/Makefile.in | 12 +-
src/charon/charon.c | 6 +-
src/checksum/Makefile.am | 19 +-
src/checksum/Makefile.in | 79 +-
src/checksum/checksum_builder.c | 5 +-
src/conftest/Makefile.in | 12 +-
src/conftest/conftest.c | 8 +-
src/dumm/Makefile.in | 12 +-
src/dumm/cowfs.h | 2 +-
src/dumm/ext/dumm.c | 2 +-
src/dumm/main.c | 2 +-
src/include/Makefile.in | 12 +-
src/ipsec/Makefile.in | 12 +-
src/ipsec/_ipsec.8 | 2 +-
src/libcharon/Android.mk | 1 -
src/libcharon/Makefile.in | 12 +-
src/libcharon/config/ike_cfg.c | 6 +-
src/libcharon/config/proposal.c | 4 +
src/libcharon/daemon.c | 36 +-
src/libcharon/daemon.h | 10 +-
src/libcharon/encoding/payloads/notify_payload.c | 14 +-
src/libcharon/encoding/payloads/notify_payload.h | 2 +
src/libcharon/network/receiver.c | 20 +-
src/libcharon/network/sender.c | 8 +-
src/libcharon/plugins/addrblock/Makefile.in | 12 +-
src/libcharon/plugins/android_dns/Makefile.in | 12 +-
src/libcharon/plugins/android_log/Makefile.in | 12 +-
.../plugins/android_log/android_log_logger.c | 2 +-
src/libcharon/plugins/certexpire/Makefile.in | 12 +-
.../plugins/certexpire/certexpire_export.c | 30 +-
src/libcharon/plugins/coupling/Makefile.in | 12 +-
.../plugins/coupling/coupling_validator.c | 8 +-
src/libcharon/plugins/dhcp/Makefile.in | 12 +-
src/libcharon/plugins/dhcp/dhcp_socket.c | 40 +-
src/libcharon/plugins/dnscert/Makefile.in | 12 +-
src/libcharon/plugins/dnscert/dnscert_plugin.c | 2 +-
src/libcharon/plugins/duplicheck/Makefile.in | 12 +-
.../plugins/duplicheck/duplicheck_notify.c | 2 +-
.../plugins/duplicheck/duplicheck_plugin.c | 2 +-
src/libcharon/plugins/eap_aka/Makefile.in | 12 +-
src/libcharon/plugins/eap_aka/eap_aka_server.c | 2 +-
src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 12 +-
.../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c | 2 +-
src/libcharon/plugins/eap_dynamic/Makefile.in | 12 +-
src/libcharon/plugins/eap_dynamic/eap_dynamic.c | 4 +-
src/libcharon/plugins/eap_gtc/Makefile.in | 12 +-
src/libcharon/plugins/eap_gtc/eap_gtc.c | 2 +-
src/libcharon/plugins/eap_identity/Makefile.in | 12 +-
src/libcharon/plugins/eap_md5/Makefile.in | 12 +-
src/libcharon/plugins/eap_mschapv2/Makefile.in | 12 +-
src/libcharon/plugins/eap_peap/Makefile.in | 12 +-
src/libcharon/plugins/eap_peap/eap_peap.c | 8 +-
src/libcharon/plugins/eap_peap/eap_peap_server.c | 8 +-
src/libcharon/plugins/eap_radius/Makefile.in | 12 +-
src/libcharon/plugins/eap_radius/eap_radius.c | 10 +-
.../plugins/eap_radius/eap_radius_accounting.c | 6 +-
src/libcharon/plugins/eap_radius/eap_radius_dae.c | 10 +-
.../plugins/eap_radius/eap_radius_forward.c | 4 +-
.../plugins/eap_radius/eap_radius_plugin.c | 34 +-
.../plugins/eap_radius/eap_radius_xauth.c | 2 +-
src/libcharon/plugins/eap_sim/Makefile.in | 12 +-
src/libcharon/plugins/eap_sim/eap_sim_server.c | 2 +-
src/libcharon/plugins/eap_sim_file/Makefile.in | 12 +-
src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 12 +-
.../plugins/eap_simaka_pseudonym/Makefile.in | 12 +-
.../plugins/eap_simaka_reauth/Makefile.in | 12 +-
src/libcharon/plugins/eap_simaka_sql/Makefile.in | 12 +-
.../plugins/eap_simaka_sql/eap_simaka_sql_plugin.c | 4 +-
src/libcharon/plugins/eap_tls/Makefile.in | 12 +-
src/libcharon/plugins/eap_tls/eap_tls.c | 6 +-
src/libcharon/plugins/eap_tnc/Makefile.in | 12 +-
src/libcharon/plugins/eap_tnc/eap_tnc.c | 6 +-
src/libcharon/plugins/eap_ttls/Makefile.in | 12 +-
src/libcharon/plugins/eap_ttls/eap_ttls.c | 8 +-
src/libcharon/plugins/eap_ttls/eap_ttls_server.c | 8 +-
src/libcharon/plugins/error_notify/Makefile.in | 12 +-
.../plugins/error_notify/error_notify_socket.c | 2 +-
src/libcharon/plugins/farp/Makefile.in | 12 +-
src/libcharon/plugins/ha/Makefile.in | 12 +-
src/libcharon/plugins/ha/ha_attribute.c | 2 +-
src/libcharon/plugins/ha/ha_plugin.c | 14 +-
src/libcharon/plugins/ha/ha_segments.c | 6 +-
src/libcharon/plugins/ipseckey/Makefile.in | 12 +-
src/libcharon/plugins/ipseckey/ipseckey_plugin.c | 2 +-
src/libcharon/plugins/kernel_libipsec/Makefile.in | 12 +-
.../kernel_libipsec/kernel_libipsec_ipsec.c | 2 +-
.../kernel_libipsec/kernel_libipsec_plugin.c | 2 +-
src/libcharon/plugins/led/Makefile.in | 12 +-
src/libcharon/plugins/led/led_listener.c | 6 +-
src/libcharon/plugins/load_tester/Makefile.in | 12 +-
.../plugins/load_tester/load_tester_config.c | 57 +-
.../plugins/load_tester/load_tester_control.c | 2 +-
.../plugins/load_tester/load_tester_creds.c | 12 +-
.../plugins/load_tester/load_tester_listener.c | 2 +-
.../plugins/load_tester/load_tester_plugin.c | 16 +-
src/libcharon/plugins/lookip/Makefile.in | 12 +-
src/libcharon/plugins/lookip/lookip_socket.c | 39 +-
src/libcharon/plugins/maemo/Makefile.in | 12 +-
src/libcharon/plugins/medcli/Makefile.in | 12 +-
src/libcharon/plugins/medsrv/Makefile.in | 12 +-
src/libcharon/plugins/osx_attr/Makefile.in | 12 +-
src/libcharon/plugins/radattr/Makefile.in | 12 +-
src/libcharon/plugins/radattr/radattr_listener.c | 52 +-
src/libcharon/plugins/smp/Makefile.in | 12 +-
src/libcharon/plugins/socket_default/Makefile.in | 12 +-
.../plugins/socket_default/socket_default_socket.c | 14 +-
src/libcharon/plugins/socket_dynamic/Makefile.in | 12 +-
.../plugins/socket_dynamic/socket_dynamic_socket.c | 2 +-
src/libcharon/plugins/sql/Makefile.in | 12 +-
src/libcharon/plugins/sql/sql_logger.c | 2 +-
src/libcharon/plugins/sql/sql_plugin.c | 2 +-
src/libcharon/plugins/stroke/Makefile.in | 12 +-
src/libcharon/plugins/stroke/stroke_config.c | 2 +-
src/libcharon/plugins/stroke/stroke_control.c | 2 +-
src/libcharon/plugins/stroke/stroke_cred.c | 53 +-
src/libcharon/plugins/stroke/stroke_socket.c | 53 +-
src/libcharon/plugins/systime_fix/Makefile.in | 12 +-
.../plugins/systime_fix/systime_fix_plugin.c | 8 +-
src/libcharon/plugins/tnc_ifmap/Makefile.in | 12 +-
.../plugins/tnc_ifmap/tnc_ifmap_listener.c | 4 +-
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c | 14 +-
src/libcharon/plugins/tnc_pdp/Makefile.in | 12 +-
src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 14 +-
.../plugins/tnc_pdp/tnc_pdp_connections.c | 2 +-
src/libcharon/plugins/uci/Makefile.in | 12 +-
src/libcharon/plugins/unit_tester/Makefile.in | 12 +-
src/libcharon/plugins/unity/Makefile.in | 12 +-
src/libcharon/plugins/unity/unity_narrow.c | 11 +-
src/libcharon/plugins/unity/unity_provider.c | 77 +-
src/libcharon/plugins/updown/Makefile.in | 12 +-
src/libcharon/plugins/updown/updown_handler.c | 2 +-
src/libcharon/plugins/updown/updown_listener.c | 10 +-
src/libcharon/plugins/updown/updown_plugin.c | 2 +-
src/libcharon/plugins/whitelist/Makefile.in | 12 +-
.../plugins/whitelist/whitelist_control.c | 2 +-
.../plugins/whitelist/whitelist_listener.c | 2 +-
src/libcharon/plugins/xauth_eap/Makefile.in | 12 +-
src/libcharon/plugins/xauth_eap/xauth_eap.c | 2 +-
src/libcharon/plugins/xauth_generic/Makefile.in | 12 +-
src/libcharon/plugins/xauth_noauth/Makefile.in | 12 +-
src/libcharon/plugins/xauth_pam/Makefile.am | 1 +
src/libcharon/plugins/xauth_pam/Makefile.in | 16 +-
src/libcharon/plugins/xauth_pam/xauth_pam.c | 13 +-
.../plugins/xauth_pam/xauth_pam_listener.c | 144 ++
.../plugins/xauth_pam/xauth_pam_listener.h | 58 +
src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c | 71 +-
src/libcharon/processing/jobs/inactivity_job.c | 5 +-
src/libcharon/sa/child_sa.c | 13 +
src/libcharon/sa/child_sa.h | 7 +
src/libcharon/sa/ike_sa.c | 41 +-
src/libcharon/sa/ike_sa_manager.c | 8 +-
src/libcharon/sa/ikev1/task_manager_v1.c | 19 +-
src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 6 +-
src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 4 +-
src/libcharon/sa/ikev1/tasks/quick_mode.c | 2 +-
src/libcharon/sa/ikev2/keymat_v2.c | 30 +-
src/libcharon/sa/ikev2/task_manager_v2.c | 15 +-
src/libcharon/sa/ikev2/tasks/child_create.c | 4 +-
src/libcharon/sa/ikev2/tasks/ike_auth.c | 2 +-
src/libcharon/sa/ikev2/tasks/ike_cert_pre.c | 2 +-
src/libcharon/sa/ikev2/tasks/ike_vendor.c | 79 +-
src/libcharon/sa/task_manager.h | 5 +
src/libcharon/sa/trap_manager.c | 87 +-
src/libcharon/sa/xauth/xauth_manager.c | 3 +
src/libfast/Makefile.in | 12 +-
src/libfast/fast_request.c | 39 +-
src/libhydra/Android.mk | 1 -
src/libhydra/Makefile.in | 12 +-
src/libhydra/attributes/mem_pool.c | 2 +-
src/libhydra/hydra.c | 4 +-
src/libhydra/hydra.h | 12 +-
src/libhydra/kernel/kernel_interface.c | 4 +-
src/libhydra/plugins/attr/Makefile.in | 12 +-
src/libhydra/plugins/attr/attr_provider.c | 8 +-
src/libhydra/plugins/attr_sql/Makefile.in | 12 +-
src/libhydra/plugins/attr_sql/attr_sql_plugin.c | 4 +-
src/libhydra/plugins/attr_sql/sql_attribute.c | 2 +-
src/libhydra/plugins/kernel_klips/Makefile.in | 12 +-
.../plugins/kernel_klips/kernel_klips_ipsec.c | 10 +-
src/libhydra/plugins/kernel_netlink/Makefile.in | 12 +-
.../plugins/kernel_netlink/kernel_netlink_ipsec.c | 22 +-
.../plugins/kernel_netlink/kernel_netlink_net.c | 25 +-
src/libhydra/plugins/kernel_pfkey/Makefile.in | 12 +-
.../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 +-
src/libhydra/plugins/kernel_pfroute/Makefile.in | 12 +-
.../plugins/kernel_pfroute/kernel_pfroute_net.c | 11 +-
src/libhydra/plugins/resolve/Makefile.in | 12 +-
src/libhydra/plugins/resolve/resolve_handler.c | 4 +-
src/libimcv/Makefile.am | 4 +-
src/libimcv/Makefile.in | 65 +-
src/libimcv/imcv.c | 11 +-
src/libimcv/imv/data.sql | 132 ++
src/libimcv/imv/imv_msg.c | 4 +-
src/libimcv/imv/imv_policy_manager.c | 11 +-
src/libimcv/imv/imv_reason_string.c | 11 +-
src/libimcv/imv/imv_reason_string.h | 3 +-
src/libimcv/imv/imv_workitem.c | 5 +-
src/libimcv/imv/imv_workitem.h | 3 +-
src/libimcv/ita/ita_attr_command.c | 5 +-
src/libimcv/ita/ita_attr_get_settings.c | 9 +-
src/libimcv/ita/ita_attr_settings.c | 9 +-
src/libimcv/os_info/os_info.c | 4 +-
src/libimcv/plugins/imc_os/Makefile.in | 12 +-
src/libimcv/plugins/imc_os/imc_os.c | 2 +-
src/libimcv/plugins/imc_scanner/Makefile.in | 12 +-
src/libimcv/plugins/imc_scanner/imc_scanner.c | 2 +-
src/libimcv/plugins/imc_test/Makefile.in | 12 +-
src/libimcv/plugins/imc_test/imc_test.c | 12 +-
src/libimcv/plugins/imv_os/Makefile.in | 12 +-
src/libimcv/plugins/imv_os/imv_os_database.c | 5 +-
src/libimcv/plugins/imv_os/imv_os_state.c | 4 +-
src/libimcv/plugins/imv_os/pacman.c | 4 +-
src/libimcv/plugins/imv_os/pacman.sh | 1 +
src/libimcv/plugins/imv_scanner/Makefile.in | 12 +-
.../plugins/imv_scanner/imv_scanner_state.c | 4 +-
src/libimcv/plugins/imv_test/Makefile.in | 12 +-
src/libimcv/plugins/imv_test/imv_test_agent.c | 10 +-
src/libimcv/plugins/imv_test/imv_test_state.c | 2 +-
src/libipsec/Android.mk | 1 -
src/libipsec/Makefile.in | 12 +-
src/libpts/Makefile.in | 12 +-
src/libpts/plugins/imc_attestation/Makefile.in | 12 +-
.../imc_attestation/imc_attestation_process.c | 11 +-
src/libpts/plugins/imc_swid/Makefile.in | 12 +-
src/libpts/plugins/imc_swid/imc_swid.c | 4 +-
src/libpts/plugins/imv_attestation/Makefile.in | 12 +-
src/libpts/plugins/imv_attestation/attest.c | 13 +-
src/libpts/plugins/imv_attestation/attest_db.c | 4 +-
src/libpts/plugins/imv_attestation/attest_usage.c | 7 +-
.../imv_attestation/imv_attestation_agent.c | 186 +-
.../imv_attestation/imv_attestation_build.c | 153 +-
.../imv_attestation/imv_attestation_build.h | 5 +-
.../imv_attestation/imv_attestation_process.c | 83 +-
.../imv_attestation/imv_attestation_state.c | 114 +-
.../imv_attestation/imv_attestation_state.h | 35 +-
src/libpts/plugins/imv_swid/Makefile.in | 12 +-
src/libpts/pts/components/ita/ita_comp_ima.c | 8 +-
src/libpts/pts/components/ita/ita_comp_tboot.c | 12 +-
src/libpts/pts/pts.c | 8 +-
src/libpts/pts/pts_database.c | 62 +-
src/libpts/pts/pts_file_meas.c | 3 +-
src/libpts/swid/swid_inventory.c | 34 +-
src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c | 5 +-
src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c | 5 +-
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 2 +-
src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c | 5 +-
src/libpttls/Makefile.in | 12 +-
src/libradius/Makefile.in | 12 +-
src/libsimaka/Makefile.in | 12 +-
src/libstrongswan/Android.mk | 8 +-
src/libstrongswan/Makefile.am | 17 +-
src/libstrongswan/Makefile.in | 73 +-
src/libstrongswan/asn1/asn1.c | 80 +-
src/libstrongswan/asn1/asn1.h | 7 +
src/libstrongswan/asn1/asn1_parser.c | 1 +
src/libstrongswan/asn1/oid.c | 650 ++++---
src/libstrongswan/asn1/oid.h | 328 ++--
src/libstrongswan/asn1/oid.txt | 24 +
src/libstrongswan/collections/array.c | 151 +-
src/libstrongswan/collections/array.h | 73 +-
src/libstrongswan/credentials/credential_manager.c | 2 +-
src/libstrongswan/crypto/crypto_factory.c | 6 +-
src/libstrongswan/crypto/crypto_tester.c | 8 +-
src/libstrongswan/crypto/diffie_hellman.c | 9 +-
src/libstrongswan/crypto/diffie_hellman.h | 5 +
.../crypto/proposal/proposal_keywords.c | 55 +-
.../crypto/proposal/proposal_keywords.h | 13 +
.../crypto/proposal/proposal_keywords_static.c | 324 ++--
.../crypto/proposal/proposal_keywords_static.txt | 8 +-
src/libstrongswan/fetcher/fetcher_manager.c | 2 +-
src/libstrongswan/library.c | 49 +-
src/libstrongswan/library.h | 16 +-
src/libstrongswan/networking/host_resolver.c | 8 +-
src/libstrongswan/networking/streams/stream.c | 17 +-
src/libstrongswan/networking/streams/stream.h | 5 +-
src/libstrongswan/networking/tun_device.c | 8 +-
src/libstrongswan/networking/tun_device.h | 1 -
src/libstrongswan/plugins/aes/Makefile.in | 12 +-
src/libstrongswan/plugins/af_alg/Makefile.in | 12 +-
src/libstrongswan/plugins/agent/Makefile.in | 12 +-
src/libstrongswan/plugins/agent/agent_plugin.c | 8 +-
.../plugins/agent/agent_private_key.c | 1 -
src/libstrongswan/plugins/blowfish/Makefile.in | 12 +-
src/libstrongswan/plugins/ccm/Makefile.in | 12 +-
src/libstrongswan/plugins/cmac/Makefile.in | 12 +-
src/libstrongswan/plugins/constraints/Makefile.in | 12 +-
src/libstrongswan/plugins/ctr/Makefile.in | 12 +-
src/libstrongswan/plugins/curl/Makefile.in | 12 +-
src/libstrongswan/plugins/curl/curl_fetcher.c | 17 +-
src/libstrongswan/plugins/des/Makefile.in | 12 +-
src/libstrongswan/plugins/dnskey/Makefile.in | 12 +-
src/libstrongswan/plugins/fips_prf/Makefile.in | 12 +-
src/libstrongswan/plugins/gcm/Makefile.in | 12 +-
src/libstrongswan/plugins/gcrypt/Makefile.in | 12 +-
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 4 +-
src/libstrongswan/plugins/gmp/Makefile.in | 12 +-
src/libstrongswan/plugins/hmac/Makefile.in | 12 +-
src/libstrongswan/plugins/keychain/Makefile.in | 12 +-
src/libstrongswan/plugins/ldap/Makefile.in | 12 +-
src/libstrongswan/plugins/md4/Makefile.in | 12 +-
src/libstrongswan/plugins/md5/Makefile.in | 12 +-
src/libstrongswan/plugins/mysql/Makefile.in | 12 +-
src/libstrongswan/plugins/nonce/Makefile.in | 12 +-
src/libstrongswan/plugins/ntru/Makefile.am | 33 +
src/libstrongswan/plugins/ntru/Makefile.in | 812 ++++++++
.../plugins/ntru/ntru_crypto/ntru_crypto.h | 235 +++
.../ntru/ntru_crypto/ntru_crypto_ntru_convert.c | 581 ++++++
.../ntru/ntru_crypto/ntru_crypto_ntru_convert.h | 183 ++
.../ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c | 1034 ++++++++++
.../ntru_crypto/ntru_crypto_ntru_encrypt_key.c | 360 ++++
.../ntru_crypto/ntru_crypto_ntru_encrypt_key.h | 167 ++
.../ntru_crypto_ntru_encrypt_param_sets.c | 384 ++++
.../ntru_crypto_ntru_encrypt_param_sets.h | 101 +
.../ntru/ntru_crypto/ntru_crypto_ntru_poly.c | 242 +++
.../ntru/ntru_crypto/ntru_crypto_ntru_poly.h | 96 +
src/libstrongswan/plugins/ntru/ntru_drbg.c | 279 +++
src/libstrongswan/plugins/ntru/ntru_drbg.h | 77 +
src/libstrongswan/plugins/ntru/ntru_ke.c | 396 ++++
src/libstrongswan/plugins/ntru/ntru_ke.h | 50 +
src/libstrongswan/plugins/ntru/ntru_mgf1.c | 182 ++
src/libstrongswan/plugins/ntru/ntru_mgf1.h | 77 +
src/libstrongswan/plugins/ntru/ntru_plugin.c | 83 +
src/libstrongswan/plugins/ntru/ntru_plugin.h | 42 +
src/libstrongswan/plugins/ntru/ntru_poly.c | 416 ++++
src/libstrongswan/plugins/ntru/ntru_poly.h | 99 +
src/libstrongswan/plugins/ntru/ntru_trits.c | 133 ++
src/libstrongswan/plugins/ntru/ntru_trits.h | 61 +
src/libstrongswan/plugins/openssl/Makefile.in | 12 +-
src/libstrongswan/plugins/openssl/openssl_crl.c | 2 +-
.../plugins/openssl/openssl_ec_diffie_hellman.c | 7 +-
src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +-
.../plugins/openssl/openssl_rsa_private_key.c | 2 +-
src/libstrongswan/plugins/openssl/openssl_x509.c | 2 +-
src/libstrongswan/plugins/padlock/Makefile.in | 12 +-
src/libstrongswan/plugins/pem/Makefile.in | 12 +-
src/libstrongswan/plugins/pem/pem_builder.c | 35 +-
src/libstrongswan/plugins/pgp/Makefile.in | 12 +-
src/libstrongswan/plugins/pkcs1/Makefile.in | 12 +-
src/libstrongswan/plugins/pkcs11/Makefile.in | 12 +-
src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +-
src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 8 +-
src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 18 +-
src/libstrongswan/plugins/pkcs12/Makefile.in | 12 +-
src/libstrongswan/plugins/pkcs7/Makefile.in | 12 +-
src/libstrongswan/plugins/pkcs8/Makefile.in | 12 +-
src/libstrongswan/plugins/plugin_loader.c | 158 +-
src/libstrongswan/plugins/plugin_loader.h | 18 +-
src/libstrongswan/plugins/pubkey/Makefile.in | 12 +-
src/libstrongswan/plugins/random/Makefile.in | 12 +-
src/libstrongswan/plugins/random/random_plugin.c | 17 +-
src/libstrongswan/plugins/random/random_plugin.h | 5 +
src/libstrongswan/plugins/random/random_rng.c | 4 +
src/libstrongswan/plugins/rc2/Makefile.in | 12 +-
src/libstrongswan/plugins/rdrand/Makefile.in | 12 +-
src/libstrongswan/plugins/rdrand/rdrand_plugin.c | 16 +-
src/libstrongswan/plugins/revocation/Makefile.in | 12 +-
src/libstrongswan/plugins/sha1/Makefile.in | 12 +-
src/libstrongswan/plugins/sha2/Makefile.in | 12 +-
src/libstrongswan/plugins/soup/Makefile.in | 12 +-
src/libstrongswan/plugins/sqlite/Makefile.in | 12 +-
src/libstrongswan/plugins/sshkey/Makefile.in | 12 +-
src/libstrongswan/plugins/sshkey/sshkey_builder.c | 1 +
src/libstrongswan/plugins/test_vectors/Makefile.in | 12 +-
src/libstrongswan/plugins/unbound/Makefile.in | 12 +-
.../plugins/unbound/unbound_resolver.c | 12 +-
src/libstrongswan/plugins/x509/Makefile.in | 12 +-
src/libstrongswan/plugins/x509/x509_cert.c | 6 +-
src/libstrongswan/plugins/x509/x509_crl.c | 2 +-
src/libstrongswan/plugins/xcbc/Makefile.in | 12 +-
src/libstrongswan/processing/processor.c | 2 +-
src/libstrongswan/processing/watcher.c | 2 +-
src/libstrongswan/tests/Makefile.am | 67 +-
src/libstrongswan/tests/Makefile.in | 1302 +++++++------
src/libstrongswan/tests/suites/test_array.c | 532 +++++
src/libstrongswan/tests/suites/test_asn1.c | 869 +++++++++
src/libstrongswan/tests/suites/test_asn1_parser.c | 291 +++
src/libstrongswan/tests/suites/test_bio_reader.c | 450 +++++
src/libstrongswan/tests/suites/test_bio_writer.c | 392 ++++
src/libstrongswan/tests/suites/test_chunk.c | 1027 ++++++++++
src/libstrongswan/tests/suites/test_crypter.c | 107 +
src/libstrongswan/tests/suites/test_ecdsa.c | 243 +++
src/libstrongswan/tests/{ => suites}/test_enum.c | 0
.../tests/{ => suites}/test_enumerator.c | 0
src/libstrongswan/tests/suites/test_fetch_http.c | 273 +++
src/libstrongswan/tests/suites/test_hasher.c | 189 ++
.../tests/{ => suites}/test_hashtable.c | 0
src/libstrongswan/tests/{ => suites}/test_host.c | 0
.../tests/suites/test_identification.c | 857 ++++++++
src/libstrongswan/tests/suites/test_linked_list.c | 390 ++++
.../{ => suites}/test_linked_list_enumerator.c | 0
src/libstrongswan/tests/suites/test_ntru.c | 1042 ++++++++++
src/libstrongswan/tests/suites/test_pen.c | 87 +
src/libstrongswan/tests/suites/test_printf.c | 228 +++
src/libstrongswan/tests/suites/test_rsa.c | 399 ++++
src/libstrongswan/tests/suites/test_settings.c | 920 +++++++++
src/libstrongswan/tests/suites/test_stream.c | 267 +++
src/libstrongswan/tests/suites/test_test_rng.c | 56 +
src/libstrongswan/tests/suites/test_threading.c | 1466 ++++++++++++++
src/libstrongswan/tests/suites/test_utils.c | 743 +++++++
src/libstrongswan/tests/suites/test_vectors.c | 42 +
src/libstrongswan/tests/suites/test_watcher.c | 214 ++
src/libstrongswan/tests/test_array.c | 360 ----
src/libstrongswan/tests/test_bio_reader.c | 450 -----
src/libstrongswan/tests/test_bio_writer.c | 392 ----
src/libstrongswan/tests/test_chunk.c | 876 ---------
src/libstrongswan/tests/test_ecdsa.c | 237 ---
src/libstrongswan/tests/test_identification.c | 857 --------
src/libstrongswan/tests/test_linked_list.c | 386 ----
src/libstrongswan/tests/test_printf.c | 185 --
src/libstrongswan/tests/test_rsa.c | 393 ----
src/libstrongswan/tests/test_runner.c | 500 ++++-
src/libstrongswan/tests/test_runner.h | 84 +-
src/libstrongswan/tests/test_suite.c | 277 +++
src/libstrongswan/tests/test_suite.h | 350 +++-
src/libstrongswan/tests/test_threading.c | 110 --
src/libstrongswan/tests/test_utils.c | 556 ------
src/libstrongswan/tests/test_vectors.c | 41 -
src/libstrongswan/tests/tests.c | 56 +
src/libstrongswan/tests/tests.h | 43 +
src/libstrongswan/tests/utils/test_rng.c | 86 +
src/libstrongswan/tests/utils/test_rng.h | 36 +
src/libstrongswan/threading/thread.h | 9 +-
src/libstrongswan/utils/backtrace.c | 4 +-
src/libstrongswan/utils/backtrace.h | 4 +-
src/libstrongswan/utils/capabilities.h | 3 +
src/libstrongswan/utils/chunk.c | 193 +-
src/libstrongswan/utils/chunk.h | 44 +-
src/libstrongswan/utils/identification.c | 7 +-
src/libstrongswan/utils/integrity_checker.c | 37 +-
src/libstrongswan/utils/leak_detective.c | 112 +-
src/libstrongswan/utils/leak_detective.h | 52 +-
.../utils/printf_hook/printf_hook_builtin.c | 16 +-
.../utils/printf_hook/printf_hook_glibc.c | 2 +-
src/libstrongswan/utils/settings.c | 486 +++--
src/libstrongswan/utils/settings.h | 25 +
src/libstrongswan/utils/test.c | 50 +
src/libstrongswan/utils/test.h | 96 +
src/libstrongswan/utils/utils.c | 220 ++-
src/libstrongswan/utils/utils.h | 70 +-
src/libstrongswan/utils/utils/strerror.c | 97 +
src/libstrongswan/utils/utils/strerror.h | 40 +
src/libtls/Makefile.in | 12 +-
src/libtls/tls.c | 1 +
src/libtls/tls_crypto.c | 12 +-
src/libtnccs/Android.mk | 1 -
src/libtnccs/Makefile.in | 12 +-
src/libtnccs/plugins/tnc_imc/Makefile.in | 12 +-
src/libtnccs/plugins/tnc_imc/tnc_imc.c | 2 +-
src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c | 2 +-
src/libtnccs/plugins/tnc_imv/Makefile.in | 12 +-
src/libtnccs/plugins/tnc_imv/tnc_imv.c | 2 +-
src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c | 4 +-
src/libtnccs/plugins/tnc_tnccs/Makefile.in | 12 +-
src/libtnccs/plugins/tnccs_11/Makefile.in | 12 +-
src/libtnccs/plugins/tnccs_11/tnccs_11.c | 2 +-
src/libtnccs/plugins/tnccs_20/Makefile.in | 12 +-
src/libtnccs/plugins/tnccs_20/tnccs_20.c | 4 +-
src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 12 +-
src/libtnccs/tnc/tnc.c | 44 +-
src/libtncif/Android.mk | 1 -
src/libtncif/Makefile.in | 12 +-
src/manager/Makefile.in | 12 +-
src/manager/main.c | 2 +-
src/medsrv/Makefile.in | 12 +-
src/medsrv/main.c | 2 +-
src/openac/Makefile.in | 12 +-
src/openac/openac.c | 12 +-
src/pki/Makefile.in | 12 +-
src/pki/command.c | 27 +-
src/pki/command.h | 6 +-
src/pki/commands/issue.c | 16 +-
src/pki/commands/keyid.c | 9 +-
src/pki/commands/print.c | 7 +-
src/pki/commands/pub.c | 9 +-
src/pki/commands/req.c | 8 +-
src/pki/commands/self.c | 8 +-
src/pki/commands/verify.c | 8 +-
src/pki/man/Makefile.in | 12 +-
src/pki/man/pki---issue.1.in | 2 +-
src/pki/pki.c | 2 +-
src/pool/Makefile.am | 7 +
src/pool/Makefile.in | 128 +-
src/pool/mysql.sql | 281 +++
src/pool/pool.c | 13 +-
src/pool/sqlite.sql | 283 +++
src/pt-tls-client/Makefile.in | 12 +-
src/pt-tls-client/pt-tls-client.c | 2 +-
src/scepclient/Makefile.in | 12 +-
src/scepclient/scepclient.c | 39 +-
src/starter/Android.mk | 1 -
src/starter/Makefile.in | 12 +-
src/starter/starter.c | 4 +-
src/stroke/Android.mk | 1 -
src/stroke/Makefile.in | 12 +-
src/stroke/stroke.c | 2 +-
src/strongswan.conf | 34 -
test-driver | 127 --
testing/Makefile.am | 2 +-
testing/Makefile.in | 14 +-
testing/config/kernel/config-3.12 | 2022 +++++++++++++++++++
testing/config/kernel/config-3.13 | 2047 ++++++++++++++++++++
testing/hosts/default/etc/ipsec.d/tables.sql | 270 ---
testing/hosts/default/etc/pts/data.sql | 1060 ----------
testing/hosts/default/etc/pts/tables.sql | 256 ---
testing/scripts/build-baseimage | 2 +-
testing/scripts/build-guestkernel | 2 +-
testing/scripts/recipes/003_freeradius.mk | 2 +-
testing/scripts/recipes/010_tkm.mk | 2 +-
testing/scripts/recipes/013_strongswan.mk | 4 +-
testing/ssh | 37 +
testing/testing.conf | 10 +-
testing/tests/ikev1/ip-pool-db/pretest.dat | 4 +-
.../tests/ikev1/net2net-ntru-cert/description.txt | 7 +
testing/tests/ikev1/net2net-ntru-cert/evaltest.dat | 9 +
.../net2net-ntru-cert/hosts/moon/etc/ipsec.conf | 25 +
.../hosts/moon/etc/strongswan.conf | 15 +
.../net2net-ntru-cert/hosts/sun/etc/ipsec.conf | 25 +
.../hosts/sun/etc/strongswan.conf | 7 +
testing/tests/ikev1/net2net-ntru-cert/posttest.dat | 5 +
testing/tests/ikev1/net2net-ntru-cert/pretest.dat | 6 +
testing/tests/ikev1/net2net-ntru-cert/test.conf | 21 +
testing/tests/ikev1/rw-ntru-psk/description.txt | 13 +
testing/tests/ikev1/rw-ntru-psk/evaltest.dat | 22 +
.../ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.conf | 23 +
.../rw-ntru-psk/hosts/carol/etc/ipsec.secrets | 3 +
.../rw-ntru-psk/hosts/carol/etc/strongswan.conf | 6 +
.../ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.conf | 23 +
.../ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.secrets | 3 +
.../rw-ntru-psk/hosts/dave/etc/strongswan.conf | 6 +
.../ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.conf | 32 +
.../ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.secrets | 5 +
.../rw-ntru-psk/hosts/moon/etc/strongswan.conf | 6 +
testing/tests/ikev1/rw-ntru-psk/posttest.dat | 6 +
testing/tests/ikev1/rw-ntru-psk/pretest.dat | 13 +
testing/tests/ikev1/rw-ntru-psk/test.conf | 21 +
testing/tests/ikev2/compress-nat/description.txt | 3 +
testing/tests/ikev2/compress-nat/evaltest.dat | 22 +
.../ikev2/compress-nat/hosts/alice/etc/ipsec.conf | 24 +
.../compress-nat/hosts/alice/etc/strongswan.conf | 5 +
.../ikev2/compress-nat/hosts/bob/etc/ipsec.conf | 24 +
.../compress-nat/hosts/bob/etc/strongswan.conf | 5 +
.../ikev2/compress-nat/hosts/carol/etc/ipsec.conf | 23 +
.../compress-nat/hosts/carol/etc/iptables.rules | 24 +
.../compress-nat/hosts/carol/etc/strongswan.conf | 5 +
testing/tests/ikev2/compress-nat/posttest.dat | 10 +
testing/tests/ikev2/compress-nat/pretest.dat | 21 +
testing/tests/ikev2/compress-nat/test.conf | 21 +
testing/tests/ikev2/compress/description.txt | 7 +-
testing/tests/ikev2/compress/evaltest.dat | 4 +-
.../ikev2/compress/hosts/carol/etc/ipsec.conf | 1 +
.../ikev2/compress/hosts/carol/etc/strongswan.conf | 2 +-
.../tests/ikev2/compress/hosts/moon/etc/ipsec.conf | 1 +
.../ikev2/compress/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/compress/posttest.dat | 2 +
testing/tests/ikev2/compress/pretest.dat | 2 +
.../ikev2/host2host-transport-nat/description.txt | 13 +
.../ikev2/host2host-transport-nat/evaltest.dat | 12 +
.../hosts/alice/etc/ipsec.conf | 18 +
.../hosts/sun/etc/ipsec.conf | 18 +
.../hosts/sun/etc/iptables.rules | 28 +
.../hosts/venus/etc/ipsec.conf | 18 +
.../ikev2/host2host-transport-nat/posttest.dat | 6 +
.../ikev2/host2host-transport-nat/pretest.dat | 12 +
.../tests/ikev2/host2host-transport-nat/test.conf | 21 +
testing/tests/ikev2/ip-pool-db/pretest.dat | 4 +-
testing/tests/ikev2/ip-split-pools-db/pretest.dat | 4 +-
testing/tests/ikev2/ip-two-pools-db/pretest.dat | 6 +-
testing/tests/ikev2/ip-two-pools-mixed/pretest.dat | 4 +-
.../tests/ikev2/ip-two-pools-v4v6-db/pretest.dat | 4 +-
testing/tests/ikev2/lookip/description.txt | 13 +
testing/tests/ikev2/lookip/evaltest.dat | 22 +
.../tests/ikev2/lookip/hosts/carol/etc/ipsec.conf | 21 +
.../ikev2/lookip/hosts/carol/etc/strongswan.conf | 5 +
.../tests/ikev2/lookip/hosts/dave/etc/ipsec.conf | 21 +
.../ikev2/lookip/hosts/dave/etc/strongswan.conf | 5 +
.../tests/ikev2/lookip/hosts/moon/etc/ipsec.conf | 20 +
.../ikev2/lookip/hosts/moon/etc/strongswan.conf | 5 +
testing/tests/ikev2/lookip/posttest.dat | 6 +
testing/tests/ikev2/lookip/pretest.dat | 10 +
testing/tests/ikev2/lookip/test.conf | 21 +
.../tests/ikev2/net2net-ntru-cert/description.txt | 7 +
testing/tests/ikev2/net2net-ntru-cert/evaltest.dat | 9 +
.../net2net-ntru-cert/hosts/moon/etc/ipsec.conf | 25 +
.../hosts/moon/etc/strongswan.conf | 15 +
.../net2net-ntru-cert/hosts/sun/etc/ipsec.conf | 25 +
.../hosts/sun/etc/strongswan.conf | 7 +
testing/tests/ikev2/net2net-ntru-cert/posttest.dat | 5 +
testing/tests/ikev2/net2net-ntru-cert/pretest.dat | 6 +
testing/tests/ikev2/net2net-ntru-cert/test.conf | 21 +
testing/tests/ikev2/rw-ntru-psk/description.txt | 13 +
testing/tests/ikev2/rw-ntru-psk/evaltest.dat | 22 +
.../ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.conf | 23 +
.../rw-ntru-psk/hosts/carol/etc/ipsec.secrets | 3 +
.../rw-ntru-psk/hosts/carol/etc/strongswan.conf | 6 +
.../ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.conf | 23 +
.../ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.secrets | 3 +
.../rw-ntru-psk/hosts/dave/etc/strongswan.conf | 6 +
.../ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.conf | 22 +
.../ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.secrets | 5 +
.../rw-ntru-psk/hosts/moon/etc/strongswan.conf | 6 +
testing/tests/ikev2/rw-ntru-psk/posttest.dat | 6 +
testing/tests/ikev2/rw-ntru-psk/pretest.dat | 13 +
testing/tests/ikev2/rw-ntru-psk/test.conf | 21 +
.../tests/ipv6/rw-compress-ikev2/description.txt | 10 +
testing/tests/ipv6/rw-compress-ikev2/evaltest.dat | 13 +
.../rw-compress-ikev2/hosts/carol/etc/ipsec.conf | 25 +
.../hosts/carol/etc/strongswan.conf | 5 +
.../rw-compress-ikev2/hosts/moon/etc/ipsec.conf | 24 +
.../hosts/moon/etc/strongswan.conf | 5 +
testing/tests/ipv6/rw-compress-ikev2/posttest.dat | 8 +
testing/tests/ipv6/rw-compress-ikev2/pretest.dat | 13 +
testing/tests/ipv6/rw-compress-ikev2/test.conf | 22 +
testing/tests/sql/ip-pool-db-expired/pretest.dat | 6 +-
testing/tests/sql/ip-pool-db-restart/pretest.dat | 6 +-
testing/tests/sql/ip-pool-db/pretest.dat | 6 +-
.../sql/ip-split-pools-db-restart/pretest.dat | 6 +-
testing/tests/sql/ip-split-pools-db/pretest.dat | 6 +-
testing/tests/sql/multi-level-ca/pretest.dat | 6 +-
testing/tests/sql/net2net-cert/pretest.dat | 6 +-
testing/tests/sql/net2net-psk/pretest.dat | 6 +-
testing/tests/sql/net2net-route-pem/pretest.dat | 4 +-
testing/tests/sql/net2net-start-pem/pretest.dat | 4 +-
testing/tests/sql/rw-cert/pretest.dat | 6 +-
testing/tests/sql/rw-eap-aka-rsa/pretest.dat | 4 +-
testing/tests/sql/rw-psk-ipv4/pretest.dat | 6 +-
testing/tests/sql/rw-psk-ipv6/pretest.dat | 6 +-
testing/tests/sql/rw-psk-rsa-split/pretest.dat | 6 +-
testing/tests/sql/rw-rsa-keyid/pretest.dat | 6 +-
testing/tests/sql/rw-rsa/pretest.dat | 6 +-
testing/tests/sql/shunt-policies/pretest.dat | 6 +-
.../hosts/moon/etc/strongswan.conf | 8 +
.../hosts/moon/etc/strongswan.conf | 8 +
.../hosts/moon/etc/strongswan.conf | 8 +
.../multiple-clients/hosts/sun/etc/strongswan.conf | 8 +
.../hosts/moon/etc/strongswan.conf | 8 +
.../hosts/moon/etc/strongswan.conf | 8 +
testing/tests/tnc/tnccs-11-radius-pts/pretest.dat | 2 +-
testing/tests/tnc/tnccs-20-os/pretest.dat | 6 +-
testing/tests/tnc/tnccs-20-pt-tls/pretest.dat | 2 +-
testing/tests/tnc/tnccs-20-pts/pretest.dat | 6 +-
857 files changed, 39708 insertions(+), 12278 deletions(-)
diff --git a/Android.common.mk b/Android.common.mk
index a28a1a7..14abca8 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.1.1"
+strongswan_VERSION := "5.1.2"
diff --git a/Android.mk b/Android.mk
index aa61cc0..6ad220b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -36,7 +36,6 @@ include $(LOCAL_PATH)/Android.common.mk
# includes
strongswan_PATH := $(LOCAL_PATH)
-libvstr_PATH := external/strongswan-support/vstr/include
libcurl_PATH := external/strongswan-support/libcurl/include
libgmp_PATH := external/strongswan-support/gmp
openssl_PATH := external/openssl/include
@@ -77,7 +76,7 @@ strongswan_CFLAGS := \
-DMONOLITHIC \
-DUSE_IKEV1 \
-DUSE_IKEV2 \
- -DUSE_VSTR \
+ -DUSE_BUILTIN_PRINTF \
-DDEBUG \
-DROUTING_TABLE=0 \
-DROUTING_TABLE_PRIO=220 \
diff --git a/Doxyfile.in b/Doxyfile.in
index ac0a96c..af172e3 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -487,7 +487,7 @@ SORT_MEMBERS_CTORS_1ST = NO
# hierarchy of group names into alphabetical order. If set to NO (the default)
# the group names will appear in their defined order.
-SORT_GROUP_NAMES = NO
+SORT_GROUP_NAMES = YES
# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
# sorted by fully-qualified names, including namespaces. If set to
diff --git a/Makefile.am b/Makefile.am
index 0e08794..7e3c72b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = src man init testing
+SUBDIRS = src man conf init testing
if USE_SCRIPTS
SUBDIRS += scripts
@@ -20,6 +20,9 @@ config_includedir = $(ipseclibdir)/include
nodist_config_include_HEADERS = config.h
endif
+# we leave config files behind intentionally so prevent distcheck from complaining
+distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print
+
Android.common.mk : Android.common.mk.in configure.ac
$(AM_V_GEN) \
sed \
@@ -39,7 +42,7 @@ apidoc : Doxyfile
cov-reset-common:
@rm -rf $(top_builddir)/coverage
- @find $(top_builddir)/{src,scripts} -name "*.gcda" -delete
+ @find $(top_builddir)/src $(top_builddir)/scripts -name "*.gcda" -delete
if COVERAGE
cov-reset: cov-reset-common
@@ -47,10 +50,12 @@ cov-reset: cov-reset-common
cov-report:
@mkdir $(top_builddir)/coverage
- lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir)
+ lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir) \
+ --rc lcov_branch_coverage=1
lcov -r $(top_builddir)/coverage/coverage.info '*/tests/*' \
- -o $(top_builddir)/coverage/coverage.cleaned.info
- genhtml --num-spaces 4 --legend \
+ -o $(top_builddir)/coverage/coverage.cleaned.info \
+ --rc lcov_branch_coverage=1
+ genhtml --num-spaces 4 --legend --branch-coverage \
-t "$(PACKAGE_STRING)" \
-o $(top_builddir)/coverage/html \
-p `readlink -m $(abs_top_srcdir)`/src \
@@ -67,7 +72,7 @@ coverage:
endif
clean-local: cov-reset-common
- @find $(top_builddir)/{src,scripts} -name "*.gcno" -delete
+ @find $(top_builddir)/src $(top_builddir)/scripts -name "*.gcno" -delete
@rm -rf apidoc
.PHONY: cov-reset-common cov-reset cov-report coverage
diff --git a/Makefile.in b/Makefile.in
index 7e0df99..a81e93f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -190,7 +190,7 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
-DIST_SUBDIRS = src man init testing scripts
+DIST_SUBDIRS = src man conf init testing scripts
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -229,7 +229,6 @@ am__relativize = \
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
DIST_TARGETS = dist-gzip
-distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
@@ -247,8 +246,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -316,6 +313,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -404,12 +406,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -424,6 +430,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -434,7 +441,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-SUBDIRS = src man init testing $(am__append_1)
+SUBDIRS = src man conf init testing $(am__append_1)
@USE_SILENT_RULES_TRUE at AM_MAKEFLAGS = -s
ACLOCAL_AMFLAGS = -I m4/config
EXTRA_DIST = Doxyfile.in LICENSE Android.common.mk.in Android.common.mk Android.mk
@@ -443,6 +450,9 @@ BUILT_SOURCES = Android.common.mk
MAINTAINERCLEANFILES = Android.common.mk
@USE_DEV_HEADERS_TRUE at config_includedir = $(ipseclibdir)/include
@USE_DEV_HEADERS_TRUE at nodist_config_include_HEADERS = config.h
+
+# we leave config files behind intentionally so prevent distcheck from complaining
+distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print
all: $(BUILT_SOURCES) config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -971,17 +981,19 @@ apidoc : Doxyfile
cov-reset-common:
@rm -rf $(top_builddir)/coverage
- @find $(top_builddir)/{src,scripts} -name "*.gcda" -delete
+ @find $(top_builddir)/src $(top_builddir)/scripts -name "*.gcda" -delete
@COVERAGE_TRUE at cov-reset: cov-reset-common
@COVERAGE_TRUE@ @lcov --zerocounters --directory $(top_builddir)
@COVERAGE_TRUE at cov-report:
@COVERAGE_TRUE@ @mkdir $(top_builddir)/coverage
- at COVERAGE_TRUE@ lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir)
+ at COVERAGE_TRUE@ lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir) \
+ at COVERAGE_TRUE@ --rc lcov_branch_coverage=1
@COVERAGE_TRUE@ lcov -r $(top_builddir)/coverage/coverage.info '*/tests/*' \
- at COVERAGE_TRUE@ -o $(top_builddir)/coverage/coverage.cleaned.info
- at COVERAGE_TRUE@ genhtml --num-spaces 4 --legend \
+ at COVERAGE_TRUE@ -o $(top_builddir)/coverage/coverage.cleaned.info \
+ at COVERAGE_TRUE@ --rc lcov_branch_coverage=1
+ at COVERAGE_TRUE@ genhtml --num-spaces 4 --legend --branch-coverage \
@COVERAGE_TRUE@ -t "$(PACKAGE_STRING)" \
@COVERAGE_TRUE@ -o $(top_builddir)/coverage/html \
@COVERAGE_TRUE@ -p `readlink -m $(abs_top_srcdir)`/src \
@@ -996,7 +1008,7 @@ cov-reset-common:
@COVERAGE_FALSE@ @echo "reconfigure with --enable-coverage"
clean-local: cov-reset-common
- @find $(top_builddir)/{src,scripts} -name "*.gcno" -delete
+ @find $(top_builddir)/src $(top_builddir)/scripts -name "*.gcno" -delete
@rm -rf apidoc
.PHONY: cov-reset-common cov-reset cov-report coverage
diff --git a/NEWS b/NEWS
index 35edec9..0d22295 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,49 @@
+strongswan-5.1.2
+----------------
+
+- A new default configuration file layout is introduced. The new default
+ strongswan.conf file mainly includes config snippets from the strongswan.d
+ and strongswan.d/charon directories (the latter containing snippets for all
+ plugins). The snippets, with commented defaults, are automatically
+ generated and installed, if they don't exist yet. They are also installed
+ in $prefix/share/strongswan/templates so existing files can be compared to
+ the current defaults.
+
+- As an alternative to the non-extensible charon.load setting, the plugins
+ to load in charon (and optionally other applications) can now be determined
+ via the charon.plugins.<name>.load setting for each plugin (enabled in the
+ new default strongswan.conf file via the charon.load_modular option).
+ The load setting optionally takes a numeric priority value that allows
+ reordering the plugins (otherwise the default plugin order is preserved).
+
+- All strongswan.conf settings that were formerly defined in library specific
+ "global" sections are now application specific (e.g. settings for plugins in
+ libstrongswan.plugins can now be set only for charon in charon.plugins).
+ The old options are still supported, which now allows to define defaults for
+ all applications in the libstrongswan section.
+
+- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
+ computer IKE key exchange mechanism. The implementation is based on the
+ ntru-crypto library from the NTRUOpenSourceProject. The supported security
+ strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH
+ group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be
+ sent (charon.send_vendor_id = yes) in order to use NTRU.
+
+- Defined a TPMRA remote attestation workitem and added support for it to the
+ Attestation IMV.
+
+- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as
+ well as multiple subnets in left|rightsubnet have been fixed.
+
+- When enabling its "session" strongswan.conf option, the xauth-pam plugin opens
+ and closes a PAM session for each established IKE_SA. Patch courtesy of
+ Andrea Bonomi.
+
+- The strongSwan unit testing framework has been rewritten without the "check"
+ dependency for improved flexibility and portability. It now properly supports
+ multi-threaded and memory leak testing and brings a bunch of new test cases.
+
+
strongswan-5.1.1
----------------
diff --git a/aclocal.m4 b/aclocal.m4
index 73b6cbd..e8f4624 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -494,6 +494,43 @@ AC_PREREQ([2.50])dnl
am_aux_dir=`cd $ac_aux_dir && pwd`
])
+# AM_COND_IF -*- Autoconf -*-
+
+# Copyright (C) 2008-2013 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_COND_IF
+# _AM_COND_ELSE
+# _AM_COND_ENDIF
+# --------------
+# These macros are only used for tracing.
+m4_define([_AM_COND_IF])
+m4_define([_AM_COND_ELSE])
+m4_define([_AM_COND_ENDIF])
+
+# AM_COND_IF(COND, [IF-TRUE], [IF-FALSE])
+# ---------------------------------------
+# If the shell condition COND is true, execute IF-TRUE, otherwise execute
+# IF-FALSE. Allow automake to learn about conditional instantiating macros
+# (the AC_CONFIG_FOOS).
+AC_DEFUN([AM_COND_IF],
+[m4_ifndef([_AM_COND_VALUE_$1],
+ [m4_fatal([$0: no such condition "$1"])])dnl
+_AM_COND_IF([$1])dnl
+if test -z "$$1_TRUE"; then :
+ m4_n([$2])[]dnl
+m4_ifval([$3],
+[_AM_COND_ELSE([$1])dnl
+else
+ $3
+])dnl
+_AM_COND_ENDIF([$1])dnl
+fi[]dnl
+])
+
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
@@ -1133,6 +1170,241 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+
+# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+# ---------------------------------------------------------------------------
+# Adds support for distributing Python modules and packages. To
+# install modules, copy them to $(pythondir), using the python_PYTHON
+# automake variable. To install a package with the same name as the
+# automake package, install to $(pkgpythondir), or use the
+# pkgpython_PYTHON automake variable.
+#
+# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as
+# locations to install python extension modules (shared libraries).
+# Another macro is required to find the appropriate flags to compile
+# extension modules.
+#
+# If your package is configured with a different prefix to python,
+# users will have to add the install directory to the PYTHONPATH
+# environment variable, or create a .pth file (see the python
+# documentation for details).
+#
+# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will
+# cause an error if the version of python installed on the system
+# doesn't meet the requirement. MINIMUM-VERSION should consist of
+# numbers and dots only.
+AC_DEFUN([AM_PATH_PYTHON],
+ [
+ dnl Find a Python interpreter. Python versions prior to 2.0 are not
+ dnl supported. (2.0 was released on October 16, 2000).
+ m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
+[python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
+ python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
+
+ AC_ARG_VAR([PYTHON], [the Python interpreter])
+
+ m4_if([$1],[],[
+ dnl No version check is needed.
+ # Find any Python interpreter.
+ if test -z "$PYTHON"; then
+ AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :)
+ fi
+ am_display_PYTHON=python
+ ], [
+ dnl A version check is needed.
+ if test -n "$PYTHON"; then
+ # If the user set $PYTHON, use it and don't search something else.
+ AC_MSG_CHECKING([whether $PYTHON version is >= $1])
+ AM_PYTHON_CHECK_VERSION([$PYTHON], [$1],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])
+ AC_MSG_ERROR([Python interpreter is too old])])
+ am_display_PYTHON=$PYTHON
+ else
+ # Otherwise, try each interpreter until we find one that satisfies
+ # VERSION.
+ AC_CACHE_CHECK([for a Python interpreter with version >= $1],
+ [am_cv_pathless_PYTHON],[
+ for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do
+ test "$am_cv_pathless_PYTHON" = none && break
+ AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break])
+ done])
+ # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
+ if test "$am_cv_pathless_PYTHON" = none; then
+ PYTHON=:
+ else
+ AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON])
+ fi
+ am_display_PYTHON=$am_cv_pathless_PYTHON
+ fi
+ ])
+
+ if test "$PYTHON" = :; then
+ dnl Run any user-specified action, or abort.
+ m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
+ else
+
+ dnl Query Python for its version number. Getting [:3] seems to be
+ dnl the best way to do this; it's what "site.py" does in the standard
+ dnl library.
+
+ AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
+ [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`])
+ AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
+
+ dnl Use the values of $prefix and $exec_prefix for the corresponding
+ dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made
+ dnl distinct variables so they can be overridden if need be. However,
+ dnl general consensus is that you shouldn't need this ability.
+
+ AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
+ AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
+
+ dnl At times (like when building shared libraries) you may want
+ dnl to know which OS platform Python thinks this is.
+
+ AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
+ [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
+ AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
+
+ # Just factor out some code duplication.
+ am_python_setup_sysconfig="\
+import sys
+# Prefer sysconfig over distutils.sysconfig, for better compatibility
+# with python 3.x. See automake bug#10227.
+try:
+ import sysconfig
+except ImportError:
+ can_use_sysconfig = 0
+else:
+ can_use_sysconfig = 1
+# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
+# <https://github.com/pypa/virtualenv/issues/118>
+try:
+ from platform import python_implementation
+ if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7':
+ can_use_sysconfig = 0
+except ImportError:
+ pass"
+
+ dnl Set up 4 directories:
+
+ dnl pythondir -- where to install python scripts. This is the
+ dnl site-packages directory, not the python standard library
+ dnl directory like in previous automake betas. This behavior
+ dnl is more consistent with lispdir.m4 for example.
+ dnl Query distutils for this directory.
+ AC_CACHE_CHECK([for $am_display_PYTHON script directory],
+ [am_cv_python_pythondir],
+ [if test "x$prefix" = xNONE
+ then
+ am_py_prefix=$ac_default_prefix
+ else
+ am_py_prefix=$prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+sys.stdout.write(sitedir)"`
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *)
+ am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
+ ;;
+ esac
+ ;;
+ esac
+ ])
+ AC_SUBST([pythondir], [$am_cv_python_pythondir])
+
+ dnl pkgpythondir -- $PACKAGE directory under pythondir. Was
+ dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
+ dnl more consistent with the rest of automake.
+
+ AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
+
+ dnl pyexecdir -- directory for installing python extension modules
+ dnl (shared libraries)
+ dnl Query distutils for this directory.
+ AC_CACHE_CHECK([for $am_display_PYTHON extension module directory],
+ [am_cv_python_pyexecdir],
+ [if test "x$exec_prefix" = xNONE
+ then
+ am_py_exec_prefix=$am_py_prefix
+ else
+ am_py_exec_prefix=$exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+sys.stdout.write(sitedir)"`
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *)
+ am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
+ ;;
+ esac
+ ;;
+ esac
+ ])
+ AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
+
+ dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE)
+
+ AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
+
+ dnl Run any user-specified action.
+ $2
+ fi
+
+])
+
+
+# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE])
+# ---------------------------------------------------------------------------
+# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION.
+# Run ACTION-IF-FALSE otherwise.
+# This test uses sys.hexversion instead of the string equivalent (first
+# word of sys.version), in order to cope with versions such as 2.2c1.
+# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000).
+AC_DEFUN([AM_PYTHON_CHECK_VERSION],
+ [prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
+sys.exit(sys.hexversion < minverhex)"
+ AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
+
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
diff --git a/conf/Makefile.am b/conf/Makefile.am
new file mode 100644
index 0000000..61a0add
--- /dev/null
+++ b/conf/Makefile.am
@@ -0,0 +1,163 @@
+# make this relative to the location of strongswan.conf
+strongswanconfdir = `dirname $(strongswan_conf)`
+strongswanddir = $(strongswanconfdir)/strongswan.d
+charonconfdir = $(strongswanddir)/charon
+# copy these files also to /usr/share
+templatesdir = $(pkgdatadir)/templates/config
+optionstemplatedir = $(templatesdir)/strongswan.d
+pluginstemplatedir = $(templatesdir)/plugins
+
+options = \
+ options/attest.opt \
+ options/charon.opt \
+ options/charon-logging.opt \
+ options/imcv.opt \
+ options/manager.opt \
+ options/medsrv.opt \
+ options/pacman.opt \
+ options/pool.opt \
+ options/starter.opt \
+ options/tnc.opt \
+ options/tools.opt
+
+plugins = \
+ plugins/android_log.opt \
+ plugins/attr.opt \
+ plugins/attr-sql.opt \
+ plugins/certexpire.opt \
+ plugins/coupling.opt \
+ plugins/dhcp.opt \
+ plugins/dnscert.opt \
+ plugins/duplicheck.opt \
+ plugins/eap-aka.opt \
+ plugins/eap-aka-3ggp2.opt \
+ plugins/eap-dynamic.opt \
+ plugins/eap-gtc.opt \
+ plugins/eap-peap.opt \
+ plugins/eap-radius.opt \
+ plugins/eap-sim.opt \
+ plugins/eap-simaka-sql.opt \
+ plugins/eap-tls.opt \
+ plugins/eap-tnc.opt \
+ plugins/eap-ttls.opt \
+ plugins/error-notify.opt \
+ plugins/gcrypt.opt \
+ plugins/ha.opt \
+ plugins/imc-attestation.opt \
+ plugins/imc-os.opt \
+ plugins/imc-scanner.opt \
+ plugins/imc-swid.opt \
+ plugins/imc-test.opt \
+ plugins/imv-attestation.opt \
+ plugins/imv-os.opt \
+ plugins/imv-scanner.opt \
+ plugins/imv-test.opt \
+ plugins/ipseckey.opt \
+ plugins/led.opt \
+ plugins/kernel-klips.opt \
+ plugins/kernel-libipsec.opt \
+ plugins/kernel-netlink.opt \
+ plugins/kernel-pfroute.opt \
+ plugins/load-tester.opt \
+ plugins/lookip.opt \
+ plugins/ntru.opt \
+ plugins/openssl.opt \
+ plugins/pkcs11.opt \
+ plugins/radattr.opt \
+ plugins/random.opt \
+ plugins/resolve.opt \
+ plugins/socket-default.opt \
+ plugins/sql.opt \
+ plugins/stroke.opt \
+ plugins/systime-fix.opt \
+ plugins/tnc-ifmap.opt \
+ plugins/tnc-imc.opt \
+ plugins/tnc-imv.opt \
+ plugins/tnc-pdp.opt \
+ plugins/tnccs-11.opt \
+ plugins/tnccs-20.opt \
+ plugins/unbound.opt \
+ plugins/updown.opt \
+ plugins/whitelist.opt \
+ plugins/xauth-eap.opt \
+ plugins/xauth-pam.opt
+
+alloptions = $(options) $(plugins)
+
+confsnippets = $(alloptions:opt=conf)
+
+# we only install snippets for enabled plugins
+plugins_install_tmp = $(charon_plugins:%=plugins/%.tmp)
+plugins_install_src = $(charon_plugins:%=plugins/%.conf)
+# only install snippets for enabled components
+# has to be defined via autoconf as we can't do it with automake conditionals
+options_install_src = $(strongswan_options:%=options/%.conf)
+
+templates_DATA = strongswan.conf
+optionstemplate_DATA = $(options_install_src)
+pluginstemplate_DATA = $(plugins_install_src)
+man_MANS = \
+ strongswan.conf.5
+
+BUILT_SOURCES = default.conf strongswan.conf.5.main $(confsnippets)
+EXTRA_DIST = format-options.py strongswan.conf default.opt \
+ default.conf strongswan.conf.5.main $(alloptions) $(confsnippets)
+
+CLEANFILES=$(man_MANS)
+
+.opt.conf:
+ $(AM_V_GEN) \
+ case "$<" in \
+ *plugins/*) \
+ sed \
+ -e "s:\@PLUGIN_NAME\@:`basename $< .opt`:" \
+ $(srcdir)/default.opt | cat - $< | \
+ $(PYTHON) $(srcdir)/format-options.py -f conf -r charon.plugins > $(srcdir)/$@ \
+ ;; \
+ *) \
+ $(PYTHON) $(srcdir)/format-options.py -f conf -r charon.plugins $< > $(srcdir)/$@ \
+ ;; \
+ esac
+
+# we need another implicit rule to generate files from the generic template only
+# if the rules above did not catch it. this requires an intermediate step that
+# generates a copy of the generic config template.
+$(plugins_install_tmp):
+ @mkdir -p $(builddir)/plugins
+ @cp $(srcdir)/default.conf $(builddir)/$@
+
+.tmp.conf:
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@PLUGIN_NAME\@:`basename $< .tmp`:" \
+ $(builddir)/$< > $(builddir)/$@
+
+strongswan.conf.5.main: $(alloptions)
+ $(AM_V_GEN) \
+ cd $(srcdir) && $(PYTHON) format-options.py -f man $(alloptions) > $@
+
+strongswan.conf.5: strongswan.conf.5.head strongswan.conf.5.main strongswan.conf.5.tail
+ $(AM_V_GEN) \
+ cat strongswan.conf.5.head $(srcdir)/strongswan.conf.5.main strongswan.conf.5.tail > $@
+
+clean-local:
+ rm -f plugins/*.conf plugins/*.tmp
+
+maintainer-clean-local:
+ cd $(srcdir) && \
+ rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
+
+install-data-local: $(plugins_install_src)
+ test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
+ test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
+ test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
+ test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
+ for f in $(options_install_src); do \
+ name=`basename $$f`; \
+ test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 "$(srcdir)/$$f" "$(DESTDIR)$(strongswanddir)/$$name" || true; \
+ done
+ for f in $(plugins_install_src); do \
+ name=`basename $$f`; \
+ if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \
+ test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(charonconfdir)/$$name" || true; \
+ done
diff --git a/conf/Makefile.in b/conf/Makefile.in
new file mode 100644
index 0000000..d925932
--- /dev/null
+++ b/conf/Makefile.in
@@ -0,0 +1,873 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = conf
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(srcdir)/strongswan.conf.5.head.in \
+ $(srcdir)/strongswan.conf.5.tail.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = strongswan.conf.5.head strongswan.conf.5.tail
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(optionstemplatedir)" \
+ "$(DESTDIR)$(pluginstemplatedir)" "$(DESTDIR)$(templatesdir)"
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(optionstemplate_DATA) $(pluginstemplate_DATA) \
+ $(templates_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+
+# make this relative to the location of strongswan.conf
+strongswanconfdir = `dirname $(strongswan_conf)`
+strongswanddir = $(strongswanconfdir)/strongswan.d
+charonconfdir = $(strongswanddir)/charon
+# copy these files also to /usr/share
+templatesdir = $(pkgdatadir)/templates/config
+optionstemplatedir = $(templatesdir)/strongswan.d
+pluginstemplatedir = $(templatesdir)/plugins
+options = \
+ options/attest.opt \
+ options/charon.opt \
+ options/charon-logging.opt \
+ options/imcv.opt \
+ options/manager.opt \
+ options/medsrv.opt \
+ options/pacman.opt \
+ options/pool.opt \
+ options/starter.opt \
+ options/tnc.opt \
+ options/tools.opt
+
+plugins = \
+ plugins/android_log.opt \
+ plugins/attr.opt \
+ plugins/attr-sql.opt \
+ plugins/certexpire.opt \
+ plugins/coupling.opt \
+ plugins/dhcp.opt \
+ plugins/dnscert.opt \
+ plugins/duplicheck.opt \
+ plugins/eap-aka.opt \
+ plugins/eap-aka-3ggp2.opt \
+ plugins/eap-dynamic.opt \
+ plugins/eap-gtc.opt \
+ plugins/eap-peap.opt \
+ plugins/eap-radius.opt \
+ plugins/eap-sim.opt \
+ plugins/eap-simaka-sql.opt \
+ plugins/eap-tls.opt \
+ plugins/eap-tnc.opt \
+ plugins/eap-ttls.opt \
+ plugins/error-notify.opt \
+ plugins/gcrypt.opt \
+ plugins/ha.opt \
+ plugins/imc-attestation.opt \
+ plugins/imc-os.opt \
+ plugins/imc-scanner.opt \
+ plugins/imc-swid.opt \
+ plugins/imc-test.opt \
+ plugins/imv-attestation.opt \
+ plugins/imv-os.opt \
+ plugins/imv-scanner.opt \
+ plugins/imv-test.opt \
+ plugins/ipseckey.opt \
+ plugins/led.opt \
+ plugins/kernel-klips.opt \
+ plugins/kernel-libipsec.opt \
+ plugins/kernel-netlink.opt \
+ plugins/kernel-pfroute.opt \
+ plugins/load-tester.opt \
+ plugins/lookip.opt \
+ plugins/ntru.opt \
+ plugins/openssl.opt \
+ plugins/pkcs11.opt \
+ plugins/radattr.opt \
+ plugins/random.opt \
+ plugins/resolve.opt \
+ plugins/socket-default.opt \
+ plugins/sql.opt \
+ plugins/stroke.opt \
+ plugins/systime-fix.opt \
+ plugins/tnc-ifmap.opt \
+ plugins/tnc-imc.opt \
+ plugins/tnc-imv.opt \
+ plugins/tnc-pdp.opt \
+ plugins/tnccs-11.opt \
+ plugins/tnccs-20.opt \
+ plugins/unbound.opt \
+ plugins/updown.opt \
+ plugins/whitelist.opt \
+ plugins/xauth-eap.opt \
+ plugins/xauth-pam.opt
+
+alloptions = $(options) $(plugins)
+confsnippets = $(alloptions:opt=conf)
+
+# we only install snippets for enabled plugins
+plugins_install_tmp = $(charon_plugins:%=plugins/%.tmp)
+plugins_install_src = $(charon_plugins:%=plugins/%.conf)
+# only install snippets for enabled components
+# has to be defined via autoconf as we can't do it with automake conditionals
+options_install_src = $(strongswan_options:%=options/%.conf)
+templates_DATA = strongswan.conf
+optionstemplate_DATA = $(options_install_src)
+pluginstemplate_DATA = $(plugins_install_src)
+man_MANS = \
+ strongswan.conf.5
+
+BUILT_SOURCES = default.conf strongswan.conf.5.main $(confsnippets)
+EXTRA_DIST = format-options.py strongswan.conf default.opt \
+ default.conf strongswan.conf.5.main $(alloptions) $(confsnippets)
+
+CLEANFILES = $(man_MANS)
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .conf .opt .tmp
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu conf/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+strongswan.conf.5.head: $(top_builddir)/config.status $(srcdir)/strongswan.conf.5.head.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+strongswan.conf.5.tail: $(top_builddir)/config.status $(srcdir)/strongswan.conf.5.tail.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man5dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.5[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-optionstemplateDATA: $(optionstemplate_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(optionstemplate_DATA)'; test -n "$(optionstemplatedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(optionstemplatedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(optionstemplatedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(optionstemplatedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(optionstemplatedir)" || exit $$?; \
+ done
+
+uninstall-optionstemplateDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(optionstemplate_DATA)'; test -n "$(optionstemplatedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(optionstemplatedir)'; $(am__uninstall_files_from_dir)
+install-pluginstemplateDATA: $(pluginstemplate_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(pluginstemplate_DATA)'; test -n "$(pluginstemplatedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pluginstemplatedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pluginstemplatedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pluginstemplatedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pluginstemplatedir)" || exit $$?; \
+ done
+
+uninstall-pluginstemplateDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pluginstemplate_DATA)'; test -n "$(pluginstemplatedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pluginstemplatedir)'; $(am__uninstall_files_from_dir)
+install-templatesDATA: $(templates_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+ done
+
+uninstall-templatesDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir)
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(optionstemplatedir)" "$(DESTDIR)$(pluginstemplatedir)" "$(DESTDIR)$(templatesdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local install-man \
+ install-optionstemplateDATA install-pluginstemplateDATA \
+ install-templatesDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic \
+ maintainer-clean-local
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-optionstemplateDATA \
+ uninstall-pluginstemplateDATA uninstall-templatesDATA
+
+uninstall-man: uninstall-man5
+
+.MAKE: all check install install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ clean-local cscopelist-am ctags-am distclean distclean-generic \
+ distclean-libtool distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-local install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man5 \
+ install-optionstemplateDATA install-pdf install-pdf-am \
+ install-pluginstemplateDATA install-ps install-ps-am \
+ install-strip install-templatesDATA installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic maintainer-clean-local mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags-am uninstall uninstall-am uninstall-man uninstall-man5 \
+ uninstall-optionstemplateDATA uninstall-pluginstemplateDATA \
+ uninstall-templatesDATA
+
+
+.opt.conf:
+ $(AM_V_GEN) \
+ case "$<" in \
+ *plugins/*) \
+ sed \
+ -e "s:\@PLUGIN_NAME\@:`basename $< .opt`:" \
+ $(srcdir)/default.opt | cat - $< | \
+ $(PYTHON) $(srcdir)/format-options.py -f conf -r charon.plugins > $(srcdir)/$@ \
+ ;; \
+ *) \
+ $(PYTHON) $(srcdir)/format-options.py -f conf -r charon.plugins $< > $(srcdir)/$@ \
+ ;; \
+ esac
+
+# we need another implicit rule to generate files from the generic template only
+# if the rules above did not catch it. this requires an intermediate step that
+# generates a copy of the generic config template.
+$(plugins_install_tmp):
+ @mkdir -p $(builddir)/plugins
+ @cp $(srcdir)/default.conf $(builddir)/$@
+
+.tmp.conf:
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@PLUGIN_NAME\@:`basename $< .tmp`:" \
+ $(builddir)/$< > $(builddir)/$@
+
+strongswan.conf.5.main: $(alloptions)
+ $(AM_V_GEN) \
+ cd $(srcdir) && $(PYTHON) format-options.py -f man $(alloptions) > $@
+
+strongswan.conf.5: strongswan.conf.5.head strongswan.conf.5.main strongswan.conf.5.tail
+ $(AM_V_GEN) \
+ cat strongswan.conf.5.head $(srcdir)/strongswan.conf.5.main strongswan.conf.5.tail > $@
+
+clean-local:
+ rm -f plugins/*.conf plugins/*.tmp
+
+maintainer-clean-local:
+ cd $(srcdir) && \
+ rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
+
+install-data-local: $(plugins_install_src)
+ test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
+ test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
+ test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
+ test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
+ for f in $(options_install_src); do \
+ name=`basename $$f`; \
+ test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 "$(srcdir)/$$f" "$(DESTDIR)$(strongswanddir)/$$name" || true; \
+ done
+ for f in $(plugins_install_src); do \
+ name=`basename $$f`; \
+ if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \
+ test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(charonconfdir)/$$name" || true; \
+ done
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/conf/default.conf b/conf/default.conf
new file mode 100644
index 0000000..41d2e1f
--- /dev/null
+++ b/conf/default.conf
@@ -0,0 +1,8 @@
+ at PLUGIN_NAME@ {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/default.opt b/conf/default.opt
new file mode 100644
index 0000000..8c83364
--- /dev/null
+++ b/conf/default.opt
@@ -0,0 +1,3 @@
+charon.plugins. at PLUGIN_NAME@.load := yes
+ Whether to load the plugin. Can also be an integer to increase the priority
+ of this plugin.
diff --git a/conf/format-options.py b/conf/format-options.py
new file mode 100755
index 0000000..04afed6
--- /dev/null
+++ b/conf/format-options.py
@@ -0,0 +1,337 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2014 Tobias Brunner
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+
+"""
+Parses strongswan.conf option descriptions and produces configuration file
+and man page snippets.
+
+The format for description files is as follows:
+
+full.option.name [[:]= default]
+ Short description intended as comment in config snippet
+
+ Long description for use in the man page, with
+ simple formatting: _italic_, **bold**
+
+ Second paragraph of the long description
+
+The descriptions must be indented by tabs or spaces but are both optional.
+If only a short description is given it is used for both intended usages.
+Line breaks within a paragraph of the long description or the short description
+are not preserved. But multiple paragraphs will be separated in the man page.
+Any formatting in the short description is removed when producing config
+snippets.
+
+Options for which a value is assigned with := are not commented out in the
+produced configuration file snippet. This allows to override a default value,
+that e.g. has to be preserved for legacy reasons, in the generated default
+config.
+
+To describe sections the following format can be used:
+
+full.section.name {[#]}
+ Short description of this section
+
+ Long description as above
+
+If a # is added between the curly braces the section header will be commented
+out in the configuration file snippet, which is useful for example sections.
+"""
+
+import sys
+import re
+from textwrap import TextWrapper
+from optparse import OptionParser
+
+class ConfigOption:
+ """Representing a configuration option or described section in strongswan.conf"""
+ def __init__(self, name, default = None, section = False, commented = False):
+ self.name = name.split('.')[-1]
+ self.fullname = name
+ self.default = default
+ self.section = section
+ self.commented = commented
+ self.desc = []
+ self.options = []
+
+ def __cmp__(self, other):
+ if self.section == other.section:
+ return cmp(self.name, other.name)
+ return 1 if self.section else -1
+
+ def add_paragraph(self):
+ """Adds a new paragraph to the description"""
+ if len(self.desc) and len(self.desc[-1]):
+ self.desc.append("")
+
+ def add(self, line):
+ """Adds a line to the last paragraph"""
+ if not len(self.desc):
+ self.desc.append(line)
+ elif not len(self.desc[-1]):
+ self.desc[-1] = line
+ else:
+ self.desc[-1] += ' ' + line
+
+ def adopt(self, other):
+ """Adopts settings from other, which should be more recently parsed"""
+ self.default = other.default
+ self.commented = other.commented
+ self.desc = other.desc
+
+class Parser:
+ """Parses one or more files of configuration options"""
+ def __init__(self):
+ self.options = []
+
+ def parse(self, file):
+ """Parses the given file and adds all options to the internal store"""
+ self.__current = None
+ for line in file:
+ self.__parse_line(line)
+ if self.__current:
+ self.__add_option(self.__current)
+
+ def __parse_line(self, line):
+ """Parses a single line"""
+ if re.match(r'^\s*#', line):
+ return
+ # option definition
+ m = re.match(r'^(?P<name>\S+)\s*((?P<assign>:)?=\s*(?P<default>.+)?)?\s*$', line)
+ if m:
+ if self.__current:
+ self.__add_option(self.__current)
+ self.__current = ConfigOption(m.group('name'), m.group('default'),
+ commented = not m.group('assign'))
+ return
+ # section definition
+ m = re.match(r'^(?P<name>\S+)\s*\{\s*(?P<comment>#)?\s*\}\s*$', line)
+ if m:
+ if self.__current:
+ self.__add_option(self.__current)
+ self.__current = ConfigOption(m.group('name'), section = True,
+ commented = m.group('comment'))
+ return
+ # paragraph separator
+ m = re.match(r'^\s*$', line)
+ if m and self.__current:
+ self.__current.add_paragraph()
+ # description line
+ m = re.match(r'^\s+(?P<text>.+?)\s*$', line)
+ if m and self.__current:
+ self.__current.add(m.group('text'))
+
+ def __add_option(self, option):
+ """Adds the given option to the abstract storage"""
+ option.desc = [desc for desc in option.desc if len(desc)]
+ parts = option.fullname.split('.')
+ parent = self.__get_option(parts[:-1], True)
+ if not parent:
+ parent = self
+ found = next((x for x in parent.options if x.name == option.name
+ and x.section == option.section), None)
+ if found:
+ found.adopt(option)
+ else:
+ parent.options.append(option)
+ parent.options.sort()
+
+ def __get_option(self, parts, create = False):
+ """Searches/Creates the option (section) based on a list of section names"""
+ option = None
+ options = self.options
+ fullname = ""
+ for name in parts:
+ fullname += '.' + name if len(fullname) else name
+ option = next((x for x in options if x.name == name and x.section), None)
+ if not option:
+ if not create:
+ break
+ option = ConfigOption(fullname, section = True)
+ options.append(option)
+ options.sort()
+ options = option.options
+ return option
+
+ def get_option(self, name):
+ """Retrieves the option with the given name"""
+ return self.__get_option(name.split('.'))
+
+class TagReplacer:
+ """Replaces formatting tags in text"""
+ def __init__(self):
+ self.__matcher_b = self.__create_matcher('**')
+ self.__matcher_i = self.__create_matcher('_')
+ self.__replacer = None
+
+ def __create_matcher(self, tag):
+ tag = re.escape(tag)
+ return re.compile(r'''
+ (^|\s|(?P<brack>[(\[])) # prefix with optional opening bracket
+ (?P<tag>''' + tag + r''') # start tag
+ (?P<text>\w|\S.*?\S) # text
+ ''' + tag + r''' # end tag
+ (?P<punct>([.,!:)\]]|\(\d+\))*) # punctuation
+ (?=$|\s) # suffix (don't consume it so that subsequent tags can match)
+ ''', flags = re.DOTALL | re.VERBOSE)
+
+ def _create_replacer(self):
+ def replacer(m):
+ punct = m.group('punct')
+ if not punct:
+ punct = ''
+ return '{0}{1}{2}'.format(m.group(1), m.group('text'), punct)
+ return replacer
+
+ def replace(self, text):
+ if not self.__replacer:
+ self.__replacer = self._create_replacer()
+ text = re.sub(self.__matcher_b, self.__replacer, text)
+ return re.sub(self.__matcher_i, self.__replacer, text)
+
+class GroffTagReplacer(TagReplacer):
+ def _create_replacer(self):
+ def replacer(m):
+ nl = '\n' if m.group(1) else ''
+ format = 'I' if m.group('tag') == '_' else 'B'
+ brack = m.group('brack')
+ if not brack:
+ brack = ''
+ punct = m.group('punct')
+ if not punct:
+ punct = ''
+ text = re.sub(r'[\r\n\t]', ' ', m.group('text'))
+ return '{0}.R{1} "{2}" "{3}" "{4}"\n'.format(nl, format, brack, text, punct)
+ return replacer
+
+class ConfFormatter:
+ """Formats options to a strongswan.conf snippet"""
+ def __init__(self):
+ self.__indent = ' '
+ self.__wrapper = TextWrapper(width = 80, replace_whitespace = True,
+ break_long_words = False, break_on_hyphens = False)
+ self.__tags = TagReplacer()
+
+ def __print_description(self, opt, indent):
+ if len(opt.desc):
+ self.__wrapper.initial_indent = '{0}# '.format(self.__indent * indent)
+ self.__wrapper.subsequent_indent = self.__wrapper.initial_indent
+ print format(self.__wrapper.fill(self.__tags.replace(opt.desc[0])))
+
+ def __print_option(self, opt, indent, commented):
+ """Print a single option with description and default value"""
+ comment = "# " if commented or opt.commented else ""
+ self.__print_description(opt, indent)
+ if opt.default:
+ print '{0}{1}{2} = {3}'.format(self.__indent * indent, comment, opt.name, opt.default)
+ else:
+ print '{0}{1}{2} ='.format(self.__indent * indent, comment, opt.name)
+ print
+
+ def __print_section(self, section, indent, commented):
+ """Print a section with all options"""
+ comment = "# " if commented or section.commented else ""
+ self.__print_description(section, indent)
+ print '{0}{1}{2} {{'.format(self.__indent * indent, comment, section.name)
+ print
+ for o in section.options:
+ if o.section:
+ self.__print_section(o, indent + 1, section.commented)
+ else:
+ self.__print_option(o, indent + 1, section.commented)
+ print '{0}{1}}}'.format(self.__indent * indent, comment)
+ print
+
+ def format(self, options):
+ """Print a list of options"""
+ if not options:
+ return
+ for option in options:
+ if option.section:
+ self.__print_section(option, 0, False)
+ else:
+ self.__print_option(option, 0, False)
+
+class ManFormatter:
+ """Formats a list of options into a groff snippet"""
+ def __init__(self):
+ self.__wrapper = TextWrapper(width = 80, replace_whitespace = False,
+ break_long_words = False, break_on_hyphens = False)
+ self.__tags = GroffTagReplacer()
+
+ def __groffize(self, text):
+ """Encode text as groff text"""
+ text = self.__tags.replace(text)
+ text = re.sub(r'(?<!\\)-', r'\\-', text)
+ # remove any leading whitespace
+ return re.sub(r'^\s+', '', text, flags = re.MULTILINE)
+
+ def __format_option(self, option):
+ """Print a single option"""
+ if option.section and not len(option.desc):
+ return
+ if option.section:
+ print '.TP\n.B {0}\n.br'.format(option.fullname)
+ else:
+ print '.TP'
+ default = option.default if option.default else ''
+ print '.BR {0} " [{1}]"'.format(option.fullname, default)
+ for para in option.desc if len(option.desc) < 2 else option.desc[1:]:
+ print self.__groffize(self.__wrapper.fill(para))
+ print ''
+
+ def format(self, options):
+ """Print a list of options"""
+ if not options:
+ return
+ for option in options:
+ if option.section:
+ self.__format_option(option)
+ self.format(option.options)
+ else:
+ self.__format_option(option)
+
+options = OptionParser(usage = "Usage: %prog [options] file1 file2\n\n"
+ "If no filenames are provided the input is read from stdin.")
+options.add_option("-f", "--format", dest="format", type="choice", choices=["conf", "man"],
+ help="output format: conf, man [default: %default]", default="conf")
+options.add_option("-r", "--root", dest="root", metavar="NAME",
+ help="root section of which options are printed, "
+ "if not found everything is printed")
+(opts, args) = options.parse_args()
+
+parser = Parser()
+if len(args):
+ for filename in args:
+ try:
+ with open(filename, 'r') as file:
+ parser.parse(file)
+ except IOError as e:
+ sys.stderr.write("Unable to open '{0}': {1}\n".format(filename, e.strerror))
+else:
+ parser.parse(sys.stdin)
+
+options = parser.options
+if (opts.root):
+ root = parser.get_option(opts.root)
+ if root:
+ options = root.options
+
+if opts.format == "conf":
+ formatter = ConfFormatter()
+elif opts.format == "man":
+ formatter = ManFormatter()
+
+formatter.format(options)
diff --git a/conf/options/attest.conf b/conf/options/attest.conf
new file mode 100644
index 0000000..1f7f57c
--- /dev/null
+++ b/conf/options/attest.conf
@@ -0,0 +1,11 @@
+attest {
+
+ # File measurement information database URI. If it contains a password, make
+ # sure to adjust the permissions of the config file accordingly.
+ # database =
+
+ # Plugins to load in ipsec attest tool.
+ # load =
+
+}
+
diff --git a/conf/options/attest.opt b/conf/options/attest.opt
new file mode 100644
index 0000000..20b14f4
--- /dev/null
+++ b/conf/options/attest.opt
@@ -0,0 +1,6 @@
+attest.database =
+ File measurement information database URI. If it contains a password, make
+ sure to adjust the permissions of the config file accordingly.
+
+attest.load =
+ Plugins to load in ipsec attest tool.
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
new file mode 100644
index 0000000..c91421d
--- /dev/null
+++ b/conf/options/charon-logging.conf
@@ -0,0 +1,62 @@
+charon {
+
+ # Section to define file loggers, see LOGGER CONFIGURATION in
+ # strongswan.conf(5).
+ filelog {
+
+ # <filename> is the full path to the log file.
+ # <filename> {
+
+ # Loglevel for a specific subsystem.
+ # <subsystem> = <default>
+
+ # If this option is enabled log entries are appended to the existing
+ # file.
+ # append = yes
+
+ # Default loglevel.
+ # default = 1
+
+ # Enabling this option disables block buffering and enables line
+ # buffering.
+ # flush_line = no
+
+ # Prefix each log entry with the connection name and a unique
+ # numerical identifier for each IKE_SA.
+ # ike_name = no
+
+ # Prefix each log entry with a timestamp. The option accepts a
+ # format string as passed to strftime(3).
+ # time_format =
+
+ # }
+
+ }
+
+ # Section to define syslog loggers, see LOGGER CONFIGURATION in
+ # strongswan.conf(5).
+ syslog {
+
+ # Identifier for use with openlog(3).
+ # identifier =
+
+ # <facility> is one of the supported syslog facilities, see LOGGER
+ # CONFIGURATION in strongswan.conf(5).
+ # <facility> {
+
+ # Loglevel for a specific subsystem.
+ # <subsystem> = <default>
+
+ # Default loglevel.
+ # default = 1
+
+ # Prefix each log entry with the connection name and a unique
+ # numerical identifier for each IKE_SA.
+ # ike_name = no
+
+ # }
+
+ }
+
+}
+
diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt
new file mode 100644
index 0000000..b437a9c
--- /dev/null
+++ b/conf/options/charon-logging.opt
@@ -0,0 +1,57 @@
+charon.filelog {}
+ Section to define file loggers, see LOGGER CONFIGURATION in
+ **strongswan.conf**(5).
+
+charon.filelog.<filename> { # }
+ <filename> is the full path to the log file.
+
+charon.filelog.<filename>.default = 1
+ Default loglevel.
+
+ Specifies the default loglevel to be used for subsystems for which no
+ specific loglevel is defined.
+
+charon.filelog.<filename>.<subsystem> = <default>
+ Loglevel for a specific subsystem.
+
+charon.filelog.<filename>.append = yes
+ If this option is enabled log entries are appended to the existing file.
+
+charon.filelog.<filename>.flush_line = no
+ Enabling this option disables block buffering and enables line buffering.
+
+charon.filelog.<filename>.ike_name = no
+ Prefix each log entry with the connection name and a unique numerical
+ identifier for each IKE_SA.
+
+charon.filelog.<filename>.time_format
+ Prefix each log entry with a timestamp. The option accepts a format string
+ as passed to **strftime**(3).
+
+charon.syslog {}
+ Section to define syslog loggers, see LOGGER CONFIGURATION in
+ **strongswan.conf**(5).
+
+charon.syslog.identifier
+ Identifier for use with openlog(3).
+
+ Global identifier used for an **openlog**(3) call, prepended to each log
+ message by syslog. If not configured, **openlog**(3) is not called, so the
+ value will depend on system defaults (often the program name).
+
+charon.syslog.<facility> { # }
+ <facility> is one of the supported syslog facilities, see LOGGER
+ CONFIGURATION in **strongswan.conf**(5).
+
+charon.syslog.<facility>.default = 1
+ Default loglevel.
+
+ Specifies the default loglevel to be used for subsystems for which no
+ specific loglevel is defined.
+
+charon.syslog.<facility>.<subsystem> = <default>
+ Loglevel for a specific subsystem.
+
+charon.syslog.<facility>.ike_name = no
+ Prefix each log entry with the connection name and a unique numerical
+ identifier for each IKE_SA.
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
new file mode 100644
index 0000000..5cab2b1
--- /dev/null
+++ b/conf/options/charon.conf
@@ -0,0 +1,281 @@
+# Options for the charon IKE daemon.
+charon {
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ # cisco_unity = no
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Maximum size (in bytes) of a sent fragment when using the proprietary
+ # IKEv1 fragmentation extension.
+ # fragment_size = 512
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ # ikesa_table_segments = 1
+
+ # Size of the IKE_SA hash table.
+ # ikesa_table_size = 1
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ # init_limit_half_open = 0
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ # install_routes = yes
+
+ # Install virtual IP addresses.
+ # install_virtual_ip = yes
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval to use when retrying to initiate an IKE_SA (e.g. if DNS
+ # resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs.
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Number of iterations to test each algorithm.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
new file mode 100644
index 0000000..c6f4f1e
--- /dev/null
+++ b/conf/options/charon.opt
@@ -0,0 +1,284 @@
+charon {}
+ Options for the charon IKE daemon.
+
+ Options for the charon IKE daemon.
+
+ **Note**: Many of the options in this section also apply to **charon-cmd**
+ and other **charon** derivatives. Just use their respective name (e.g.
+ **charon-cmd** instead of **charon**). For many options defaults can be
+ defined in the **libstrongswan** section.
+
+charon.block_threshold = 5
+ Maximum number of half-open IKE_SAs for a single peer IP.
+
+charon.cert_cache = yes
+ Whether relations in validated certificate chains should be cached in
+ memory.
+
+charon.cisco_unity = no
+ Send Cisco Unity vendor ID payload (IKEv1 only).
+
+charon.close_ike_on_child_failure = no
+ Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+
+charon.cookie_threshold = 10
+ Number of half-open IKE_SAs that activate the cookie mechanism.
+
+charon.crypto_test.bench = no
+ Benchmark crypto algorithms and order them by efficiency.
+
+charon.crypto_test.bench_size = 1024
+ Buffer size used for crypto benchmark.
+
+charon.crypto_test.bench_time = 50
+ Number of iterations to test each algorithm.
+
+charon.crypto_test.on_add = no
+ Test crypto algorithms during registration (requires test vectors provided
+ by the _test-vectors_ plugin).
+
+charon.crypto_test.on_create = no
+ Test crypto algorithms on each crypto primitive instantiation.
+
+charon.crypto_test.required = no
+ Strictly require at least one test vector to enable an algorithm.
+
+charon.crypto_test.rng_true = no
+ Whether to test RNG with TRUE quality; requires a lot of entropy.
+
+charon.dh_exponent_ansi_x9_42 = yes
+ Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ strength.
+
+charon.dns1
+ DNS server assigned to peer via configuration payload (CP).
+
+charon.dns2
+ DNS server assigned to peer via configuration payload (CP).
+
+charon.dos_protection = yes
+ Enable Denial of Service protection using cookies and aggressiveness checks.
+
+charon.ecp_x_coordinate_only = yes
+ Compliance with the errata for RFC 4753.
+
+charon.flush_auth_cfg = no
+ Free objects during authentication (might conflict with plugins).
+
+ If enabled objects used during authentication (certificates, identities
+ etc.) are released to free memory once an IKE_SA is established. Enabling
+ this might conflict with plugins that later need access to e.g. the used
+ certificates.
+
+charon.fragment_size = 512
+ Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
+ fragmentation extension.
+
+charon.group
+ Name of the group the daemon changes to after startup.
+
+charon.half_open_timeout = 30
+ Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+
+charon.hash_and_url = no
+ Enable hash and URL support.
+
+charon.host_resolver.max_threads = 3
+ Maximum number of concurrent resolver threads (they are terminated if
+ unused).
+
+charon.host_resolver.min_threads = 0
+ Minimum number of resolver threads to keep around.
+
+charon.i_dont_care_about_security_and_use_aggressive_mode_psk = no
+ Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+
+ If enabled responders are allowed to use IKEv1 Aggressive Mode with
+ pre-shared keys, which is discouraged due to security concerns (offline
+ attacks on the openly transmitted hash of the PSK).
+
+charon.ignore_routing_tables
+ A space-separated list of routing tables to be excluded from route lookups.
+
+charon.ikesa_limit = 0
+ Maximum number of IKE_SAs that can be established at the same time before
+ new connection attempts are blocked.
+
+charon.ikesa_table_segments = 1
+ Number of exclusively locked segments in the hash table.
+
+charon.ikesa_table_size = 1
+ Size of the IKE_SA hash table.
+
+charon.inactivity_close_ike = no
+ Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+
+charon.init_limit_half_open = 0
+ Limit new connections based on the current number of half open IKE_SAs, see
+ IKE_SA_INIT DROPPING in **strongswan.conf**(5).
+
+charon.init_limit_job_load = 0
+ Limit new connections based on the number of queued jobs.
+
+ Limit new connections based on the number of jobs currently queued for
+ processing (see IKE_SA_INIT DROPPING).
+
+charon.initiator_only = no
+ Causes charon daemon to ignore IKE initiation requests.
+
+charon.install_routes = yes
+ Install routes into a separate routing table for established IPsec tunnels.
+
+charon.install_virtual_ip = yes
+ Install virtual IP addresses.
+
+charon.install_virtual_ip_on
+ The name of the interface on which virtual IP addresses should be installed.
+
+ The name of the interface on which virtual IP addresses should be installed.
+ If not specified the addresses will be installed on the outbound interface.
+
+charon.integrity_test = no
+ Check daemon, libstrongswan and plugin integrity at startup.
+
+charon.interfaces_ignore
+ A comma-separated list of network interfaces that should be ignored, if
+ **interfaces_use** is specified this option has no effect.
+
+charon.interfaces_use
+ A comma-separated list of network interfaces that should be used by charon.
+ All other interfaces are ignored.
+
+charon.keep_alive = 20s
+ NAT keep alive interval.
+
+charon.leak_detective.detailed = yes
+ Includes source file names and line numbers in leak detective output.
+
+charon.leak_detective.usage_threshold = 10240
+ Threshold in bytes for leaks to be reported (0 to report all).
+
+charon.leak_detective.usage_threshold_count = 0
+ Threshold in number of allocations for leaks to be reported (0 to report
+ all).
+
+charon.load
+ Plugins to load in the IKE daemon charon.
+
+charon.load_modular = no
+ Determine plugins to load via each plugin's load option.
+
+ If enabled, the list of plugins to load is determined via the value of the
+ _charon.plugins.<name>.load_ options. In addition to a simple boolean flag
+ that option may take an integer value indicating the priority of a plugin,
+ which would influence the order of a plugin in the plugin list (the default
+ is 1). If two plugins have the same priority their order in the default
+ plugin list is preserved. Enabled plugins not found in that list are ordered
+ alphabetically before other plugins with the same priority.
+
+charon.max_packet = 10000
+ Maximum packet size accepted by charon.
+
+charon.multiple_authentication = yes
+ Enable multiple authentication exchanges (RFC 4739).
+
+charon.nbns1
+ WINS servers assigned to peer via configuration payload (CP).
+
+charon.nbns2
+ WINS servers assigned to peer via configuration payload (CP).
+
+charon.port = 500
+ UDP port used locally. If set to 0 a random port will be allocated.
+
+charon.port_nat_t = 4500
+ UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ allocated. Has to be different from **charon.port**, otherwise a random
+ port will be allocated.
+
+charon.process_route = yes
+ Process RTM_NEWROUTE and RTM_DELROUTE events.
+
+charon.processor.priority_threads {}
+ Section to configure the number of reserved threads per priority class
+ see JOB PRIORITY MANAGEMENT in **strongswan.conf**(5).
+
+charon.receive_delay = 0
+ Delay in ms for receiving packets, to simulate larger RTT.
+
+charon.receive_delay_response = yes
+ Delay response messages.
+
+charon.receive_delay_request = yes
+ Delay request messages.
+
+charon.receive_delay_type = 0
+ Specific IKEv2 message type to delay, 0 for any.
+
+charon.replay_window = 32
+ Size of the AH/ESP replay window, in packets.
+
+charon.retransmit_base = 1.8
+ Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ in **strongswan.conf**(5).
+
+charon.retransmit_timeout = 4.0
+ Timeout in seconds before sending first retransmit.
+
+charon.retransmit_tries = 5
+ Number of times to retransmit a packet before giving up.
+
+charon.retry_initiate_interval = 0
+ Interval to use when retrying to initiate an IKE_SA (e.g. if DNS resolution
+ failed), 0 to disable retries.
+
+charon.reuse_ikesa = yes
+ Initiate CHILD_SA within existing IKE_SAs.
+
+charon.routing_table
+ Numerical routing table to install routes to.
+
+charon.routing_table_prio
+ Priority of the routing table.
+
+charon.send_delay = 0
+ Delay in ms for sending packets, to simulate larger RTT.
+
+charon.send_delay_response = yes
+ Delay response messages.
+
+charon.send_delay_request = yes
+ Delay request messages.
+
+charon.send_delay_type = 0
+ Specific IKEv2 message type to delay, 0 for any.
+
+charon.send_vendor_id = no
+ Send strongSwan vendor ID payload
+
+charon.threads = 16
+ Number of worker threads in charon.
+
+ Number of worker threads in charon. Several of these are reserved for long
+ running tasks in internal modules and plugins. Therefore, make sure you
+ don't set this value too low. The number of idle worker threads listed in
+ _ipsec statusall_ might be used as indicator on the number of reserved
+ threads.
+
+charon.tls.cipher
+ List of TLS encryption ciphers.
+
+charon.tls.key_exchange
+ List of TLS key exchange methods.
+
+charon.tls.mac
+ List of TLS MAC algorithms.
+
+charon.tls.suites
+ List of TLS cipher suites.
+
+charon.user
+ Name of the user the daemon changes to after startup.
+
+charon.x509.enforce_critical = yes
+ Discard certificates with unsupported or unknown critical extensions.
diff --git a/conf/options/imcv.conf b/conf/options/imcv.conf
new file mode 100644
index 0000000..92016ef
--- /dev/null
+++ b/conf/options/imcv.conf
@@ -0,0 +1,43 @@
+charon {
+
+ # Defaults for options in this section can be configured in the libimcv
+ # section.
+ imcv {
+
+ # Whether IMVs send a standard IETF Assessment Result attribute.
+ # assessment_result = yes
+
+ # Global IMV policy database URI. If it contains a password, make sure
+ # to adjust the permissions of the config file accordingly.
+ # database =
+
+ # Script called for each TNC connection to generate IMV policies.
+ # policy_script = ipsec _imv_policy
+
+ os_info {
+
+ # Manually set the name of the client OS (e.g. Ubuntu).
+ # name =
+
+ # Manually set the version of the client OS (e.g. 12.04 i686).
+ # version =
+
+ }
+
+ }
+
+}
+
+libimcv {
+
+ # Debug level for a stand-alone libimcv library.
+ # debug_level = 1
+
+ # Plugins to load in IMC/IMVs with stand-alone libimcv library.
+ # load = random nonce gmp pubkey x509
+
+ # Disable output to stderr with a stand-alone libimcv library.
+ # stderr_quiet = no
+
+}
+
diff --git a/conf/options/imcv.opt b/conf/options/imcv.opt
new file mode 100644
index 0000000..a249a7b
--- /dev/null
+++ b/conf/options/imcv.opt
@@ -0,0 +1,28 @@
+charon.imcv {}
+ Defaults for options in this section can be configured in the _libimcv_
+ section.
+
+charon.imcv.assessment_result = yes
+ Whether IMVs send a standard IETF Assessment Result attribute.
+
+charon.imcv.database =
+ Global IMV policy database URI. If it contains a password, make sure to
+ adjust the permissions of the config file accordingly.
+
+charon.imcv.os_info.name =
+ Manually set the name of the client OS (e.g. Ubuntu).
+
+charon.imcv.os_info.version =
+ Manually set the version of the client OS (e.g. 12.04 i686).
+
+charon.imcv.policy_script = ipsec _imv_policy
+ Script called for each TNC connection to generate IMV policies.
+
+libimcv.debug_level = 1
+ Debug level for a stand-alone _libimcv_ library.
+
+libimcv.load = random nonce gmp pubkey x509
+ Plugins to load in IMC/IMVs with stand-alone _libimcv_ library.
+
+libimcv.stderr_quiet = no
+ Disable output to stderr with a stand-alone _libimcv_ library.
diff --git a/conf/options/manager.conf b/conf/options/manager.conf
new file mode 100644
index 0000000..bb09346
--- /dev/null
+++ b/conf/options/manager.conf
@@ -0,0 +1,23 @@
+manager {
+
+ # Credential database URI for manager. If it contains a password, make sure
+ # to adjust the permissions of the config file accordingly.
+ # database =
+
+ # Enable debugging in manager.
+ # debug = no
+
+ # Plugins to load in manager.
+ # load =
+
+ # FastCGI socket of manager, to run it statically.
+ # socket =
+
+ # Threads to use for request handling.
+ # threads = 10
+
+ # Session timeout for manager.
+ # timeout = 15m
+
+}
+
diff --git a/conf/options/manager.opt b/conf/options/manager.opt
new file mode 100644
index 0000000..dbac731
--- /dev/null
+++ b/conf/options/manager.opt
@@ -0,0 +1,18 @@
+manager.database =
+ Credential database URI for manager. If it contains a password, make
+ sure to adjust the permissions of the config file accordingly.
+
+manager.debug = no
+ Enable debugging in manager.
+
+manager.load =
+ Plugins to load in manager.
+
+manager.socket =
+ FastCGI socket of manager, to run it statically.
+
+manager.threads = 10
+ Threads to use for request handling.
+
+manager.timeout = 15m
+ Session timeout for manager.
diff --git a/conf/options/medsrv.conf b/conf/options/medsrv.conf
new file mode 100644
index 0000000..b3026ea
--- /dev/null
+++ b/conf/options/medsrv.conf
@@ -0,0 +1,32 @@
+medsrv {
+
+ # Mediation server database URI. If it contains a password, make sure to
+ # adjust the permissions of the config file accordingly.
+ # database =
+
+ # Debugging in mediation server web application.
+ # debug = no
+
+ # DPD timeout to use in mediation server plugin.
+ # dpd = 5m
+
+ # Plugins to load in mediation server plugin.
+ # load =
+
+ # Minimum password length required for mediation server user accounts.
+ # password_length = 6
+
+ # Rekeying time on mediation connections in mediation server plugin.
+ # rekey = 20m
+
+ # Run Mediation server web application statically on socket.
+ # socket =
+
+ # Number of thread for mediation service web application.
+ # threads = 5
+
+ # Session timeout for mediation service.
+ # timeout = 15m
+
+}
+
diff --git a/conf/options/medsrv.opt b/conf/options/medsrv.opt
new file mode 100644
index 0000000..f673b7e
--- /dev/null
+++ b/conf/options/medsrv.opt
@@ -0,0 +1,27 @@
+medsrv.database =
+ Mediation server database URI. If it contains a password, make
+ sure to adjust the permissions of the config file accordingly.
+
+medsrv.debug = no
+ Debugging in mediation server web application.
+
+medsrv.dpd = 5m
+ DPD timeout to use in mediation server plugin.
+
+medsrv.load =
+ Plugins to load in mediation server plugin.
+
+medsrv.password_length = 6
+ Minimum password length required for mediation server user accounts.
+
+medsrv.rekey = 20m
+ Rekeying time on mediation connections in mediation server plugin.
+
+medsrv.socket =
+ Run Mediation server web application statically on socket.
+
+medsrv.threads = 5
+ Number of thread for mediation service web application.
+
+medsrv.timeout = 15m
+ Session timeout for mediation service.
diff --git a/conf/options/pacman.conf b/conf/options/pacman.conf
new file mode 100644
index 0000000..730e543
--- /dev/null
+++ b/conf/options/pacman.conf
@@ -0,0 +1,12 @@
+pacman {
+
+ # Database URI for the database that stores the package information. If it
+ # contains a password, make sure to adjust the permissions of the config
+ # file accordingly.
+ # database =
+
+ # Plugins to load in package manager.
+ # load =
+
+}
+
diff --git a/conf/options/pacman.opt b/conf/options/pacman.opt
new file mode 100644
index 0000000..dfb4ba2
--- /dev/null
+++ b/conf/options/pacman.opt
@@ -0,0 +1,7 @@
+pacman.database =
+ Database URI for the database that stores the package information. If it
+ contains a password, make sure to adjust the permissions of the config file
+ accordingly.
+
+pacman.load =
+ Plugins to load in package manager.
diff --git a/conf/options/pool.conf b/conf/options/pool.conf
new file mode 100644
index 0000000..297c0f8
--- /dev/null
+++ b/conf/options/pool.conf
@@ -0,0 +1,12 @@
+pool {
+
+ # Database URI for the database that stores IP pools and configuration
+ # attributes. If it contains a password, make sure to adjust the
+ # permissions of the config file accordingly.
+ # database =
+
+ # Plugins to load in ipsec pool tool.
+ # load =
+
+}
+
diff --git a/conf/options/pool.opt b/conf/options/pool.opt
new file mode 100644
index 0000000..79458c7
--- /dev/null
+++ b/conf/options/pool.opt
@@ -0,0 +1,7 @@
+pool.database
+ Database URI for the database that stores IP pools and configuration
+ attributes. If it contains a password, make sure to adjust the permissions
+ of the config file accordingly.
+
+pool.load =
+ Plugins to load in ipsec pool tool.
diff --git a/conf/options/starter.conf b/conf/options/starter.conf
new file mode 100644
index 0000000..8465f7e
--- /dev/null
+++ b/conf/options/starter.conf
@@ -0,0 +1,10 @@
+starter {
+
+ # Plugins to load in starter.
+ # load =
+
+ # Disable charon plugin load option warning.
+ # load_warning = yes
+
+}
+
diff --git a/conf/options/starter.opt b/conf/options/starter.opt
new file mode 100644
index 0000000..4e6574d
--- /dev/null
+++ b/conf/options/starter.opt
@@ -0,0 +1,5 @@
+starter.load =
+ Plugins to load in starter.
+
+starter.load_warning = yes
+ Disable charon plugin load option warning.
diff --git a/conf/options/tnc.conf b/conf/options/tnc.conf
new file mode 100644
index 0000000..6736a2d
--- /dev/null
+++ b/conf/options/tnc.conf
@@ -0,0 +1,11 @@
+charon {
+
+ tnc {
+
+ # TNC IMC/IMV configuration file.
+ # tnc_config = /etc/tnc_config
+
+ }
+
+}
+
diff --git a/conf/options/tnc.opt b/conf/options/tnc.opt
new file mode 100644
index 0000000..467723e
--- /dev/null
+++ b/conf/options/tnc.opt
@@ -0,0 +1,2 @@
+charon.tnc.tnc_config = /etc/tnc_config
+ TNC IMC/IMV configuration file.
diff --git a/conf/options/tools.conf b/conf/options/tools.conf
new file mode 100644
index 0000000..a3ab099
--- /dev/null
+++ b/conf/options/tools.conf
@@ -0,0 +1,21 @@
+openac {
+
+ # Plugins to load in ipsec openac tool.
+ # load =
+
+}
+
+pki {
+
+ # Plugins to load in ipsec pki tool.
+ # load =
+
+}
+
+scepclient {
+
+ # Plugins to load in ipsec scepclient tool.
+ # load =
+
+}
+
diff --git a/conf/options/tools.opt b/conf/options/tools.opt
new file mode 100644
index 0000000..23e6a1c
--- /dev/null
+++ b/conf/options/tools.opt
@@ -0,0 +1,8 @@
+openac.load =
+ Plugins to load in ipsec openac tool.
+
+pki.load =
+ Plugins to load in ipsec pki tool.
+
+scepclient.load =
+ Plugins to load in ipsec scepclient tool.
diff --git a/conf/plugins/android_log.conf b/conf/plugins/android_log.conf
new file mode 100644
index 0000000..4d87eed
--- /dev/null
+++ b/conf/plugins/android_log.conf
@@ -0,0 +1,11 @@
+android_log {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Loglevel for logging to Android specific logger.
+ # loglevel = 1
+
+}
+
diff --git a/conf/plugins/android_log.opt b/conf/plugins/android_log.opt
new file mode 100644
index 0000000..801b8bf
--- /dev/null
+++ b/conf/plugins/android_log.opt
@@ -0,0 +1,2 @@
+charon.plugins.android_log.loglevel = 1
+ Loglevel for logging to Android specific logger.
diff --git a/conf/plugins/attr-sql.conf b/conf/plugins/attr-sql.conf
new file mode 100644
index 0000000..24d4e80
--- /dev/null
+++ b/conf/plugins/attr-sql.conf
@@ -0,0 +1,16 @@
+attr-sql {
+
+ # Database URI for attr-sql plugin used by charon. If it contains a
+ # password, make sure to adjust the permissions of the config file
+ # accordingly.
+ # database =
+
+ # Enable logging of SQL IP pool leases.
+ # lease_history = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/attr-sql.opt b/conf/plugins/attr-sql.opt
new file mode 100644
index 0000000..abd749e
--- /dev/null
+++ b/conf/plugins/attr-sql.opt
@@ -0,0 +1,6 @@
+charon.plugins.attr-sql.database
+ Database URI for attr-sql plugin used by charon. If it contains a password,
+ make sure to adjust the permissions of the config file accordingly.
+
+charon.plugins.attr-sql.lease_history = yes
+ Enable logging of SQL IP pool leases.
diff --git a/conf/plugins/attr.conf b/conf/plugins/attr.conf
new file mode 100644
index 0000000..7a3645b
--- /dev/null
+++ b/conf/plugins/attr.conf
@@ -0,0 +1,14 @@
+# Section to specify arbitrary attributes that are assigned to a peer via
+# configuration payload (CP).
+attr {
+
+ # <attr> is an attribute name or an integer, values can be an IP address,
+ # subnet or arbitrary value.
+ # <attr> =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/attr.opt b/conf/plugins/attr.opt
new file mode 100644
index 0000000..f3c187c
--- /dev/null
+++ b/conf/plugins/attr.opt
@@ -0,0 +1,14 @@
+charon.plugins.attr {}
+ Section to specify arbitrary attributes that are assigned to a peer via
+ configuration payload (CP).
+
+charon.plugins.attr.<attr>
+ <attr> is an attribute name or an integer, values can be an IP address,
+ subnet or arbitrary value.
+
+ **<attr>** can be either _address_, _netmask_, _dns_, _nbns_, _dhcp_,
+ _subnet_, _split-include_, _split-exclude_ or the numeric identifier of the
+ attribute type. The assigned value can be an IPv4/IPv6 address, a subnet in
+ CIDR notation or an arbitrary value depending on the attribute type. For
+ some attribute types multiple values may be specified as a comma separated
+ list.
diff --git a/conf/plugins/certexpire.conf b/conf/plugins/certexpire.conf
new file mode 100644
index 0000000..543848c
--- /dev/null
+++ b/conf/plugins/certexpire.conf
@@ -0,0 +1,38 @@
+certexpire {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ csv {
+
+ # Cron style string specifying CSV export times.
+ # cron =
+
+ # String to use in empty intermediate CA fields.
+ # empty_string =
+
+ # Use a fixed intermediate CA field count.
+ # fixed_fields = yes
+
+ # Force export of all trustchains we have a private key for.
+ # force = yes
+
+ # strftime(3) format string to export expiration dates as.
+ # format = %d:%m:%Y
+
+ # strftime(3) format string for the CSV file name to export local
+ # certificates to.
+ # local =
+
+ # strftime(3) format string for the CSV file name to export remote
+ # certificates to.
+ # remote =
+
+ # CSV field separator.
+ # separator = ,
+
+ }
+
+}
+
diff --git a/conf/plugins/certexpire.opt b/conf/plugins/certexpire.opt
new file mode 100644
index 0000000..7c16538
--- /dev/null
+++ b/conf/plugins/certexpire.opt
@@ -0,0 +1,25 @@
+charon.plugins.certexpire.csv.cron
+ Cron style string specifying CSV export times.
+
+charon.plugins.certexpire.csv.empty_string =
+ String to use in empty intermediate CA fields.
+
+charon.plugins.certexpire.csv.fixed_fields = yes
+ Use a fixed intermediate CA field count.
+
+charon.plugins.certexpire.csv.force = yes
+ Force export of all trustchains we have a private key for.
+
+charon.plugins.certexpire.csv.format = %d:%m:%Y
+ **strftime**(3) format string to export expiration dates as.
+
+charon.plugins.certexpire.csv.local
+ **strftime**(3) format string for the CSV file name to export local
+ certificates to.
+
+charon.plugins.certexpire.csv.remote
+ **strftime**(3) format string for the CSV file name to export remote
+ certificates to.
+
+charon.plugins.certexpire.csv.separator = ,
+ CSV field separator.
diff --git a/conf/plugins/coupling.conf b/conf/plugins/coupling.conf
new file mode 100644
index 0000000..a5c3d78
--- /dev/null
+++ b/conf/plugins/coupling.conf
@@ -0,0 +1,17 @@
+coupling {
+
+ # File to store coupling list to.
+ # file =
+
+ # Hashing algorithm to fingerprint coupled certificates.
+ # hash = sha1
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of coupling entries to create.
+ # max = 1
+
+}
+
diff --git a/conf/plugins/coupling.opt b/conf/plugins/coupling.opt
new file mode 100644
index 0000000..179579d
--- /dev/null
+++ b/conf/plugins/coupling.opt
@@ -0,0 +1,8 @@
+charon.plugins.coupling.file
+ File to store coupling list to.
+
+charon.plugins.coupling.hash = sha1
+ Hashing algorithm to fingerprint coupled certificates.
+
+charon.plugins.coupling.max = 1
+ Maximum number of coupling entries to create.
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf
new file mode 100644
index 0000000..b0e8c84
--- /dev/null
+++ b/conf/plugins/dhcp.conf
@@ -0,0 +1,20 @@
+dhcp {
+
+ # Always use the configured server address.
+ # force_server_address = no
+
+ # Derive user-defined MAC address from hash of IKE identity.
+ # identity_lease = no
+
+ # Interface name the plugin uses for address allocation.
+ # interface =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # DHCP server unicast or broadcast IP address.
+ # server = 255.255.255.255
+
+}
+
diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt
new file mode 100644
index 0000000..9c7b860
--- /dev/null
+++ b/conf/plugins/dhcp.opt
@@ -0,0 +1,22 @@
+charon.plugins.dhcp.force_server_address = no
+ Always use the configured server address.
+
+ Always use the configured server address. This might be helpful if the DHCP
+ server runs on the same host as strongSwan, and the DHCP daemon does not
+ listen on the loopback interface. In that case the server cannot be reached
+ via unicast (or even 255.255.255.255) as that would be routed via loopback.
+ Setting this option to yes and configuring the local broadcast address (e.g.
+ 192.168.0.255) as server address might work.
+
+charon.plugins.dhcp.identity_lease = no
+ Derive user-defined MAC address from hash of IKE identity.
+
+charon.plugins.dhcp.server = 255.255.255.255
+ DHCP server unicast or broadcast IP address.
+
+charon.plugins.dhcp.interface
+ Interface name the plugin uses for address allocation.
+
+ Interface name the plugin uses for address allocation. The default is to
+ bind to any (0.0.0.0) and let the system decide which way to route the
+ packets to the DHCP server.
diff --git a/conf/plugins/dnscert.conf b/conf/plugins/dnscert.conf
new file mode 100644
index 0000000..c29b6ed
--- /dev/null
+++ b/conf/plugins/dnscert.conf
@@ -0,0 +1,11 @@
+dnscert {
+
+ # Enable fetching of CERT RRs via DNS.
+ # enable = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/dnscert.opt b/conf/plugins/dnscert.opt
new file mode 100644
index 0000000..fd5a8d8
--- /dev/null
+++ b/conf/plugins/dnscert.opt
@@ -0,0 +1,2 @@
+charon.plugins.dnscert.enable = no
+ Enable fetching of CERT RRs via DNS.
diff --git a/conf/plugins/duplicheck.conf b/conf/plugins/duplicheck.conf
new file mode 100644
index 0000000..212fe40
--- /dev/null
+++ b/conf/plugins/duplicheck.conf
@@ -0,0 +1,14 @@
+duplicheck {
+
+ # Enable duplicheck plugin (if loaded).
+ # enable = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Socket provided by the duplicheck plugin.
+ # socket = unix://${piddir}/charon.dck
+
+}
+
diff --git a/conf/plugins/duplicheck.opt b/conf/plugins/duplicheck.opt
new file mode 100644
index 0000000..ff54fe3
--- /dev/null
+++ b/conf/plugins/duplicheck.opt
@@ -0,0 +1,5 @@
+charon.plugins.duplicheck.enable = yes
+ Enable duplicheck plugin (if loaded).
+
+charon.plugins.duplicheck.socket = unix://${piddir}/charon.dck
+ Socket provided by the duplicheck plugin.
diff --git a/conf/plugins/eap-aka-3ggp2.conf b/conf/plugins/eap-aka-3ggp2.conf
new file mode 100644
index 0000000..c52c996
--- /dev/null
+++ b/conf/plugins/eap-aka-3ggp2.conf
@@ -0,0 +1,10 @@
+eap-aka-3ggp2 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # seq_check =
+
+}
+
diff --git a/conf/plugins/eap-aka-3ggp2.opt b/conf/plugins/eap-aka-3ggp2.opt
new file mode 100644
index 0000000..9e2a42b
--- /dev/null
+++ b/conf/plugins/eap-aka-3ggp2.opt
@@ -0,0 +1 @@
+charon.plugins.eap-aka-3ggp2.seq_check =
diff --git a/conf/plugins/eap-aka.conf b/conf/plugins/eap-aka.conf
new file mode 100644
index 0000000..278f1d6
--- /dev/null
+++ b/conf/plugins/eap-aka.conf
@@ -0,0 +1,10 @@
+eap-aka {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # request_identity = yes
+
+}
+
diff --git a/conf/plugins/eap-aka.opt b/conf/plugins/eap-aka.opt
new file mode 100644
index 0000000..e8d166d
--- /dev/null
+++ b/conf/plugins/eap-aka.opt
@@ -0,0 +1 @@
+charon.plugins.eap-aka.request_identity = yes
diff --git a/conf/plugins/eap-dynamic.conf b/conf/plugins/eap-dynamic.conf
new file mode 100644
index 0000000..7b738b1
--- /dev/null
+++ b/conf/plugins/eap-dynamic.conf
@@ -0,0 +1,14 @@
+eap-dynamic {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Prefer peer's proposed EAP methods.
+ # prefer_user = no
+
+ # The preferred EAP method(s) to be used.
+ # preferred =
+
+}
+
diff --git a/conf/plugins/eap-dynamic.opt b/conf/plugins/eap-dynamic.opt
new file mode 100644
index 0000000..2d50a0a
--- /dev/null
+++ b/conf/plugins/eap-dynamic.opt
@@ -0,0 +1,13 @@
+charon.plugins.eap-dynamic.preferred =
+ The preferred EAP method(s) to be used.
+
+ The preferred EAP method(s) to be used. If it is not given the first
+ registered method will be used initially. If a comma separated list is
+ given the methods are tried in the given order before trying the rest of
+ the registered methods.
+
+charon.plugins.eap-dynamic.prefer_user = no
+ Prefer peer's proposed EAP methods.
+
+ If enabled the EAP methods proposed in an EAP-Nak message sent by the peer
+ are preferred over the methods registered locally.
diff --git a/conf/plugins/eap-gtc.conf b/conf/plugins/eap-gtc.conf
new file mode 100644
index 0000000..4760f3f
--- /dev/null
+++ b/conf/plugins/eap-gtc.conf
@@ -0,0 +1,11 @@
+eap-gtc {
+
+ # XAuth backend to be used for credential verification.
+ # backend = pam
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/eap-gtc.opt b/conf/plugins/eap-gtc.opt
new file mode 100644
index 0000000..3fe8b7d
--- /dev/null
+++ b/conf/plugins/eap-gtc.opt
@@ -0,0 +1,2 @@
+charon.plugins.eap-gtc.backend = pam
+ XAuth backend to be used for credential verification.
diff --git a/conf/plugins/eap-peap.conf b/conf/plugins/eap-peap.conf
new file mode 100644
index 0000000..600e164
--- /dev/null
+++ b/conf/plugins/eap-peap.conf
@@ -0,0 +1,30 @@
+eap-peap {
+
+ # Maximum size of an EAP-PEAP packet.
+ # fragment_size = 1024
+
+ # Include length in non-fragmented EAP-PEAP packets.
+ # include_length = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of processed EAP-PEAP packets (0 = no limit).
+ # max_message_count = 32
+
+ # Phase2 EAP client authentication method.
+ # phase2_method = mschapv2
+
+ # Phase2 EAP Identity request piggybacked by server onto TLS Finished
+ # message.
+ # phase2_piggyback = no
+
+ # Start phase2 EAP TNC protocol after successful client authentication.
+ # phase2_tnc = no
+
+ # Request peer authentication based on a client certificate.
+ # request_peer_auth = no
+
+}
+
diff --git a/conf/plugins/eap-peap.opt b/conf/plugins/eap-peap.opt
new file mode 100644
index 0000000..6fe8860
--- /dev/null
+++ b/conf/plugins/eap-peap.opt
@@ -0,0 +1,20 @@
+charon.plugins.eap-peap.fragment_size = 1024
+ Maximum size of an EAP-PEAP packet.
+
+charon.plugins.eap-peap.max_message_count = 32
+ Maximum number of processed EAP-PEAP packets (0 = no limit).
+
+charon.plugins.eap-peap.include_length = no
+ Include length in non-fragmented EAP-PEAP packets.
+
+charon.plugins.eap-peap.phase2_method = mschapv2
+ Phase2 EAP client authentication method.
+
+charon.plugins.eap-peap.phase2_piggyback = no
+ Phase2 EAP Identity request piggybacked by server onto TLS Finished message.
+
+charon.plugins.eap-peap.phase2_tnc = no
+ Start phase2 EAP TNC protocol after successful client authentication.
+
+charon.plugins.eap-peap.request_peer_auth = no
+ Request peer authentication based on a client certificate.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
new file mode 100644
index 0000000..53023b8
--- /dev/null
+++ b/conf/plugins/eap-radius.conf
@@ -0,0 +1,86 @@
+eap-radius {
+
+ # Send RADIUS accounting information to RADIUS servers.
+ # accounting = no
+
+ # If enabled, accounting is disabled unless an IKE_SA has at least one
+ # virtual IP.
+ # accounting_requires_vip = no
+
+ # Use class attributes in RADIUS-Accept messages as group membership
+ # information.
+ # class_group = no
+
+ # Closes all IKE_SAs if communication with the RADIUS server times out. If
+ # it is not set only the current IKE_SA is closed.
+ # close_all_on_timeout = no
+
+ # Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
+ # eap_start = no
+
+ # Use filter_id attribute as group membership information.
+ # filter_id = no
+
+ # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
+ # EAP method.
+ # id_prefix =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # NAS-Identifier to include in RADIUS messages.
+ # nas_identifier = strongSwan
+
+ # Port of RADIUS server (authentication).
+ # port = 1812
+
+ # Shared secret between RADIUS and NAS. If set, make sure to adjust the
+ # permissions of the config file accordingly.
+ # secret =
+
+ # IP/Hostname of RADIUS server.
+ # server =
+
+ # Number of sockets (ports) to use, increase for high load.
+ # sockets = 1
+
+ dae {
+
+ # Enables support for the Dynamic Authorization Extension (RFC 5176).
+ # enable = no
+
+ # Address to listen for DAE messages from the RADIUS server.
+ # listen = 0.0.0.0
+
+ # Port to listen for DAE requests.
+ # port = 3799
+
+ # Shared secret used to verify/sign DAE messages. If set, make sure to
+ # adjust the permissions of the config file accordingly.
+ # secret =
+
+ }
+
+ forward {
+
+ # RADIUS attributes to be forwarded from IKEv2 to RADIUS.
+ # ike_to_radius =
+
+ # Same as ike_to_radius but from RADIUS to IKEv2.
+ # radius_to_ike =
+
+ }
+
+ # Section to specify multiple RADIUS servers.
+ servers {
+
+ }
+
+ # Section to configure multiple XAuth authentication rounds via RADIUS.
+ xauth {
+
+ }
+
+}
+
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
new file mode 100644
index 0000000..0edd345
--- /dev/null
+++ b/conf/plugins/eap-radius.opt
@@ -0,0 +1,105 @@
+charon.plugins.eap-radius.accounting = no
+ Send RADIUS accounting information to RADIUS servers.
+
+charon.plugins.eap-radius.accounting_requires_vip = no
+ If enabled, accounting is disabled unless an IKE_SA has at least one
+ virtual IP.
+
+charon.plugins.eap-radius.class_group = no
+ Use class attributes in RADIUS-Accept messages as group membership
+ information.
+
+ Use the _class_ attribute sent in the RADIUS-Accept message as group
+ membership information that is compared to the groups specified in the
+ **rightgroups** option in **ipsec.conf**(5).
+
+charon.plugins.eap-radius.close_all_on_timeout = no
+ Closes all IKE_SAs if communication with the RADIUS server times out. If it
+ is not set only the current IKE_SA is closed.
+
+charon.plugins.eap-radius.dae.enable = no
+ Enables support for the Dynamic Authorization Extension (RFC 5176).
+
+charon.plugins.eap-radius.dae.listen = 0.0.0.0
+ Address to listen for DAE messages from the RADIUS server.
+
+charon.plugins.eap-radius.dae.port = 3799
+ Port to listen for DAE requests.
+
+charon.plugins.eap-radius.dae.secret
+ Shared secret used to verify/sign DAE messages. If set, make sure to adjust
+ the permissions of the config file accordingly.
+
+charon.plugins.eap-radius.eap_start = no
+ Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
+
+charon.plugins.eap-radius.filter_id = no
+ Use filter_id attribute as group membership information.
+
+ If the RADIUS _tunnel_type_ attribute with value **ESP** is received, use
+ the _filter_id_ attribute sent in the RADIUS-Accept message as group
+ membership information that is compared to the groups specified in the
+ **rightgroups** option in **ipsec.conf**(5).
+
+charon.plugins.eap-radius.forward.ike_to_radius
+ RADIUS attributes to be forwarded from IKEv2 to RADIUS.
+
+ RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by
+ name or attribute number, a colon can be used to specify vendor-specific
+ attributes, e.g. Reply-Message, or 11, or 36906:12).
+
+charon.plugins.eap-radius.forward.radius_to_ike =
+ Same as ike_to_radius but from RADIUS to IKEv2.
+
+ Same as _charon.plugins.eap-radius.forward.ike_to_radius_ but from RADIUS to
+ IKEv2, a strongSwan specific private notify (40969) is used to transmit the
+ attributes.
+
+charon.plugins.eap-radius.id_prefix
+ Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
+ EAP method.
+
+charon.plugins.eap-radius.nas_identifier = strongSwan
+ NAS-Identifier to include in RADIUS messages.
+
+charon.plugins.eap-radius.port = 1812
+ Port of RADIUS server (authentication).
+
+charon.plugins.eap-radius.secret =
+ Shared secret between RADIUS and NAS. If set, make sure to adjust the
+ permissions of the config file accordingly.
+
+charon.plugins.eap-radius.server =
+ IP/Hostname of RADIUS server.
+
+charon.plugins.eap-radius.servers {}
+ Section to specify multiple RADIUS servers.
+
+ Section to specify multiple RADIUS servers. The **nas_identifier**,
+ **secret**, **sockets** and **port** (or **auth_port**) options can be
+ specified for each server. A server's IP/Hostname can be configured using
+ the **address** option. The **acct_port** [1813] option can be used to
+ specify the port used for RADIUS accounting. For each RADIUS server a
+ priority can be specified using the **preference** [0] option.
+
+charon.plugins.eap-radius.sockets = 1
+ Number of sockets (ports) to use, increase for high load.
+
+charon.plugins.eap-radius.xauth {}
+ Section to configure multiple XAuth authentication rounds via RADIUS.
+
+ Section to configure multiple XAuth authentication rounds via RADIUS.
+ The subsections define so called authentication profiles with arbitrary
+ names. In each profile section one or more XAuth types can be configured,
+ with an assigned message. For each type a separate XAuth exchange will be
+ initiated and all replies get concatenated into the User-Password attribute,
+ which then gets verified over RADIUS.
+
+ Available XAuth types are **password**, **passcode**, **nextpin**, and
+ **answer**. This type is not relevant to strongSwan or the AAA server, but
+ the client may show a different dialog (along with the configured message).
+
+ To use the configured profiles, they have to be configured in the respective
+ connection in **ipsec.conf**(5) by appending the profile name, separated by
+ a colon, to the **xauth-radius** XAauth backend configuration in _rightauth_
+ or _rightauth2_, for instance, _rightauth2=xauth-radius:profile_.
diff --git a/conf/plugins/eap-sim.conf b/conf/plugins/eap-sim.conf
new file mode 100644
index 0000000..96ec2e0
--- /dev/null
+++ b/conf/plugins/eap-sim.conf
@@ -0,0 +1,10 @@
+eap-sim {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # request_identity = yes
+
+}
+
diff --git a/conf/plugins/eap-sim.opt b/conf/plugins/eap-sim.opt
new file mode 100644
index 0000000..052454c
--- /dev/null
+++ b/conf/plugins/eap-sim.opt
@@ -0,0 +1 @@
+charon.plugins.eap-sim.request_identity = yes
diff --git a/conf/plugins/eap-simaka-sql.conf b/conf/plugins/eap-simaka-sql.conf
new file mode 100644
index 0000000..1574a5a
--- /dev/null
+++ b/conf/plugins/eap-simaka-sql.conf
@@ -0,0 +1,12 @@
+eap-simaka-sql {
+
+ # database =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # remove_used = no
+
+}
+
diff --git a/conf/plugins/eap-simaka-sql.opt b/conf/plugins/eap-simaka-sql.opt
new file mode 100644
index 0000000..6b87a7e
--- /dev/null
+++ b/conf/plugins/eap-simaka-sql.opt
@@ -0,0 +1,3 @@
+charon.plugins.eap-simaka-sql.database =
+
+charon.plugins.eap-simaka-sql.remove_used = no
diff --git a/conf/plugins/eap-tls.conf b/conf/plugins/eap-tls.conf
new file mode 100644
index 0000000..e3ce7de
--- /dev/null
+++ b/conf/plugins/eap-tls.conf
@@ -0,0 +1,17 @@
+eap-tls {
+
+ # Maximum size of an EAP-TLS packet.
+ # fragment_size = 1024
+
+ # Include length in non-fragmented EAP-TLS packets.
+ # include_length = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of processed EAP-TLS packets (0 = no limit).
+ # max_message_count = 32
+
+}
+
diff --git a/conf/plugins/eap-tls.opt b/conf/plugins/eap-tls.opt
new file mode 100644
index 0000000..e7b9652
--- /dev/null
+++ b/conf/plugins/eap-tls.opt
@@ -0,0 +1,8 @@
+charon.plugins.eap-tls.fragment_size = 1024
+ Maximum size of an EAP-TLS packet.
+
+charon.plugins.eap-tls.max_message_count = 32
+ Maximum number of processed EAP-TLS packets (0 = no limit).
+
+charon.plugins.eap-tls.include_length = yes
+ Include length in non-fragmented EAP-TLS packets.
diff --git a/conf/plugins/eap-tnc.conf b/conf/plugins/eap-tnc.conf
new file mode 100644
index 0000000..aca72f1
--- /dev/null
+++ b/conf/plugins/eap-tnc.conf
@@ -0,0 +1,15 @@
+eap-tnc {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of processed EAP-TNC packets (0 = no limit).
+ # max_message_count = 10
+
+ # IF-TNCCS protocol version to be used (tnccs-1.1, tnccs-2.0,
+ # tnccs-dynamic).
+ # protocol = tnccs-1.1
+
+}
+
diff --git a/conf/plugins/eap-tnc.opt b/conf/plugins/eap-tnc.opt
new file mode 100644
index 0000000..8e060ce
--- /dev/null
+++ b/conf/plugins/eap-tnc.opt
@@ -0,0 +1,6 @@
+charon.plugins.eap-tnc.max_message_count = 10
+ Maximum number of processed EAP-TNC packets (0 = no limit).
+
+charon.plugins.eap-tnc.protocol = tnccs-1.1
+ IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
+ _tnccs-dynamic_).
diff --git a/conf/plugins/eap-ttls.conf b/conf/plugins/eap-ttls.conf
new file mode 100644
index 0000000..5229625
--- /dev/null
+++ b/conf/plugins/eap-ttls.conf
@@ -0,0 +1,30 @@
+eap-ttls {
+
+ # Maximum size of an EAP-TTLS packet.
+ # fragment_size = 1024
+
+ # Include length in non-fragmented EAP-TTLS packets.
+ # include_length = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of processed EAP-TTLS packets (0 = no limit).
+ # max_message_count = 32
+
+ # Phase2 EAP client authentication method.
+ # phase2_method = md5
+
+ # Phase2 EAP Identity request piggybacked by server onto TLS Finished
+ # message.
+ # phase2_piggyback = no
+
+ # Start phase2 EAP TNC protocol after successful client authentication.
+ # phase2_tnc = no
+
+ # Request peer authentication based on a client certificate.
+ # request_peer_auth = no
+
+}
+
diff --git a/conf/plugins/eap-ttls.opt b/conf/plugins/eap-ttls.opt
new file mode 100644
index 0000000..21a6cb6
--- /dev/null
+++ b/conf/plugins/eap-ttls.opt
@@ -0,0 +1,20 @@
+charon.plugins.eap-ttls.fragment_size = 1024
+ Maximum size of an EAP-TTLS packet.
+
+charon.plugins.eap-ttls.max_message_count = 32
+ Maximum number of processed EAP-TTLS packets (0 = no limit).
+
+charon.plugins.eap-ttls.include_length = yes
+ Include length in non-fragmented EAP-TTLS packets.
+
+charon.plugins.eap-ttls.phase2_method = md5
+ Phase2 EAP client authentication method.
+
+charon.plugins.eap-ttls.phase2_piggyback = no
+ Phase2 EAP Identity request piggybacked by server onto TLS Finished message.
+
+charon.plugins.eap-ttls.phase2_tnc = no
+ Start phase2 EAP TNC protocol after successful client authentication.
+
+charon.plugins.eap-ttls.request_peer_auth = no
+ Request peer authentication based on a client certificate.
diff --git a/conf/plugins/error-notify.conf b/conf/plugins/error-notify.conf
new file mode 100644
index 0000000..5915a09
--- /dev/null
+++ b/conf/plugins/error-notify.conf
@@ -0,0 +1,11 @@
+error-notify {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Socket provided by the error-notify plugin.
+ # socket = unix://${piddir}/charon.enfy
+
+}
+
diff --git a/conf/plugins/error-notify.opt b/conf/plugins/error-notify.opt
new file mode 100644
index 0000000..44ea055
--- /dev/null
+++ b/conf/plugins/error-notify.opt
@@ -0,0 +1,2 @@
+charon.plugins.error-notify.socket = unix://${piddir}/charon.enfy
+ Socket provided by the error-notify plugin.
diff --git a/conf/plugins/gcrypt.conf b/conf/plugins/gcrypt.conf
new file mode 100644
index 0000000..fce2c7a
--- /dev/null
+++ b/conf/plugins/gcrypt.conf
@@ -0,0 +1,11 @@
+gcrypt {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Use faster random numbers in gcrypt; for testing only, produces weak keys!
+ # quick_random = no
+
+}
+
diff --git a/conf/plugins/gcrypt.opt b/conf/plugins/gcrypt.opt
new file mode 100644
index 0000000..c6b0505
--- /dev/null
+++ b/conf/plugins/gcrypt.opt
@@ -0,0 +1,2 @@
+charon.plugins.gcrypt.quick_random = no
+ Use faster random numbers in gcrypt; for testing only, produces weak keys!
diff --git a/conf/plugins/ha.conf b/conf/plugins/ha.conf
new file mode 100644
index 0000000..e8b2fa4
--- /dev/null
+++ b/conf/plugins/ha.conf
@@ -0,0 +1,32 @@
+ha {
+
+ # Interval in seconds to automatically balance handled segments between
+ # nodes. Set to 0 to disable.
+ # autobalance = 0
+
+ # fifo_interface = yes
+
+ # heartbeat_delay = 1000
+
+ # heartbeat_timeout = 2100
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # local =
+
+ # monitor = yes
+
+ # pools =
+
+ # remote =
+
+ # resync = yes
+
+ # secret =
+
+ # segment_count = 1
+
+}
+
diff --git a/conf/plugins/ha.opt b/conf/plugins/ha.opt
new file mode 100644
index 0000000..77d5b78
--- /dev/null
+++ b/conf/plugins/ha.opt
@@ -0,0 +1,23 @@
+charon.plugins.ha.autobalance = 0
+ Interval in seconds to automatically balance handled segments between nodes.
+ Set to 0 to disable.
+
+charon.plugins.ha.fifo_interface = yes
+
+charon.plugins.ha.heartbeat_delay = 1000
+
+charon.plugins.ha.heartbeat_timeout = 2100
+
+charon.plugins.ha.local =
+
+charon.plugins.ha.monitor = yes
+
+charon.plugins.ha.pools =
+
+charon.plugins.ha.remote =
+
+charon.plugins.ha.resync = yes
+
+charon.plugins.ha.secret =
+
+charon.plugins.ha.segment_count = 1
diff --git a/conf/plugins/imc-attestation.conf b/conf/plugins/imc-attestation.conf
new file mode 100644
index 0000000..ffb1b45
--- /dev/null
+++ b/conf/plugins/imc-attestation.conf
@@ -0,0 +1,26 @@
+imc-attestation {
+
+ # AIK encrypted private key blob file.
+ # aik_blob =
+
+ # AIK certificate file.
+ # aik_cert =
+
+ # AIK public key file.
+ # aik_key =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # DH nonce length.
+ # nonce_len = 20
+
+ # Whether to send pcr_before and pcr_after info.
+ # pcr_info = yes
+
+ # Use Quote2 AIK signature instead of Quote signature.
+ # use_quote2 = yes
+
+}
+
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
new file mode 100644
index 0000000..9c10805
--- /dev/null
+++ b/conf/plugins/imc-attestation.opt
@@ -0,0 +1,17 @@
+charon.plugins.imc-attestation.aik_blob =
+ AIK encrypted private key blob file.
+
+charon.plugins.imc-attestation.aik_cert =
+ AIK certificate file.
+
+charon.plugins.imc-attestation.aik_key =
+ AIK public key file.
+
+charon.plugins.imc-attestation.nonce_len = 20
+ DH nonce length.
+
+charon.plugins.imc-attestation.use_quote2 = yes
+ Use Quote2 AIK signature instead of Quote signature.
+
+charon.plugins.imc-attestation.pcr_info = yes
+ Whether to send pcr_before and pcr_after info.
\ No newline at end of file
diff --git a/conf/plugins/imc-os.conf b/conf/plugins/imc-os.conf
new file mode 100644
index 0000000..1d245d3
--- /dev/null
+++ b/conf/plugins/imc-os.conf
@@ -0,0 +1,11 @@
+imc-os {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Send operating system info without being prompted.
+ # push_info = yes
+
+}
+
diff --git a/conf/plugins/imc-os.opt b/conf/plugins/imc-os.opt
new file mode 100644
index 0000000..2a6333f
--- /dev/null
+++ b/conf/plugins/imc-os.opt
@@ -0,0 +1,2 @@
+charon.plugins.imc-os.push_info = yes
+ Send operating system info without being prompted.
diff --git a/conf/plugins/imc-scanner.conf b/conf/plugins/imc-scanner.conf
new file mode 100644
index 0000000..7f2f531
--- /dev/null
+++ b/conf/plugins/imc-scanner.conf
@@ -0,0 +1,11 @@
+imc-scanner {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Send open listening ports without being prompted.
+ # push_info = yes
+
+}
+
diff --git a/conf/plugins/imc-scanner.opt b/conf/plugins/imc-scanner.opt
new file mode 100644
index 0000000..84e6dfa
--- /dev/null
+++ b/conf/plugins/imc-scanner.opt
@@ -0,0 +1,2 @@
+charon.plugins.imc-scanner.push_info = yes
+ Send open listening ports without being prompted.
diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf
new file mode 100644
index 0000000..8b33171
--- /dev/null
+++ b/conf/plugins/imc-swid.conf
@@ -0,0 +1,11 @@
+imc-swid {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Directory where SWID tags are located.
+ # swid_directory = ${prefix}/share
+
+}
+
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
new file mode 100644
index 0000000..67f7c79
--- /dev/null
+++ b/conf/plugins/imc-swid.opt
@@ -0,0 +1,2 @@
+charon.plugins.imc-swid.swid_directory = ${prefix}/share
+ Directory where SWID tags are located.
diff --git a/conf/plugins/imc-test.conf b/conf/plugins/imc-test.conf
new file mode 100644
index 0000000..0d66e3d
--- /dev/null
+++ b/conf/plugins/imc-test.conf
@@ -0,0 +1,23 @@
+imc-test {
+
+ # Number of additional IMC IDs.
+ # additional_ids = 0
+
+ # Command to be sent to the Test IMV.
+ # command = none
+
+ # Size of dummy attribute to be sent to the Test IMV (0 = disabled).
+ # dummy_size = 0
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Do a handshake retry.
+ # retry = no
+
+ # Command to be sent to the Test IMV in the handshake retry.
+ # retry_command =
+
+}
+
diff --git a/conf/plugins/imc-test.opt b/conf/plugins/imc-test.opt
new file mode 100644
index 0000000..c3169b5
--- /dev/null
+++ b/conf/plugins/imc-test.opt
@@ -0,0 +1,14 @@
+charon.plugins.imc-test.additional_ids = 0
+ Number of additional IMC IDs.
+
+charon.plugins.imc-test.command = none
+ Command to be sent to the Test IMV.
+
+charon.plugins.imc-test.dummy_size = 0
+ Size of dummy attribute to be sent to the Test IMV (0 = disabled).
+
+charon.plugins.imc-test.retry = no
+ Do a handshake retry.
+
+charon.plugins.imc-test.retry_command =
+ Command to be sent to the Test IMV in the handshake retry.
diff --git a/conf/plugins/imv-attestation.conf b/conf/plugins/imv-attestation.conf
new file mode 100644
index 0000000..48ffba8
--- /dev/null
+++ b/conf/plugins/imv-attestation.conf
@@ -0,0 +1,42 @@
+imc-attestation {
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr17_after =
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr17_before =
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr17_meas =
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr18_after =
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr18_before =
+
+ # Dummy data if the TBOOT log is not retrieved.
+ # pcr18_meas =
+
+}
+
+imv-attestation {
+
+ # Path to directory with AIK cacerts.
+ # cadir =
+
+ # Preferred Diffie-Hellman group.
+ # dh_group = ecp256
+
+ # Preferred measurement hash algorithm.
+ # hash_algorithm = sha256
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # DH minimum nonce length.
+ # min_nonce_len = 0
+
+}
+
diff --git a/conf/plugins/imv-attestation.opt b/conf/plugins/imv-attestation.opt
new file mode 100644
index 0000000..c0ae204
--- /dev/null
+++ b/conf/plugins/imv-attestation.opt
@@ -0,0 +1,29 @@
+charon.plugins.imv-attestation.cadir =
+ Path to directory with AIK cacerts.
+
+charon.plugins.imv-attestation.dh_group = ecp256
+ Preferred Diffie-Hellman group.
+
+charon.plugins.imv-attestation.hash_algorithm = sha256
+ Preferred measurement hash algorithm.
+
+charon.plugins.imv-attestation.min_nonce_len = 0
+ DH minimum nonce length.
+
+charon.plugins.imc-attestation.pcr17_after
+ Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr17_before
+ Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr17_meas
+ Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_after
+ Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_before
+ Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_meas
+ Dummy data if the TBOOT log is not retrieved.
diff --git a/conf/plugins/imv-os.conf b/conf/plugins/imv-os.conf
new file mode 100644
index 0000000..8f0da37
--- /dev/null
+++ b/conf/plugins/imv-os.conf
@@ -0,0 +1,11 @@
+imv-os {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # URI pointing to operating system remediation instructions.
+ # remediation_uri =
+
+}
+
diff --git a/conf/plugins/imv-os.opt b/conf/plugins/imv-os.opt
new file mode 100644
index 0000000..eab9262
--- /dev/null
+++ b/conf/plugins/imv-os.opt
@@ -0,0 +1,2 @@
+charon.plugins.imv-os.remediation_uri =
+ URI pointing to operating system remediation instructions.
diff --git a/conf/plugins/imv-scanner.conf b/conf/plugins/imv-scanner.conf
new file mode 100644
index 0000000..25719d0
--- /dev/null
+++ b/conf/plugins/imv-scanner.conf
@@ -0,0 +1,11 @@
+imv-scanner {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # URI pointing to scanner remediation instructions.
+ # remediation_uri =
+
+}
+
diff --git a/conf/plugins/imv-scanner.opt b/conf/plugins/imv-scanner.opt
new file mode 100644
index 0000000..7af8749
--- /dev/null
+++ b/conf/plugins/imv-scanner.opt
@@ -0,0 +1,2 @@
+charon.plugins.imv-scanner.remediation_uri =
+ URI pointing to scanner remediation instructions.
diff --git a/conf/plugins/imv-test.conf b/conf/plugins/imv-test.conf
new file mode 100644
index 0000000..9bd2487
--- /dev/null
+++ b/conf/plugins/imv-test.conf
@@ -0,0 +1,11 @@
+imv-test {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Number of IMC-IMV retry rounds.
+ # rounds = 0
+
+}
+
diff --git a/conf/plugins/imv-test.opt b/conf/plugins/imv-test.opt
new file mode 100644
index 0000000..2cbddc8
--- /dev/null
+++ b/conf/plugins/imv-test.opt
@@ -0,0 +1,2 @@
+charon.plugins.imv-test.rounds = 0
+ Number of IMC-IMV retry rounds.
diff --git a/conf/plugins/ipseckey.conf b/conf/plugins/ipseckey.conf
new file mode 100644
index 0000000..f2e5e58
--- /dev/null
+++ b/conf/plugins/ipseckey.conf
@@ -0,0 +1,11 @@
+ipseckey {
+
+ # Enable fetching of IPSECKEY RRs via DNS.
+ # enable = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/ipseckey.opt b/conf/plugins/ipseckey.opt
new file mode 100644
index 0000000..d4cff26
--- /dev/null
+++ b/conf/plugins/ipseckey.opt
@@ -0,0 +1,2 @@
+charon.plugins.ipseckey.enable = no
+ Enable fetching of IPSECKEY RRs via DNS.
diff --git a/conf/plugins/kernel-klips.conf b/conf/plugins/kernel-klips.conf
new file mode 100644
index 0000000..10ca308
--- /dev/null
+++ b/conf/plugins/kernel-klips.conf
@@ -0,0 +1,14 @@
+kernel-klips {
+
+ # Number of ipsecN devices.
+ # ipsec_dev_count = 4
+
+ # Set MTU of ipsecN device.
+ # ipsec_dev_mtu = 0
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/kernel-klips.opt b/conf/plugins/kernel-klips.opt
new file mode 100644
index 0000000..ad9806e
--- /dev/null
+++ b/conf/plugins/kernel-klips.opt
@@ -0,0 +1,5 @@
+charon.plugins.kernel-klips.ipsec_dev_count = 4
+ Number of ipsecN devices.
+
+charon.plugins.kernel-klips.ipsec_dev_mtu = 0
+ Set MTU of ipsecN device.
diff --git a/conf/plugins/kernel-libipsec.conf b/conf/plugins/kernel-libipsec.conf
new file mode 100644
index 0000000..3411be2
--- /dev/null
+++ b/conf/plugins/kernel-libipsec.conf
@@ -0,0 +1,11 @@
+kernel-libipsec {
+
+ # Allow that the remote traffic selector equals the IKE peer.
+ # allow_peer_ts = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/kernel-libipsec.opt b/conf/plugins/kernel-libipsec.opt
new file mode 100644
index 0000000..e76db63
--- /dev/null
+++ b/conf/plugins/kernel-libipsec.opt
@@ -0,0 +1,7 @@
+charon.plugins.kernel-libipsec.allow_peer_ts = no
+ Allow that the remote traffic selector equals the IKE peer.
+
+ Allow that the remote traffic selector equals the IKE peer. The route
+ installed for such traffic (via TUN device) usually prevents further IKE
+ traffic. The fwmark options for the _kernel-netlink_ and _socket-default_
+ plugins can be used to circumvent that problem.
diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf
new file mode 100644
index 0000000..6707469
--- /dev/null
+++ b/conf/plugins/kernel-netlink.conf
@@ -0,0 +1,19 @@
+kernel-netlink {
+
+ # Firewall mark to set on the routing rule that directs traffic to our
+ # routing table.
+ # fwmark =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Whether to trigger roam events when interfaces, addresses or routes
+ # change.
+ # roam_events = yes
+
+ # Lifetime of XFRM acquire state in kernel.
+ # xfrm_acq_expires = 165
+
+}
+
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
new file mode 100644
index 0000000..a8e421b
--- /dev/null
+++ b/conf/plugins/kernel-netlink.opt
@@ -0,0 +1,18 @@
+charon.plugins.kernel-netlink.fwmark =
+ Firewall mark to set on the routing rule that directs traffic to our routing
+ table.
+
+ Firewall mark to set on the routing rule that directs traffic to our routing
+ table. The format is [!]mark[/mask], where the optional exclamation mark
+ inverts the meaning (i.e. the rule only applies to packets that don't match
+ the mark).
+
+charon.plugins.kernel-netlink.roam_events = yes
+ Whether to trigger roam events when interfaces, addresses or routes change.
+
+charon.plugins.kernel-netlink.xfrm_acq_expires = 165
+ Lifetime of XFRM acquire state in kernel.
+
+ Lifetime of XFRM acquire state in kernel. The value gets written to
+ /proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
+ acquire messages sent.
diff --git a/conf/plugins/kernel-pfroute.conf b/conf/plugins/kernel-pfroute.conf
new file mode 100644
index 0000000..9aa4dca
--- /dev/null
+++ b/conf/plugins/kernel-pfroute.conf
@@ -0,0 +1,12 @@
+kernel-pfroute {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Time in ms to wait until virtual IP addresses appear/disappear before
+ # failing.
+ # vip_wait = 1000
+
+}
+
diff --git a/conf/plugins/kernel-pfroute.opt b/conf/plugins/kernel-pfroute.opt
new file mode 100644
index 0000000..8b9bb91
--- /dev/null
+++ b/conf/plugins/kernel-pfroute.opt
@@ -0,0 +1,3 @@
+charon.plugins.kernel-pfroute.vip_wait = 1000
+ Time in ms to wait until virtual IP addresses appear/disappear before
+ failing.
diff --git a/conf/plugins/led.conf b/conf/plugins/led.conf
new file mode 100644
index 0000000..0f34adb
--- /dev/null
+++ b/conf/plugins/led.conf
@@ -0,0 +1,12 @@
+led {
+
+ # activity_led =
+
+ # blink_time = 50
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/led.opt b/conf/plugins/led.opt
new file mode 100644
index 0000000..9e2f1ac
--- /dev/null
+++ b/conf/plugins/led.opt
@@ -0,0 +1,3 @@
+charon.plugins.led.activity_led =
+
+charon.plugins.led.blink_time = 50
diff --git a/conf/plugins/load-tester.conf b/conf/plugins/load-tester.conf
new file mode 100644
index 0000000..e69c029
--- /dev/null
+++ b/conf/plugins/load-tester.conf
@@ -0,0 +1,138 @@
+# Section to configure the load-tester plugin, see LOAD TESTS in
+# strongswan.conf(5) for details.
+load-tester {
+
+ # Whether to keep dynamic addresses even after the associated SA got
+ # terminated.
+ # addrs_keep = no
+
+ # Network prefix length to use when installing dynamic addresses. If set to
+ # -1 the full address is used (i.e. 32 or 128).
+ # addrs_prefix = 16
+
+ # Directory to load (intermediate) CA certificates from.
+ # ca_dir =
+
+ # Seconds to start CHILD_SA rekeying after setup.
+ # child_rekey = 600
+
+ # Delay between initiatons for each thread.
+ # delay = 0
+
+ # Delete an IKE_SA as soon as it has been established.
+ # delete_after_established = no
+
+ # Digest algorithm used when issuing certificates.
+ # digest = sha1
+
+ # DPD delay to use in load test.
+ # dpd_delay = 0
+
+ # Base port to be used for requests (each client uses a different port).
+ # dynamic_port = 0
+
+ # EAP secret to use in load test.
+ # eap_password = default-pwd
+
+ # Enable the load testing plugin. WARNING: Never enable this plugin on
+ # productive systems. It provides preconfigured credentials and allows an
+ # attacker to authenticate as any user.
+ # enable = no
+
+ # CHILD_SA proposal to use for load tests.
+ # esp = aes128-sha1
+
+ # Fake the kernel interface to allow load-testing against self.
+ # fake_kernel = no
+
+ # Seconds to start IKE_SA rekeying after setup.
+ # ike_rekey = 0
+
+ # Global limit of concurrently established SAs during load test.
+ # init_limit = 0
+
+ # Address to initiate from.
+ # initiator = 0.0.0.0
+
+ # Authentication method(s) the intiator uses.
+ # initiator_auth = pubkey
+
+ # Initiator ID used in load test.
+ # initiator_id =
+
+ # Initiator ID to match against as responder.
+ # initiator_match =
+
+ # Traffic selector on initiator side, as proposed by initiator.
+ # initiator_tsi =
+
+ # Traffic selector on responder side, as proposed by initiator.
+ # initiator_tsr =
+
+ # Number of concurrent initiator threads to use in load test.
+ # initiators = 0
+
+ # Path to the issuer certificate (if not configured a hard-coded default
+ # value is used).
+ # issuer_cert =
+
+ # Path to private key that is used to issue certificates (if not configured
+ # a hard-coded default value is used).
+ # issuer_key =
+
+ # Number of IKE_SAs to initiate by each initiator in load test.
+ # iterations = 1
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # IPsec mode to use, one of tunnel, transport, or beet.
+ # mode = tunnel
+
+ # Provide INTERNAL_IPV4_ADDRs from a named pool.
+ # pool =
+
+ # Preshared key to use in load test.
+ # preshared_key = <default-psk>
+
+ # IKE proposal to use in load test.
+ # proposal = aes128-sha1-modp768
+
+ # Request an INTERNAL_IPV4_ADDR from the server.
+ # request_virtual_ip = no
+
+ # Address to initiation connections to.
+ # responder = 127.0.0.1
+
+ # Authentication method(s) the responder uses.
+ # responder_auth = pubkey
+
+ # Responder ID used in load test.
+ # responder_id =
+
+ # Traffic selector on initiator side, as narrowed by responder.
+ # responder_tsi = initiator_tsi
+
+ # Traffic selector on responder side, as narrowed by responder.
+ # responder_tsr = initiator_tsr
+
+ # Shutdown the daemon after all IKE_SAs have been established.
+ # shutdown_when_complete = no
+
+ # Socket provided by the load-tester plugin.
+ # socket = unix://${piddir}/charon.ldt
+
+ # IKE version to use (0 means use IKEv2 as initiator and accept any version
+ # as responder).
+ # version = 0
+
+ # Section that contains key/value pairs with address pools (in CIDR
+ # notation) to use for a specific network interface e.g. eth0 =
+ # 10.10.0.0/16.
+ addrs {
+
+ }
+
+}
+
diff --git a/conf/plugins/load-tester.opt b/conf/plugins/load-tester.opt
new file mode 100644
index 0000000..7afe326
--- /dev/null
+++ b/conf/plugins/load-tester.opt
@@ -0,0 +1,128 @@
+charon.plugins.load-tester {}
+ Section to configure the load-tester plugin, see LOAD TESTS in
+ **strongswan.conf**(5) for details.
+
+charon.plugins.load-tester.addrs {}
+ Section that contains key/value pairs with address pools (in CIDR notation)
+ to use for a specific network interface e.g. eth0 = 10.10.0.0/16.
+
+charon.plugins.load-tester.addrs_keep = no
+ Whether to keep dynamic addresses even after the associated SA got
+ terminated.
+
+charon.plugins.load-tester.addrs_prefix = 16
+ Network prefix length to use when installing dynamic addresses.
+ If set to -1 the full address is used (i.e. 32 or 128).
+
+charon.plugins.load-tester.ca_dir =
+ Directory to load (intermediate) CA certificates from.
+
+charon.plugins.load-tester.child_rekey = 600
+ Seconds to start CHILD_SA rekeying after setup.
+
+charon.plugins.load-tester.delay = 0
+ Delay between initiatons for each thread.
+
+charon.plugins.load-tester.delete_after_established = no
+ Delete an IKE_SA as soon as it has been established.
+
+charon.plugins.load-tester.digest = sha1
+ Digest algorithm used when issuing certificates.
+
+charon.plugins.load-tester.dpd_delay = 0
+ DPD delay to use in load test.
+
+charon.plugins.load-tester.dynamic_port = 0
+ Base port to be used for requests (each client uses a different port).
+
+charon.plugins.load-tester.eap_password = default-pwd
+ EAP secret to use in load test.
+
+charon.plugins.load-tester.enable = no
+ Enable the load testing plugin. **WARNING**: Never enable this plugin on
+ productive systems. It provides preconfigured credentials and allows an
+ attacker to authenticate as any user.
+
+charon.plugins.load-tester.esp = aes128-sha1
+ CHILD_SA proposal to use for load tests.
+
+charon.plugins.load-tester.fake_kernel = no
+ Fake the kernel interface to allow load-testing against self.
+
+charon.plugins.load-tester.ike_rekey = 0
+ Seconds to start IKE_SA rekeying after setup.
+
+charon.plugins.load-tester.init_limit = 0
+ Global limit of concurrently established SAs during load test.
+
+charon.plugins.load-tester.initiator = 0.0.0.0
+ Address to initiate from.
+
+charon.plugins.load-tester.initiators = 0
+ Number of concurrent initiator threads to use in load test.
+
+charon.plugins.load-tester.initiator_auth = pubkey
+ Authentication method(s) the intiator uses.
+
+charon.plugins.load-tester.initiator_id =
+ Initiator ID used in load test.
+
+charon.plugins.load-tester.initiator_match =
+ Initiator ID to match against as responder.
+
+charon.plugins.load-tester.initiator_tsi =
+ Traffic selector on initiator side, as proposed by initiator.
+
+charon.plugins.load-tester.initiator_tsr =
+ Traffic selector on responder side, as proposed by initiator.
+
+charon.plugins.load-tester.iterations = 1
+ Number of IKE_SAs to initiate by each initiator in load test.
+
+charon.plugins.load-tester.issuer_cert =
+ Path to the issuer certificate (if not configured a hard-coded default value
+ is used).
+
+charon.plugins.load-tester.issuer_key =
+ Path to private key that is used to issue certificates (if not configured a
+ hard-coded default value is used).
+
+charon.plugins.load-tester.mode = tunnel
+ IPsec mode to use, one of _tunnel_, _transport_, or _beet_.
+
+charon.plugins.load-tester.pool =
+ Provide INTERNAL_IPV4_ADDRs from a named pool.
+
+charon.plugins.load-tester.preshared_key = <default-psk>
+ Preshared key to use in load test.
+
+charon.plugins.load-tester.proposal = aes128-sha1-modp768
+ IKE proposal to use in load test.
+
+charon.plugins.load-tester.responder = 127.0.0.1
+ Address to initiation connections to.
+
+charon.plugins.load-tester.responder_auth = pubkey
+ Authentication method(s) the responder uses.
+
+charon.plugins.load-tester.responder_id =
+ Responder ID used in load test.
+
+charon.plugins.load-tester.responder_tsi = initiator_tsi
+ Traffic selector on initiator side, as narrowed by responder.
+
+charon.plugins.load-tester.responder_tsr = initiator_tsr
+ Traffic selector on responder side, as narrowed by responder.
+
+charon.plugins.load-tester.request_virtual_ip = no
+ Request an INTERNAL_IPV4_ADDR from the server.
+
+charon.plugins.load-tester.shutdown_when_complete = no
+ Shutdown the daemon after all IKE_SAs have been established.
+
+charon.plugins.load-tester.socket = unix://${piddir}/charon.ldt
+ Socket provided by the load-tester plugin.
+
+charon.plugins.load-tester.version = 0
+ IKE version to use (0 means use IKEv2 as initiator and accept any version as
+ responder).
diff --git a/conf/plugins/lookip.conf b/conf/plugins/lookip.conf
new file mode 100644
index 0000000..5395822
--- /dev/null
+++ b/conf/plugins/lookip.conf
@@ -0,0 +1,11 @@
+lookip {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Socket provided by the lookip plugin.
+ # socket = unix://${piddir}/charon.lkp
+
+}
+
diff --git a/conf/plugins/lookip.opt b/conf/plugins/lookip.opt
new file mode 100644
index 0000000..443eb34
--- /dev/null
+++ b/conf/plugins/lookip.opt
@@ -0,0 +1,2 @@
+charon.plugins.lookip.socket = unix://${piddir}/charon.lkp
+ Socket provided by the lookip plugin.
diff --git a/conf/plugins/ntru.conf b/conf/plugins/ntru.conf
new file mode 100644
index 0000000..6487b36
--- /dev/null
+++ b/conf/plugins/ntru.conf
@@ -0,0 +1,17 @@
+ntru {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Number of pseudo-random bit requests from the DRBG before an automatic
+ # reseeding occurs.
+ # max_drbg_requests = 4294967294
+
+ # The following parameter sets are available: x9_98_speed, x9_98_bandwidth,
+ # x9_98_balance and optimum, the last set not being part of the X9.98
+ # standard but having the best performance.
+ # parameter_set = optimum
+
+}
+
diff --git a/conf/plugins/ntru.opt b/conf/plugins/ntru.opt
new file mode 100644
index 0000000..8e1bebd
--- /dev/null
+++ b/conf/plugins/ntru.opt
@@ -0,0 +1,8 @@
+charon.plugins.ntru.max_drbg_requests = 4294967294
+ Number of pseudo-random bit requests from the DRBG before an automatic
+ reseeding occurs.
+
+charon.plugins.ntru.parameter_set = optimum
+ The following parameter sets are available: **x9_98_speed**,
+ **x9_98_bandwidth**, **x9_98_balance** and **optimum**, the last set not
+ being part of the X9.98 standard but having the best performance.
diff --git a/conf/plugins/openssl.conf b/conf/plugins/openssl.conf
new file mode 100644
index 0000000..08ed759
--- /dev/null
+++ b/conf/plugins/openssl.conf
@@ -0,0 +1,14 @@
+openssl {
+
+ # ENGINE ID to use in the OpenSSL plugin.
+ # engine_id = pkcs11
+
+ # Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+ # fips_mode = 0
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/openssl.opt b/conf/plugins/openssl.opt
new file mode 100644
index 0000000..55d8dca
--- /dev/null
+++ b/conf/plugins/openssl.opt
@@ -0,0 +1,5 @@
+charon.plugins.openssl.engine_id = pkcs11
+ ENGINE ID to use in the OpenSSL plugin.
+
+charon.plugins.openssl.fips_mode = 0
+ Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
diff --git a/conf/plugins/pkcs11.conf b/conf/plugins/pkcs11.conf
new file mode 100644
index 0000000..35248c2
--- /dev/null
+++ b/conf/plugins/pkcs11.conf
@@ -0,0 +1,37 @@
+pkcs11 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Whether to load certificates from tokens.
+ # load_certs = yes
+
+ # Reload certificates from all tokens if charon receives a SIGHUP.
+ # reload_certs = no
+
+ # Whether the PKCS#11 modules should be used for DH and ECDH (see use_ecc
+ # option).
+ # use_dh = no
+
+ # Whether the PKCS#11 modules should be used for ECDH and ECDSA public key
+ # operations. ECDSA private keys can be used regardless of this option.
+ # use_ecc = no
+
+ # Whether the PKCS#11 modules should be used to hash data.
+ # use_hasher = no
+
+ # Whether the PKCS#11 modules should be used for public key operations, even
+ # for keys not stored on tokens.
+ # use_pubkey = no
+
+ # Whether the PKCS#11 modules should be used as RNG.
+ # use_rng = no
+
+ # List of available PKCS#11 modules.
+ modules {
+
+ }
+
+}
+
diff --git a/conf/plugins/pkcs11.opt b/conf/plugins/pkcs11.opt
new file mode 100644
index 0000000..f5a2028
--- /dev/null
+++ b/conf/plugins/pkcs11.opt
@@ -0,0 +1,26 @@
+charon.plugins.pkcs11.modules {}
+ List of available PKCS#11 modules.
+
+charon.plugins.pkcs11.load_certs = yes
+ Whether to load certificates from tokens.
+
+charon.plugins.pkcs11.reload_certs = no
+ Reload certificates from all tokens if charon receives a SIGHUP.
+
+charon.plugins.pkcs11.use_dh = no
+ Whether the PKCS#11 modules should be used for DH and ECDH (see _use_ecc_
+ option).
+
+charon.plugins.pkcs11.use_ecc = no
+ Whether the PKCS#11 modules should be used for ECDH and ECDSA public key
+ operations. ECDSA private keys can be used regardless of this option.
+
+charon.plugins.pkcs11.use_hasher = no
+ Whether the PKCS#11 modules should be used to hash data.
+
+charon.plugins.pkcs11.use_pubkey = no
+ Whether the PKCS#11 modules should be used for public key operations, even
+ for keys not stored on tokens.
+
+charon.plugins.pkcs11.use_rng = no
+ Whether the PKCS#11 modules should be used as RNG.
diff --git a/conf/plugins/radattr.conf b/conf/plugins/radattr.conf
new file mode 100644
index 0000000..6b08598
--- /dev/null
+++ b/conf/plugins/radattr.conf
@@ -0,0 +1,15 @@
+radattr {
+
+ # Directory where RADIUS attributes are stored in client-ID specific files.
+ # dir =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Add attributes to all IKE_AUTH messages (-1) or only to the one with the
+ # given message ID.
+ # message_id = -1
+
+}
+
diff --git a/conf/plugins/radattr.opt b/conf/plugins/radattr.opt
new file mode 100644
index 0000000..dcc1bf2
--- /dev/null
+++ b/conf/plugins/radattr.opt
@@ -0,0 +1,9 @@
+charon.plugins.radattr.dir =
+ Directory where RADIUS attributes are stored in client-ID specific files.
+
+charon.plugins.radattr.message_id = -1
+ Add attributes to all IKE_AUTH messages (-1) or only to the one with the
+ given message ID.
+
+ Attributes are added to all IKE_AUTH messages by default (-1), or only to
+ the IKE_AUTH message with the given IKEv2 message ID.
diff --git a/conf/plugins/random.conf b/conf/plugins/random.conf
new file mode 100644
index 0000000..e0af75f
--- /dev/null
+++ b/conf/plugins/random.conf
@@ -0,0 +1,18 @@
+random {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # File to read random bytes from.
+ # random = ${random_device}
+
+ # If set to yes the RNG_STRONG class reads random bytes from the same source
+ # as the RNG_TRUE class.
+ # strong_equals_true = no
+
+ # File to read pseudo random bytes from.
+ # urandom = ${urandom_device}
+
+}
+
diff --git a/conf/plugins/random.opt b/conf/plugins/random.opt
new file mode 100644
index 0000000..1cbde28
--- /dev/null
+++ b/conf/plugins/random.opt
@@ -0,0 +1,9 @@
+charon.plugins.random.random = ${random_device}
+ File to read random bytes from.
+
+charon.plugins.random.urandom = ${urandom_device}
+ File to read pseudo random bytes from.
+
+charon.plugins.random.strong_equals_true = no
+ If set to yes the RNG_STRONG class reads random bytes from the same source
+ as the RNG_TRUE class.
diff --git a/conf/plugins/resolve.conf b/conf/plugins/resolve.conf
new file mode 100644
index 0000000..5d9ca72
--- /dev/null
+++ b/conf/plugins/resolve.conf
@@ -0,0 +1,18 @@
+resolve {
+
+ # File where to add DNS server entries.
+ # file = /etc/resolv.conf
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ resolvconf {
+
+ # Prefix used for interface names sent to resolvconf(8).
+ # iface_prefix = lo.inet.ipsec.
+
+ }
+
+}
+
diff --git a/conf/plugins/resolve.opt b/conf/plugins/resolve.opt
new file mode 100644
index 0000000..ce65eff
--- /dev/null
+++ b/conf/plugins/resolve.opt
@@ -0,0 +1,11 @@
+charon.plugins.resolve.file = /etc/resolv.conf
+ File where to add DNS server entries.
+
+charon.plugins.resolve.resolvconf.iface_prefix = lo.inet.ipsec.
+ Prefix used for interface names sent to resolvconf(8).
+
+ Prefix used for interface names sent to **resolvconf**(8). The nameserver
+ address is appended to this prefix to make it unique. The result has to be
+ a valid interface name according to the rules defined by resolvconf. Also,
+ it should have a high priority according to the order defined in
+ **interface-order**(5).
diff --git a/conf/plugins/socket-default.conf b/conf/plugins/socket-default.conf
new file mode 100644
index 0000000..6d4b73d
--- /dev/null
+++ b/conf/plugins/socket-default.conf
@@ -0,0 +1,20 @@
+socket-default {
+
+ # Firewall mark to set on outbound packets.
+ # fwmark =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Set source address on outbound packets, if possible.
+ # set_source = yes
+
+ # Listen on IPv4, if possible.
+ # use_ipv4 = yes
+
+ # Listen on IPv6, if possible.
+ # use_ipv6 = yes
+
+}
+
diff --git a/conf/plugins/socket-default.opt b/conf/plugins/socket-default.opt
new file mode 100644
index 0000000..483a0f0
--- /dev/null
+++ b/conf/plugins/socket-default.opt
@@ -0,0 +1,11 @@
+charon.plugins.socket-default.fwmark =
+ Firewall mark to set on outbound packets.
+
+charon.plugins.socket-default.set_source = yes
+ Set source address on outbound packets, if possible.
+
+charon.plugins.socket-default.use_ipv4 = yes
+ Listen on IPv4, if possible.
+
+charon.plugins.socket-default.use_ipv6 = yes
+ Listen on IPv6, if possible.
diff --git a/conf/plugins/sql.conf b/conf/plugins/sql.conf
new file mode 100644
index 0000000..094231b
--- /dev/null
+++ b/conf/plugins/sql.conf
@@ -0,0 +1,15 @@
+sql {
+
+ # Database URI for charon's SQL plugin. If it contains a password, make sure
+ # to adjust the permissions of the config file accordingly.
+ # database =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Loglevel for logging to SQL database.
+ # loglevel = -1
+
+}
+
diff --git a/conf/plugins/sql.opt b/conf/plugins/sql.opt
new file mode 100644
index 0000000..f573bba
--- /dev/null
+++ b/conf/plugins/sql.opt
@@ -0,0 +1,6 @@
+charon.plugins.sql.database =
+ Database URI for charon's SQL plugin. If it contains a password, make
+ sure to adjust the permissions of the config file accordingly.
+
+charon.plugins.sql.loglevel = -1
+ Loglevel for logging to SQL database.
diff --git a/conf/plugins/stroke.conf b/conf/plugins/stroke.conf
new file mode 100644
index 0000000..6dd0630
--- /dev/null
+++ b/conf/plugins/stroke.conf
@@ -0,0 +1,24 @@
+stroke {
+
+ # Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
+ # certificates even if they don't contain a CA basic constraint.
+ # ignore_missing_ca_basic_constraint = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of stroke messages handled concurrently.
+ # max_concurrent = 4
+
+ # If enabled log level changes via stroke socket are not allowed.
+ # prevent_loglevel_changes = no
+
+ # Socket provided by the stroke plugin.
+ # socket = unix://${piddir}/charon.ctl
+
+ # Timeout in ms for any stroke command. Use 0 to disable the timeout.
+ # timeout = 0
+
+}
+
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
new file mode 100644
index 0000000..2cfc2c6
--- /dev/null
+++ b/conf/plugins/stroke.opt
@@ -0,0 +1,15 @@
+charon.plugins.stroke.ignore_missing_ca_basic_constraint = no
+ Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
+ certificates even if they don't contain a CA basic constraint.
+
+charon.plugins.stroke.max_concurrent = 4
+ Maximum number of stroke messages handled concurrently.
+
+charon.plugins.stroke.prevent_loglevel_changes = no
+ If enabled log level changes via stroke socket are not allowed.
+
+charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
+ Socket provided by the stroke plugin.
+
+charon.plugins.stroke.timeout = 0
+ Timeout in ms for any stroke command. Use 0 to disable the timeout.
diff --git a/conf/plugins/systime-fix.conf b/conf/plugins/systime-fix.conf
new file mode 100644
index 0000000..f5cd4cd
--- /dev/null
+++ b/conf/plugins/systime-fix.conf
@@ -0,0 +1,22 @@
+systime-fix {
+
+ # Interval in seconds to check system time for validity. 0 disables the
+ # check.
+ # interval = 0
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Whether to use reauth or delete if an invalid cert lifetime is detected.
+ # reauth = no
+
+ # Threshold date where system time is considered valid. Disabled if not
+ # specified.
+ # threshold =
+
+ # strptime(3) format used to parse threshold option.
+ # threshold_format = %Y
+
+}
+
diff --git a/conf/plugins/systime-fix.opt b/conf/plugins/systime-fix.opt
new file mode 100644
index 0000000..7abd036
--- /dev/null
+++ b/conf/plugins/systime-fix.opt
@@ -0,0 +1,12 @@
+charon.plugins.systime-fix.interval = 0
+ Interval in seconds to check system time for validity. 0 disables the check.
+
+charon.plugins.systime-fix.reauth = no
+ Whether to use reauth or delete if an invalid cert lifetime is detected.
+
+charon.plugins.systime-fix.threshold =
+ Threshold date where system time is considered valid. Disabled if not
+ specified.
+
+charon.plugins.systime-fix.threshold_format = %Y
+ **strptime**(3) format used to parse threshold option.
diff --git a/conf/plugins/tnc-ifmap.conf b/conf/plugins/tnc-ifmap.conf
new file mode 100644
index 0000000..02f7c88
--- /dev/null
+++ b/conf/plugins/tnc-ifmap.conf
@@ -0,0 +1,30 @@
+tnc-ifmap {
+
+ # Path to X.509 certificate file of IF-MAP client.
+ # client_cert =
+
+ # Path to private key file of IF-MAP client.
+ # client_key =
+
+ # Unique name of strongSwan server as a PEP and/or PDP device.
+ # device_name =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Interval in seconds between periodic IF-MAP RenewSession requests.
+ # renew_session_interval = 150
+
+ # Path to X.509 certificate file of IF-MAP server.
+ # server_cert =
+
+ # URI of the form [https://]servername[:port][/path].
+ # server_uri = https://localhost:8444/imap
+
+ # Credentials of IF-MAP client of the form username:password. If set, make
+ # sure to adjust the permissions of the config file accordingly.
+ # username_password =
+
+}
+
diff --git a/conf/plugins/tnc-ifmap.opt b/conf/plugins/tnc-ifmap.opt
new file mode 100644
index 0000000..155c306
--- /dev/null
+++ b/conf/plugins/tnc-ifmap.opt
@@ -0,0 +1,21 @@
+charon.plugins.tnc-ifmap.client_cert =
+ Path to X.509 certificate file of IF-MAP client.
+
+charon.plugins.tnc-ifmap.client_key =
+ Path to private key file of IF-MAP client.
+
+charon.plugins.tnc-ifmap.device_name =
+ Unique name of strongSwan server as a PEP and/or PDP device.
+
+charon.plugins.tnc-ifmap.renew_session_interval = 150
+ Interval in seconds between periodic IF-MAP RenewSession requests.
+
+charon.plugins.tnc-ifmap.server_uri = https://localhost:8444/imap
+ URI of the form [https://]servername[:port][/path].
+
+charon.plugins.tnc-ifmap.server_cert =
+ Path to X.509 certificate file of IF-MAP server.
+
+charon.plugins.tnc-ifmap.username_password =
+ Credentials of IF-MAP client of the form username:password. If set, make
+ sure to adjust the permissions of the config file accordingly.
diff --git a/conf/plugins/tnc-imc.conf b/conf/plugins/tnc-imc.conf
new file mode 100644
index 0000000..f517abc
--- /dev/null
+++ b/conf/plugins/tnc-imc.conf
@@ -0,0 +1,14 @@
+tnc-imc {
+
+ # Unload IMC after use.
+ # dlclose = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Preferred language for TNC recommendations.
+ # preferred_language = en
+
+}
+
diff --git a/conf/plugins/tnc-imc.opt b/conf/plugins/tnc-imc.opt
new file mode 100644
index 0000000..7c9af2a
--- /dev/null
+++ b/conf/plugins/tnc-imc.opt
@@ -0,0 +1,5 @@
+charon.plugins.tnc-imc.dlclose = yes
+ Unload IMC after use.
+
+charon.plugins.tnc-imc.preferred_language = en
+ Preferred language for TNC recommendations.
diff --git a/conf/plugins/tnc-imv.conf b/conf/plugins/tnc-imv.conf
new file mode 100644
index 0000000..7994219
--- /dev/null
+++ b/conf/plugins/tnc-imv.conf
@@ -0,0 +1,14 @@
+tnc-imv {
+
+ # Unload IMV after use.
+ # dlclose = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # TNC recommendation policy, one of default, any, or all.
+ # recommendation_policy = default
+
+}
+
diff --git a/conf/plugins/tnc-imv.opt b/conf/plugins/tnc-imv.opt
new file mode 100644
index 0000000..788753c
--- /dev/null
+++ b/conf/plugins/tnc-imv.opt
@@ -0,0 +1,5 @@
+charon.plugins.tnc-imv.dlclose = yes
+ Unload IMV after use.
+
+charon.plugins.tnc-imv.recommendation_policy = default
+ TNC recommendation policy, one of _default_, _any_, or _all_.
diff --git a/conf/plugins/tnc-pdp.conf b/conf/plugins/tnc-pdp.conf
new file mode 100644
index 0000000..d9e926c
--- /dev/null
+++ b/conf/plugins/tnc-pdp.conf
@@ -0,0 +1,41 @@
+tnc-pdp {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Name of the strongSwan PDP as contained in the AAA certificate.
+ # server =
+
+ # Timeout in seconds before closing incomplete connections.
+ # timeout =
+
+ pt_tls {
+
+ # Enable PT-TLS protocol on the strongSwan PDP.
+ # enable = yes
+
+ # PT-TLS server port the strongSwan PDP is listening on.
+ # port = 271
+
+ }
+
+ radius {
+
+ # Enable RADIUS protocol on the strongSwan PDP.
+ # enable = yes
+
+ # EAP tunnel method to be used.
+ # method = ttls
+
+ # RADIUS server port the strongSwan PDP is listening on.
+ # port = 1812
+
+ # Shared RADIUS secret between strongSwan PDP and NAS. If set, make sure
+ # to adjust the permissions of the config file accordingly.
+ # secret =
+
+ }
+
+}
+
diff --git a/conf/plugins/tnc-pdp.opt b/conf/plugins/tnc-pdp.opt
new file mode 100644
index 0000000..22b00db
--- /dev/null
+++ b/conf/plugins/tnc-pdp.opt
@@ -0,0 +1,24 @@
+charon.plugins.tnc-pdp.pt_tls.enable = yes
+ Enable PT-TLS protocol on the strongSwan PDP.
+
+charon.plugins.tnc-pdp.pt_tls.port = 271
+ PT-TLS server port the strongSwan PDP is listening on.
+
+charon.plugins.tnc-pdp.radius.enable = yes
+ Enable RADIUS protocol on the strongSwan PDP.
+
+charon.plugins.tnc-pdp.radius.method = ttls
+ EAP tunnel method to be used.
+
+charon.plugins.tnc-pdp.radius.port = 1812
+ RADIUS server port the strongSwan PDP is listening on.
+
+charon.plugins.tnc-pdp.radius.secret =
+ Shared RADIUS secret between strongSwan PDP and NAS. If set, make sure to
+ adjust the permissions of the config file accordingly.
+
+charon.plugins.tnc-pdp.server =
+ Name of the strongSwan PDP as contained in the AAA certificate.
+
+charon.plugins.tnc-pdp.timeout =
+ Timeout in seconds before closing incomplete connections.
diff --git a/conf/plugins/tnccs-11.conf b/conf/plugins/tnccs-11.conf
new file mode 100644
index 0000000..9b99786
--- /dev/null
+++ b/conf/plugins/tnccs-11.conf
@@ -0,0 +1,11 @@
+tnccs-11 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum size of a PA-TNC message (XML & Base64 encoding).
+ # max_message_size = 45000
+
+}
+
diff --git a/conf/plugins/tnccs-11.opt b/conf/plugins/tnccs-11.opt
new file mode 100644
index 0000000..eb313fe
--- /dev/null
+++ b/conf/plugins/tnccs-11.opt
@@ -0,0 +1,2 @@
+charon.plugins.tnccs-11.max_message_size = 45000
+ Maximum size of a PA-TNC message (XML & Base64 encoding).
diff --git a/conf/plugins/tnccs-20.conf b/conf/plugins/tnccs-20.conf
new file mode 100644
index 0000000..9a57ee1
--- /dev/null
+++ b/conf/plugins/tnccs-20.conf
@@ -0,0 +1,14 @@
+tnccs-20 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529).
+ # max_batch_size = 65522
+
+ # Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497).
+ # max_message_size = 65490
+
+}
+
diff --git a/conf/plugins/tnccs-20.opt b/conf/plugins/tnccs-20.opt
new file mode 100644
index 0000000..b15bc3f
--- /dev/null
+++ b/conf/plugins/tnccs-20.opt
@@ -0,0 +1,5 @@
+charon.plugins.tnccs-20.max_batch_size = 65522
+ Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529).
+
+charon.plugins.tnccs-20.max_message_size = 65490
+ Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497).
diff --git a/conf/plugins/unbound.conf b/conf/plugins/unbound.conf
new file mode 100644
index 0000000..8d30031
--- /dev/null
+++ b/conf/plugins/unbound.conf
@@ -0,0 +1,17 @@
+unbound {
+
+ # File to read trusted keys for DLV (DNSSEC Lookaside Validation) from.
+ # dlv_anchors =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # File to read DNS resolver configuration from.
+ # resolv_conf = /etc/resolv.conf
+
+ # File to read DNSSEC trust anchors from (usually root zone KSK).
+ # trust_anchors = /etc/ipsec.d/dnssec.keys
+
+}
+
diff --git a/conf/plugins/unbound.opt b/conf/plugins/unbound.opt
new file mode 100644
index 0000000..f8ca9ca
--- /dev/null
+++ b/conf/plugins/unbound.opt
@@ -0,0 +1,17 @@
+charon.plugins.unbound.resolv_conf = /etc/resolv.conf
+ File to read DNS resolver configuration from.
+
+charon.plugins.unbound.trust_anchors = /etc/ipsec.d/dnssec.keys
+ File to read DNSSEC trust anchors from (usually root zone KSK).
+
+ File to read DNSSEC trust anchors from (usually root zone KSK). The format
+ of the file is the standard DNS Zone file format, anchors can be stored as
+ DS or DNSKEY entries in the file.
+
+charon.plugins.unbound.dlv_anchors =
+ File to read trusted keys for DLV (DNSSEC Lookaside Validation) from.
+
+ File to read trusted keys for DLV (DNSSEC Lookaside Validation) from. It
+ uses the same format as _trust_anchors_. Only one DLV can be configured,
+ which is then used as a root trusted DLV, this means that it is a lookaside
+ for the root.
diff --git a/conf/plugins/updown.conf b/conf/plugins/updown.conf
new file mode 100644
index 0000000..8bcd330
--- /dev/null
+++ b/conf/plugins/updown.conf
@@ -0,0 +1,12 @@
+updown {
+
+ # Whether the updown script should handle assigned DNS servers (if enabled
+ # they can't be handled by other plugins, like resolve).
+ # dns_handler = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/updown.opt b/conf/plugins/updown.opt
new file mode 100644
index 0000000..d8bcc82
--- /dev/null
+++ b/conf/plugins/updown.opt
@@ -0,0 +1,7 @@
+charon.plugins.updown.dns_handler = no
+ Whether the updown script should handle assigned DNS servers (if enabled
+ they can't be handled by other plugins, like resolve).
+
+ Whether the updown script should handle DNS servers assigned via IKEv1 Mode
+ Config or IKEv2 Config Payloads (if enabled they can't be handled by other
+ plugins, like resolve)
diff --git a/conf/plugins/whitelist.conf b/conf/plugins/whitelist.conf
new file mode 100644
index 0000000..c68358b
--- /dev/null
+++ b/conf/plugins/whitelist.conf
@@ -0,0 +1,14 @@
+whitelist {
+
+ # Enable loaded whitelist plugin.
+ # enable = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Socket provided by the whitelist plugin.
+ # socket = unix://${piddir}/charon.wlst
+
+}
+
diff --git a/conf/plugins/whitelist.opt b/conf/plugins/whitelist.opt
new file mode 100644
index 0000000..023f7e2
--- /dev/null
+++ b/conf/plugins/whitelist.opt
@@ -0,0 +1,6 @@
+charon.plugins.whitelist.enable = yes
+ Enable loaded whitelist plugin.
+
+charon.plugins.whitelist.socket = unix://${piddir}/charon.wlst
+ Socket provided by the whitelist plugin.
+
diff --git a/conf/plugins/xauth-eap.conf b/conf/plugins/xauth-eap.conf
new file mode 100644
index 0000000..25ea2aa
--- /dev/null
+++ b/conf/plugins/xauth-eap.conf
@@ -0,0 +1,11 @@
+xauth-eap {
+
+ # EAP plugin to be used as backend for XAuth credential verification.
+ # backend = radius
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/xauth-eap.opt b/conf/plugins/xauth-eap.opt
new file mode 100644
index 0000000..1663f93
--- /dev/null
+++ b/conf/plugins/xauth-eap.opt
@@ -0,0 +1,2 @@
+charon.plugins.xauth-eap.backend = radius
+ EAP plugin to be used as backend for XAuth credential verification.
diff --git a/conf/plugins/xauth-pam.conf b/conf/plugins/xauth-pam.conf
new file mode 100644
index 0000000..aeba191
--- /dev/null
+++ b/conf/plugins/xauth-pam.conf
@@ -0,0 +1,18 @@
+xauth-pam {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # PAM service to be used for authentication.
+ # pam_service = login
+
+ # Open/close a PAM session for each active IKE_SA.
+ # session = no
+
+ # If an email address is received as an XAuth username, trim it to just the
+ # username part.
+ # trim_email = yes
+
+}
+
diff --git a/conf/plugins/xauth-pam.opt b/conf/plugins/xauth-pam.opt
new file mode 100644
index 0000000..637dea6
--- /dev/null
+++ b/conf/plugins/xauth-pam.opt
@@ -0,0 +1,9 @@
+charon.plugins.xauth-pam.pam_service = login
+ PAM service to be used for authentication.
+
+charon.plugins.xauth-pam.session = no
+ Open/close a PAM session for each active IKE_SA.
+
+charon.plugins.xauth-pam.trim_email = yes
+ If an email address is received as an XAuth username, trim it to just the
+ username part.
diff --git a/conf/strongswan.conf b/conf/strongswan.conf
new file mode 100644
index 0000000..d906728
--- /dev/null
+++ b/conf/strongswan.conf
@@ -0,0 +1,14 @@
+# strongswan.conf - strongSwan configuration file
+#
+# Refer to the strongswan.conf(5) manpage for details
+#
+# Configuration changes should be made in the included files
+
+charon {
+ load_modular = yes
+ plugins {
+ include strongswan.d/charon/*.conf
+ }
+}
+
+include strongswan.d/*.conf
diff --git a/conf/strongswan.conf.5.head.in b/conf/strongswan.conf.5.head.in
new file mode 100644
index 0000000..23454e7
--- /dev/null
+++ b/conf/strongswan.conf.5.head.in
@@ -0,0 +1,127 @@
+.TH STRONGSWAN.CONF 5 "" "@PACKAGE_VERSION@" "strongSwan"
+.SH NAME
+strongswan.conf \- strongSwan configuration file
+.SH DESCRIPTION
+While the
+.IR ipsec.conf (5)
+configuration file is well suited to define IPsec related configuration
+parameters, it is not useful for other strongSwan applications to read options
+from this file.
+The file is hard to parse and only
+.I ipsec starter
+is capable of doing so. As the number of components of the strongSwan project
+is continually growing, a more flexible configuration file was needed, one that
+is easy to extend and can be used by all components. With strongSwan 4.2.1
+.IR strongswan.conf (5)
+was introduced which meets these requirements.
+
+.SH SYNTAX
+The format of the strongswan.conf file consists of hierarchical
+.B sections
+and a list of
+.B key/value pairs
+in each section. Each section has a name, followed by C-Style curly brackets
+defining the section body. Each section body contains a set of subsections
+and key/value pairs:
+.PP
+.EX
+ settings := (section|keyvalue)*
+ section := name { settings }
+ keyvalue := key = value\\n
+.EE
+.PP
+Values must be terminated by a newline.
+.PP
+Comments are possible using the \fB#\fP-character, but be careful: The parser
+implementation is currently limited and does not like brackets in comments.
+.PP
+Section names and keys may contain any printable character except:
+.PP
+.EX
+ . { } # \\n \\t space
+.EE
+.PP
+An example file in this format might look like this:
+.PP
+.EX
+ a = b
+ section-one {
+ somevalue = asdf
+ subsection {
+ othervalue = xxx
+ }
+ # yei, a comment
+ yetanother = zz
+ }
+ section-two {
+ x = 12
+ }
+.EE
+.PP
+Indentation is optional, you may use tabs or spaces.
+
+.SH INCLUDING FILES
+Using the
+.B include
+statement it is possible to include other files into strongswan.conf, e.g.
+.PP
+.EX
+ include /some/path/*.conf
+.EE
+.PP
+If the file name is not an absolute path, it is considered to be relative
+to the directory of the file containing the include statement. The file name
+may include shell wildcards (see
+.IR sh (1)).
+Also, such inclusions can be nested.
+.PP
+Sections loaded from included files
+.I extend
+previously loaded sections; already existing values are
+.IR replaced .
+It is important to note that settings are added relative to the section the
+include statement is in.
+.PP
+As an example, the following three files result in the same final
+config as the one given above:
+.PP
+.EX
+ a = b
+ section-one {
+ somevalue = before include
+ include include.conf
+ }
+ include other.conf
+
+include.conf:
+ # settings loaded from this file are added to section-one
+ # the following replaces the previous value
+ somevalue = asdf
+ subsection {
+ othervalue = yyy
+ }
+ yetanother = zz
+
+other.conf:
+ # this extends section-one and subsection
+ section-one {
+ subsection {
+ # this replaces the previous value
+ othervalue = xxx
+ }
+ }
+ section-two {
+ x = 12
+ }
+.EE
+
+.SH READING VALUES
+Values are accessed using a dot-separated section list and a key.
+With reference to the example above, accessing
+.B section-one.subsection.othervalue
+will return
+.BR xxx .
+
+.SH DEFINED KEYS
+The following keys are currently defined (using dot notation). The default
+value (if any) is listed in brackets after the key.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
new file mode 100644
index 0000000..282b8fa
--- /dev/null
+++ b/conf/strongswan.conf.5.main
@@ -0,0 +1,1664 @@
+.TP
+.BR attest.database " []"
+File measurement information database URI. If it contains a password, make sure
+to adjust the permissions of the config file accordingly.
+
+.TP
+.BR attest.load " []"
+Plugins to load in ipsec attest tool.
+
+.TP
+.B charon
+.br
+Options for the charon IKE daemon.
+
+.RB "" "Note" ":"
+Many of the options in this section also apply to
+.RB "" "charon\-cmd" ""
+and
+other
+.RB "" "charon" ""
+derivatives. Just use their respective name (e.g.
+.RB "" "charon\-cmd" ""
+instead of
+.RB "" "charon" ")."
+For many options defaults can be defined
+in the
+.RB "" "libstrongswan" ""
+section.
+
+.TP
+.BR charon.block_threshold " [5]"
+Maximum number of half\-open IKE_SAs for a single peer IP.
+
+.TP
+.BR charon.cert_cache " [yes]"
+Whether relations in validated certificate chains should be cached in memory.
+
+.TP
+.BR charon.cisco_unity " [no]"
+Send Cisco Unity vendor ID payload (IKEv1 only).
+
+.TP
+.BR charon.close_ike_on_child_failure " [no]"
+Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+
+.TP
+.BR charon.cookie_threshold " [10]"
+Number of half\-open IKE_SAs that activate the cookie mechanism.
+
+.TP
+.BR charon.dh_exponent_ansi_x9_42 " [yes]"
+Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+strength.
+
+.TP
+.BR charon.dns1 " []"
+DNS server assigned to peer via configuration payload (CP).
+
+.TP
+.BR charon.dns2 " []"
+DNS server assigned to peer via configuration payload (CP).
+
+.TP
+.BR charon.dos_protection " [yes]"
+Enable Denial of Service protection using cookies and aggressiveness checks.
+
+.TP
+.BR charon.ecp_x_coordinate_only " [yes]"
+Compliance with the errata for RFC 4753.
+
+.TP
+.BR charon.flush_auth_cfg " [no]"
+If enabled objects used during authentication (certificates, identities etc.)
+are released to free memory once an IKE_SA is established. Enabling this might
+conflict with plugins that later need access to e.g. the used certificates.
+
+.TP
+.BR charon.fragment_size " [512]"
+Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
+fragmentation extension.
+
+.TP
+.BR charon.group " []"
+Name of the group the daemon changes to after startup.
+
+.TP
+.BR charon.half_open_timeout " [30]"
+Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+
+.TP
+.BR charon.hash_and_url " [no]"
+Enable hash and URL support.
+
+.TP
+.BR charon.i_dont_care_about_security_and_use_aggressive_mode_psk " [no]"
+If enabled responders are allowed to use IKEv1 Aggressive Mode with pre\-shared
+keys, which is discouraged due to security concerns (offline attacks on the
+openly transmitted hash of the PSK).
+
+.TP
+.BR charon.ignore_routing_tables " []"
+A space\-separated list of routing tables to be excluded from route lookups.
+
+.TP
+.BR charon.ikesa_limit " [0]"
+Maximum number of IKE_SAs that can be established at the same time before new
+connection attempts are blocked.
+
+.TP
+.BR charon.ikesa_table_segments " [1]"
+Number of exclusively locked segments in the hash table.
+
+.TP
+.BR charon.ikesa_table_size " [1]"
+Size of the IKE_SA hash table.
+
+.TP
+.BR charon.inactivity_close_ike " [no]"
+Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+
+.TP
+.BR charon.init_limit_half_open " [0]"
+Limit new connections based on the current number of half open IKE_SAs, see
+IKE_SA_INIT DROPPING in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.BR charon.init_limit_job_load " [0]"
+Limit new connections based on the number of jobs currently queued for
+processing (see IKE_SA_INIT DROPPING).
+
+.TP
+.BR charon.initiator_only " [no]"
+Causes charon daemon to ignore IKE initiation requests.
+
+.TP
+.BR charon.install_routes " [yes]"
+Install routes into a separate routing table for established IPsec tunnels.
+
+.TP
+.BR charon.install_virtual_ip " [yes]"
+Install virtual IP addresses.
+
+.TP
+.BR charon.install_virtual_ip_on " []"
+The name of the interface on which virtual IP addresses should be installed. If
+not specified the addresses will be installed on the outbound interface.
+
+.TP
+.BR charon.integrity_test " [no]"
+Check daemon, libstrongswan and plugin integrity at startup.
+
+.TP
+.BR charon.interfaces_ignore " []"
+A comma\-separated list of network interfaces that should be ignored, if
+.RB "" "interfaces_use" ""
+is specified this option has no effect.
+
+.TP
+.BR charon.interfaces_use " []"
+A comma\-separated list of network interfaces that should be used by charon. All
+other interfaces are ignored.
+
+.TP
+.BR charon.keep_alive " [20s]"
+NAT keep alive interval.
+
+.TP
+.BR charon.load " []"
+Plugins to load in the IKE daemon charon.
+
+.TP
+.BR charon.load_modular " [no]"
+If enabled, the list of plugins to load is determined via the value of the
+.RI "" "charon.plugins.<name>.load" ""
+options. In addition to a simple boolean flag that
+option may take an integer value indicating the priority of a plugin, which
+would influence the order of a plugin in the plugin list (the default is 1). If
+two plugins have the same priority their order in the default plugin list is
+preserved. Enabled plugins not found in that list are ordered alphabetically
+before other plugins with the same priority.
+
+.TP
+.BR charon.max_packet " [10000]"
+Maximum packet size accepted by charon.
+
+.TP
+.BR charon.multiple_authentication " [yes]"
+Enable multiple authentication exchanges (RFC 4739).
+
+.TP
+.BR charon.nbns1 " []"
+WINS servers assigned to peer via configuration payload (CP).
+
+.TP
+.BR charon.nbns2 " []"
+WINS servers assigned to peer via configuration payload (CP).
+
+.TP
+.BR charon.port " [500]"
+UDP port used locally. If set to 0 a random port will be allocated.
+
+.TP
+.BR charon.port_nat_t " [4500]"
+UDP port used locally in case of NAT\-T. If set to 0 a random port will be
+allocated. Has to be different from
+.RB "" "charon.port" ","
+otherwise a random port
+will be allocated.
+
+.TP
+.BR charon.process_route " [yes]"
+Process RTM_NEWROUTE and RTM_DELROUTE events.
+
+.TP
+.BR charon.receive_delay " [0]"
+Delay in ms for receiving packets, to simulate larger RTT.
+
+.TP
+.BR charon.receive_delay_request " [yes]"
+Delay request messages.
+
+.TP
+.BR charon.receive_delay_response " [yes]"
+Delay response messages.
+
+.TP
+.BR charon.receive_delay_type " [0]"
+Specific IKEv2 message type to delay, 0 for any.
+
+.TP
+.BR charon.replay_window " [32]"
+Size of the AH/ESP replay window, in packets.
+
+.TP
+.BR charon.retransmit_base " [1.8]"
+Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.BR charon.retransmit_timeout " [4.0]"
+Timeout in seconds before sending first retransmit.
+
+.TP
+.BR charon.retransmit_tries " [5]"
+Number of times to retransmit a packet before giving up.
+
+.TP
+.BR charon.retry_initiate_interval " [0]"
+Interval to use when retrying to initiate an IKE_SA (e.g. if DNS resolution
+failed), 0 to disable retries.
+
+.TP
+.BR charon.reuse_ikesa " [yes]"
+Initiate CHILD_SA within existing IKE_SAs.
+
+.TP
+.BR charon.routing_table " []"
+Numerical routing table to install routes to.
+
+.TP
+.BR charon.routing_table_prio " []"
+Priority of the routing table.
+
+.TP
+.BR charon.send_delay " [0]"
+Delay in ms for sending packets, to simulate larger RTT.
+
+.TP
+.BR charon.send_delay_request " [yes]"
+Delay request messages.
+
+.TP
+.BR charon.send_delay_response " [yes]"
+Delay response messages.
+
+.TP
+.BR charon.send_delay_type " [0]"
+Specific IKEv2 message type to delay, 0 for any.
+
+.TP
+.BR charon.send_vendor_id " [no]"
+Send strongSwan vendor ID payload
+
+.TP
+.BR charon.threads " [16]"
+Number of worker threads in charon. Several of these are reserved for long
+running tasks in internal modules and plugins. Therefore, make sure you don't
+set this value too low. The number of idle worker threads listed in
+.RI "" "ipsec statusall" ""
+might be used as indicator on the number of reserved threads.
+
+.TP
+.BR charon.user " []"
+Name of the user the daemon changes to after startup.
+
+.TP
+.BR charon.crypto_test.bench " [no]"
+Benchmark crypto algorithms and order them by efficiency.
+
+.TP
+.BR charon.crypto_test.bench_size " [1024]"
+Buffer size used for crypto benchmark.
+
+.TP
+.BR charon.crypto_test.bench_time " [50]"
+Number of iterations to test each algorithm.
+
+.TP
+.BR charon.crypto_test.on_add " [no]"
+Test crypto algorithms during registration (requires test vectors provided by
+the
+.RI "" "test\-vectors" ""
+plugin).
+
+.TP
+.BR charon.crypto_test.on_create " [no]"
+Test crypto algorithms on each crypto primitive instantiation.
+
+.TP
+.BR charon.crypto_test.required " [no]"
+Strictly require at least one test vector to enable an algorithm.
+
+.TP
+.BR charon.crypto_test.rng_true " [no]"
+Whether to test RNG with TRUE quality; requires a lot of entropy.
+
+.TP
+.B charon.filelog
+.br
+Section to define file loggers, see LOGGER CONFIGURATION in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.B charon.filelog.<filename>
+.br
+<filename> is the full path to the log file.
+
+.TP
+.BR charon.filelog.<filename>.<subsystem> " [<default>]"
+Loglevel for a specific subsystem.
+
+.TP
+.BR charon.filelog.<filename>.append " [yes]"
+If this option is enabled log entries are appended to the existing file.
+
+.TP
+.BR charon.filelog.<filename>.default " [1]"
+Specifies the default loglevel to be used for subsystems for which no specific
+loglevel is defined.
+
+.TP
+.BR charon.filelog.<filename>.flush_line " [no]"
+Enabling this option disables block buffering and enables line buffering.
+
+.TP
+.BR charon.filelog.<filename>.ike_name " [no]"
+Prefix each log entry with the connection name and a unique numerical identifier
+for each IKE_SA.
+
+.TP
+.BR charon.filelog.<filename>.time_format " []"
+Prefix each log entry with a timestamp. The option accepts a format string as
+passed to
+.RB "" "strftime" "(3)."
+
+
+.TP
+.BR charon.host_resolver.max_threads " [3]"
+Maximum number of concurrent resolver threads (they are terminated if unused).
+
+.TP
+.BR charon.host_resolver.min_threads " [0]"
+Minimum number of resolver threads to keep around.
+
+.TP
+.B charon.imcv
+.br
+Defaults for options in this section can be configured in the
+.RI "" "libimcv" ""
+section.
+
+.TP
+.BR charon.imcv.assessment_result " [yes]"
+Whether IMVs send a standard IETF Assessment Result attribute.
+
+.TP
+.BR charon.imcv.database " []"
+Global IMV policy database URI. If it contains a password, make sure to adjust
+the permissions of the config file accordingly.
+
+.TP
+.BR charon.imcv.policy_script " [ipsec _imv_policy]"
+Script called for each TNC connection to generate IMV policies.
+
+.TP
+.BR charon.imcv.os_info.name " []"
+Manually set the name of the client OS (e.g. Ubuntu).
+
+.TP
+.BR charon.imcv.os_info.version " []"
+Manually set the version of the client OS (e.g. 12.04 i686).
+
+.TP
+.BR charon.leak_detective.detailed " [yes]"
+Includes source file names and line numbers in leak detective output.
+
+.TP
+.BR charon.leak_detective.usage_threshold " [10240]"
+Threshold in bytes for leaks to be reported (0 to report all).
+
+.TP
+.BR charon.leak_detective.usage_threshold_count " [0]"
+Threshold in number of allocations for leaks to be reported (0 to report all).
+
+.TP
+.BR charon.plugins.android_log.loglevel " [1]"
+Loglevel for logging to Android specific logger.
+
+.TP
+.B charon.plugins.attr
+.br
+Section to specify arbitrary attributes that are assigned to a peer via
+configuration payload (CP).
+
+.TP
+.BR charon.plugins.attr.<attr> " []"
+.RB "" "<attr>" ""
+can be either
+.RI "" "address" ","
+.RI "" "netmask" ","
+.RI "" "dns" ","
+.RI "" "nbns" ","
+.RI "" "dhcp" ","
+.RI "" "subnet" ","
+.RI "" "split\-include" ","
+.RI "" "split\-exclude" ""
+or the numeric identifier of the attribute
+type. The assigned value can be an IPv4/IPv6 address, a subnet in CIDR notation
+or an arbitrary value depending on the attribute type. For some attribute types
+multiple values may be specified as a comma separated list.
+
+.TP
+.BR charon.plugins.attr-sql.database " []"
+Database URI for attr\-sql plugin used by charon. If it contains a password, make
+sure to adjust the permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.attr-sql.lease_history " [yes]"
+Enable logging of SQL IP pool leases.
+
+.TP
+.BR charon.plugins.certexpire.csv.cron " []"
+Cron style string specifying CSV export times.
+
+.TP
+.BR charon.plugins.certexpire.csv.empty_string " []"
+String to use in empty intermediate CA fields.
+
+.TP
+.BR charon.plugins.certexpire.csv.fixed_fields " [yes]"
+Use a fixed intermediate CA field count.
+
+.TP
+.BR charon.plugins.certexpire.csv.force " [yes]"
+Force export of all trustchains we have a private key for.
+
+.TP
+.BR charon.plugins.certexpire.csv.format " [%d:%m:%Y]"
+.RB "" "strftime" "(3)"
+format string to export expiration dates as.
+
+.TP
+.BR charon.plugins.certexpire.csv.local " []"
+.RB "" "strftime" "(3)"
+format string for the CSV file name to export local certificates
+to.
+
+.TP
+.BR charon.plugins.certexpire.csv.remote " []"
+.RB "" "strftime" "(3)"
+format string for the CSV file name to export remote
+certificates to.
+
+.TP
+.BR charon.plugins.certexpire.csv.separator " [,]"
+CSV field separator.
+
+.TP
+.BR charon.plugins.coupling.file " []"
+File to store coupling list to.
+
+.TP
+.BR charon.plugins.coupling.hash " [sha1]"
+Hashing algorithm to fingerprint coupled certificates.
+
+.TP
+.BR charon.plugins.coupling.max " [1]"
+Maximum number of coupling entries to create.
+
+.TP
+.BR charon.plugins.dhcp.force_server_address " [no]"
+Always use the configured server address. This might be helpful if the DHCP
+server runs on the same host as strongSwan, and the DHCP daemon does not listen
+on the loopback interface. In that case the server cannot be reached via
+unicast (or even 255.255.255.255) as that would be routed via loopback. Setting
+this option to yes and configuring the local broadcast address (e.g.
+192.168.0.255) as server address might work.
+
+.TP
+.BR charon.plugins.dhcp.identity_lease " [no]"
+Derive user\-defined MAC address from hash of IKE identity.
+
+.TP
+.BR charon.plugins.dhcp.interface " []"
+Interface name the plugin uses for address allocation. The default is to bind to
+any (0.0.0.0) and let the system decide which way to route the packets to the
+DHCP server.
+
+.TP
+.BR charon.plugins.dhcp.server " [255.255.255.255]"
+DHCP server unicast or broadcast IP address.
+
+.TP
+.BR charon.plugins.dnscert.enable " [no]"
+Enable fetching of CERT RRs via DNS.
+
+.TP
+.BR charon.plugins.duplicheck.enable " [yes]"
+Enable duplicheck plugin (if loaded).
+
+.TP
+.BR charon.plugins.duplicheck.socket " [unix://${piddir}/charon.dck]"
+Socket provided by the duplicheck plugin.
+
+.TP
+.BR charon.plugins.eap-aka.request_identity " [yes]"
+.TP
+.BR charon.plugins.eap-aka-3ggp2.seq_check " []"
+.TP
+.BR charon.plugins.eap-dynamic.prefer_user " [no]"
+If enabled the EAP methods proposed in an EAP\-Nak message sent by the peer are
+preferred over the methods registered locally.
+
+.TP
+.BR charon.plugins.eap-dynamic.preferred " []"
+The preferred EAP method(s) to be used. If it is not given the first registered
+method will be used initially. If a comma separated list is given the methods
+are tried in the given order before trying the rest of the registered methods.
+
+.TP
+.BR charon.plugins.eap-gtc.backend " [pam]"
+XAuth backend to be used for credential verification.
+
+.TP
+.BR charon.plugins.eap-peap.fragment_size " [1024]"
+Maximum size of an EAP\-PEAP packet.
+
+.TP
+.BR charon.plugins.eap-peap.include_length " [no]"
+Include length in non\-fragmented EAP\-PEAP packets.
+
+.TP
+.BR charon.plugins.eap-peap.max_message_count " [32]"
+Maximum number of processed EAP\-PEAP packets (0 = no limit).
+
+.TP
+.BR charon.plugins.eap-peap.phase2_method " [mschapv2]"
+Phase2 EAP client authentication method.
+
+.TP
+.BR charon.plugins.eap-peap.phase2_piggyback " [no]"
+Phase2 EAP Identity request piggybacked by server onto TLS Finished message.
+
+.TP
+.BR charon.plugins.eap-peap.phase2_tnc " [no]"
+Start phase2 EAP TNC protocol after successful client authentication.
+
+.TP
+.BR charon.plugins.eap-peap.request_peer_auth " [no]"
+Request peer authentication based on a client certificate.
+
+.TP
+.BR charon.plugins.eap-radius.accounting " [no]"
+Send RADIUS accounting information to RADIUS servers.
+
+.TP
+.BR charon.plugins.eap-radius.accounting_requires_vip " [no]"
+If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP.
+
+.TP
+.BR charon.plugins.eap-radius.class_group " [no]"
+Use the
+.RI "" "class" ""
+attribute sent in the RADIUS\-Accept message as group membership
+information that is compared to the groups specified in the
+.RB "" "rightgroups" ""
+option in
+.RB "" "ipsec.conf" "(5)."
+
+
+.TP
+.BR charon.plugins.eap-radius.close_all_on_timeout " [no]"
+Closes all IKE_SAs if communication with the RADIUS server times out. If it is
+not set only the current IKE_SA is closed.
+
+.TP
+.BR charon.plugins.eap-radius.eap_start " [no]"
+Send EAP\-Start instead of EAP\-Identity to start RADIUS conversation.
+
+.TP
+.BR charon.plugins.eap-radius.filter_id " [no]"
+If the RADIUS
+.RI "" "tunnel_type" ""
+attribute with value
+.RB "" "ESP" ""
+is received, use the
+.RI "" "filter_id" ""
+attribute sent in the RADIUS\-Accept message as group membership
+information that is compared to the groups specified in the
+.RB "" "rightgroups" ""
+option in
+.RB "" "ipsec.conf" "(5)."
+
+
+.TP
+.BR charon.plugins.eap-radius.id_prefix " []"
+Prefix to EAP\-Identity, some AAA servers use a IMSI prefix to select the EAP
+method.
+
+.TP
+.BR charon.plugins.eap-radius.nas_identifier " [strongSwan]"
+NAS\-Identifier to include in RADIUS messages.
+
+.TP
+.BR charon.plugins.eap-radius.port " [1812]"
+Port of RADIUS server (authentication).
+
+.TP
+.BR charon.plugins.eap-radius.secret " []"
+Shared secret between RADIUS and NAS. If set, make sure to adjust the
+permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.eap-radius.server " []"
+IP/Hostname of RADIUS server.
+
+.TP
+.BR charon.plugins.eap-radius.sockets " [1]"
+Number of sockets (ports) to use, increase for high load.
+
+.TP
+.BR charon.plugins.eap-radius.dae.enable " [no]"
+Enables support for the Dynamic Authorization Extension (RFC 5176).
+
+.TP
+.BR charon.plugins.eap-radius.dae.listen " [0.0.0.0]"
+Address to listen for DAE messages from the RADIUS server.
+
+.TP
+.BR charon.plugins.eap-radius.dae.port " [3799]"
+Port to listen for DAE requests.
+
+.TP
+.BR charon.plugins.eap-radius.dae.secret " []"
+Shared secret used to verify/sign DAE messages. If set, make sure to adjust the
+permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.eap-radius.forward.ike_to_radius " []"
+RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by name
+or attribute number, a colon can be used to specify vendor\-specific attributes,
+e.g. Reply\-Message, or 11, or 36906:12).
+
+.TP
+.BR charon.plugins.eap-radius.forward.radius_to_ike " []"
+Same as
+.RI "" "charon.plugins.eap\-radius.forward.ike_to_radius" ""
+but from RADIUS to
+IKEv2, a strongSwan specific private notify (40969) is used to transmit the
+attributes.
+
+.TP
+.B charon.plugins.eap-radius.servers
+.br
+Section to specify multiple RADIUS servers. The
+.RB "" "nas_identifier" ","
+.RB "" "secret" ","
+.RB "" "sockets" ""
+and
+.RB "" "port" ""
+(or
+.RB "" "auth_port" ")"
+options can be specified for each
+server. A server's IP/Hostname can be configured using the
+.RB "" "address" ""
+option.
+The
+.RB "" "acct_port" ""
+[1813] option can be used to specify the port used for RADIUS
+accounting. For each RADIUS server a priority can be specified using the
+.RB "" "preference" ""
+[0] option.
+
+.TP
+.B charon.plugins.eap-radius.xauth
+.br
+Section to configure multiple XAuth authentication rounds via RADIUS. The
+subsections define so called authentication profiles with arbitrary names. In
+each profile section one or more XAuth types can be configured, with an assigned
+message. For each type a separate XAuth exchange will be initiated and all
+replies get concatenated into the User\-Password attribute, which then gets
+verified over RADIUS.
+
+Available XAuth types are
+.RB "" "password" ","
+.RB "" "passcode" ","
+.RB "" "nextpin" ","
+and
+.RB "" "answer" "."
+This type is not relevant to strongSwan or the AAA server, but the
+client may show a different dialog (along with the configured message).
+
+To use the configured profiles, they have to be configured in the respective
+connection in
+.RB "" "ipsec.conf" "(5)"
+by appending the profile name, separated by a
+colon, to the
+.RB "" "xauth\-radius" ""
+XAauth backend configuration in
+.RI "" "rightauth" ""
+or
+.RI "" "rightauth2" ","
+for instance,
+.RI "" "rightauth2=xauth\-radius:profile" "."
+
+
+.TP
+.BR charon.plugins.eap-sim.request_identity " [yes]"
+.TP
+.BR charon.plugins.eap-simaka-sql.database " []"
+.TP
+.BR charon.plugins.eap-simaka-sql.remove_used " [no]"
+.TP
+.BR charon.plugins.eap-tls.fragment_size " [1024]"
+Maximum size of an EAP\-TLS packet.
+
+.TP
+.BR charon.plugins.eap-tls.include_length " [yes]"
+Include length in non\-fragmented EAP\-TLS packets.
+
+.TP
+.BR charon.plugins.eap-tls.max_message_count " [32]"
+Maximum number of processed EAP\-TLS packets (0 = no limit).
+
+.TP
+.BR charon.plugins.eap-tnc.max_message_count " [10]"
+Maximum number of processed EAP\-TNC packets (0 = no limit).
+
+.TP
+.BR charon.plugins.eap-tnc.protocol " [tnccs-1.1]"
+IF\-TNCCS protocol version to be used
+.RI "(" "tnccs\-1.1" ","
+.RI "" "tnccs\-2.0" ","
+.RI "" "tnccs\-dynamic" ")."
+
+
+.TP
+.BR charon.plugins.eap-ttls.fragment_size " [1024]"
+Maximum size of an EAP\-TTLS packet.
+
+.TP
+.BR charon.plugins.eap-ttls.include_length " [yes]"
+Include length in non\-fragmented EAP\-TTLS packets.
+
+.TP
+.BR charon.plugins.eap-ttls.max_message_count " [32]"
+Maximum number of processed EAP\-TTLS packets (0 = no limit).
+
+.TP
+.BR charon.plugins.eap-ttls.phase2_method " [md5]"
+Phase2 EAP client authentication method.
+
+.TP
+.BR charon.plugins.eap-ttls.phase2_piggyback " [no]"
+Phase2 EAP Identity request piggybacked by server onto TLS Finished message.
+
+.TP
+.BR charon.plugins.eap-ttls.phase2_tnc " [no]"
+Start phase2 EAP TNC protocol after successful client authentication.
+
+.TP
+.BR charon.plugins.eap-ttls.request_peer_auth " [no]"
+Request peer authentication based on a client certificate.
+
+.TP
+.BR charon.plugins.error-notify.socket " [unix://${piddir}/charon.enfy]"
+Socket provided by the error\-notify plugin.
+
+.TP
+.BR charon.plugins.gcrypt.quick_random " [no]"
+Use faster random numbers in gcrypt; for testing only, produces weak keys!
+
+.TP
+.BR charon.plugins.ha.autobalance " [0]"
+Interval in seconds to automatically balance handled segments between nodes. Set
+to 0 to disable.
+
+.TP
+.BR charon.plugins.ha.fifo_interface " [yes]"
+.TP
+.BR charon.plugins.ha.heartbeat_delay " [1000]"
+.TP
+.BR charon.plugins.ha.heartbeat_timeout " [2100]"
+.TP
+.BR charon.plugins.ha.local " []"
+.TP
+.BR charon.plugins.ha.monitor " [yes]"
+.TP
+.BR charon.plugins.ha.pools " []"
+.TP
+.BR charon.plugins.ha.remote " []"
+.TP
+.BR charon.plugins.ha.resync " [yes]"
+.TP
+.BR charon.plugins.ha.secret " []"
+.TP
+.BR charon.plugins.ha.segment_count " [1]"
+.TP
+.BR charon.plugins.imc-attestation.aik_blob " []"
+AIK encrypted private key blob file.
+
+.TP
+.BR charon.plugins.imc-attestation.aik_cert " []"
+AIK certificate file.
+
+.TP
+.BR charon.plugins.imc-attestation.aik_key " []"
+AIK public key file.
+
+.TP
+.BR charon.plugins.imc-attestation.nonce_len " [20]"
+DH nonce length.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr17_after " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr17_before " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr17_meas " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr18_after " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr18_before " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr18_meas " []"
+Dummy data if the TBOOT log is not retrieved.
+
+.TP
+.BR charon.plugins.imc-attestation.pcr_info " [yes]"
+Whether to send pcr_before and pcr_after info.
+
+.TP
+.BR charon.plugins.imc-attestation.use_quote2 " [yes]"
+Use Quote2 AIK signature instead of Quote signature.
+
+.TP
+.BR charon.plugins.imc-os.push_info " [yes]"
+Send operating system info without being prompted.
+
+.TP
+.BR charon.plugins.imc-scanner.push_info " [yes]"
+Send open listening ports without being prompted.
+
+.TP
+.BR charon.plugins.imc-swid.swid_directory " [${prefix}/share]"
+Directory where SWID tags are located.
+
+.TP
+.BR charon.plugins.imc-test.additional_ids " [0]"
+Number of additional IMC IDs.
+
+.TP
+.BR charon.plugins.imc-test.command " [none]"
+Command to be sent to the Test IMV.
+
+.TP
+.BR charon.plugins.imc-test.dummy_size " [0]"
+Size of dummy attribute to be sent to the Test IMV (0 = disabled).
+
+.TP
+.BR charon.plugins.imc-test.retry " [no]"
+Do a handshake retry.
+
+.TP
+.BR charon.plugins.imc-test.retry_command " []"
+Command to be sent to the Test IMV in the handshake retry.
+
+.TP
+.BR charon.plugins.imv-attestation.cadir " []"
+Path to directory with AIK cacerts.
+
+.TP
+.BR charon.plugins.imv-attestation.dh_group " [ecp256]"
+Preferred Diffie\-Hellman group.
+
+.TP
+.BR charon.plugins.imv-attestation.hash_algorithm " [sha256]"
+Preferred measurement hash algorithm.
+
+.TP
+.BR charon.plugins.imv-attestation.min_nonce_len " [0]"
+DH minimum nonce length.
+
+.TP
+.BR charon.plugins.imv-os.remediation_uri " []"
+URI pointing to operating system remediation instructions.
+
+.TP
+.BR charon.plugins.imv-scanner.remediation_uri " []"
+URI pointing to scanner remediation instructions.
+
+.TP
+.BR charon.plugins.imv-test.rounds " [0]"
+Number of IMC\-IMV retry rounds.
+
+.TP
+.BR charon.plugins.ipseckey.enable " [no]"
+Enable fetching of IPSECKEY RRs via DNS.
+
+.TP
+.BR charon.plugins.kernel-klips.ipsec_dev_count " [4]"
+Number of ipsecN devices.
+
+.TP
+.BR charon.plugins.kernel-klips.ipsec_dev_mtu " [0]"
+Set MTU of ipsecN device.
+
+.TP
+.BR charon.plugins.kernel-libipsec.allow_peer_ts " [no]"
+Allow that the remote traffic selector equals the IKE peer. The route installed
+for such traffic (via TUN device) usually prevents further IKE traffic. The
+fwmark options for the
+.RI "" "kernel\-netlink" ""
+and
+.RI "" "socket\-default" ""
+plugins can be used
+to circumvent that problem.
+
+.TP
+.BR charon.plugins.kernel-netlink.fwmark " []"
+Firewall mark to set on the routing rule that directs traffic to our routing
+table. The format is [!]mark[/mask], where the optional exclamation mark inverts
+the meaning (i.e. the rule only applies to packets that don't match the mark).
+
+.TP
+.BR charon.plugins.kernel-netlink.roam_events " [yes]"
+Whether to trigger roam events when interfaces, addresses or routes change.
+
+.TP
+.BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]"
+Lifetime of XFRM acquire state in kernel. The value gets written to
+/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
+acquire messages sent.
+
+.TP
+.BR charon.plugins.kernel-pfroute.vip_wait " [1000]"
+Time in ms to wait until virtual IP addresses appear/disappear before failing.
+
+.TP
+.BR charon.plugins.led.activity_led " []"
+.TP
+.BR charon.plugins.led.blink_time " [50]"
+.TP
+.B charon.plugins.load-tester
+.br
+Section to configure the load\-tester plugin, see LOAD TESTS in
+.RB "" "strongswan.conf" "(5)"
+for details.
+
+.TP
+.BR charon.plugins.load-tester.addrs_keep " [no]"
+Whether to keep dynamic addresses even after the associated SA got terminated.
+
+.TP
+.BR charon.plugins.load-tester.addrs_prefix " [16]"
+Network prefix length to use when installing dynamic addresses. If set to \-1 the
+full address is used (i.e. 32 or 128).
+
+.TP
+.BR charon.plugins.load-tester.ca_dir " []"
+Directory to load (intermediate) CA certificates from.
+
+.TP
+.BR charon.plugins.load-tester.child_rekey " [600]"
+Seconds to start CHILD_SA rekeying after setup.
+
+.TP
+.BR charon.plugins.load-tester.delay " [0]"
+Delay between initiatons for each thread.
+
+.TP
+.BR charon.plugins.load-tester.delete_after_established " [no]"
+Delete an IKE_SA as soon as it has been established.
+
+.TP
+.BR charon.plugins.load-tester.digest " [sha1]"
+Digest algorithm used when issuing certificates.
+
+.TP
+.BR charon.plugins.load-tester.dpd_delay " [0]"
+DPD delay to use in load test.
+
+.TP
+.BR charon.plugins.load-tester.dynamic_port " [0]"
+Base port to be used for requests (each client uses a different port).
+
+.TP
+.BR charon.plugins.load-tester.eap_password " [default-pwd]"
+EAP secret to use in load test.
+
+.TP
+.BR charon.plugins.load-tester.enable " [no]"
+Enable the load testing plugin.
+.RB "" "WARNING" ":"
+Never enable this plugin on
+productive systems. It provides preconfigured credentials and allows an attacker
+to authenticate as any user.
+
+.TP
+.BR charon.plugins.load-tester.esp " [aes128-sha1]"
+CHILD_SA proposal to use for load tests.
+
+.TP
+.BR charon.plugins.load-tester.fake_kernel " [no]"
+Fake the kernel interface to allow load\-testing against self.
+
+.TP
+.BR charon.plugins.load-tester.ike_rekey " [0]"
+Seconds to start IKE_SA rekeying after setup.
+
+.TP
+.BR charon.plugins.load-tester.init_limit " [0]"
+Global limit of concurrently established SAs during load test.
+
+.TP
+.BR charon.plugins.load-tester.initiator " [0.0.0.0]"
+Address to initiate from.
+
+.TP
+.BR charon.plugins.load-tester.initiator_auth " [pubkey]"
+Authentication method(s) the intiator uses.
+
+.TP
+.BR charon.plugins.load-tester.initiator_id " []"
+Initiator ID used in load test.
+
+.TP
+.BR charon.plugins.load-tester.initiator_match " []"
+Initiator ID to match against as responder.
+
+.TP
+.BR charon.plugins.load-tester.initiator_tsi " []"
+Traffic selector on initiator side, as proposed by initiator.
+
+.TP
+.BR charon.plugins.load-tester.initiator_tsr " []"
+Traffic selector on responder side, as proposed by initiator.
+
+.TP
+.BR charon.plugins.load-tester.initiators " [0]"
+Number of concurrent initiator threads to use in load test.
+
+.TP
+.BR charon.plugins.load-tester.issuer_cert " []"
+Path to the issuer certificate (if not configured a hard\-coded default value is
+used).
+
+.TP
+.BR charon.plugins.load-tester.issuer_key " []"
+Path to private key that is used to issue certificates (if not configured a
+hard\-coded default value is used).
+
+.TP
+.BR charon.plugins.load-tester.iterations " [1]"
+Number of IKE_SAs to initiate by each initiator in load test.
+
+.TP
+.BR charon.plugins.load-tester.mode " [tunnel]"
+IPsec mode to use, one of
+.RI "" "tunnel" ","
+.RI "" "transport" ","
+or
+.RI "" "beet" "."
+
+
+.TP
+.BR charon.plugins.load-tester.pool " []"
+Provide INTERNAL_IPV4_ADDRs from a named pool.
+
+.TP
+.BR charon.plugins.load-tester.preshared_key " [<default-psk>]"
+Preshared key to use in load test.
+
+.TP
+.BR charon.plugins.load-tester.proposal " [aes128-sha1-modp768]"
+IKE proposal to use in load test.
+
+.TP
+.BR charon.plugins.load-tester.request_virtual_ip " [no]"
+Request an INTERNAL_IPV4_ADDR from the server.
+
+.TP
+.BR charon.plugins.load-tester.responder " [127.0.0.1]"
+Address to initiation connections to.
+
+.TP
+.BR charon.plugins.load-tester.responder_auth " [pubkey]"
+Authentication method(s) the responder uses.
+
+.TP
+.BR charon.plugins.load-tester.responder_id " []"
+Responder ID used in load test.
+
+.TP
+.BR charon.plugins.load-tester.responder_tsi " [initiator_tsi]"
+Traffic selector on initiator side, as narrowed by responder.
+
+.TP
+.BR charon.plugins.load-tester.responder_tsr " [initiator_tsr]"
+Traffic selector on responder side, as narrowed by responder.
+
+.TP
+.BR charon.plugins.load-tester.shutdown_when_complete " [no]"
+Shutdown the daemon after all IKE_SAs have been established.
+
+.TP
+.BR charon.plugins.load-tester.socket " [unix://${piddir}/charon.ldt]"
+Socket provided by the load\-tester plugin.
+
+.TP
+.BR charon.plugins.load-tester.version " [0]"
+IKE version to use (0 means use IKEv2 as initiator and accept any version as
+responder).
+
+.TP
+.B charon.plugins.load-tester.addrs
+.br
+Section that contains key/value pairs with address pools (in CIDR notation) to
+use for a specific network interface e.g. eth0 = 10.10.0.0/16.
+
+.TP
+.BR charon.plugins.lookip.socket " [unix://${piddir}/charon.lkp]"
+Socket provided by the lookip plugin.
+
+.TP
+.BR charon.plugins.ntru.max_drbg_requests " [4294967294]"
+Number of pseudo\-random bit requests from the DRBG before an automatic reseeding
+occurs.
+
+.TP
+.BR charon.plugins.ntru.parameter_set " [optimum]"
+The following parameter sets are available:
+.RB "" "x9_98_speed" ","
+.RB "" "x9_98_bandwidth" ","
+.RB "" "x9_98_balance" ""
+and
+.RB "" "optimum" ","
+the last set not being
+part of the X9.98 standard but having the best performance.
+
+.TP
+.BR charon.plugins.openssl.engine_id " [pkcs11]"
+ENGINE ID to use in the OpenSSL plugin.
+
+.TP
+.BR charon.plugins.openssl.fips_mode " [0]"
+Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+
+.TP
+.BR charon.plugins.pkcs11.load_certs " [yes]"
+Whether to load certificates from tokens.
+
+.TP
+.BR charon.plugins.pkcs11.reload_certs " [no]"
+Reload certificates from all tokens if charon receives a SIGHUP.
+
+.TP
+.BR charon.plugins.pkcs11.use_dh " [no]"
+Whether the PKCS#11 modules should be used for DH and ECDH (see
+.RI "" "use_ecc" ""
+option).
+
+.TP
+.BR charon.plugins.pkcs11.use_ecc " [no]"
+Whether the PKCS#11 modules should be used for ECDH and ECDSA public key
+operations. ECDSA private keys can be used regardless of this option.
+
+.TP
+.BR charon.plugins.pkcs11.use_hasher " [no]"
+Whether the PKCS#11 modules should be used to hash data.
+
+.TP
+.BR charon.plugins.pkcs11.use_pubkey " [no]"
+Whether the PKCS#11 modules should be used for public key operations, even for
+keys not stored on tokens.
+
+.TP
+.BR charon.plugins.pkcs11.use_rng " [no]"
+Whether the PKCS#11 modules should be used as RNG.
+
+.TP
+.B charon.plugins.pkcs11.modules
+.br
+List of available PKCS#11 modules.
+
+.TP
+.BR charon.plugins.radattr.dir " []"
+Directory where RADIUS attributes are stored in client\-ID specific files.
+
+.TP
+.BR charon.plugins.radattr.message_id " [-1]"
+Attributes are added to all IKE_AUTH messages by default (\-1), or only to the
+IKE_AUTH message with the given IKEv2 message ID.
+
+.TP
+.BR charon.plugins.random.random " [${random_device}]"
+File to read random bytes from.
+
+.TP
+.BR charon.plugins.random.strong_equals_true " [no]"
+If set to yes the RNG_STRONG class reads random bytes from the same source as
+the RNG_TRUE class.
+
+.TP
+.BR charon.plugins.random.urandom " [${urandom_device}]"
+File to read pseudo random bytes from.
+
+.TP
+.BR charon.plugins.resolve.file " [/etc/resolv.conf]"
+File where to add DNS server entries.
+
+.TP
+.BR charon.plugins.resolve.resolvconf.iface_prefix " [lo.inet.ipsec.]"
+Prefix used for interface names sent to
+.RB "" "resolvconf" "(8)."
+The nameserver
+address is appended to this prefix to make it unique. The result has to be a
+valid interface name according to the rules defined by resolvconf. Also, it
+should have a high priority according to the order defined in
+.RB "" "interface\-order" "(5)."
+
+
+.TP
+.BR charon.plugins.socket-default.fwmark " []"
+Firewall mark to set on outbound packets.
+
+.TP
+.BR charon.plugins.socket-default.set_source " [yes]"
+Set source address on outbound packets, if possible.
+
+.TP
+.BR charon.plugins.socket-default.use_ipv4 " [yes]"
+Listen on IPv4, if possible.
+
+.TP
+.BR charon.plugins.socket-default.use_ipv6 " [yes]"
+Listen on IPv6, if possible.
+
+.TP
+.BR charon.plugins.sql.database " []"
+Database URI for charon's SQL plugin. If it contains a password, make sure to
+adjust the permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.sql.loglevel " [-1]"
+Loglevel for logging to SQL database.
+
+.TP
+.BR charon.plugins.stroke.ignore_missing_ca_basic_constraint " [no]"
+Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
+certificates even if they don't contain a CA basic constraint.
+
+.TP
+.BR charon.plugins.stroke.max_concurrent " [4]"
+Maximum number of stroke messages handled concurrently.
+
+.TP
+.BR charon.plugins.stroke.prevent_loglevel_changes " [no]"
+If enabled log level changes via stroke socket are not allowed.
+
+.TP
+.BR charon.plugins.stroke.socket " [unix://${piddir}/charon.ctl]"
+Socket provided by the stroke plugin.
+
+.TP
+.BR charon.plugins.stroke.timeout " [0]"
+Timeout in ms for any stroke command. Use 0 to disable the timeout.
+
+.TP
+.BR charon.plugins.systime-fix.interval " [0]"
+Interval in seconds to check system time for validity. 0 disables the check.
+
+.TP
+.BR charon.plugins.systime-fix.reauth " [no]"
+Whether to use reauth or delete if an invalid cert lifetime is detected.
+
+.TP
+.BR charon.plugins.systime-fix.threshold " []"
+Threshold date where system time is considered valid. Disabled if not specified.
+
+.TP
+.BR charon.plugins.systime-fix.threshold_format " [%Y]"
+.RB "" "strptime" "(3)"
+format used to parse threshold option.
+
+.TP
+.BR charon.plugins.tnc-ifmap.client_cert " []"
+Path to X.509 certificate file of IF\-MAP client.
+
+.TP
+.BR charon.plugins.tnc-ifmap.client_key " []"
+Path to private key file of IF\-MAP client.
+
+.TP
+.BR charon.plugins.tnc-ifmap.device_name " []"
+Unique name of strongSwan server as a PEP and/or PDP device.
+
+.TP
+.BR charon.plugins.tnc-ifmap.renew_session_interval " [150]"
+Interval in seconds between periodic IF\-MAP RenewSession requests.
+
+.TP
+.BR charon.plugins.tnc-ifmap.server_cert " []"
+Path to X.509 certificate file of IF\-MAP server.
+
+.TP
+.BR charon.plugins.tnc-ifmap.server_uri " [https://localhost:8444/imap]"
+URI of the form [https://]servername[:port][/path].
+
+.TP
+.BR charon.plugins.tnc-ifmap.username_password " []"
+Credentials of IF\-MAP client of the form username:password. If set, make sure to
+adjust the permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.tnc-imc.dlclose " [yes]"
+Unload IMC after use.
+
+.TP
+.BR charon.plugins.tnc-imc.preferred_language " [en]"
+Preferred language for TNC recommendations.
+
+.TP
+.BR charon.plugins.tnc-imv.dlclose " [yes]"
+Unload IMV after use.
+
+.TP
+.BR charon.plugins.tnc-imv.recommendation_policy " [default]"
+TNC recommendation policy, one of
+.RI "" "default" ","
+.RI "" "any" ","
+or
+.RI "" "all" "."
+
+
+.TP
+.BR charon.plugins.tnc-pdp.server " []"
+Name of the strongSwan PDP as contained in the AAA certificate.
+
+.TP
+.BR charon.plugins.tnc-pdp.timeout " []"
+Timeout in seconds before closing incomplete connections.
+
+.TP
+.BR charon.plugins.tnc-pdp.pt_tls.enable " [yes]"
+Enable PT\-TLS protocol on the strongSwan PDP.
+
+.TP
+.BR charon.plugins.tnc-pdp.pt_tls.port " [271]"
+PT\-TLS server port the strongSwan PDP is listening on.
+
+.TP
+.BR charon.plugins.tnc-pdp.radius.enable " [yes]"
+Enable RADIUS protocol on the strongSwan PDP.
+
+.TP
+.BR charon.plugins.tnc-pdp.radius.method " [ttls]"
+EAP tunnel method to be used.
+
+.TP
+.BR charon.plugins.tnc-pdp.radius.port " [1812]"
+RADIUS server port the strongSwan PDP is listening on.
+
+.TP
+.BR charon.plugins.tnc-pdp.radius.secret " []"
+Shared RADIUS secret between strongSwan PDP and NAS. If set, make sure to adjust
+the permissions of the config file accordingly.
+
+.TP
+.BR charon.plugins.tnccs-11.max_message_size " [45000]"
+Maximum size of a PA\-TNC message (XML & Base64 encoding).
+
+.TP
+.BR charon.plugins.tnccs-20.max_batch_size " [65522]"
+Maximum size of a PB\-TNC batch (upper limit via PT\-EAP = 65529).
+
+.TP
+.BR charon.plugins.tnccs-20.max_message_size " [65490]"
+Maximum size of a PA\-TNC message (upper limit via PT\-EAP = 65497).
+
+.TP
+.BR charon.plugins.unbound.dlv_anchors " []"
+File to read trusted keys for DLV (DNSSEC Lookaside Validation) from. It uses
+the same format as
+.RI "" "trust_anchors" "."
+Only one DLV can be configured, which is
+then used as a root trusted DLV, this means that it is a lookaside for the root.
+
+.TP
+.BR charon.plugins.unbound.resolv_conf " [/etc/resolv.conf]"
+File to read DNS resolver configuration from.
+
+.TP
+.BR charon.plugins.unbound.trust_anchors " [/etc/ipsec.d/dnssec.keys]"
+File to read DNSSEC trust anchors from (usually root zone KSK). The format of
+the file is the standard DNS Zone file format, anchors can be stored as DS or
+DNSKEY entries in the file.
+
+.TP
+.BR charon.plugins.updown.dns_handler " [no]"
+Whether the updown script should handle DNS servers assigned via IKEv1 Mode
+Config or IKEv2 Config Payloads (if enabled they can't be handled by other
+plugins, like resolve)
+
+.TP
+.BR charon.plugins.whitelist.enable " [yes]"
+Enable loaded whitelist plugin.
+
+.TP
+.BR charon.plugins.whitelist.socket " [unix://${piddir}/charon.wlst]"
+Socket provided by the whitelist plugin.
+
+.TP
+.BR charon.plugins.xauth-eap.backend " [radius]"
+EAP plugin to be used as backend for XAuth credential verification.
+
+.TP
+.BR charon.plugins.xauth-pam.pam_service " [login]"
+PAM service to be used for authentication.
+
+.TP
+.BR charon.plugins.xauth-pam.session " [no]"
+Open/close a PAM session for each active IKE_SA.
+
+.TP
+.BR charon.plugins.xauth-pam.trim_email " [yes]"
+If an email address is received as an XAuth username, trim it to just the
+username part.
+
+.TP
+.B charon.processor.priority_threads
+.br
+Section to configure the number of reserved threads per priority class see JOB
+PRIORITY MANAGEMENT in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.B charon.syslog
+.br
+Section to define syslog loggers, see LOGGER CONFIGURATION in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.BR charon.syslog.identifier " []"
+Global identifier used for an
+.RB "" "openlog" "(3)"
+call, prepended to each log message
+by syslog. If not configured,
+.RB "" "openlog" "(3)"
+is not called, so the value will
+depend on system defaults (often the program name).
+
+.TP
+.B charon.syslog.<facility>
+.br
+<facility> is one of the supported syslog facilities, see LOGGER CONFIGURATION
+in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.BR charon.syslog.<facility>.<subsystem> " [<default>]"
+Loglevel for a specific subsystem.
+
+.TP
+.BR charon.syslog.<facility>.default " [1]"
+Specifies the default loglevel to be used for subsystems for which no specific
+loglevel is defined.
+
+.TP
+.BR charon.syslog.<facility>.ike_name " [no]"
+Prefix each log entry with the connection name and a unique numerical identifier
+for each IKE_SA.
+
+.TP
+.BR charon.tls.cipher " []"
+List of TLS encryption ciphers.
+
+.TP
+.BR charon.tls.key_exchange " []"
+List of TLS key exchange methods.
+
+.TP
+.BR charon.tls.mac " []"
+List of TLS MAC algorithms.
+
+.TP
+.BR charon.tls.suites " []"
+List of TLS cipher suites.
+
+.TP
+.BR charon.tnc.tnc_config " [/etc/tnc_config]"
+TNC IMC/IMV configuration file.
+
+.TP
+.BR charon.x509.enforce_critical " [yes]"
+Discard certificates with unsupported or unknown critical extensions.
+
+.TP
+.BR libimcv.debug_level " [1]"
+Debug level for a stand\-alone
+.RI "" "libimcv" ""
+library.
+
+.TP
+.BR libimcv.load " [random nonce gmp pubkey x509]"
+Plugins to load in IMC/IMVs with stand\-alone
+.RI "" "libimcv" ""
+library.
+
+.TP
+.BR libimcv.stderr_quiet " [no]"
+Disable output to stderr with a stand\-alone
+.RI "" "libimcv" ""
+library.
+
+.TP
+.BR manager.database " []"
+Credential database URI for manager. If it contains a password, make sure to
+adjust the permissions of the config file accordingly.
+
+.TP
+.BR manager.debug " [no]"
+Enable debugging in manager.
+
+.TP
+.BR manager.load " []"
+Plugins to load in manager.
+
+.TP
+.BR manager.socket " []"
+FastCGI socket of manager, to run it statically.
+
+.TP
+.BR manager.threads " [10]"
+Threads to use for request handling.
+
+.TP
+.BR manager.timeout " [15m]"
+Session timeout for manager.
+
+.TP
+.BR medsrv.database " []"
+Mediation server database URI. If it contains a password, make sure to adjust
+the permissions of the config file accordingly.
+
+.TP
+.BR medsrv.debug " [no]"
+Debugging in mediation server web application.
+
+.TP
+.BR medsrv.dpd " [5m]"
+DPD timeout to use in mediation server plugin.
+
+.TP
+.BR medsrv.load " []"
+Plugins to load in mediation server plugin.
+
+.TP
+.BR medsrv.password_length " [6]"
+Minimum password length required for mediation server user accounts.
+
+.TP
+.BR medsrv.rekey " [20m]"
+Rekeying time on mediation connections in mediation server plugin.
+
+.TP
+.BR medsrv.socket " []"
+Run Mediation server web application statically on socket.
+
+.TP
+.BR medsrv.threads " [5]"
+Number of thread for mediation service web application.
+
+.TP
+.BR medsrv.timeout " [15m]"
+Session timeout for mediation service.
+
+.TP
+.BR openac.load " []"
+Plugins to load in ipsec openac tool.
+
+.TP
+.BR pacman.database " []"
+Database URI for the database that stores the package information. If it
+contains a password, make sure to adjust the permissions of the config file
+accordingly.
+
+.TP
+.BR pacman.load " []"
+Plugins to load in package manager.
+
+.TP
+.BR pki.load " []"
+Plugins to load in ipsec pki tool.
+
+.TP
+.BR pool.database " []"
+Database URI for the database that stores IP pools and configuration attributes.
+If it contains a password, make sure to adjust the permissions of the
+config file accordingly.
+
+.TP
+.BR pool.load " []"
+Plugins to load in ipsec pool tool.
+
+.TP
+.BR scepclient.load " []"
+Plugins to load in ipsec scepclient tool.
+
+.TP
+.BR starter.load " []"
+Plugins to load in starter.
+
+.TP
+.BR starter.load_warning " [yes]"
+Disable charon plugin load option warning.
+
diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in
new file mode 100644
index 0000000..72aa7f8
--- /dev/null
+++ b/conf/strongswan.conf.5.tail.in
@@ -0,0 +1,470 @@
+.SH LOGGER CONFIGURATION
+Options in
+.BR strongswan.conf (5)
+provide a much more flexible way to configure loggers for the IKE daemon charon
+than using the
+.B charondebug
+option in
+.BR ipsec.conf (5).
+.PP
+.BR Note :
+If any loggers are specified in strongswan.conf,
+.B charondebug
+does not have any effect.
+.PP
+There are currently two types of loggers:
+.TP
+.B File loggers
+Log directly to a file and are defined by specifying the full path to the
+file as subsection in the
+.B charon.filelog
+section. To log to the console the two special filenames
+.BR stdout " and " stderr
+can be used.
+.TP
+.B Syslog loggers
+Log into a syslog facility and are defined by specifying the facility to log to
+as the name of a subsection in the
+.B charon.syslog
+section. The following facilities are currently supported:
+.BR daemon " and " auth .
+.PP
+Multiple loggers can be defined for each type with different log verbosity for
+the different subsystems of the daemon.
+
+.SS Subsystems
+.TP
+.B dmn
+Main daemon setup/cleanup/signal handling
+.TP
+.B mgr
+IKE_SA manager, handling synchronization for IKE_SA access
+.TP
+.B ike
+IKE_SA
+.TP
+.B chd
+CHILD_SA
+.TP
+.B job
+Jobs queueing/processing and thread pool management
+.TP
+.B cfg
+Configuration management and plugins
+.TP
+.B knl
+IPsec/Networking kernel interface
+.TP
+.B net
+IKE network communication
+.TP
+.B asn
+Low-level encoding/decoding (ASN.1, X.509 etc.)
+.TP
+.B enc
+Packet encoding/decoding encryption/decryption operations
+.TP
+.B tls
+libtls library messages
+.TP
+.B esp
+libipsec library messages
+.TP
+.B lib
+libstrongwan library messages
+.TP
+.B tnc
+Trusted Network Connect
+.TP
+.B imc
+Integrity Measurement Collector
+.TP
+.B imv
+Integrity Measurement Verifier
+.TP
+.B pts
+Platform Trust Service
+.SS Loglevels
+.TP
+.B -1
+Absolutely silent
+.TP
+.B 0
+Very basic auditing logs, (e.g. SA up/SA down)
+.TP
+.B 1
+Generic control flow with errors, a good default to see whats going on
+.TP
+.B 2
+More detailed debugging control flow
+.TP
+.B 3
+Including RAW data dumps in Hex
+.TP
+.B 4
+Also include sensitive material in dumps, e.g. keys
+.SS Example
+.PP
+.EX
+ charon {
+ filelog {
+ /var/log/charon.log {
+ time_format = %b %e %T
+ append = no
+ default = 1
+ }
+ stderr {
+ ike = 2
+ knl = 3
+ ike_name = yes
+ }
+ }
+ syslog {
+ # enable logging to LOG_DAEMON, use defaults
+ daemon {
+ }
+ # minimalistic IKE auditing logging to LOG_AUTHPRIV
+ auth {
+ default = -1
+ ike = 0
+ }
+ }
+ }
+.EE
+
+.SH JOB PRIORITY MANAGEMENT
+Some operations in the IKEv2 daemon charon are currently implemented
+synchronously and blocking. Two examples for such operations are communication
+with a RADIUS server via EAP-RADIUS, or fetching CRL/OCSP information during
+certificate chain verification. Under high load conditions, the thread pool may
+run out of available threads, and some more important jobs, such as liveness
+checking, may not get executed in time.
+.PP
+To prevent thread starvation in such situations job priorities were introduced.
+The job processor will reserve some threads for higher priority jobs, these
+threads are not available for lower priority, locking jobs.
+.SS Implementation
+Currently 4 priorities have been defined, and they are used in charon as
+follows:
+.TP
+.B CRITICAL
+Priority for long-running dispatcher jobs.
+.TP
+.B HIGH
+INFORMATIONAL exchanges, as used by liveness checking (DPD).
+.TP
+.B MEDIUM
+Everything not HIGH/LOW, including IKE_SA_INIT processing.
+.TP
+.B LOW
+IKE_AUTH message processing. RADIUS and CRL fetching block here
+.PP
+Although IKE_SA_INIT processing is computationally expensive, it is explicitly
+assigned to the MEDIUM class. This allows charon to do the DH exchange while
+other threads are blocked in IKE_AUTH. To prevent the daemon from accepting more
+IKE_SA_INIT requests than it can handle, use IKE_SA_INIT DROPPING.
+.PP
+The thread pool processes jobs strictly by priority, meaning it will consume all
+higher priority jobs before looking for ones with lower priority. Further, it
+reserves threads for certain priorities. A priority class having reserved
+.I n
+threads will always have
+.I n
+threads available for this class (either currently processing a job, or waiting
+for one).
+.SS Configuration
+To ensure that there are always enough threads available for higher priority
+tasks, threads must be reserved for each priority class.
+.TP
+.BR charon.processor.priority_threads.critical " [0]"
+Threads reserved for CRITICAL priority class jobs
+.TP
+.BR charon.processor.priority_threads.high " [0]"
+Threads reserved for HIGH priority class jobs
+.TP
+.BR charon.processor.priority_threads.medium " [0]"
+Threads reserved for MEDIUM priority class jobs
+.TP
+.BR charon.processor.priority_threads.low " [0]"
+Threads reserved for LOW priority class jobs
+.PP
+Let's consider the following configuration:
+.PP
+.EX
+ charon {
+ processor {
+ priority_threads {
+ high = 1
+ medium = 4
+ }
+ }
+ }
+.EE
+.PP
+With this configuration, one thread is reserved for HIGH priority tasks. As
+currently only liveness checking and stroke message processing is done with
+high priority, one or two threads should be sufficient.
+.PP
+The MEDIUM class mostly processes non-blocking jobs. Unless your setup is
+experiencing many blocks in locks while accessing shared resources, threads for
+one or two times the number of CPU cores is fine.
+.PP
+It is usually not required to reserve threads for CRITICAL jobs. Jobs in this
+class rarely return and do not release their thread to the pool.
+.PP
+The remaining threads are available for LOW priority jobs. Reserving threads
+does not make sense (until we have an even lower priority).
+.SS Monitoring
+To see what the threads are actually doing, invoke
+.IR "ipsec statusall" .
+Under high load, something like this will show up:
+.PP
+.EX
+ worker threads: 2 or 32 idle, 5/1/2/22 working,
+ job queue: 0/0/1/149, scheduled: 198
+.EE
+.PP
+From 32 worker threads,
+.IP 2
+are currently idle.
+.IP 5
+are running CRITICAL priority jobs (dispatching from sockets, etc.).
+.IP 1
+is currently handling a HIGH priority job. This is actually the thread currently
+providing this information via stroke.
+.IP 2
+are handling MEDIUM priority jobs, likely IKE_SA_INIT or CREATE_CHILD_SA
+messages.
+.IP 22
+are handling LOW priority jobs, probably waiting for an EAP-RADIUS response
+while processing IKE_AUTH messages.
+.PP
+The job queue load shows how many jobs are queued for each priority, ready for
+execution. The single MEDIUM priority job will get executed immediately, as
+we have two spare threads reserved for MEDIUM class jobs.
+
+.SH IKE_SA_INIT DROPPING
+If a responder receives more connection requests per seconds than it can handle,
+it does not make sense to accept more IKE_SA_INIT messages. And if they are
+queued but can't get processed in time, an answer might be sent after the
+client has already given up and restarted its connection setup. This
+additionally increases the load on the responder.
+.PP
+To limit the responder load resulting from new connection attempts, the daemon
+can drop IKE_SA_INIT messages just after reception. There are two mechanisms to
+decide if this should happen, configured with the following options:
+.TP
+.BR charon.init_limit_half_open " [0]"
+Limit based on the number of half open IKE_SAs. Half open IKE_SAs are SAs in
+connecting state, but not yet established.
+.TP
+.BR charon.init_limit_job_load " [0]"
+Limit based on the number of jobs currently queued for processing (sum over all
+job priorities).
+.PP
+The second limit includes load from other jobs, such as rekeying. Choosing a
+good value is difficult and depends on the hardware and expected load.
+.PP
+The first limit is simpler to calculate, but includes the load from new
+connections only. If your responder is capable of negotiating 100 tunnels/s, you
+might set this limit to 1000. The daemon will then drop new connection attempts
+if generating a response would require more than 10 seconds. If you are
+allowing for a maximum response time of more than 30 seconds, consider adjusting
+the timeout for connecting IKE_SAs
+.RB ( charon.half_open_timeout ).
+A responder, by default, deletes an IKE_SA if the initiator does not establish
+it within 30 seconds. Under high load, a higher value might be required.
+
+.SH LOAD TESTS
+To do stability testing and performance optimizations, the IKE daemon charon
+provides the \fIload-tester\fR plugin. This plugin allows one to setup thousands
+of tunnels concurrently against the daemon itself or a remote host.
+.PP
+.B WARNING:
+Never enable the load-testing plugin on productive systems. It provides
+preconfigured credentials and allows an attacker to authenticate as any user.
+.PP
+.SS Configuration details
+For public key authentication, the responder uses the
+.B \(dqCN=srv, OU=load-test, O=strongSwan\(dq
+identity. For the initiator, each connection attempt uses a different identity
+in the form
+.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
+where the first number inidicates the client number, the second the
+authentication round (if multiple authentication rounds are used).
+.PP
+For PSK authentication, FQDN identities are used. The server uses
+.BR srv.strongswan.org ,
+the client uses an identity in the form
+.BR c1-r1.strongswan.org .
+.PP
+For EAP authentication, the client uses a NAI in the form
+.BR 100000000010001 at strongswan.org .
+.PP
+To configure multiple authentication rounds, concatenate multiple methods using,
+e.g.
+.EX
+ initiator_auth = pubkey|psk|eap-md5|eap-aka
+.EE
+.PP
+The responder uses a hardcoded certificate based on a 1024-bit RSA key.
+This certificate additionally serves as CA certificate. A peer uses the same
+private key, but generates client certificates on demand signed by the CA
+certificate. Install the Responder/CA certificate on the remote host to
+authenticate all clients.
+.PP
+To speed up testing, the load tester plugin implements a special Diffie-Hellman
+implementation called \fImodpnull\fR. By setting
+.EX
+ proposal = aes128-sha1-modpnull
+.EE
+this wicked fast DH implementation is used. It does not provide any security
+at all, but allows one to run tests without DH calculation overhead.
+.SS Examples
+.PP
+In the simplest case, the daemon initiates IKE_SAs against itself using the
+loopback interface. This will actually establish double the number of IKE_SAs,
+as the daemon is initiator and responder for each IKE_SA at the same time.
+Installation of IPsec SAs would fail, as each SA gets installed twice. To
+simulate the correct behavior, a fake kernel interface can be enabled which does
+not install the IPsec SAs at the kernel level.
+.PP
+A simple loopback configuration might look like this:
+.PP
+.EX
+ charon {
+ # create new IKE_SAs for each CHILD_SA to simulate
+ # different clients
+ reuse_ikesa = no
+ # turn off denial of service protection
+ dos_protection = no
+
+ plugins {
+ load-tester {
+ # enable the plugin
+ enable = yes
+ # use 4 threads to initiate connections
+ # simultaneously
+ initiators = 4
+ # each thread initiates 1000 connections
+ iterations = 1000
+ # delay each initiation in each thread by 20ms
+ delay = 20
+ # enable the fake kernel interface to
+ # avoid SA conflicts
+ fake_kernel = yes
+ }
+ }
+ }
+.EE
+.PP
+This will initiate 4000 IKE_SAs within 20 seconds. You may increase the delay
+value if your box can not handle that much load, or decrease it to put more
+load on it. If the daemon starts retransmitting messages your box probably can
+not handle all connection attempts.
+.PP
+The plugin also allows one to test against a remote host. This might help to
+test against a real world configuration. A connection setup to do stress
+testing of a gateway might look like this:
+.PP
+.EX
+ charon {
+ reuse_ikesa = no
+ threads = 32
+
+ plugins {
+ load-tester {
+ enable = yes
+ # 10000 connections, ten in parallel
+ initiators = 10
+ iterations = 1000
+ # use a delay of 100ms, overall time is:
+ # iterations * delay = 100s
+ delay = 100
+ # address of the gateway
+ remote = 1.2.3.4
+ # IKE-proposal to use
+ proposal = aes128-sha1-modp1024
+ # use faster PSK authentication instead
+ # of 1024bit RSA
+ initiator_auth = psk
+ responder_auth = psk
+ # request a virtual IP using configuration
+ # payloads
+ request_virtual_ip = yes
+ # enable CHILD_SA every 60s
+ child_rekey = 60
+ }
+ }
+ }
+.EE
+
+.SH IKEv2 RETRANSMISSION
+Retransmission timeouts in the IKEv2 daemon charon can be configured globally
+using the three keys listed below:
+.PP
+.RS
+.nf
+.BR charon.retransmit_base " [1.8]"
+.BR charon.retransmit_timeout " [4.0]"
+.BR charon.retransmit_tries " [5]"
+.fi
+.RE
+.PP
+The following algorithm is used to calculate the timeout:
+.PP
+.EX
+ relative timeout = retransmit_timeout * retransmit_base ^ (n-1)
+.EE
+.PP
+Where
+.I n
+is the current retransmission count.
+.PP
+Using the default values, packets are retransmitted in:
+
+.TS
+l r r
+---
+lB r r.
+Retransmission Relative Timeout Absolute Timeout
+1 4s 4s
+2 7s 11s
+3 13s 24s
+4 23s 47s
+5 42s 89s
+giving up 76s 165s
+.TE
+.
+.SH VARIABLES
+.
+The variables used above are configured as follows:
+
+.nf
+.na
+${piddir} @piddir@
+${prefix} @prefix@
+${random_device} @random_device@
+${urandom_device} @urandom_device@
+.ad
+.fi
+.
+.SH FILES
+.
+.nf
+.na
+/etc/strongswan.conf configuration file
+/etc/strongswan.d/ directory containing included config snippets
+/etc/strongswan.d/charon/ plugin specific config snippets
+.ad
+.fi
+.
+.SH SEE ALSO
+\fBipsec.conf\fR(5), \fBipsec.secrets\fR(5), \fBipsec\fR(8), \fBcharon-cmd\fR(8)
+
+.SH HISTORY
+Written for the
+.UR http://www.strongswan.org
+strongSwan project
+.UE
+by Tobias Brunner, Andreas Steffen and Martin Willi.
diff --git a/config.h.in b/config.h.in
index cce6dd1..bfcb4e2 100644
--- a/config.h.in
+++ b/config.h.in
@@ -124,6 +124,12 @@
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
+/* Define to 1 if you have the `memrchr' function. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the `mmap' function. */
+#undef HAVE_MMAP
+
/* have mpz_mown_sec() */
#undef HAVE_MPZ_POWM_SEC
@@ -169,6 +175,15 @@
/* Define to 1 if you have the `pthread_spin_init' function. */
#undef HAVE_PTHREAD_SPIN_INIT
+/* have qsort_r() */
+#undef HAVE_QSORT_R
+
+/* have BSD-style qsort_r() */
+#undef HAVE_QSORT_R_BSD
+
+/* have GNU-style qsort_r() */
+#undef HAVE_QSORT_R_GNU
+
/* Define to 1 if you have the `rb_errinfo' function. */
#undef HAVE_RB_ERRINFO
@@ -293,7 +308,7 @@
/* support for IKEv2 protocol */
#undef USE_IKEV2
-/* use vstring library for printf hooks */
+/* use Vstr string library for printf hooks */
#undef USE_VSTR
/* Version number of package */
diff --git a/configure b/configure
index 818379b..652a5d0 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.1.1.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.1.2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.1.1'
-PACKAGE_STRING='strongSwan 5.1.1'
+PACKAGE_VERSION='5.1.2'
+PACKAGE_STRING='strongSwan 5.1.2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -632,14 +632,13 @@ ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
+strongswan_options
USE_CMD_FALSE
USE_CMD_TRUE
USE_TKM_FALSE
USE_TKM_TRUE
COVERAGE_FALSE
COVERAGE_TRUE
-UNITTESTS_FALSE
-UNITTESTS_TRUE
USE_SILENT_RULES_FALSE
USE_SILENT_RULES_TRUE
MONOLITHIC_FALSE
@@ -872,6 +871,8 @@ USE_MEDSRV_FALSE
USE_MEDSRV_TRUE
USE_STROKE_FALSE
USE_STROKE_TRUE
+USE_NTRU_FALSE
+USE_NTRU_TRUE
USE_AF_ALG_FALSE
USE_AF_ALG_TRUE
USE_GCM_FALSE
@@ -982,8 +983,6 @@ COVERAGE_LDFLAGS
COVERAGE_CFLAGS
GENHTML
LCOV
-CHECK_LIBS
-CHECK_CFLAGS
GPRBUILD
dev_headers
USE_DEV_HEADERS_FALSE
@@ -1018,6 +1017,15 @@ DLLIB
ALLOCA
GPERF
PERL
+pkgpyexecdir
+pyexecdir
+pkgpythondir
+pythondir
+PYTHON_PLATFORM
+PYTHON_EXEC_PREFIX
+PYTHON_PREFIX
+PYTHON_VERSION
+PYTHON
YFLAGS
YACC
LEXLIB
@@ -1314,6 +1322,7 @@ enable_pkcs11
enable_ctr
enable_ccm
enable_gcm
+enable_ntru
enable_addrblock
enable_unity
enable_uci
@@ -1336,7 +1345,6 @@ enable_vstr
enable_monolithic
enable_bfd_backtraces
enable_unwind_backtraces
-enable_unit_tests
enable_coverage
enable_tkm
enable_cmd
@@ -1365,6 +1373,7 @@ CPPFLAGS
CPP
YACC
YFLAGS
+PYTHON
soup_CFLAGS
soup_LIBS
xml_CFLAGS
@@ -1376,9 +1385,7 @@ maemo_LIBS
pcsclite_CFLAGS
pcsclite_LIBS
nm_CFLAGS
-nm_LIBS
-CHECK_CFLAGS
-CHECK_LIBS'
+nm_LIBS'
# Initialize some variables set by options.
@@ -1919,7 +1926,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.1.1 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.1.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1989,7 +1996,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.1.1:";;
+ short | recursive ) echo "Configuration of strongSwan 5.1.2:";;
esac
cat <<\_ACEOF
@@ -2151,6 +2158,7 @@ Optional Features:
--enable-ctr enables the Counter Mode wrapper crypto plugin.
--enable-ccm enables the CCM AEAD wrapper crypto plugin.
--enable-gcm enables the GCM AEAD wrapper crypto plugin.
+ --enable-ntru enables the NTRU crypto plugin.
--enable-addrblock enables RFC 3779 address block constraint support.
--enable-unity enables Cisco Unity extension plugin.
--enable-uci enable OpenWRT UCI configuration plugin.
@@ -2186,7 +2194,6 @@ Optional Features:
--enable-unwind-backtraces
use libunwind to create backtraces for memory leaks
and segfaults.
- --enable-unit-tests enable unit tests using the check test framework.
--enable-coverage enable lcov coverage report generation.
--enable-tkm enable Trusted Key Manager support.
--enable-cmd enable the command line IKE client charon-cmd.
@@ -2292,6 +2299,7 @@ Some influential environment variables:
YFLAGS The list of arguments that will be passed by default to $YACC.
This script will default YFLAGS to the empty string to avoid a
default value of `-d' given by some make applications.
+ PYTHON the Python interpreter
soup_CFLAGS C compiler flags for soup, overriding pkg-config
soup_LIBS linker flags for soup, overriding pkg-config
xml_CFLAGS C compiler flags for xml, overriding pkg-config
@@ -2307,9 +2315,6 @@ Some influential environment variables:
linker flags for pcsclite, overriding pkg-config
nm_CFLAGS C compiler flags for nm, overriding pkg-config
nm_LIBS linker flags for nm, overriding pkg-config
- CHECK_CFLAGS
- C compiler flags for CHECK, overriding pkg-config
- CHECK_LIBS linker flags for CHECK, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@@ -2377,7 +2382,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.1.1
+strongSwan configure 5.1.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2899,7 +2904,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.1.1, which was
+It was created by strongSwan $as_me 5.1.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3762,7 +3767,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.1.1'
+ VERSION='5.1.2'
cat >>confdefs.h <<_ACEOF
@@ -6391,6 +6396,21 @@ else
fi
+# Check whether --enable-ntru was given.
+if test "${enable_ntru+set}" = set; then :
+ enableval=$enable_ntru; ntru_given=true
+ if test x$enableval = xyes; then
+ ntru=true
+ else
+ ntru=false
+ fi
+else
+ ntru=false
+ ntru_given=false
+
+fi
+
+
# Check whether --enable-addrblock was given.
if test "${enable_addrblock+set}" = set; then :
enableval=$enable_addrblock; addrblock_given=true
@@ -6721,21 +6741,6 @@ else
fi
-# Check whether --enable-unit-tests was given.
-if test "${enable_unit_tests+set}" = set; then :
- enableval=$enable_unit_tests; unit_tests_given=true
- if test x$enableval = xyes; then
- unit_tests=true
- else
- unit_tests=false
- fi
-else
- unit_tests=false
- unit_tests_given=false
-
-fi
-
-
# Check whether --enable-coverage was given.
if test "${enable_coverage+set}" = set; then :
enableval=$enable_coverage; coverage_given=true
@@ -6815,7 +6820,7 @@ fi
# ===========================
if test -z "$CFLAGS"; then
- CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign"
+ CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign"
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -16249,6 +16254,213 @@ fi
done
test -n "$YACC" || YACC="yacc"
+
+
+
+
+
+
+ # Find any Python interpreter.
+ if test -z "$PYTHON"; then
+ for ac_prog in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PYTHON+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PYTHON in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON=$ac_cv_path_PYTHON
+if test -n "$PYTHON"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+$as_echo "$PYTHON" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$PYTHON" && break
+done
+test -n "$PYTHON" || PYTHON=":"
+
+ fi
+ am_display_PYTHON=python
+
+
+ if test "$PYTHON" = :; then
+ :
+ else
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
+$as_echo_n "checking for $am_display_PYTHON version... " >&6; }
+if ${am_cv_python_version+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"`
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
+$as_echo "$am_cv_python_version" >&6; }
+ PYTHON_VERSION=$am_cv_python_version
+
+
+
+ PYTHON_PREFIX='${prefix}'
+
+ PYTHON_EXEC_PREFIX='${exec_prefix}'
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
+$as_echo_n "checking for $am_display_PYTHON platform... " >&6; }
+if ${am_cv_python_platform+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
+$as_echo "$am_cv_python_platform" >&6; }
+ PYTHON_PLATFORM=$am_cv_python_platform
+
+
+ # Just factor out some code duplication.
+ am_python_setup_sysconfig="\
+import sys
+# Prefer sysconfig over distutils.sysconfig, for better compatibility
+# with python 3.x. See automake bug#10227.
+try:
+ import sysconfig
+except ImportError:
+ can_use_sysconfig = 0
+else:
+ can_use_sysconfig = 1
+# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
+# <https://github.com/pypa/virtualenv/issues/118>
+try:
+ from platform import python_implementation
+ if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
+ can_use_sysconfig = 0
+except ImportError:
+ pass"
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5
+$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; }
+if ${am_cv_python_pythondir+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$prefix" = xNONE
+ then
+ am_py_prefix=$ac_default_prefix
+ else
+ am_py_prefix=$prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+sys.stdout.write(sitedir)"`
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *)
+ am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
+ ;;
+ esac
+ ;;
+ esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
+$as_echo "$am_cv_python_pythondir" >&6; }
+ pythondir=$am_cv_python_pythondir
+
+
+
+ pkgpythondir=\${pythondir}/$PACKAGE
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5
+$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; }
+if ${am_cv_python_pyexecdir+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$exec_prefix" = xNONE
+ then
+ am_py_exec_prefix=$am_py_prefix
+ else
+ am_py_exec_prefix=$exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+sys.stdout.write(sitedir)"`
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *)
+ am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
+ ;;
+ esac
+ ;;
+ esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
+$as_echo "$am_cv_python_pyexecdir" >&6; }
+ pyexecdir=$am_cv_python_pyexecdir
+
+
+
+ pkgpyexecdir=\${pyexecdir}/$PACKAGE
+
+
+
+ fi
+
+
# Extract the first word of "perl", so it can be a program name with args.
set dummy perl; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -16417,10 +16629,6 @@ if test x$medcli = xtrue; then
mediation=true
fi
-if test x$coverage = xtrue; then
- unit_tests=true
-fi
-
# ===========================================
# check required libraries and header files
# ===========================================
@@ -17367,6 +17575,80 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
+ac_fn_c_check_func "$LINENO" "qsort_r" "ac_cv_func_qsort_r"
+if test "x$ac_cv_func_qsort_r" = xyes; then :
+
+
+$as_echo "#define HAVE_QSORT_R /**/" >>confdefs.h
+
+ # set -Werror so that we get an error for "argument ... has
+ # incompatible pointer type" warnings
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Werror"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU-style qsort_r" >&5
+$as_echo_n "checking for GNU-style qsort_r... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE
+ #include <stdlib.h>
+ int cmp (const void *a, const void *b, void *x) { return 0; }
+int
+main ()
+{
+int arr[] = { 0, 1 };
+ qsort_r(arr, 2, sizeof(int), cmp, arr);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; };
+
+$as_echo "#define HAVE_QSORT_R_GNU /**/" >>confdefs.h
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; };
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD-style qsort_r" >&5
+$as_echo_n "checking for BSD-style qsort_r... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+ int cmp (void *x, const void *a, const void *b) { return 0; }
+int
+main ()
+{
+int arr[] = { 0, 1 };
+ qsort_r(arr, 2, sizeof(int), arr, cmp);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; };
+
+$as_echo "#define HAVE_QSORT_R_BSD /**/" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; };
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "qsort_r has unknown semantics
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS="$save_CFLAGS"
+
+fi
+
+
for ac_func in prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -17379,7 +17661,7 @@ _ACEOF
fi
done
-for ac_func in fmemopen funopen
+for ac_func in fmemopen funopen mmap memrchr
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -19760,102 +20042,9 @@ $as_echo "no" >&6; }
fi
-fi
-
-if test x$unit_tests = xtrue; then
-
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CHECK" >&5
-$as_echo_n "checking for CHECK... " >&6; }
-
-if test -n "$CHECK_CFLAGS"; then
- pkg_cv_CHECK_CFLAGS="$CHECK_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"check >= 0.9.4\""; } >&5
- ($PKG_CONFIG --exists --print-errors "check >= 0.9.4") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_CHECK_CFLAGS=`$PKG_CONFIG --cflags "check >= 0.9.4" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$CHECK_LIBS"; then
- pkg_cv_CHECK_LIBS="$CHECK_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"check >= 0.9.4\""; } >&5
- ($PKG_CONFIG --exists --print-errors "check >= 0.9.4") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_CHECK_LIBS=`$PKG_CONFIG --libs "check >= 0.9.4" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- CHECK_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "check >= 0.9.4" 2>&1`
- else
- CHECK_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "check >= 0.9.4" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$CHECK_PKG_ERRORS" >&5
-
- as_fn_error $? "Package requirements (check >= 0.9.4) were not met:
-
-$CHECK_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables CHECK_CFLAGS
-and CHECK_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables CHECK_CFLAGS
-and CHECK_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
- CHECK_CFLAGS=$pkg_cv_CHECK_CFLAGS
- CHECK_LIBS=$pkg_cv_CHECK_LIBS
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-fi
-
-
+ if test x$GPRBUILD = x; then
+ as_fn_error $? "gprbuild not found" "$LINENO" 5
+ fi
fi
if test x$coverage = xtrue; then
@@ -20476,6 +20665,15 @@ if test x$gcm = xtrue; then
fi
+if test x$ntru = xtrue; then
+ s_plugins=${s_plugins}" ntru"
+ charon_plugins=${charon_plugins}" ntru"
+ scripts_plugins=${scripts_plugins}" ntru"
+ nm_plugins=${nm_plugins}" ntru"
+ cmd_plugins=${cmd_plugins}" ntru"
+
+ fi
+
if test x$attr = xtrue; then
h_plugins=${h_plugins}" attr"
charon_plugins=${charon_plugins}" attr"
@@ -21294,6 +21492,14 @@ else
USE_AF_ALG_FALSE=
fi
+ if test x$ntru = xtrue; then
+ USE_NTRU_TRUE=
+ USE_NTRU_FALSE='#'
+else
+ USE_NTRU_TRUE='#'
+ USE_NTRU_FALSE=
+fi
+
# charon plugins
# ----------------
@@ -22231,14 +22437,6 @@ else
USE_SILENT_RULES_FALSE=
fi
- if test x$unit_tests = xtrue; then
- UNITTESTS_TRUE=
- UNITTESTS_FALSE='#'
-else
- UNITTESTS_TRUE='#'
- UNITTESTS_FALSE=
-fi
-
if test x$coverage = xtrue; then
COVERAGE_TRUE=
COVERAGE_FALSE='#'
@@ -22294,18 +22492,57 @@ $as_echo "#define USE_IKEV2 /**/" >>confdefs.h
fi
+# ====================================================
+# options for enabled modules (see conf/Makefile.am)
+# ====================================================
+
+strongswan_options=
+
+if test -z "$USE_ATTR_SQL_TRUE"; then :
+ strongswan_options=${strongswan_options}" pool"
+fi
+if test -z "$USE_CHARON_TRUE"; then :
+ strongswan_options=${strongswan_options}" charon charon-logging"
+fi
+if test -z "$USE_FILE_CONFIG_TRUE"; then :
+ strongswan_options=${strongswan_options}" starter"
+fi
+if test -z "$USE_IMV_ATTESTATION_TRUE"; then :
+ strongswan_options=${strongswan_options}" attest"
+fi
+if test -z "$USE_IMCV_TRUE"; then :
+ strongswan_options=${strongswan_options}" imcv"
+fi
+if test -z "$USE_IMV_OS_TRUE"; then :
+ strongswan_options=${strongswan_options}" pacman"
+fi
+if test -z "$USE_LIBTNCCS_TRUE"; then :
+ strongswan_options=${strongswan_options}" tnc"
+fi
+if test -z "$USE_MANAGER_TRUE"; then :
+ strongswan_options=${strongswan_options}" manager"
+fi
+if test -z "$USE_MEDSRV_TRUE"; then :
+ strongswan_options=${strongswan_options}" medsrv"
+fi
+if test -z "$USE_TOOLS_TRUE"; then :
+ strongswan_options=${strongswan_options}" tools"
+fi
+
+
+
# =================
# build Makefiles
# =================
-ac_config_files="$ac_config_files Makefile man/Makefile init/Makefile init/systemd/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/pl [...]
+ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/li [...]
# =================
# build man pages
# =================
-ac_config_files="$ac_config_files man/ipsec.conf.5 man/ipsec.secrets.5 man/strongswan.conf.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1"
+ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1"
cat >confcache <<\_ACEOF
@@ -22630,6 +22867,10 @@ if test -z "${USE_AF_ALG_TRUE}" && test -z "${USE_AF_ALG_FALSE}"; then
as_fn_error $? "conditional \"USE_AF_ALG\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_NTRU_TRUE}" && test -z "${USE_NTRU_FALSE}"; then
+ as_fn_error $? "conditional \"USE_NTRU\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_STROKE_TRUE}" && test -z "${USE_STROKE_FALSE}"; then
as_fn_error $? "conditional \"USE_STROKE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -23094,10 +23335,6 @@ if test -z "${USE_SILENT_RULES_TRUE}" && test -z "${USE_SILENT_RULES_FALSE}"; th
as_fn_error $? "conditional \"USE_SILENT_RULES\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-if test -z "${UNITTESTS_TRUE}" && test -z "${UNITTESTS_FALSE}"; then
- as_fn_error $? "conditional \"UNITTESTS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
if test -z "${COVERAGE_TRUE}" && test -z "${COVERAGE_FALSE}"; then
as_fn_error $? "conditional \"COVERAGE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -23507,7 +23744,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.1.1, which was
+This file was extended by strongSwan $as_me 5.1.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23573,7 +23810,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.1.1
+strongSwan config.status 5.1.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -23983,6 +24220,7 @@ do
"depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
"libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "conf/Makefile") CONFIG_FILES="$CONFIG_FILES conf/Makefile" ;;
"man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
"init/Makefile") CONFIG_FILES="$CONFIG_FILES init/Makefile" ;;
"init/systemd/Makefile") CONFIG_FILES="$CONFIG_FILES init/systemd/Makefile" ;;
@@ -24033,6 +24271,7 @@ do
"src/libstrongswan/plugins/ccm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ccm/Makefile" ;;
"src/libstrongswan/plugins/gcm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcm/Makefile" ;;
"src/libstrongswan/plugins/af_alg/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/af_alg/Makefile" ;;
+ "src/libstrongswan/plugins/ntru/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ntru/Makefile" ;;
"src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;;
"src/libstrongswan/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/tests/Makefile" ;;
"src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;;
@@ -24150,9 +24389,10 @@ do
"src/pt-tls-client/Makefile") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/Makefile" ;;
"scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;;
"testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;;
+ "conf/strongswan.conf.5.head") CONFIG_FILES="$CONFIG_FILES conf/strongswan.conf.5.head" ;;
+ "conf/strongswan.conf.5.tail") CONFIG_FILES="$CONFIG_FILES conf/strongswan.conf.5.tail" ;;
"man/ipsec.conf.5") CONFIG_FILES="$CONFIG_FILES man/ipsec.conf.5" ;;
"man/ipsec.secrets.5") CONFIG_FILES="$CONFIG_FILES man/ipsec.secrets.5" ;;
- "man/strongswan.conf.5") CONFIG_FILES="$CONFIG_FILES man/strongswan.conf.5" ;;
"src/charon-cmd/charon-cmd.8") CONFIG_FILES="$CONFIG_FILES src/charon-cmd/charon-cmd.8" ;;
"src/pki/man/pki.1") CONFIG_FILES="$CONFIG_FILES src/pki/man/pki.1" ;;
"src/pki/man/pki---gen.1") CONFIG_FILES="$CONFIG_FILES src/pki/man/pki---gen.1" ;;
diff --git a/configure.ac b/configure.ac
index df1dc68..8a925c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2007-2013 Tobias Brunner
+# Copyright (C) 2007-2014 Tobias Brunner
# Copyright (C) 2006-2013 Andreas Steffen
# Copyright (C) 2006-2013 Martin Willi
# Hochschule fuer Technik Rapperswil
@@ -19,8 +19,18 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.1.1])
-AM_INIT_AUTOMAKE([tar-ustar subdir-objects])
+AC_INIT([strongSwan],[5.1.2])
+AM_INIT_AUTOMAKE(m4_esyscmd([
+ echo tar-ustar
+ echo subdir-objects
+ case `automake --version | head -n 1` in
+ *" 1.9"*);;
+ *" 1.10"*);;
+ *" 1.11"*);;
+ # don't use parallel test harness in 1.12 and up
+ *) echo serial-tests;;
+ esac
+]))
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
AC_CONFIG_MACRO_DIR([m4/config])
AC_CONFIG_HEADERS([config.h])
@@ -229,6 +239,7 @@ ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.])
ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.])
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
+ARG_ENABL_SET([ntru], [enables the NTRU crypto plugin.])
ARG_ENABL_SET([addrblock], [enables RFC 3779 address block constraint support.])
ARG_ENABL_SET([unity], [enables Cisco Unity extension plugin.])
ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.])
@@ -251,7 +262,6 @@ ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replac
ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.])
ARG_ENABL_SET([bfd-backtraces], [use binutils libbfd to resolve backtraces for memory leaks and segfaults.])
ARG_ENABL_SET([unwind-backtraces],[use libunwind to create backtraces for memory leaks and segfaults.])
-ARG_ENABL_SET([unit-tests], [enable unit tests using the check test framework.])
ARG_ENABL_SET([coverage], [enable lcov coverage report generation.])
ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.])
ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.])
@@ -274,7 +284,7 @@ fi
# ===========================
if test -z "$CFLAGS"; then
- CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign"
+ CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign"
fi
AC_PROG_CC
AM_PROG_CC_C_O
@@ -292,6 +302,7 @@ AC_PROG_EGREP
AC_PROG_AWK
AC_PROG_LEX
AC_PROG_YACC
+AM_PATH_PYTHON(,,[:])
AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
@@ -376,10 +387,6 @@ if test x$medcli = xtrue; then
mediation=true
fi
-if test x$coverage = xtrue; then
- unit_tests=true
-fi
-
# ===========================================
# check required libraries and header files
# ===========================================
@@ -488,8 +495,45 @@ AC_CHECK_FUNC(
)]
)
+AC_CHECK_FUNC(
+ [qsort_r],
+ [
+ AC_DEFINE([HAVE_QSORT_R], [], [have qsort_r()])
+ # set -Werror so that we get an error for "argument ... has
+ # incompatible pointer type" warnings
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Werror"
+ AC_MSG_CHECKING([for GNU-style qsort_r])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#define _GNU_SOURCE
+ #include <stdlib.h>
+ int cmp (const void *a, const void *b, void *x) { return 0; }]],
+ [[int arr[] = { 0, 1 };
+ qsort_r(arr, 2, sizeof(int), cmp, arr);]])],
+ [AC_MSG_RESULT([yes]);
+ AC_DEFINE([HAVE_QSORT_R_GNU], [], [have GNU-style qsort_r()])],
+ [
+ AC_MSG_RESULT([no]);
+ AC_MSG_CHECKING([for BSD-style qsort_r])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdlib.h>
+ int cmp (void *x, const void *a, const void *b) { return 0; }]],
+ [[int arr[] = { 0, 1 };
+ qsort_r(arr, 2, sizeof(int), arr, cmp);]])],
+ [AC_MSG_RESULT([yes]);
+ AC_DEFINE([HAVE_QSORT_R_BSD], [], [have BSD-style qsort_r()])],
+ [AC_MSG_RESULT([no]);
+ AC_MSG_FAILURE([qsort_r has unknown semantics])])
+ ])
+ CFLAGS="$save_CFLAGS"
+ ],
+ []
+)
+
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
-AC_CHECK_FUNCS(fmemopen funopen)
+AC_CHECK_FUNCS(fmemopen funopen mmap memrchr)
AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h)
AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
@@ -633,7 +677,7 @@ AC_CHECK_FUNC(
if test x$vstr = xtrue; then
AC_CHECK_LIB([vstr],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([Vstr string library not found])],[])
- AC_DEFINE([USE_VSTR], [], [use vstring library for printf hooks])
+ AC_DEFINE([USE_VSTR], [], [use Vstr string library for printf hooks])
builtin_printf=false
fi
@@ -933,12 +977,9 @@ CFLAGS="$CFLAGS -include `pwd`/config.h"
if test x$tkm = xtrue; then
AC_PATH_PROG([GPRBUILD], [gprbuild], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
-fi
-
-if test x$unit_tests = xtrue; then
- PKG_CHECK_MODULES(CHECK, [check >= 0.9.4])
- AC_SUBST(CHECK_CFLAGS)
- AC_SUBST(CHECK_LIBS)
+ if test x$GPRBUILD = x; then
+ AC_MSG_ERROR([gprbuild not found])
+ fi
fi
if test x$coverage = xtrue; then
@@ -1034,6 +1075,7 @@ ADD_PLUGIN([hmac], [s charon scripts nm cmd])
ADD_PLUGIN([ctr], [s charon scripts nm cmd])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
+ADD_PLUGIN([ntru], [s charon scripts nm cmd])
ADD_PLUGIN([attr], [h charon])
ADD_PLUGIN([attr-sql], [h charon])
ADD_PLUGIN([load-tester], [c charon])
@@ -1171,6 +1213,7 @@ AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue)
AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
+AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
# charon plugins
# ----------------
@@ -1296,7 +1339,6 @@ AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers)
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes)
-AM_CONDITIONAL(UNITTESTS, test x$unit_tests = xtrue)
AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue)
AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue)
AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue)
@@ -1321,12 +1363,32 @@ if test x$ikev2 = xtrue; then
AC_DEFINE([USE_IKEV2], [], [support for IKEv2 protocol])
fi
+# ====================================================
+# options for enabled modules (see conf/Makefile.am)
+# ====================================================
+
+strongswan_options=
+
+AM_COND_IF([USE_ATTR_SQL], [strongswan_options=${strongswan_options}" pool"])
+AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charon-logging"])
+AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"])
+AM_COND_IF([USE_IMV_ATTESTATION], [strongswan_options=${strongswan_options}" attest"])
+AM_COND_IF([USE_IMCV], [strongswan_options=${strongswan_options}" imcv"])
+AM_COND_IF([USE_IMV_OS], [strongswan_options=${strongswan_options}" pacman"])
+AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
+AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
+AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
+AM_COND_IF([USE_TOOLS], [strongswan_options=${strongswan_options}" tools"])
+
+AC_SUBST(strongswan_options)
+
# =================
# build Makefiles
# =================
AC_CONFIG_FILES([
Makefile
+ conf/Makefile
man/Makefile
init/Makefile
init/systemd/Makefile
@@ -1377,6 +1439,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/ccm/Makefile
src/libstrongswan/plugins/gcm/Makefile
src/libstrongswan/plugins/af_alg/Makefile
+ src/libstrongswan/plugins/ntru/Makefile
src/libstrongswan/plugins/test_vectors/Makefile
src/libstrongswan/tests/Makefile
src/libhydra/Makefile
@@ -1501,9 +1564,10 @@ AC_CONFIG_FILES([
# =================
AC_CONFIG_FILES([
+ conf/strongswan.conf.5.head
+ conf/strongswan.conf.5.tail
man/ipsec.conf.5
man/ipsec.secrets.5
- man/strongswan.conf.5
src/charon-cmd/charon-cmd.8
src/pki/man/pki.1
src/pki/man/pki---gen.1
diff --git a/init/Makefile.in b/init/Makefile.in
index 3b26262..c9ace23 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -192,8 +192,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -261,6 +259,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -349,12 +352,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -369,6 +376,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index 822aca1..7664026 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -161,8 +161,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -230,6 +228,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -318,12 +321,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -338,6 +345,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/man/Makefile.am b/man/Makefile.am
index 266ef7d..fbc78b9 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -1,6 +1,5 @@
man_MANS = \
ipsec.conf.5 \
- ipsec.secrets.5 \
- strongswan.conf.5
+ ipsec.secrets.5
CLEANFILES = $(man_MANS)
diff --git a/man/Makefile.in b/man/Makefile.in
index 9c970cd..d4a38b1 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -79,8 +79,7 @@ build_triplet = @build@
host_triplet = @host@
subdir = man
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/ipsec.conf.5.in $(srcdir)/ipsec.secrets.5.in \
- $(srcdir)/strongswan.conf.5.in
+ $(srcdir)/ipsec.conf.5.in $(srcdir)/ipsec.secrets.5.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,7 +95,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
+CONFIG_CLEAN_FILES = ipsec.conf.5 ipsec.secrets.5
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_ at AM_V@)
am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
@@ -164,8 +163,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -233,6 +230,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -321,12 +323,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -341,6 +347,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -353,8 +360,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
man_MANS = \
ipsec.conf.5 \
- ipsec.secrets.5 \
- strongswan.conf.5
+ ipsec.secrets.5
CLEANFILES = $(man_MANS)
all: all-am
@@ -394,8 +400,6 @@ ipsec.conf.5: $(top_builddir)/config.status $(srcdir)/ipsec.conf.5.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ipsec.secrets.5: $(top_builddir)/config.status $(srcdir)/ipsec.secrets.5.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-strongswan.conf.5: $(top_builddir)/config.status $(srcdir)/strongswan.conf.5.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
mostlyclean-libtool:
-rm -f *.lo
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 92be670..a0be755 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -386,7 +386,9 @@ retransmission timeout applies, as every exchange is used to detect dead peers.
.TP
.BR inactivity " = <time>"
defines the timeout interval, after which a CHILD_SA is closed if it did
-not send or receive any traffic.
+not send or receive any traffic. The inactivity counter is reset during CHILD_SA
+rekeying. This means that the inactivity timeout must be smaller than the
+rekeying interval to have any effect.
.TP
.BR eap_identity " = <id>"
defines the identity the client uses to reply to an EAP Identity request.
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
deleted file mode 100644
index db63d36..0000000
--- a/man/strongswan.conf.5.in
+++ /dev/null
@@ -1,1745 +0,0 @@
-.TH STRONGSWAN.CONF 5 "2013-10-29" "@PACKAGE_VERSION@" "strongSwan"
-.SH NAME
-strongswan.conf \- strongSwan configuration file
-.SH DESCRIPTION
-While the
-.IR ipsec.conf (5)
-configuration file is well suited to define IPsec related configuration
-parameters, it is not useful for other strongSwan applications to read options
-from this file.
-The file is hard to parse and only
-.I ipsec starter
-is capable of doing so. As the number of components of the strongSwan project
-is continually growing, a more flexible configuration file was needed, one that
-is easy to extend and can be used by all components. With strongSwan 4.2.1
-.IR strongswan.conf (5)
-was introduced which meets these requirements.
-
-.SH SYNTAX
-The format of the strongswan.conf file consists of hierarchical
-.B sections
-and a list of
-.B key/value pairs
-in each section. Each section has a name, followed by C-Style curly brackets
-defining the section body. Each section body contains a set of subsections
-and key/value pairs:
-.PP
-.EX
- settings := (section|keyvalue)*
- section := name { settings }
- keyvalue := key = value\\n
-.EE
-.PP
-Values must be terminated by a newline.
-.PP
-Comments are possible using the \fB#\fP-character, but be careful: The parser
-implementation is currently limited and does not like brackets in comments.
-.PP
-Section names and keys may contain any printable character except:
-.PP
-.EX
- . { } # \\n \\t space
-.EE
-.PP
-An example file in this format might look like this:
-.PP
-.EX
- a = b
- section-one {
- somevalue = asdf
- subsection {
- othervalue = xxx
- }
- # yei, a comment
- yetanother = zz
- }
- section-two {
- x = 12
- }
-.EE
-.PP
-Indentation is optional, you may use tabs or spaces.
-
-.SH INCLUDING FILES
-Using the
-.B include
-statement it is possible to include other files into strongswan.conf, e.g.
-.PP
-.EX
- include /some/path/*.conf
-.EE
-.PP
-If the file name is not an absolute path, it is considered to be relative
-to the directory of the file containing the include statement. The file name
-may include shell wildcards (see
-.IR sh (1)).
-Also, such inclusions can be nested.
-.PP
-Sections loaded from included files
-.I extend
-previously loaded sections; already existing values are
-.IR replaced .
-It is important to note that settings are added relative to the section the
-include statement is in.
-.PP
-As an example, the following three files result in the same final
-config as the one given above:
-.PP
-.EX
- a = b
- section-one {
- somevalue = before include
- include include.conf
- }
- include other.conf
-
-include.conf:
- # settings loaded from this file are added to section-one
- # the following replaces the previous value
- somevalue = asdf
- subsection {
- othervalue = yyy
- }
- yetanother = zz
-
-other.conf:
- # this extends section-one and subsection
- section-one {
- subsection {
- # this replaces the previous value
- othervalue = xxx
- }
- }
- section-two {
- x = 12
- }
-.EE
-
-.SH READING VALUES
-Values are accessed using a dot-separated section list and a key.
-With reference to the example above, accessing
-.B section-one.subsection.othervalue
-will return
-.BR xxx .
-
-.SH DEFINED KEYS
-The following keys are currently defined (using dot notation). The default
-value (if any) is listed in brackets after the key.
-
-.SS attest section
-.TP
-.BR attest.database
-Path to database with file measurement information
-.TP
-.BR attest.load
-Plugins to load in ipsec attest tool
-
-.SS charon section
-.TP
-.BR Note :
-Many of these options also apply to \fBcharon\-cmd\fR and other
-\fBcharon\fR derivatives. Just use their respective name (e.g.
-\fIcharon\-cmd\fR) instead of \fIcharon\fR.
-.TP
-.BR charon.block_threshold " [5]"
-Maximum number of half-open IKE_SAs for a single peer IP
-.TP
-.BR charon.cisco_unity " [no]
-Send Cisco Unity vendor ID payload (IKEv1 only)
-.TP
-.BR charon.close_ike_on_child_failure " [no]"
-Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed
-.TP
-.BR charon.cookie_threshold " [10]"
-Number of half-open IKE_SAs that activate the cookie mechanism
-.TP
-.BR charon.dns1
-.TQ
-.BR charon.dns2
-DNS servers assigned to peer via configuration payload (CP)
-.TP
-.BR charon.dos_protection " [yes]"
-Enable Denial of Service protection using cookies and aggressiveness checks
-.TP
-.BR charon.filelog
-Section to define file loggers, see LOGGER CONFIGURATION
-.TP
-.BR charon.flush_auth_cfg " [no]"
-If enabled objects used during authentication (certificates, identities etc.)
-are released to free memory once an IKE_SA is established.
-Enabling this might conflict with plugins that later need access to e.g. the
-used certificates.
-.TP
-.BR charon.fragment_size " [512]"
-Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
-fragmentation extension.
-.TP
-.BR charon.group
-Name of the group the daemon changes to after startup
-.TP
-.BR charon.half_open_timeout " [30]"
-Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
-.TP
-.BR charon.hash_and_url " [no]"
-Enable hash and URL support
-.TP
-.BR charon.i_dont_care_about_security_and_use_aggressive_mode_psk " [no]"
-If enabled responders are allowed to use IKEv1 Aggressive Mode with pre-shared
-keys, which is discouraged due to security concerns (offline attacks on the
-openly transmitted hash of the PSK)
-.TP
-.BR charon.ignore_routing_tables
-A space-separated list of routing tables to be excluded from route lookups
-.TP
-.BR charon.ikesa_limit " [0]"
-Maximum number of IKE_SAs that can be established at the same time before new
-connection attempts are blocked
-.TP
-.BR charon.ikesa_table_segments " [1]"
-Number of exclusively locked segments in the hash table
-.TP
-.BR charon.ikesa_table_size " [1]"
-Size of the IKE_SA hash table
-.TP
-.BR charon.inactivity_close_ike " [no]"
-Whether to close IKE_SA if the only CHILD_SA closed due to inactivity
-.TP
-.BR charon.init_limit_half_open " [0]"
-Limit new connections based on the current number of half open IKE_SAs (see
-IKE_SA_INIT DROPPING).
-.TP
-.BR charon.init_limit_job_load " [0]"
-Limit new connections based on the number of jobs currently queued for
-processing (see IKE_SA_INIT DROPPING).
-.TP
-.BR charon.initiator_only " [no]"
-Causes charon daemon to ignore IKE initiation requests.
-.TP
-.BR charon.install_routes " [yes]"
-Install routes into a separate routing table for established IPsec tunnels
-.TP
-.BR charon.install_virtual_ip " [yes]"
-Install virtual IP addresses
-.TP
-.BR charon.install_virtual_ip_on
-The name of the interface on which virtual IP addresses should be installed.
-If not specified the addresses will be installed on the outbound interface.
-.TP
-.BR charon.interfaces_ignore
-A comma-separated list of network interfaces that should be ignored, if
-.B charon.interfaces_use
-is specified this option has no effect.
-.TP
-.BR charon.interfaces_use
-A comma-separated list of network interfaces that should be used by charon.
-All other interfaces are ignored.
-.TP
-.BR charon.keep_alive " [20s]"
-NAT keep alive interval
-.TP
-.BR charon.load
-Plugins to load in the IKEv2 daemon charon
-.TP
-.BR charon.max_packet " [10000]"
-Maximum packet size accepted by charon
-.TP
-.BR charon.multiple_authentication " [yes]"
-Enable multiple authentication exchanges (RFC 4739)
-.TP
-.BR charon.nbns1
-.TQ
-.BR charon.nbns2
-WINS servers assigned to peer via configuration payload (CP)
-.TP
-.BR charon.port " [500]"
-UDP port used locally. If set to 0 a random port will be allocated.
-.TP
-.BR charon.port_nat_t " [4500]"
-UDP port used locally in case of NAT-T. If set to 0 a random port will be
-allocated. Has to be different from
-.BR charon.port ,
-otherwise a random port will be allocated.
-.TP
-.BR charon.process_route " [yes]"
-Process RTM_NEWROUTE and RTM_DELROUTE events
-.TP
-.BR charon.receive_delay " [0]"
-Delay in ms for receiving packets, to simulate larger RTT
-.TP
-.BR charon.receive_delay_response " [yes]"
-Delay response messages
-.TP
-.BR charon.receive_delay_request " [yes]"
-Delay request messages
-.TP
-.BR charon.receive_delay_type " [0]"
-Specific IKEv2 message type to delay, 0 for any
-.TP
-.BR charon.replay_window " [32]"
-Size of the AH/ESP replay window, in packets.
-.TP
-.BR charon.retransmit_base " [1.8]"
-Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
-.TP
-.BR charon.retransmit_timeout " [4.0]
-Timeout in seconds before sending first retransmit
-.TP
-.BR charon.retransmit_tries " [5]"
-Number of times to retransmit a packet before giving up
-.TP
-.BR charon.retry_initiate_interval " [0]"
-Interval to use when retrying to initiate an IKE_SA (e.g. if DNS resolution
-failed), 0 to disable retries.
-.TP
-.BR charon.reuse_ikesa " [yes]
-Initiate CHILD_SA within existing IKE_SAs
-.TP
-.BR charon.routing_table
-Numerical routing table to install routes to
-.TP
-.BR charon.routing_table_prio
-Priority of the routing table
-.TP
-.BR charon.send_delay " [0]"
-Delay in ms for sending packets, to simulate larger RTT
-.TP
-.BR charon.send_delay_response " [yes]"
-Delay response messages
-.TP
-.BR charon.send_delay_request " [yes]"
-Delay request messages
-.TP
-.BR charon.send_delay_type " [0]"
-Specific IKEv2 message type to delay, 0 for any
-.TP
-.BR charon.send_vendor_id " [no]
-Send strongSwan vendor ID payload
-.TP
-.BR charon.syslog
-Section to define syslog loggers, see LOGGER CONFIGURATION
-.TP
-.BR charon.threads " [16]"
-Number of worker threads in charon. Several of these are reserved for long
-running tasks in internal modules and plugins. Therefore, make sure you don't
-set this value too low. The number of idle worker threads listed in
-.I ipsec statusall
-might be used as indicator on the number of reserved threads.
-.TP
-.BR charon.user
-Name of the user the daemon changes to after startup
-.SS charon.plugins subsection
-.TP
-.BR charon.plugins.android_log.loglevel " [1]"
-Loglevel for logging to Android specific logger
-.TP
-.BR charon.plugins.attr
-Section to specify arbitrary attributes that are assigned to a peer via
-configuration payload (CP)
-.TP
-.BR charon.plugins.certexpire.csv.cron
-Cron style string specifying CSV export times
-.TP
-.BR charon.plugins.certexpire.csv.empty_string
-String to use in empty intermediate CA fields
-.TP
-.BR charon.plugins.certexpire.csv.fixed_fields " [yes]"
-Use a fixed intermediate CA field count
-.TP
-.BR charon.plugins.certexpire.csv.force " [yes]"
-Force export of all trustchains we have a private key for
-.TP
-.BR charon.plugins.certexpire.csv.format " [%d:%m:%Y]"
-strftime(3) format string to export expiration dates as
-.TP
-.BR charon.plugins.certexpire.csv.local
-strftime(3) format string for the CSV file name to export local certificates to
-.TP
-.BR charon.plugins.certexpire.csv.remote
-strftime(3) format string for the CSV file name to export remote certificates to
-.TP
-.BR charon.plugins.certexpire.csv.separator " [,]"
-CSV field separator
-.TP
-.BR charon.plugins.coupling.file
-File to store coupling list to
-.TP
-.BR charon.plugins.coupling.hash " [sha1]"
-Hashing algorithm to fingerprint coupled certificates
-.TP
-.BR charon.plugins.coupling.max " [1]"
-Maximum number of coupling entries to create
-.TP
-.BR charon.plugins.dhcp.force_server_address " [no]"
-Always use the configured server address. This might be helpful if the DHCP
-server runs on the same host as strongSwan, and the DHCP daemon does not listen
-on the loopback interface. In that case the server cannot be reached via
-unicast (or even 255.255.255.255) as that would be routed via loopback.
-Setting this option to yes and configuring the local broadcast address (e.g.
-192.168.0.255) as server address might work.
-.TP
-.BR charon.plugins.dhcp.identity_lease " [no]"
-Derive user-defined MAC address from hash of IKEv2 identity
-.TP
-.BR charon.plugins.dhcp.server " [255.255.255.255]"
-DHCP server unicast or broadcast IP address
-.TP
-.BR charon.plugins.dnscert.enable " [no]"
-Enable fetching of CERT RRs via DNS
-.TP
-.BR charon.plugins.duplicheck.enable " [yes]"
-Enable duplicheck plugin (if loaded)
-.TP
-.BR charon.plugins.duplicheck.socket " [unix://@piddir@/charon.dck]"
-Socket provided by the duplicheck plugin
-.TP
-.BR charon.plugins.eap-aka.request_identity " [yes]"
-
-.TP
-.BR charon.plugins.eap-aka-3ggp2.seq_check
-
-.TP
-.BR charon.plugins.eap-dynamic.preferred
-The preferred EAP method(s) to be used. If it is not given the first
-registered method will be used initially. If a comma separated list is given
-the methods are tried in the given order before trying the rest of the
-registered methods.
-.TP
-.BR charon.plugins.eap-dynamic.prefer_user " [no]"
-If enabled the EAP methods proposed in an EAP-Nak message sent by the peer are
-preferred over the methods registered locally.
-.TP
-.BR charon.plugins.eap-gtc.backend " [pam]"
-XAuth backend to be used for credential verification
-.TP
-.BR charon.plugins.eap-peap.fragment_size " [1024]"
-Maximum size of an EAP-PEAP packet
-.TP
-.BR charon.plugins.eap-peap.max_message_count " [32]"
-Maximum number of processed EAP-PEAP packets (0 = no limit)
-.TP
-.BR charon.plugins.eap-peap.include_length " [no]"
-Include length in non-fragmented EAP-PEAP packets
-.TP
-.BR charon.plugins.eap-peap.phase2_method " [mschapv2]"
-Phase2 EAP client authentication method
-.TP
-.BR charon.plugins.eap-peap.phase2_piggyback " [no]"
-Phase2 EAP Identity request piggybacked by server onto TLS Finished message
-.TP
-.BR charon.plugins.eap-peap.phase2_tnc " [no]"
-Start phase2 EAP TNC protocol after successful client authentication
-.TP
-.BR charon.plugins.eap-peap.request_peer_auth " [no]"
-Request peer authentication based on a client certificate
-.TP
-.BR charon.plugins.eap-radius.accounting " [no]"
-Send RADIUS accounting information to RADIUS servers.
-.TP
-.BR charon.plugins.eap-radius.accounting_requires_vip " [no]"
-If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP
-.TP
-.BR charon.plugins.eap-radius.class_group " [no]"
-Use the
-.I class
-attribute sent in the RADIUS-Accept message as group membership information that
-is compared to the groups specified in the
-.B rightgroups
-option in
-.B ipsec.conf (5).
-.TP
-.BR charon.plugins.eap-radius.close_all_on_timeout " [no]"
-Closes all IKE_SAs if communication with the RADIUS server times out. If it is
-not set only the current IKE_SA is closed.
-.TP
-.BR charon.plugins.eap-radius.dae.enable " [no]"
-Enables support for the Dynamic Authorization Extension (RFC 5176)
-.TP
-.BR charon.plugins.eap-radius.dae.listen " [0.0.0.0]"
-Address to listen for DAE messages from the RADIUS server
-.TP
-.BR charon.plugins.eap-radius.dae.port " [3799]"
-Port to listen for DAE requests
-.TP
-.BR charon.plugins.eap-radius.dae.secret
-Shared secret used to verify/sign DAE messages
-.TP
-.BR charon.plugins.eap-radius.eap_start " [no]"
-Send EAP-Start instead of EAP-Identity to start RADIUS conversation
-.TP
-.BR charon.plugins.eap-radius.filter_id " [no]"
-If the RADIUS
-.I tunnel_type
-attribute with value
-.B ESP
-is received, use the
-.I filter_id
-attribute sent in the RADIUS-Accept message as group membership information that
-is compared to the groups specified in the
-.B rightgroups
-option in
-.B ipsec.conf (5).
-.TP
-.BR charon.plugins.eap-radius.forward.ike_to_radius
-RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by
-name or attribute number, a colon can be used to specify vendor-specific
-attributes, e.g. Reply-Message, or 11, or 36906:12).
-.TP
-.BR charon.plugins.eap-radius.forward.radius_to_ike
-Same as
-.B charon.plugins.eap-radius.forward.ike_to_radius
-but from RADIUS to
-IKEv2, a strongSwan specific private notify (40969) is used to transmit the
-attributes.
-.TP
-.BR charon.plugins.eap-radius.id_prefix
-Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
-EAP method
-.TP
-.BR charon.plugins.eap-radius.nas_identifier " [strongSwan]"
-NAS-Identifier to include in RADIUS messages
-.TP
-.BR charon.plugins.eap-radius.port " [1812]"
-Port of RADIUS server (authentication)
-.TP
-.BR charon.plugins.eap-radius.secret
-Shared secret between RADIUS and NAS
-.TP
-.BR charon.plugins.eap-radius.server
-IP/Hostname of RADIUS server
-.TP
-.BR charon.plugins.eap-radius.servers
-Section to specify multiple RADIUS servers. The
-.BR nas_identifier ,
-.BR secret ,
-.B sockets
-and
-.B port
-(or
-.BR auth_port )
-options can be specified for each server. A server's IP/Hostname can be
-configured using the
-.B address
-option. The
-.BR acct_port " [1813]"
-option can be used to specify the port used for RADIUS accounting.
-For each RADIUS server a priority can be specified using the
-.BR preference " [0]"
-option.
-.TP
-.BR charon.plugins.eap-radius.sockets " [1]"
-Number of sockets (ports) to use, increase for high load
-.TP
-.BR charon.plugins.eap-radius.xauth
-Section to configure multiple XAuth authentication rounds via RADIUS. The subsections define so called
-authentication profiles with arbitrary names. In each profile section one or more XAuth types can be
-configured, with an assigned message. For each type a separate XAuth exchange will be initiated and all
-replies get concatenated into the User-Password attribute, which then gets verified over RADIUS.
-
-Available XAuth types are \fBpassword\fR, \fBpasscode\fR, \fBnextpin\fR, and \fBanswer\fR. This type is
-not relevant to strongSwan or the AAA server, but the client may show a different dialog (along with the
-configured message).
-
-To use the configured profiles, they have to be configured in the respective connection in
-.IR ipsec.conf (5)
-by appending the profile name, separated by a colon, to the
-.B xauth-radius
-XAauth backend configuration in
-.I rightauth
-or
-.IR rightauth2 ,
-for instance,
-.IR rightauth2=xauth-radius:profile .
-.TP
-.BR charon.plugins.eap-sim.request_identity " [yes]"
-
-.TP
-.BR charon.plugins.eap-simaka-sql.database
-
-.TP
-.BR charon.plugins.eap-simaka-sql.remove_used " [no]"
-
-.TP
-.BR charon.plugins.eap-tls.fragment_size " [1024]"
-Maximum size of an EAP-TLS packet
-.TP
-.BR charon.plugins.eap-tls.max_message_count " [32]"
-Maximum number of processed EAP-TLS packets (0 = no limit)
-.TP
-.BR charon.plugins.eap-tls.include_length " [yes]"
-Include length in non-fragmented EAP-TLS packets
-.TP
-.BR charon.plugins.eap-tnc.max_message_count " [10]"
-Maximum number of processed EAP-TNC packets (0 = no limit)
-.TP
-.BR charon.plugins.eap-tnc.protocol " [tnccs-1.1]"
-IF-TNCCS protocol version to be used (tnccs-1.1, tnccs-2.0, tnccs-dynamic)
-.TP
-.BR charon.plugins.eap-ttls.fragment_size " [1024]"
-Maximum size of an EAP-TTLS packet
-.TP
-.BR charon.plugins.eap-ttls.max_message_count " [32]"
-Maximum number of processed EAP-TTLS packets (0 = no limit)
-.TP
-.BR charon.plugins.eap-ttls.include_length " [yes]"
-Include length in non-fragmented EAP-TTLS packets
-.TP
-.BR charon.plugins.eap-ttls.phase2_method " [md5]"
-Phase2 EAP client authentication method
-.TP
-.BR charon.plugins.eap-ttls.phase2_piggyback " [no]"
-Phase2 EAP Identity request piggybacked by server onto TLS Finished message
-.TP
-.BR charon.plugins.eap-ttls.phase2_tnc " [no]"
-Start phase2 EAP TNC protocol after successful client authentication
-.TP
-.BR charon.plugins.eap-ttls.request_peer_auth " [no]"
-Request peer authentication based on a client certificate
-.TP
-.BR charon.plugins.error-notify.socket " [unix://@piddir@/charon.enfy]"
-Socket provided by the error-notify plugin
-.TP
-.BR charon.plugins.ha.autobalance " [0]"
-Interval in seconds to automatically balance handled segments between nodes.
-Set to 0 to disable.
-.TP
-.BR charon.plugins.ha.fifo_interface " [yes]"
-
-.TP
-.BR charon.plugins.ha.heartbeat_delay " [1000]"
-
-.TP
-.BR charon.plugins.ha.heartbeat_timeout " [2100]"
-
-.TP
-.BR charon.plugins.ha.local
-
-.TP
-.BR charon.plugins.ha.monitor " [yes]"
-
-.TP
-.BR charon.plugins.ha.pools
-
-.TP
-.BR charon.plugins.ha.remote
-
-.TP
-.BR charon.plugins.ha.resync " [yes]"
-
-.TP
-.BR charon.plugins.ha.secret
-
-.TP
-.BR charon.plugins.ha.segment_count " [1]"
-
-.TP
-.BR charon.plugins.ipseckey.enable " [no]"
-Enable fetching of IPSECKEY RRs via DNS
-.TP
-.BR charon.plugins.led.activity_led
-
-.TP
-.BR charon.plugins.led.blink_time " [50]"
-
-.TP
-.BR charon.plugins.kernel-klips.ipsec_dev_count " [4]"
-Number of ipsecN devices
-.TP
-.BR charon.plugins.kernel-klips.ipsec_dev_mtu " [0]"
-Set MTU of ipsecN device
-.TP
-.BR charon.plugins.kernel-libipsec.allow_peer_ts " [no]"
-Allow that the remote traffic selector equals the IKE peer. The route installed
-for such traffic (via TUN device) usually prevents further IKE traffic. The
-fwmark options for the \fIkernel-netlink\fR and \fIsocket-default\fR plugins can
-be used to circumvent that problem.
-.TP
-.BR charon.plugins.kernel-netlink.fwmark
-Firewall mark to set on the routing rule that directs traffic to our own routing
-table. The format is [!]mark[/mask], where the optional exclamation mark inverts
-the meaning (i.e. the rule only applies to packets that don't match the mark).
-.TP
-.BR charon.plugins.kernel-netlink.roam_events " [yes]"
-Whether to trigger roam events when interfaces, addresses or routes change
-.TP
-.BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]"
-Lifetime of XFRM acquire state in kernel. The value gets written to
-/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
-acquire messages sent.
-.TP
-.BR charon.plugins.kernel-pfroute.vip_wait " [1000]"
-Time in ms to wait until virtual IP addresses appear/disappear before failing.
-.TP
-.BR charon.plugins.load-tester
-Section to configure the load-tester plugin, see LOAD TESTS
-.TP
-.BR charon.plugins.lookip.socket " [unix://@piddir@/charon.lkp]"
-Socket provided by the lookip plugin
-.TP
-.BR charon.plugins.radattr.dir
-Directory where RADIUS attributes are stored in client-ID specific files.
-.TP
-.BR charon.plugins.radattr.message_id " [-1]"
-Attributes are added to all IKE_AUTH messages by default (-1), or only to the
-IKE_AUTH message with the given IKEv2 message ID.
-.TP
-.BR charon.plugins.resolve.file " [/etc/resolv.conf]"
-File where to add DNS server entries
-.TP
-.BR charon.plugins.resolve.resolvconf.iface_prefix " [lo.inet.ipsec.]"
-Prefix used for interface names sent to resolvconf(8). The nameserver address
-is appended to this prefix to make it unique. The result has to be a valid
-interface name according to the rules defined by resolvconf. Also, it should
-have a high priority according to the order defined in interface-order(5).
-.TP
-.BR charon.plugins.socket-default.fwmark
-Firewall mark to set on outbound packets.
-.TP
-.BR charon.plugins.socket-default.set_source " [yes]"
-Set source address on outbound packets, if possible.
-.TP
-.BR charon.plugins.socket-default.use_ipv4 " [yes]"
-Listen on IPv4, if possible.
-.TP
-.BR charon.plugins.socket-default.use_ipv6 " [yes]"
-Listen on IPv6, if possible.
-.TP
-.BR charon.plugins.sql.database
-Database URI for charons SQL plugin
-.TP
-.BR charon.plugins.sql.loglevel " [-1]"
-Loglevel for logging to SQL database
-.TP
-.BR charon.plugins.stroke.ignore_missing_ca_basic_constraint " [no]"
-Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
-certificates even if they don't contain a CA basic constraint.
-.TP
-.BR charon.plugins.stroke.max_concurrent " [4]"
-Maximum number of stroke messages handled concurrently
-.TP
-.BR charon.plugins.stroke.socket " [unix://@piddir@/charon.ctl]"
-Socket provided by the stroke plugin
-.TP
-.BR charon.plugins.stroke.timeout " [0]"
-Timeout in ms for any stroke command. Use 0 to disable the timeout
-.TP
-.BR charon.plugins.systime-fix.interval " [0]"
-Interval in seconds to check system time for validity. 0 disables the check
-.TP
-.BR charon.plugins.systime-fix.reauth " [no]"
-Whether to use reauth or delete if an invalid cert lifetime is detected
-.TP
-.BR charon.plugins.systime-fix.threshold
-Threshold date where system time is considered valid. Disabled if not specified
-.TP
-.BR charon.plugins.systime-fix.threshold_format " [%Y]"
-strptime(3) format used to parse threshold option
-.TP
-.BR charon.plugins.tnc-ifmap.client_cert
-Path to X.509 certificate file of IF-MAP client
-.TP
-.BR charon.plugins.tnc-ifmap.client_key
-Path to private key file of IF-MAP client
-.TP
-.BR charon.plugins.tnc-ifmap.device_name
-Unique name of strongSwan server as a PEP and/or PDP device
-.TP
-.BR charon.plugins.tnc-ifmap.renew_session_interval " [150]"
-Interval in seconds between periodic IF-MAP RenewSession requests
-.TP
-.BR charon.plugins.tnc-ifmap.server_uri " [https://localhost:8444/imap]"
-URI of the form [https://]servername[:port][/path]
-.TP
-.BR charon.plugins.tnc-ifmap.server_cert
-Path to X.509 certificate file of IF-MAP server
-.TP
-.BR charon.plugins.tnc-ifmap.username_password
-Credentials of IF-MAP client of the form username:password
-.TP
-.BR charon.plugins.tnc-pdp.pt_tls.enable " [yes]"
-Enable PT-TLS protocol on the strongSwan PDP
-.TP
-.BR charon.plugins.tnc-pdp.pt_tls.port " [271]"
-PT-TLS server port the strongSwan PDP is listening on
-.TP
-.BR charon.plugins.tnc-pdp.radius.enable " [yes]"
-Enable RADIUS protocol on the strongSwan PDP
-.TP
-.BR charon.plugins.tnc-pdp.radius.method " [ttls]"
-EAP tunnel method to be used
-.TP
-.BR charon.plugins.tnc-pdp.radius.port " [1812]"
-RADIUS server port the strongSwan PDP is listening on
-.TP
-.BR charon.plugins.tnc-pdp.radius.secret
-Shared RADIUS secret between strongSwan PDP and NAS
-.TP
-.BR charon.plugins.tnc-pdp.server
-Name of the strongSwan PDP as contained in the AAA certificate
-.TP
-.BR charon.plugins.tnc-pdp.timeout
-Timeout in seconds before closing incomplete connections
-.TP
-.BR charon.plugins.updown.dns_handler " [no]"
-Whether the updown script should handle DNS serves assigned via IKEv1 Mode
-Config or IKEv2 Config Payloads (if enabled they can't be handled by other
-plugins, like resolve)
-.TP
-.BR charon.plugins.whitelist.enable " [yes]"
-Enable loaded whitelist plugin
-.TP
-.BR charon.plugins.whitelist.socket " [unix://@piddir@/charon.wlst]"
-Socket provided by the whitelist plugin
-.TP
-.BR charon.plugins.xauth-eap.backend " [radius]"
-EAP plugin to be used as backend for XAuth credential verification
-.TP
-.BR charon.plugins.xauth-pam.pam_service " [login]"
-PAM service to be used for authentication
-.TP
-.BR charon.plugins.xauth-pam.trim_email " [yes]"
-If an email address is given as an XAuth username, trim it to just the
-username part.
-.SS libstrongswan section
-.TP
-.BR libstrongswan.cert_cache " [yes]"
-Whether relations in validated certificate chains should be cached in memory
-.TP
-.BR libstrongswan.crypto_test.bench " [no]"
-
-.TP
-.BR libstrongswan.crypto_test.bench_size " [1024]"
-
-.TP
-.BR libstrongswan.crypto_test.bench_time " [50]"
-
-.TP
-.BR libstrongswan.crypto_test.on_add " [no]"
-Test crypto algorithms during registration
-.TP
-.BR libstrongswan.crypto_test.on_create " [no]"
-Test crypto algorithms on each crypto primitive instantiation
-.TP
-.BR libstrongswan.crypto_test.required " [no]"
-Strictly require at least one test vector to enable an algorithm
-.TP
-.BR libstrongswan.crypto_test.rng_true " [no]"
-Whether to test RNG with TRUE quality; requires a lot of entropy
-.TP
-.BR libstrongswan.dh_exponent_ansi_x9_42 " [yes]"
-Use ANSI X9.42 DH exponent size or optimum size matched to cryptographical
-strength
-.TP
-.BR libstrongswan.ecp_x_coordinate_only " [yes]"
-Compliance with the errata for RFC 4753
-.TP
-.BR libstrongswan.host_resolver.max_threads " [3]"
-Maximum number of concurrent resolver threads (they are terminated if unused)
-.TP
-.BR libstrongswan.host_resolver.min_threads " [0]"
-Minimum number of resolver threads to keep around
-.TP
-.BR libstrongswan.integrity_test " [no]"
-Check daemon, libstrongswan and plugin integrity at startup
-.TP
-.BR libstrongswan.leak_detective.detailed " [yes]"
-Includes source file names and line numbers in leak detective output
-.TP
-.BR libstrongswan.leak_detective.usage_threshold " [10240]"
-Threshold in bytes for leaks to be reported (0 to report all)
-.TP
-.BR libstrongswan.leak_detective.usage_threshold_count " [0]"
-Threshold in number of allocations for leaks to be reported (0 to report all)
-.TP
-.BR libstrongswan.processor.priority_threads
-Subsection to configure the number of reserved threads per priority class
-see JOB PRIORITY MANAGEMENT
-.TP
-.BR libstrongswan.x509.enforce_critical " [yes]"
-Discard certificates with unsupported or unknown critical extensions
-.SS libstrongswan.plugins subsection
-.TP
-.BR libstrongswan.plugins.attr-sql.database
-Database URI for attr-sql plugin used by charon
-.TP
-.BR libstrongswan.plugins.attr-sql.lease_history " [yes]"
-Enable logging of SQL IP pool leases
-.TP
-.BR libstrongswan.plugins.gcrypt.quick_random " [no]"
-Use faster random numbers in gcrypt; for testing only, produces weak keys!
-.TP
-.BR libstrongswan.plugins.openssl.engine_id " [pkcs11]"
-ENGINE ID to use in the OpenSSL plugin
-.TP
-.BR libstrongswan.plugins.openssl.fips_mode " [0]"
-Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2)
-.TP
-.BR libstrongswan.plugins.pkcs11.modules
-List of available PKCS#11 modules
-.TP
-.BR libstrongswan.plugins.pkcs11.load_certs " [yes]"
-Whether to load certificates from tokens
-.TP
-.BR libstrongswan.plugins.pkcs11.reload_certs " [no]"
-Reload certificates from all tokens if charon receives a SIGHUP
-.TP
-.BR libstrongswan.plugins.pkcs11.use_dh " [no]"
-Whether the PKCS#11 modules should be used for DH and ECDH (see use_ecc option)
-.TP
-.BR libstrongswan.plugins.pkcs11.use_ecc " [no]"
-Whether the PKCS#11 modules should be used for ECDH and ECDSA public key
-operations. ECDSA private keys can be used regardless of this option
-.TP
-.BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
-Whether the PKCS#11 modules should be used to hash data
-.TP
-.BR libstrongswan.plugins.pkcs11.use_pubkey " [no]"
-Whether the PKCS#11 modules should be used for public key operations, even for
-keys not stored on tokens
-.TP
-.BR libstrongswan.plugins.pkcs11.use_rng " [no]"
-Whether the PKCS#11 modules should be used as RNG
-.TP
-.BR libstrongswan.plugins.random.random " [@random_device@]"
-File to read random bytes from, instead of @random_device@
-.TP
-.BR libstrongswan.plugins.random.urandom " [@urandom_device@]"
-File to read pseudo random bytes from, instead of @urandom_device@
-.TP
-.BR libstrongswan.plugins.unbound.resolv_conf " [/etc/resolv.conf]"
-File to read DNS resolver configuration from
-.TP
-.BR libstrongswan.plugins.unbound.trust_anchors " [/etc/ipsec.d/dnssec.keys]"
-File to read DNSSEC trust anchors from (usually root zone KSK). The format of
-the file is the standard DNS Zone file format, anchors can be stored as DS or
-DNSKEY entries in the file.
-.TP
-.BR libstrongswan.plugins.unbound.dlv_anchors
-File to read trusted keys for DLV (DNSSEC Lookaside Validation) from. It uses
-the same format as \fItrust_anchors\fR. Only one DLV can be configured, which
-is then used as a root trusted DLV, this means that it is a lookaside for
-the root.
-.SS libtls section
-.TP
-.BR libtls.cipher
-List of TLS encryption ciphers
-.TP
-.BR libtls.key_exchange
-List of TLS key exchange methods
-.TP
-.BR libtls.mac
-List of TLS MAC algorithms
-.TP
-.BR libtls.suites
-List of TLS cipher suites
-.SS libtnccs section
-.TP
-.BR libtnccs.tnc_config " [/etc/tnc_config]"
-TNC IMC/IMV configuration directory
-.PP
-.SS libtnccs plugins section
-.TP
-.BR libtnccs.plugins.tnccs-11.max_message_size " [45000]"
-Maximum size of a PA-TNC message (XML & Base64 encoding)
-.TP
-.BR libtnccs.plugins.tnccs-20.max_batch_size " [65522]"
-Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529)
-.TP
-.BR libtnccs.plugins.tnccs-20.max_message_size " [65490]"
-Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497)
-.TP
-.BR libtnccs.plugins.tnc-imc.dlclose " [yes]"
-Unload IMC after use
-.TP
-.BR libtnccs.plugins.tnc-imc.preferred_language " [en]"
-Preferred language for TNC recommendations
-.TP
-.BR libtnccs.plugins.tnc-imv.dlclose " [yes]"
-Unload IMV after use
-.SS libimcv section
-.TP
-.BR libimcv.assessment_result " [yes]"
-Whether IMVs send a standard IETF Assessment Result attribute
-.TP
-.BR libimcv.database
-Global IMV policy database URI
-.TP
-.BR libimcv.debug_level " [1]"
-Debug level for a stand-alone libimcv library
-.TP
-.BR libimcv.load " [random nonce gmp pubkey x509]"
-Plugins to load in IMC/IMVs
-.TP
-.BR libimcv.os_info.name
-Manually set the name of the client OS (e.g. Ubuntu)
-.TP
-.BR libimcv.os_info.version
-Manually set the version of the client OS (e.g. 12.04 i686)
-.TP
-.BR libimcv.policy_script " [ipsec _imv_policy]"
-Script called for each TNC connection to generate IMV policies
-.TP
-.BR libimcv.stderr_quiet " [no]"
-isable output to stderr with a stand-alone libimcv library
-.PP
-.SS libimcv plugins section
-.TP
-.BR libimcv.plugins.imc-attestation.aik_blob
-AIK encrypted private key blob file
-.TP
-.BR libimcv.plugins.imc-attestation.aik_cert
-AIK certificate file
-.TP
-.BR libimcv.plugins.imc-attestation.aik_key
-AIK public key file
-.TP
-.BR libimcv.plugins.imv-attestation.nonce_len " [20]"
-DH nonce length
-.TP
-.BR libimcv.plugins.imv-attestation.use_quote2 " [yes]"
-Use Quote2 AIK signature instead of Quote signature
-.TP
-.BR libimcv.plugins.imv-attestation.cadir
-Path to directory with AIK cacerts
-.TP
-.BR libimcv.plugins.imv-attestation.dh_group " [ecp256]"
-Preferred Diffie-Hellman group
-.TP
-.BR libimcv.plugins.imv-attestation.hash_algorithm " [sha256]"
-Preferred measurement hash algorithm
-.TP
-.BR libimcv.plugins.imv-attestation.min_nonce_len " [0]"
-DH minimum nonce length
-.TP
-.BR libimcv.plugins.imv-attestation.remediation_uri
-URI pointing to attestation remediation instructions
-.TP
-.BR libimcv.plugins.imc-os.push_info " [yes]"
-Send operating system info without being prompted
-.TP
-.BR libimcv.plugins.imv-os.remediation_uri
-URI pointing to operating system remediation instructions
-.TP
-.BR libimcv.plugins.imc-scanner.push_info " [yes]"
-Send open listening ports without being prompted
-.TP
-.BR libimcv.plugins.imv-scanner.remediation_uri
-URI pointing to scanner remediation instructions
-.TP
-.BR libimcv.plugins.imc-swid.swid_directory " [@prefix@/share]"
-Directory where SWID tags are located
-.TP
-.BR libimcv.plugins.imc-test.additional_ids " [0]"
-Number of additional IMC IDs
-.TP
-.BR libimcv.plugins.imc-test.command " [none]"
-Command to be sent to the Test IMV
-.TP
-.BR libimcv.plugins.imc-test.dummy_size " [0]"
-Size of dummy attribute to be sent to the Test IMV (0 = disabled)
-.TP
-.BR libimcv.plugins.imv-test.remediation_uri
-URI pointing to test remediation instructions
-.TP
-.BR libimcv.plugins.imc-test.retry " [no]"
-Do a handshake retry
-.TP
-.BR libimcv.plugins.imc-test.retry_command
-Command to be sent to the Test IMV in the handshake retry
-.TP
-.BR libimcv.plugins.imv-test.rounds " [0]"
-Number of IMC-IMV retry rounds
-.SS manager section
-.TP
-.BR manager.database
-Credential database URI for manager
-.TP
-.BR manager.debug " [no]"
-Enable debugging in manager
-.TP
-.BR manager.load
-Plugins to load in manager
-.TP
-.BR manager.socket
-FastCGI socket of manager, to run it statically
-.TP
-.BR manager.threads " [10]"
-Threads to use for request handling
-.TP
-.BR manager.timeout " [15m]"
-Session timeout for manager
-.SS mediation client section
-.TP
-.BR medcli.database
-Mediation client database URI
-.TP
-.BR medcli.dpd " [5m]"
-DPD timeout to use in mediation client plugin
-.TP
-.BR medcli.rekey " [20m]"
-Rekeying time on mediation connections in mediation client plugin
-.SS mediation server section
-.TP
-.BR medsrv.database
-Mediation server database URI
-.TP
-.BR medsrv.debug " [no]"
-Debugging in mediation server web application
-.TP
-.BR medsrv.dpd " [5m]"
-DPD timeout to use in mediation server plugin
-.TP
-.BR medsrv.load
-Plugins to load in mediation server plugin
-.TP
-.BR medsrv.password_length " [6]"
-Minimum password length required for mediation server user accounts
-.TP
-.BR medsrv.rekey " [20m]"
-Rekeying time on mediation connections in mediation server plugin
-.TP
-.BR medsrv.socket
-Run Mediation server web application statically on socket
-.TP
-.BR medsrv.threads " [5]"
-Number of thread for mediation service web application
-.TP
-.BR medsrv.timeout " [15m]"
-Session timeout for mediation service
-.SS openac section
-.TP
-.BR openac.load
-Plugins to load in ipsec openac tool
-.SS pacman section
-.TP
-.BR pacman.database
-Database URI for the database that stores the package information
-.SS pki section
-.TP
-.BR pki.load
-Plugins to load in ipsec pki tool
-.SS pool section
-.TP
-.BR pool.load
-Plugins to load in ipsec pool tool
-.SS pt-tls-client section
-.TP
-.BR pt-tls-client.load
-Plugins to load in ipsec pt-tls-client tool
-.SS scepclient section
-.TP
-.BR scepclient.load
-Plugins to load in ipsec scepclient tool
-.SS starter section
-.TP
-.BR starter.load
-Plugins to load in starter
-.TP
-.BR starter.load_warning " [yes]"
-Disable charon plugin load option warning
-
-.SH LOGGER CONFIGURATION
-The options described below provide a much more flexible way to configure
-loggers for the IKEv2 daemon charon than using the
-.B charondebug
-option in
-.BR ipsec.conf (5).
-.PP
-.B Please note
-that if any loggers are specified in strongswan.conf,
-.B charondebug
-does not have any effect.
-.PP
-There are currently two types of loggers defined:
-.TP
-.B File loggers
-Log directly to a file and are defined by specifying the full path to the
-file as subsection in the
-.B charon.filelog
-section. To log to the console the two special filenames
-.BR stdout " and " stderr
-can be used.
-.TP
-.B Syslog loggers
-Log into a syslog facility and are defined by specifying the facility to log to
-as the name of a subsection in the
-.B charon.syslog
-section. The following facilities are currently supported:
-.BR daemon " and " auth .
-.PP
-Multiple loggers can be defined for each type with different log verbosity for
-the different subsystems of the daemon.
-.SS Options
-.TP
-.BR charon.filelog.<filename>.default " [1]"
-.TQ
-.BR charon.syslog.<facility>.default
-Specifies the default loglevel to be used for subsystems for which no specific
-loglevel is defined.
-.TP
-.BR charon.filelog.<filename>.<subsystem> " [<default>]"
-.TQ
-.BR charon.syslog.<facility>.<subsystem>
-Specifies the loglevel for the given subsystem.
-.TP
-.BR charon.filelog.<filename>.append " [yes]"
-If this option is enabled log entries are appended to the existing file.
-.TP
-.BR charon.filelog.<filename>.flush_line " [no]"
-Enabling this option disables block buffering and enables line buffering.
-.TP
-.BR charon.filelog.<filename>.ike_name " [no]"
-.TQ
-.BR charon.syslog.<facility>.ike_name
-Prefix each log entry with the connection name and a unique numerical
-identifier for each IKE_SA.
-.TP
-.BR charon.filelog.<filename>.time_format
-Prefix each log entry with a timestamp. The option accepts a format string as
-passed to
-.BR strftime (3).
-.TP
-.BR charon.syslog.identifier
-Global identifier used for an
-.BR openlog (3)
-call, prepended to each log message by syslog. If not configured,
-.BR openlog (3)
-is not called, so the value will depend on system defaults (often the program
-name).
-
-.SS Subsystems
-.TP
-.B dmn
-Main daemon setup/cleanup/signal handling
-.TP
-.B mgr
-IKE_SA manager, handling synchronization for IKE_SA access
-.TP
-.B ike
-IKE_SA
-.TP
-.B chd
-CHILD_SA
-.TP
-.B job
-Jobs queueing/processing and thread pool management
-.TP
-.B cfg
-Configuration management and plugins
-.TP
-.B knl
-IPsec/Networking kernel interface
-.TP
-.B net
-IKE network communication
-.TP
-.B asn
-Low-level encoding/decoding (ASN.1, X.509 etc.)
-.TP
-.B enc
-Packet encoding/decoding encryption/decryption operations
-.TP
-.B tls
-libtls library messages
-.TP
-.B esp
-libipsec library messages
-.TP
-.B lib
-libstrongwan library messages
-.TP
-.B tnc
-Trusted Network Connect
-.TP
-.B imc
-Integrity Measurement Collector
-.TP
-.B imv
-Integrity Measurement Verifier
-.TP
-.B pts
-Platform Trust Service
-.SS Loglevels
-.TP
-.B -1
-Absolutely silent
-.TP
-.B 0
-Very basic auditing logs, (e.g. SA up/SA down)
-.TP
-.B 1
-Generic control flow with errors, a good default to see whats going on
-.TP
-.B 2
-More detailed debugging control flow
-.TP
-.B 3
-Including RAW data dumps in Hex
-.TP
-.B 4
-Also include sensitive material in dumps, e.g. keys
-.SS Example
-.PP
-.EX
- charon {
- filelog {
- /var/log/charon.log {
- time_format = %b %e %T
- append = no
- default = 1
- }
- stderr {
- ike = 2
- knl = 3
- ike_name = yes
- }
- }
- syslog {
- # enable logging to LOG_DAEMON, use defaults
- daemon {
- }
- # minimalistic IKE auditing logging to LOG_AUTHPRIV
- auth {
- default = -1
- ike = 0
- }
- }
- }
-.EE
-
-.SH JOB PRIORITY MANAGEMENT
-Some operations in the IKEv2 daemon charon are currently implemented
-synchronously and blocking. Two examples for such operations are communication
-with a RADIUS server via EAP-RADIUS, or fetching CRL/OCSP information during
-certificate chain verification. Under high load conditions, the thread pool may
-run out of available threads, and some more important jobs, such as liveness
-checking, may not get executed in time.
-.PP
-To prevent thread starvation in such situations job priorities were introduced.
-The job processor will reserve some threads for higher priority jobs, these
-threads are not available for lower priority, locking jobs.
-.SS Implementation
-Currently 4 priorities have been defined, and they are used in charon as
-follows:
-.TP
-.B CRITICAL
-Priority for long-running dispatcher jobs.
-.TP
-.B HIGH
-INFORMATIONAL exchanges, as used by liveness checking (DPD).
-.TP
-.B MEDIUM
-Everything not HIGH/LOW, including IKE_SA_INIT processing.
-.TP
-.B LOW
-IKE_AUTH message processing. RADIUS and CRL fetching block here
-.PP
-Although IKE_SA_INIT processing is computationally expensive, it is explicitly
-assigned to the MEDIUM class. This allows charon to do the DH exchange while
-other threads are blocked in IKE_AUTH. To prevent the daemon from accepting more
-IKE_SA_INIT requests than it can handle, use IKE_SA_INIT DROPPING.
-.PP
-The thread pool processes jobs strictly by priority, meaning it will consume all
-higher priority jobs before looking for ones with lower priority. Further, it
-reserves threads for certain priorities. A priority class having reserved
-.I n
-threads will always have
-.I n
-threads available for this class (either currently processing a job, or waiting
-for one).
-.SS Configuration
-To ensure that there are always enough threads available for higher priority
-tasks, threads must be reserved for each priority class.
-.TP
-.BR libstrongswan.processor.priority_threads.critical " [0]"
-Threads reserved for CRITICAL priority class jobs
-.TP
-.BR libstrongswan.processor.priority_threads.high " [0]"
-Threads reserved for HIGH priority class jobs
-.TP
-.BR libstrongswan.processor.priority_threads.medium " [0]"
-Threads reserved for MEDIUM priority class jobs
-.TP
-.BR libstrongswan.processor.priority_threads.low " [0]"
-Threads reserved for LOW priority class jobs
-.PP
-Let's consider the following configuration:
-.PP
-.EX
- libstrongswan {
- processor {
- priority_threads {
- high = 1
- medium = 4
- }
- }
- }
-.EE
-.PP
-With this configuration, one thread is reserved for HIGH priority tasks. As
-currently only liveness checking and stroke message processing is done with
-high priority, one or two threads should be sufficient.
-.PP
-The MEDIUM class mostly processes non-blocking jobs. Unless your setup is
-experiencing many blocks in locks while accessing shared resources, threads for
-one or two times the number of CPU cores is fine.
-.PP
-It is usually not required to reserve threads for CRITICAL jobs. Jobs in this
-class rarely return and do not release their thread to the pool.
-.PP
-The remaining threads are available for LOW priority jobs. Reserving threads
-does not make sense (until we have an even lower priority).
-.SS Monitoring
-To see what the threads are actually doing, invoke
-.IR "ipsec statusall" .
-Under high load, something like this will show up:
-.PP
-.EX
- worker threads: 2 or 32 idle, 5/1/2/22 working,
- job queue: 0/0/1/149, scheduled: 198
-.EE
-.PP
-From 32 worker threads,
-.IP 2
-are currently idle.
-.IP 5
-are running CRITICAL priority jobs (dispatching from sockets, etc.).
-.IP 1
-is currently handling a HIGH priority job. This is actually the thread currently
-providing this information via stroke.
-.IP 2
-are handling MEDIUM priority jobs, likely IKE_SA_INIT or CREATE_CHILD_SA
-messages.
-.IP 22
-are handling LOW priority jobs, probably waiting for an EAP-RADIUS response
-while processing IKE_AUTH messages.
-.PP
-The job queue load shows how many jobs are queued for each priority, ready for
-execution. The single MEDIUM priority job will get executed immediately, as
-we have two spare threads reserved for MEDIUM class jobs.
-
-.SH IKE_SA_INIT DROPPING
-If a responder receives more connection requests per seconds than it can handle,
-it does not make sense to accept more IKE_SA_INIT messages. And if they are
-queued but can't get processed in time, an answer might be sent after the
-client has already given up and restarted its connection setup. This
-additionally increases the load on the responder.
-.PP
-To limit the responder load resulting from new connection attempts, the daemon
-can drop IKE_SA_INIT messages just after reception. There are two mechanisms to
-decide if this should happen, configured with the following options:
-.TP
-.BR charon.init_limit_half_open " [0]"
-Limit based on the number of half open IKE_SAs. Half open IKE_SAs are SAs in
-connecting state, but not yet established.
-.TP
-.BR charon.init_limit_job_load " [0]"
-Limit based on the number of jobs currently queued for processing (sum over all
-job priorities).
-.PP
-The second limit includes load from other jobs, such as rekeying. Choosing a
-good value is difficult and depends on the hardware and expected load.
-.PP
-The first limit is simpler to calculate, but includes the load from new
-connections only. If your responder is capable of negotiating 100 tunnels/s, you
-might set this limit to 1000. The daemon will then drop new connection attempts
-if generating a response would require more than 10 seconds. If you are
-allowing for a maximum response time of more than 30 seconds, consider adjusting
-the timeout for connecting IKE_SAs
-.RB ( charon.half_open_timeout ).
-A responder, by default, deletes an IKE_SA if the initiator does not establish
-it within 30 seconds. Under high load, a higher value might be required.
-
-.SH LOAD TESTS
-To do stability testing and performance optimizations, the IKEv2 daemon charon
-provides the load-tester plugin. This plugin allows one to setup thousands of
-tunnels concurrently against the daemon itself or a remote host.
-.PP
-.B WARNING:
-Never enable the load-testing plugin on productive systems. It provides
-preconfigured credentials and allows an attacker to authenticate as any user.
-.SS Options
-.TP
-.BR charon.plugins.load-tester.addrs
-Subsection that contains key/value pairs with address pools (in CIDR notation)
-to use for a specific network interface e.g. eth0 = 10.10.0.0/16
-.TP
-.BR charon.plugins.load-tester.addrs_keep " [no]"
-Whether to keep dynamic addresses even after the associated SA got terminated
-.TP
-.BR charon.plugins.load-tester.addrs_prefix " [16]"
-Network prefix length to use when installing dynamic addresses. If set to -1 the
-full address is used (i.e. 32 or 128)
-.TP
-.BR charon.plugins.load-tester.ca_dir
-Directory to load (intermediate) CA certificates from
-.TP
-.BR charon.plugins.load-tester.child_rekey " [600]"
-Seconds to start CHILD_SA rekeying after setup
-.TP
-.BR charon.plugins.load-tester.delay " [0]"
-Delay between initiatons for each thread
-.TP
-.BR charon.plugins.load-tester.delete_after_established " [no]"
-Delete an IKE_SA as soon as it has been established
-.TP
-.BR charon.plugins.load-tester.digest " [sha1]"
-Digest algorithm used when issuing certificates
-.TP
-.BR charon.plugins.load-tester.dpd_delay " [0]"
-DPD delay to use in load test
-.TP
-.BR charon.plugins.load-tester.dynamic_port " [0]"
-Base port to be used for requests (each client uses a different port)
-.TP
-.BR charon.plugins.load-tester.eap_password " [default-pwd]"
-EAP secret to use in load test
-.TP
-.BR charon.plugins.load-tester.enable " [no]"
-Enable the load testing plugin
-.TP
-.BR charon.plugins.load-tester.esp " [aes128-sha1]"
-CHILD_SA proposal to use for load tests
-.TP
-.BR charon.plugins.load-tester.fake_kernel " [no]"
-Fake the kernel interface to allow load-testing against self
-.TP
-.BR charon.plugins.load-tester.ike_rekey " [0]"
-Seconds to start IKE_SA rekeying after setup
-.TP
-.BR charon.plugins.load-tester.init_limit " [0]"
-Global limit of concurrently established SAs during load test
-.TP
-.BR charon.plugins.load-tester.initiator " [0.0.0.0]"
-Address to initiate from
-.TP
-.BR charon.plugins.load-tester.initiators " [0]"
-Number of concurrent initiator threads to use in load test
-.TP
-.BR charon.plugins.load-tester.initiator_auth " [pubkey]"
-Authentication method(s) the intiator uses
-.TP
-.BR charon.plugins.load-tester.initiator_id
-Initiator ID used in load test
-.TP
-.BR charon.plugins.load-tester.initiator_match
-Initiator ID to match against as responder
-.TP
-.BR charon.plugins.load-tester.initiator_tsi
-Traffic selector on initiator side, as proposed by initiator
-.TP
-.BR charon.plugins.load-tester.initiator_tsr
-Traffic selector on responder side, as proposed by initiator
-.TP
-.BR charon.plugins.load-tester.iterations " [1]"
-Number of IKE_SAs to initiate by each initiator in load test
-.TP
-.BR charon.plugins.load-tester.issuer_cert
-Path to the issuer certificate (if not configured a hard-coded value is used)
-.TP
-.BR charon.plugins.load-tester.issuer_key
-Path to private key that is used to issue certificates (if not configured a
-hard-coded value is used)
-.TP
-.BR charon.plugins.load-tester.mode " [tunnel]"
-IPsec mode to use, one of \fBtunnel\fR, \fBtransport\fR, or \fBbeet\fR.
-.TP
-.BR charon.plugins.load-tester.pool
-Provide INTERNAL_IPV4_ADDRs from a named pool
-.TP
-.BR charon.plugins.load-tester.preshared_key " [default-psk]"
-Preshared key to use in load test
-.TP
-.BR charon.plugins.load-tester.proposal " [aes128-sha1-modp768]"
-IKE proposal to use in load test
-.TP
-.BR charon.plugins.load-tester.responder " [127.0.0.1]"
-Address to initiation connections to
-.TP
-.BR charon.plugins.load-tester.responder_auth " [pubkey]"
-Authentication method(s) the responder uses
-.TP
-.BR charon.plugins.load-tester.responder_id
-Responder ID used in load test
-.TP
-.BR charon.plugins.load-tester.responder_tsi " [initiator_tsi]"
-Traffic selector on initiator side, as narrowed by responder
-.TP
-.BR charon.plugins.load-tester.responder_tsr " [initiator_tsr]"
-Traffic selector on responder side, as narrowed by responder
-.TP
-.BR charon.plugins.load-tester.request_virtual_ip " [no]"
-Request an INTERNAL_IPV4_ADDR from the server
-.TP
-.BR charon.plugins.load-tester.shutdown_when_complete " [no]"
-Shutdown the daemon after all IKE_SAs have been established
-.TP
-.BR charon.plugins.load-tester.socket " [unix://@piddir@/charon.ldt]"
-Socket provided by the load-tester plugin
-.TP
-.BR charon.plugins.load-tester.version " [0]"
-IKE version to use (0 means use IKEv2 as initiator and accept any version as
-responder)
-.PP
-.SS Configuration details
-For public key authentication, the responder uses the
-.B \(dqCN=srv, OU=load-test, O=strongSwan\(dq
-identity. For the initiator, each connection attempt uses a different identity
-in the form
-.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
-authentication round (if multiple authentication is used).
-.PP
-For PSK authentication, FQDN identities are used. The server uses
-.BR srv.strongswan.org ,
-the client uses an identity in the form
-.BR c1-r1.strongswan.org .
-.PP
-For EAP authentication, the client uses a NAI in the form
-.BR 100000000010001 at strongswan.org .
-.PP
-To configure multiple authentication, concatenate multiple methods using, e.g.
-.EX
- initiator_auth = pubkey|psk|eap-md5|eap-aka
-.EE
-.PP
-The responder uses a hardcoded certificate based on a 1024-bit RSA key.
-This certificate additionally serves as CA certificate. A peer uses the same
-private key, but generates client certificates on demand signed by the CA
-certificate. Install the Responder/CA certificate on the remote host to
-authenticate all clients.
-.PP
-To speed up testing, the load tester plugin implements a special Diffie-Hellman
-implementation called modpnull. By setting
-.EX
- proposal = aes128-sha1-modpnull
-.EE
-this wicked fast DH implementation is used. It does not provide any security
-at all, but allows one to run tests without DH calculation overhead.
-.SS Examples
-.PP
-In the simplest case, the daemon initiates IKE_SAs against itself using the
-loopback interface. This will actually establish double the number of IKE_SAs,
-as the daemon is initiator and responder for each IKE_SA at the same time.
-Installation of IPsec SAs would fails, as each SA gets installed twice. To
-simulate the correct behavior, a fake kernel interface can be enabled which does
-not install the IPsec SAs at the kernel level.
-.PP
-A simple loopback configuration might look like this:
-.PP
-.EX
- charon {
- # create new IKE_SAs for each CHILD_SA to simulate
- # different clients
- reuse_ikesa = no
- # turn off denial of service protection
- dos_protection = no
-
- plugins {
- load-tester {
- # enable the plugin
- enable = yes
- # use 4 threads to initiate connections
- # simultaneously
- initiators = 4
- # each thread initiates 1000 connections
- iterations = 1000
- # delay each initiation in each thread by 20ms
- delay = 20
- # enable the fake kernel interface to
- # avoid SA conflicts
- fake_kernel = yes
- }
- }
- }
-.EE
-.PP
-This will initiate 4000 IKE_SAs within 20 seconds. You may increase the delay
-value if your box can not handle that much load, or decrease it to put more
-load on it. If the daemon starts retransmitting messages your box probably can
-not handle all connection attempts.
-.PP
-The plugin also allows one to test against a remote host. This might help to
-test against a real world configuration. A connection setup to do stress
-testing of a gateway might look like this:
-.PP
-.EX
- charon {
- reuse_ikesa = no
- threads = 32
-
- plugins {
- load-tester {
- enable = yes
- # 10000 connections, ten in parallel
- initiators = 10
- iterations = 1000
- # use a delay of 100ms, overall time is:
- # iterations * delay = 100s
- delay = 100
- # address of the gateway
- remote = 1.2.3.4
- # IKE-proposal to use
- proposal = aes128-sha1-modp1024
- # use faster PSK authentication instead
- # of 1024bit RSA
- initiator_auth = psk
- responder_auth = psk
- # request a virtual IP using configuration
- # payloads
- request_virtual_ip = yes
- # enable CHILD_SA every 60s
- child_rekey = 60
- }
- }
- }
-.EE
-
-.SH IKEv2 RETRANSMISSION
-Retransmission timeouts in the IKEv2 daemon charon can be configured globally
-using the three keys listed below:
-.PP
-.RS
-.nf
-.BR charon.retransmit_base " [1.8]"
-.BR charon.retransmit_timeout " [4.0]"
-.BR charon.retransmit_tries " [5]"
-.fi
-.RE
-.PP
-The following algorithm is used to calculate the timeout:
-.PP
-.EX
- relative timeout = retransmit_timeout * retransmit_base ^ (n-1)
-.EE
-.PP
-Where
-.I n
-is the current retransmission count.
-.PP
-Using the default values, packets are retransmitted in:
-
-.TS
-l r r
----
-lB r r.
-Retransmission Relative Timeout Absolute Timeout
-1 4s 4s
-2 7s 11s
-3 13s 24s
-4 23s 47s
-5 42s 89s
-giving up 76s 165s
-.TE
-
-.SH FILES
-/etc/strongswan.conf
-
-.SH SEE ALSO
-\fBipsec.conf\fR(5), \fBipsec.secrets\fR(5), \fBipsec\fR(8), \fBcharon-cmd\fR(8)
-
-.SH HISTORY
-Written for the
-.UR http://www.strongswan.org
-strongSwan project
-.UE
-by Tobias Brunner, Andreas Steffen and Martin Willi.
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 08a7260..40001f8 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -264,8 +264,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -333,6 +331,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -421,12 +424,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -441,6 +448,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/scripts/aes-test.c b/scripts/aes-test.c
index ddf4a5d..eb94180 100644
--- a/scripts/aes-test.c
+++ b/scripts/aes-test.c
@@ -167,7 +167,7 @@ static bool get_next_test_vector(test_vector_t *test)
while (fgets(line, sizeof(line), ctx.in))
{
enumerator_t *enumerator;
- chunk_t value;
+ chunk_t value = chunk_empty;
char *token;
int i;
@@ -556,7 +556,7 @@ int main(int argc, char *argv[])
ctx.in = stdin;
ctx.out = stdout;
- library_init(NULL);
+ library_init(NULL, "aes-test");
atexit(library_deinit);
while (true)
diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c
index 8101f9c..729472e 100644
--- a/scripts/crypt_burn.c
+++ b/scripts/crypt_burn.c
@@ -26,7 +26,7 @@ int main(int argc, char *argv[])
int i = 0, limit = 0;
- library_init(NULL);
+ library_init(NULL, "crypt_burn");
lib->plugins->load(lib->plugins, PLUGINS);
atexit(library_deinit);
diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c
index dc0a287..8a782d8 100644
--- a/scripts/dh_speed.c
+++ b/scripts/dh_speed.c
@@ -118,7 +118,7 @@ int main(int argc, char *argv[])
usage();
}
- library_init(NULL);
+ library_init(NULL, "dh_speed");
lib->plugins->load(lib->plugins, argv[1]);
atexit(library_deinit);
diff --git a/scripts/dnssec.c b/scripts/dnssec.c
index 0cddfc4..9d35c7c 100644
--- a/scripts/dnssec.c
+++ b/scripts/dnssec.c
@@ -45,7 +45,7 @@ int main(int argc, char *argv[])
rr_set_t *rrset;
rr_t *rr;
- library_init(NULL);
+ library_init(NULL, "dnssec");
atexit(library_deinit);
dbg = dbg_dnssec;
diff --git a/scripts/fetch.c b/scripts/fetch.c
index f58b37f..a7d98c9 100644
--- a/scripts/fetch.c
+++ b/scripts/fetch.c
@@ -35,7 +35,7 @@ int main(int argc, char *argv[])
{
chunk_t res;
- library_init(NULL);
+ library_init(NULL, "fetch");
atexit(library_deinit);
lib->plugins->load(lib->plugins, PLUGINS);
diff --git a/scripts/hash_burn.c b/scripts/hash_burn.c
index 20e5642..97eab0d 100644
--- a/scripts/hash_burn.c
+++ b/scripts/hash_burn.c
@@ -25,7 +25,7 @@ int main(int argc, char *argv[])
char buffer[1024];
int limit = 0, i = 0;
- library_init(NULL);
+ library_init(NULL, "hash_burn");
lib->plugins->load(lib->plugins, PLUGINS);
atexit(library_deinit);
diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c
index 31f3bee..e9a4ee6 100644
--- a/scripts/key2keyid.c
+++ b/scripts/key2keyid.c
@@ -30,7 +30,7 @@ int main(int argc, char *argv[])
char buf[8096];
int read;
- library_init(NULL);
+ library_init(NULL, "key2keyid");
lib->plugins->load(lib->plugins, PLUGINS);
atexit(library_deinit);
diff --git a/scripts/keyid2sql.c b/scripts/keyid2sql.c
index 6e9a133..4625789 100644
--- a/scripts/keyid2sql.c
+++ b/scripts/keyid2sql.c
@@ -30,7 +30,7 @@ int main(int argc, char *argv[])
char buf[8096];
int read, n;
- library_init(NULL);
+ library_init(NULL, "keyid2sql");
lib->plugins->load(lib->plugins, PLUGINS);
atexit(library_deinit);
diff --git a/scripts/malloc_speed.c b/scripts/malloc_speed.c
index 85d51a2..2038098 100644
--- a/scripts/malloc_speed.c
+++ b/scripts/malloc_speed.c
@@ -58,7 +58,7 @@ int main(int argc, char *argv[])
int sizes[16] = { 1, 13, 100, 1000, 16, 10000, 50, 17,
123, 32, 8, 64, 8096, 1024, 123, 9 };
- library_init(NULL);
+ library_init(NULL, "malloc_speed");
atexit(library_deinit);
print_mallinfo();
diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c
index f7e7516..66279ad 100644
--- a/scripts/pubkey_speed.c
+++ b/scripts/pubkey_speed.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
usage();
}
- library_init(NULL);
+ library_init(NULL, "pubkey_speed");
lib->plugins->load(lib->plugins, argv[1]);
atexit(library_deinit);
diff --git a/scripts/tls_test.c b/scripts/tls_test.c
index e1e8ca8..7ec477a 100644
--- a/scripts/tls_test.c
+++ b/scripts/tls_test.c
@@ -251,7 +251,7 @@ static void cleanup()
*/
static void init()
{
- library_init(NULL);
+ library_init(NULL, "tls_test");
dbg = dbg_tls;
diff --git a/src/Makefile.am b/src/Makefile.am
index 218c943..7d11893 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -96,12 +96,12 @@ if USE_MEDSRV
SUBDIRS += medsrv
endif
-if USE_INTEGRITY_TEST
- SUBDIRS += checksum
-endif
-
if USE_ATTR_SQL
SUBDIRS += pool
+else
+if USE_SQL
+ SUBDIRS += pool
+endif
endif
if USE_TKM
@@ -116,8 +116,6 @@ if USE_LIBPTTLS
SUBDIRS += pt-tls-client
endif
-EXTRA_DIST = strongswan.conf
-
-install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
+if USE_INTEGRITY_TEST
+ SUBDIRS += checksum
+endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 42dfba3..1c2a427 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -101,11 +101,12 @@ host_triplet = @host@
@USE_FAST_TRUE at am__append_22 = libfast
@USE_MANAGER_TRUE at am__append_23 = manager
@USE_MEDSRV_TRUE at am__append_24 = medsrv
- at USE_INTEGRITY_TEST_TRUE@am__append_25 = checksum
- at USE_ATTR_SQL_TRUE@am__append_26 = pool
+ at USE_ATTR_SQL_TRUE@am__append_25 = pool
+ at USE_ATTR_SQL_FALSE@@USE_SQL_TRUE at am__append_26 = pool
@USE_TKM_TRUE at am__append_27 = charon-tkm
@USE_CMD_TRUE at am__append_28 = charon-cmd
@USE_LIBPTTLS_TRUE at am__append_29 = pt-tls-client
+ at USE_INTEGRITY_TEST_TRUE@am__append_30 = checksum
subdir = src
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -183,8 +184,8 @@ DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \
libtls libradius libtncif libtnccs libpttls libimcv libpts \
libcharon starter ipsec _copyright charon charon-nm stroke \
_updown _updown_espmark openac scepclient pki conftest dumm \
- libfast manager medsrv checksum pool charon-tkm charon-cmd \
- pt-tls-client
+ libfast manager medsrv pool charon-tkm charon-cmd \
+ pt-tls-client checksum
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -225,8 +226,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +410,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -421,8 +430,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_19) $(am__append_20) $(am__append_21) \
$(am__append_22) $(am__append_23) $(am__append_24) \
$(am__append_25) $(am__append_26) $(am__append_27) \
- $(am__append_28) $(am__append_29)
-EXTRA_DIST = strongswan.conf
+ $(am__append_28) $(am__append_29) $(am__append_30)
all: all-recursive
.SUFFIXES:
@@ -678,7 +686,7 @@ install-dvi: install-dvi-recursive
install-dvi-am:
-install-exec-am: install-exec-local
+install-exec-am:
install-html: install-html-recursive
@@ -725,19 +733,14 @@ uninstall-am:
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-local \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs installdirs-am maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am
-
-
-install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags tags-am uninstall uninstall-am
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 8a57e13..0783f9e 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -184,8 +184,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -253,6 +251,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -341,12 +344,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -361,6 +368,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/_copyright/_copyright.c b/src/_copyright/_copyright.c
index b20b172..806f780 100644
--- a/src/_copyright/_copyright.c
+++ b/src/_copyright/_copyright.c
@@ -24,7 +24,7 @@
#include <library.h>
static const char *copyright[] = {
- "Copyright (C) 1999-2012",
+ "Copyright (C) 1999-2013",
" Henry Spencer, D. Hugh Redelmeier, Michael Richardson, Ken Bantoft,",
" Stephen J. Bevan, JuanJo Ciarlante, Thomas Egerer, Heiko Hund,",
" Mathieu Lafon, Stephane Laroche, Kai Martius, Stephan Scholz,",
@@ -36,10 +36,12 @@ static const char *copyright[] = {
" Roger Wegmann, Simon Zwahlen,",
" ZHW Zuercher Hochschule Winterthur (Switzerland).",
"",
- " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,",
- " Andreas Eigenmann, Giuliano Grassi, Reto Guadagnini, Fabian Hartmann,",
- " Noah Heusser, Jan Hutter, Thomas Kallenberg, Daniel Roethlisberger,",
- " Ralf Sager, Joel Stillhart, Daniel Wydler, Andreas Steffen,",
+ " Philip Boetschi, Tobias Brunner, Christoph Buehler, Reto Buerki,",
+ " Sansar Choinyambuu, Adrian Doerig, Andreas Eigenmann, Giuliano Grassi,",
+ " Reto Guadagnini, Fabian Hartmann, Noah Heusser, Jan Hutter,",
+ " Thomas Kallenberg, Patrick Loetscher, Daniel Roethlisberger,",
+ " Adrian-Ken Rueegsegger, Ralf Sager, Joel Stillhart, Daniel Wydler,",
+ " Andreas Steffen,",
" HSR Hochschule fuer Technik Rapperswil (Switzerland).",
"",
" Martin Willi (revosec AG), Clavister (Sweden).",
@@ -74,7 +76,7 @@ main(int argc, char *argv[])
const char **notice = copyright;
const char **co;
- library_init(NULL);
+ library_init(NULL, "_copyright");
atexit(library_deinit);
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 30f32b2..e770495 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index c68c23d..532bd24 100644
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -50,6 +50,9 @@
# PLUTO_PROTO
# is the negotiated IPsec protocol, ah|esp
#
+# PLUTO_IPCOMP
+# is not empty if IPComp was negotiated
+#
# PLUTO_UNIQUEID
# is the unique identifier of the associated IKE_SA
#
@@ -411,6 +414,14 @@ up-host:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IPIP traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -435,6 +446,13 @@ down-host:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IPIP exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -474,6 +492,15 @@ up-client:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IPIP traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -517,6 +544,13 @@ down-client:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IPIP exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index 42522f5..918bd6a 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index d484f64..62d6cd7 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-cmd/charon-cmd.8.in b/src/charon-cmd/charon-cmd.8.in
index 25d7069..a2d424e 100644
--- a/src/charon-cmd/charon-cmd.8.in
+++ b/src/charon-cmd/charon-cmd.8.in
@@ -116,6 +116,24 @@ address will always be proposed.
.BI "\-\-remote\-ts " subnet
Traffic selector to propose for remote side, defaults to 0.0.0.0/0.
.TP
+.BI "\-\-ike\-proposal " proposal
+IKE proposal to offer instead of default. For IKEv1, a single proposal consists
+of one encryption algorithm, an integrity/PRF algorithm and a DH group. IKEv2
+can propose multiple algorithms of the same kind. To specify multiple proposals,
+repeat the option.
+.TP
+.BI "\-\-esp\-proposal " proposal
+ESP proposal to offer instead of default. For IKEv1, a single proposal consists
+of one encryption algorithm, an integrity algorithm and an optional DH group for
+Perfect Forward Secrecy rekeying. IKEv2 can propose multiple algorithms of the
+same kind. To specify multiple proposals, repeat the option.
+.TP
+.BI "\-\-ah\-proposal " proposal
+AH proposal to offer instead of ESP. For IKEv1, a single proposal consists
+of an integrity algorithm and an optional DH group for Perfect Forward Secrecy
+rekeying. IKEv2 can propose multiple algorithms of the same kind. To specify
+multiple proposals, repeat the option.
+.TP
.BI "\-\-profile " name
Authentication profile to use, the list of supported profiles can be found
in the
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index 5f4787b..a70d314 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -322,7 +322,7 @@ int main(int argc, char *argv[])
dbg = dbg_stderr;
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon-cmd"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -334,12 +334,12 @@ int main(int argc, char *argv[])
}
}
atexit(libhydra_deinit);
- if (!libhydra_init("charon-cmd"))
+ if (!libhydra_init())
{
exit(SS_RC_INITIALIZATION_FAILED);
}
atexit(libcharon_deinit);
- if (!libcharon_init("charon-cmd"))
+ if (!libcharon_init())
{
exit(SS_RC_INITIALIZATION_FAILED);
}
@@ -389,6 +389,7 @@ int main(int argc, char *argv[])
sigaddset(&action.sa_mask, SIGINT);
sigaddset(&action.sa_mask, SIGTERM);
sigaddset(&action.sa_mask, SIGHUP);
+ sigaddset(&action.sa_mask, SIGUSR1);
sigaction(SIGSEGV, &action, NULL);
sigaction(SIGILL, &action, NULL);
sigaction(SIGBUS, &action, NULL);
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index 180e8da..ac085e1 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -87,6 +87,16 @@ struct private_cmd_connection_t {
linked_list_t *remote_ts;
/**
+ * List of IKE proposals
+ */
+ linked_list_t *ike_proposals;
+
+ /**
+ * List of CHILD proposals
+ */
+ linked_list_t *child_proposals;
+
+ /**
* Hostname to connect to
*/
char *host;
@@ -135,6 +145,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
ike_version_t version = IKE_ANY;
bool aggressive = FALSE;
+ proposal_t *proposal;
switch (this->profile)
{
@@ -165,7 +176,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
}
ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port,
this->host, remote_port, FRAGMENTATION_NO, 0);
- ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ if (this->ike_proposals->get_count(this->ike_proposals))
+ {
+ while (this->ike_proposals->remove_first(this->ike_proposals,
+ (void**)&proposal) == SUCCESS)
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+ }
+ else
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ }
peer_cfg = peer_cfg_create("cmd", ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
@@ -173,7 +195,6 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
TRUE, aggressive, TRUE, /* mobike, aggressive, pull */
30, 0, /* DPD delay, timeout */
FALSE, NULL, NULL); /* mediation */
- peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
return peer_cfg;
}
@@ -306,10 +327,13 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
/**
* Attach child config to peer config
*/
-static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
+static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
+ peer_cfg_t *peer_cfg)
{
child_cfg_t *child_cfg;
traffic_selector_t *ts;
+ proposal_t *proposal;
+ bool has_v4 = FALSE, has_v6 = FALSE;
lifetime_cfg_t lifetime = {
.time = {
.life = 10800 /* 3h */,
@@ -322,7 +346,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
0, 0, NULL, NULL, 0);
- child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ if (this->child_proposals->get_count(this->child_proposals))
+ {
+ while (this->child_proposals->remove_first(this->child_proposals,
+ (void**)&proposal) == SUCCESS)
+ {
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ }
+ else
+ {
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ }
while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
{
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
@@ -333,12 +368,31 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
"0.0.0.0", 0, "255.255.255.255", 65535);
this->remote_ts->insert_last(this->remote_ts, ts);
+ has_v4 = TRUE;
}
while (this->remote_ts->remove_first(this->remote_ts,
(void**)&ts) == SUCCESS)
{
+ switch (ts->get_type(ts))
+ {
+ case TS_IPV4_ADDR_RANGE:
+ has_v4 = TRUE;
+ break;
+ case TS_IPV6_ADDR_RANGE:
+ has_v6 = TRUE;
+ break;
+ }
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
}
+ if (has_v4)
+ {
+ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
+ }
+ if (has_v6)
+ {
+ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("::", 0));
+ }
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
return child_cfg;
}
@@ -374,8 +428,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
return JOB_REQUEUE_NONE;
}
- child_cfg = create_child_cfg(this);
- peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+ child_cfg = create_child_cfg(this, peer_cfg);
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
controller_cb_empty, NULL, 0) != SUCCESS)
@@ -421,6 +474,8 @@ static void set_profile(private_cmd_connection_t *this, char *name)
METHOD(cmd_connection_t, handle, bool,
private_cmd_connection_t *this, cmd_option_type_t opt, char *arg)
{
+ proposal_t *proposal;
+
switch (opt)
{
case CMD_OPT_HOST:
@@ -447,6 +502,30 @@ METHOD(cmd_connection_t, handle, bool,
case CMD_OPT_REMOTE_TS:
add_ts(this, this->remote_ts, arg);
break;
+ case CMD_OPT_IKE_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_IKE, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->ike_proposals->insert_last(this->ike_proposals, proposal);
+ break;
+ case CMD_OPT_ESP_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_ESP, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->child_proposals->insert_last(this->child_proposals, proposal);
+ break;
+ case CMD_OPT_AH_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_AH, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->child_proposals->insert_last(this->child_proposals, proposal);
+ break;
case CMD_OPT_PROFILE:
set_profile(this, arg);
break;
@@ -459,6 +538,10 @@ METHOD(cmd_connection_t, handle, bool,
METHOD(cmd_connection_t, destroy, void,
private_cmd_connection_t *this)
{
+ this->ike_proposals->destroy_offset(this->ike_proposals,
+ offsetof(proposal_t, destroy));
+ this->child_proposals->destroy_offset(this->child_proposals,
+ offsetof(proposal_t, destroy));
this->local_ts->destroy_offset(this->local_ts,
offsetof(traffic_selector_t, destroy));
this->remote_ts->destroy_offset(this->remote_ts,
@@ -481,6 +564,8 @@ cmd_connection_t *cmd_connection_create()
.pid = getpid(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
+ .ike_proposals = linked_list_create(),
+ .child_proposals = linked_list_create(),
.profile = PROF_UNDEF,
);
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index 597ccda..5428941 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -56,6 +56,12 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
"additional traffic selector to propose for our side", {}},
{ CMD_OPT_REMOTE_TS, "remote-ts", required_argument, "subnet",
"traffic selector to propose for remote side", {}},
+ { CMD_OPT_IKE_PROPOSAL, "ike-proposal", required_argument, "proposal",
+ "a single IKE proposal to offer instead of the default", {}},
+ { CMD_OPT_ESP_PROPOSAL, "esp-proposal", required_argument, "proposal",
+ "a single ESP proposal to offer instead of the default", {}},
+ { CMD_OPT_AH_PROPOSAL, "ah-proposal", required_argument, "proposal",
+ "a single AH proposal to offer instead of the default", {}},
{ CMD_OPT_PROFILE, "profile", required_argument, "name",
"authentication profile to use, where name is one of:", {
" ikev2-pub, ikev2-eap, ikev2-pub-eap",
diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h
index 6b8b04c..c7441e7 100644
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@@ -45,6 +45,9 @@ enum cmd_option_type_t {
CMD_OPT_AGENT,
CMD_OPT_LOCAL_TS,
CMD_OPT_REMOTE_TS,
+ CMD_OPT_IKE_PROPOSAL,
+ CMD_OPT_AH_PROPOSAL,
+ CMD_OPT_ESP_PROPOSAL,
CMD_OPT_PROFILE,
CMD_OPT_COUNT
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index c204c8c..955d153 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -192,8 +192,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -261,6 +259,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -349,12 +352,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -369,6 +376,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 9ce6dba..32cec36 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -161,7 +161,7 @@ int main(int argc, char *argv[])
dbg = dbg_syslog;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon-nm"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -175,7 +175,7 @@ int main(int argc, char *argv[])
exit(SS_RC_DAEMON_INTEGRITY);
}
- if (!libhydra_init("charon-nm"))
+ if (!libhydra_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
libhydra_deinit();
@@ -183,7 +183,7 @@ int main(int argc, char *argv[])
exit(SS_RC_INITIALIZATION_FAILED);
}
- if (!libcharon_init("charon-nm"))
+ if (!libcharon_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
goto deinit;
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index f474dad..ebebde2 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -22,10 +22,6 @@
#include <daemon.h>
#include <processing/jobs/callback_job.h>
-#ifndef CAP_DAC_OVERRIDE
-#define CAP_DAC_OVERRIDE 1
-#endif
-
typedef struct nm_backend_t nm_backend_t;
/**
@@ -143,14 +139,6 @@ static bool nm_backend_init()
return FALSE;
}
- /* bypass file permissions to read from users ssh-agent */
- if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE))
- {
- DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability");
- nm_backend_deinit();
- return FALSE;
- }
-
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index f373675..f0daff6 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -412,9 +412,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
loose_gateway_id = TRUE;
}
- if (auth_class == AUTH_CLASS_EAP)
+ if (auth_class == AUTH_CLASS_EAP ||
+ auth_class == AUTH_CLASS_PSK)
{
- /* username/password authentication ... */
+ /* username/password or PSK authentication ... */
str = nm_setting_vpn_get_data_item(vpn, "user");
if (str)
{
@@ -548,7 +549,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
auth->add(auth, AUTH_RULE_IDENTITY, user);
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ if (auth_class == AUTH_CLASS_PSK)
+ {
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+ }
+ else
+ {
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ }
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
@@ -623,7 +631,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
method = nm_setting_vpn_get_data_item(settings, "method");
if (method)
{
- if (streq(method, "eap"))
+ if (streq(method, "eap") || streq(method, "psk"))
{
if (nm_setting_vpn_get_secret(settings, "password"))
{
diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
index 0fef1f6..d2b81a3 100644
--- a/src/charon-tkm/Makefile.am
+++ b/src/charon-tkm/Makefile.am
@@ -1,26 +1,30 @@
-SRC = $(top_builddir)/src
+SRC = $(abs_top_srcdir)/src
+OBJ = $(abs_top_builddir)/src
-# includes relative to obj directory
AM_CPPFLAGS = \
- -include $(top_builddir)/config.h \
- -I../$(SRC)/libstrongswan \
- -I../$(SRC)/libhydra \
- -I../$(SRC)/libcharon
+ -include $(abs_top_builddir)/config.h \
+ -I$(SRC)/libstrongswan \
+ -I$(SRC)/libhydra \
+ -I$(SRC)/libcharon
LIBLD = \
- -L$(SRC)/libstrongswan/.libs \
- -L$(SRC)/libhydra/.libs \
- -L$(SRC)/libcharon/.libs
-LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs
+ -L$(OBJ)/libstrongswan/.libs \
+ -L$(OBJ)/libhydra/.libs \
+ -L$(OBJ)/libcharon/.libs
+LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs
LIBFL = -lstrongswan -lhydra -lcharon
DEFS += -DPLUGINS=\""$(PLUGINS)\"" -DIPSEC_PIDDIR=\"${piddir}\"
BUILD_OPTS = \
- -XOBJ_DIR=$(CURDIR)/obj \
+ -XOBJ_DIR=$(abs_builddir)/obj \
-cargs $(AM_CPPFLAGS) $(DEFS) \
-largs $(LIBLD) $(LIBFL)
+TEST_OPTS = \
+ -cargs -DBUILDDIR=\"${abs_top_builddir}\" \
+ -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest
+
# plugins to enable
PLUGINS = \
kernel-netlink \
@@ -35,15 +39,15 @@ build_charon: build_charon.gpr src/charon-tkm.c
@$(GPRBUILD) -p $< $(BUILD_OPTS)
build_tests: build_tests.gpr
- @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@
+ @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS)
+
+check-tkm: build_tests
+ @LD_LIBRARY_PATH=$(LIBPT) obj/tests
-if UNITTESTS
-check: build_tests
- @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner
-else
check:
- @echo "reconfigure with --enable-unit-tests"
-endif
+ @echo "TKM tests are not run automatically because they have to be run as root" >&2
+ @echo "and require a properly configured TKM daemon to be running." >&2
+ @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2
install: build_charon
$(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir)
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 5f878ac..15e654d 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -131,8 +131,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -318,27 +326,30 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-SRC = $(top_builddir)/src
-
-# includes relative to obj directory
+SRC = $(abs_top_srcdir)/src
+OBJ = $(abs_top_builddir)/src
AM_CPPFLAGS = \
- -include $(top_builddir)/config.h \
- -I../$(SRC)/libstrongswan \
- -I../$(SRC)/libhydra \
- -I../$(SRC)/libcharon
+ -include $(abs_top_builddir)/config.h \
+ -I$(SRC)/libstrongswan \
+ -I$(SRC)/libhydra \
+ -I$(SRC)/libcharon
LIBLD = \
- -L$(SRC)/libstrongswan/.libs \
- -L$(SRC)/libhydra/.libs \
- -L$(SRC)/libcharon/.libs
+ -L$(OBJ)/libstrongswan/.libs \
+ -L$(OBJ)/libhydra/.libs \
+ -L$(OBJ)/libcharon/.libs
-LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs
+LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs
LIBFL = -lstrongswan -lhydra -lcharon
BUILD_OPTS = \
- -XOBJ_DIR=$(CURDIR)/obj \
+ -XOBJ_DIR=$(abs_builddir)/obj \
-cargs $(AM_CPPFLAGS) $(DEFS) \
-largs $(LIBLD) $(LIBFL)
+TEST_OPTS = \
+ -cargs -DBUILDDIR=\"${abs_top_builddir}\" \
+ -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest
+
# plugins to enable
PLUGINS = \
@@ -543,12 +554,15 @@ build_charon: build_charon.gpr src/charon-tkm.c
@$(GPRBUILD) -p $< $(BUILD_OPTS)
build_tests: build_tests.gpr
- @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@
+ @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS)
+
+check-tkm: build_tests
+ @LD_LIBRARY_PATH=$(LIBPT) obj/tests
- at UNITTESTS_TRUE@check: build_tests
- at UNITTESTS_TRUE@ @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner
- at UNITTESTS_FALSE@check:
- at UNITTESTS_FALSE@ @echo "reconfigure with --enable-unit-tests"
+check:
+ @echo "TKM tests are not run automatically because they have to be run as root" >&2
+ @echo "and require a properly configured TKM daemon to be running." >&2
+ @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2
install: build_charon
$(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir)
diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr
index ac322d7..102f6b7 100644
--- a/src/charon-tkm/build_common.gpr
+++ b/src/charon-tkm/build_common.gpr
@@ -5,7 +5,7 @@ project Build_Common is
for Source_Dirs use ();
- Obj_Dir := "obj";
+ Obj_Dir := external ("OBJ_DIR", "obj");
C_Compiler_Switches := ("-W",
"-Wall",
diff --git a/src/charon-tkm/build_tests.gpr b/src/charon-tkm/build_tests.gpr
index 032c796..2bdc996 100644
--- a/src/charon-tkm/build_tests.gpr
+++ b/src/charon-tkm/build_tests.gpr
@@ -4,11 +4,15 @@ project Build_Tests is
for Languages use ("Ada", "C");
for Source_Dirs use ("src/ees", "src/ehandler", "src/tkm", "tests");
- for Main use ("test_runner");
+ for Main use ("tests");
for Object_Dir use Build_Common.Obj_Dir;
package Compiler is
for Default_Switches ("c") use Build_Common.C_Compiler_Switches;
end Compiler;
+ package Binder is
+ for Default_Switches ("ada") use Build_Common.Ada_Binder_Switches;
+ end Binder;
+
end Build_Tests;
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 14a7355..9a22f9a 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -250,13 +250,13 @@ int main(int argc, char *argv[])
dbg = dbg_syslog;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, dmn_name))
{
library_deinit();
exit(status);
}
- if (!libhydra_init(dmn_name))
+ if (!libhydra_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
libhydra_deinit();
@@ -264,7 +264,7 @@ int main(int argc, char *argv[])
exit(status);
}
- if (!libcharon_init(dmn_name))
+ if (!libcharon_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
goto deinit;
@@ -288,10 +288,6 @@ int main(int argc, char *argv[])
static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN),
- PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
@@ -302,6 +298,12 @@ int main(int argc, char *argv[])
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
countof(features), TRUE);
+ if (!register_dh_mapping())
+ {
+ DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
+ goto deinit;
+ }
+
/* register TKM keymat variant */
keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
@@ -380,6 +382,7 @@ int main(int argc, char *argv[])
lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
deinit:
+ destroy_dh_mapping();
libcharon_deinit();
libhydra_deinit();
library_deinit();
diff --git a/src/charon-tkm/src/tkm/tkm.c b/src/charon-tkm/src/tkm/tkm.c
index a39221d..61eb605 100644
--- a/src/charon-tkm/src/tkm/tkm.c
+++ b/src/charon-tkm/src/tkm/tkm.c
@@ -61,7 +61,7 @@ bool tkm_init()
ehandler_init();
ikesock = lib->settings->get_str(lib->settings, "%s.ike_socket", IKE_SOCKET,
- charon->name);
+ lib->ns);
if (ike_init(ikesock) != TKM_OK)
{
tkmlib_final();
@@ -70,7 +70,7 @@ bool tkm_init()
DBG1(DBG_DMN, "connected to TKM via socket '%s'", ikesock);
eessock = lib->settings->get_str(lib->settings, "%s.ees_socket", EES_SOCKET,
- charon->name);
+ lib->ns);
ees_server_init(eessock);
DBG1(DBG_DMN, "serving EES requests on socket '%s'", eessock);
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index 19f57de..a34d0b1 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -21,10 +21,13 @@
#include "tkm_utils.h"
#include "tkm_diffie_hellman.h"
-#include <utils/debug.h>
+#include <daemon.h>
+#include <collections/hashtable.h>
typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t;
+static hashtable_t *group_map = NULL;
+
/**
* Private data of a tkm_diffie_hellman_t object.
*/
@@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type,
return this->context_id;
}
+static u_int hash(void *key)
+{
+ diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
+ return chunk_hash(chunk_from_thing(k));
+}
+
+static bool equals(void *key, void *other_key)
+{
+ return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
+}
+
+/*
+ * Described in header.
+ */
+int register_dh_mapping()
+{
+ int count, i;
+ char *iana_id_str, *tkm_id_str;
+ diffie_hellman_group_t *iana_id;
+ u_int64_t *tkm_id;
+ hashtable_t *map;
+ enumerator_t *enumerator;
+
+ map = hashtable_create((hashtable_hash_t)hash,
+ (hashtable_equals_t)equals, 16);
+
+ enumerator = lib->settings->create_key_value_enumerator(lib->settings,
+ "%s.dh_mapping",
+ lib->ns);
+
+ while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
+ {
+ iana_id = malloc_thing(diffie_hellman_group_t);
+ *iana_id = settings_value_as_int(iana_id_str, 0);
+ tkm_id = malloc_thing(u_int64_t);
+ *tkm_id = settings_value_as_int(tkm_id_str, 0);
+
+ map->put(map, iana_id, tkm_id);
+ }
+ enumerator->destroy(enumerator);
+
+ count = map->get_count(map);
+ plugin_feature_t f[count + 1];
+ f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
+
+ i = 1;
+ enumerator = map->create_enumerator(map);
+ while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
+ {
+ f[i] = PLUGIN_PROVIDE(DH, *iana_id);
+ i++;
+ }
+ enumerator->destroy(enumerator);
+
+ lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
+
+ if (count > 0)
+ {
+ group_map = map;
+ }
+ else
+ {
+ map->destroy(map);
+ }
+
+ return count;
+}
+
+/*
+ * Described in header.
+ */
+void destroy_dh_mapping()
+{
+ enumerator_t *enumerator;
+ char *key, *value;
+
+ if (group_map)
+ {
+ enumerator = group_map->create_enumerator(group_map);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ free(key);
+ free(value);
+ }
+ enumerator->destroy(enumerator);
+ group_map->destroy(group_map);
+ }
+}
+
/*
* Described in header.
*/
@@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
{
private_tkm_diffie_hellman_t *this;
+ if (!group_map)
+ {
+ return NULL;
+ }
+
INIT(this,
.public = {
.dh = {
@@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
return NULL;
}
- if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK)
+ u_int64_t *dha_id = group_map->get(group_map, &group);
+ if (!dha_id)
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK)
{
free(this);
return NULL;
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
index a144303..d38a414 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
@@ -47,6 +47,19 @@ struct tkm_diffie_hellman_t {
};
/**
+ * Loads IANA DH group identifier to TKM id mapping from config and registers
+ * the corresponding DH features.
+ *
+ * @return number of registered mappings
+ */
+int register_dh_mapping();
+
+/**
+ * Destroy IANA DH group identifier to TKM id mapping.
+ */
+void destroy_dh_mapping();
+
+/**
* Creates a new tkm_diffie_hellman_t object.
*
* @param group Diffie Hellman group number to use
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c
index 407d0a8..0fadf1a 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.c
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.c
@@ -17,7 +17,6 @@
#include "tkm_id_manager.h"
#include <utils/debug.h>
-#include <collections/linked_list.h>
#include <threading/rwlock.h>
#define TKM_LIMIT 100
diff --git a/src/charon-tkm/tests/chunk_map_tests.c b/src/charon-tkm/tests/chunk_map_tests.c
index 6deef9a..1283a78 100644
--- a/src/charon-tkm/tests/chunk_map_tests.c
+++ b/src/charon-tkm/tests/chunk_map_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_chunk_map.h"
@@ -48,11 +48,20 @@ START_TEST(test_chunk_map_handling)
}
END_TEST
-TCase *make_chunk_map_tests(void)
+Suite *make_chunk_map_tests()
{
- TCase *tc = tcase_create("Chunk map tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("chunk map");
+
+ tc = tcase_create("creating");
tcase_add_test(tc, test_chunk_map_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("handling");
tcase_add_test(tc, test_chunk_map_handling);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c
index ffe9961..89658a7 100644
--- a/src/charon-tkm/tests/diffie_hellman_tests.c
+++ b/src/charon-tkm/tests/diffie_hellman_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <daemon.h>
+#include <tests/test_suite.h>
#include "tkm_diffie_hellman.h"
@@ -49,11 +50,20 @@ START_TEST(test_dh_get_my_pubvalue)
}
END_TEST
-TCase *make_diffie_hellman_tests(void)
+Suite *make_diffie_hellman_tests()
{
- TCase *tc = tcase_create("Diffie-Hellman tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("Diffie-Hellman");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_dh_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get_my_pubvalue");
tcase_add_test(tc, test_dh_get_my_pubvalue);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c
index 15522f1..8157496 100644
--- a/src/charon-tkm/tests/id_manager_tests.c
+++ b/src/charon-tkm/tests/id_manager_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_id_manager.h"
@@ -135,16 +135,28 @@ START_TEST(test_release_id_nonexistent)
}
END_TEST
-TCase *make_id_manager_tests(void)
+Suite *make_id_manager_tests()
{
- TCase *tc = tcase_create("Context id manager tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("context id manager");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_id_mgr_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("acquire");
tcase_add_test(tc, test_acquire_id);
tcase_add_test(tc, test_acquire_id_invalid_kind);
tcase_add_test(tc, test_acquire_id_same);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("release");
tcase_add_test(tc, test_release_id);
tcase_add_test(tc, test_release_id_invalid_kind);
tcase_add_test(tc, test_release_id_nonexistent);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c
index 1178560..6f0b396 100644
--- a/src/charon-tkm/tests/kernel_sad_tests.c
+++ b/src/charon-tkm/tests/kernel_sad_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_kernel_sad.h"
@@ -107,16 +107,31 @@ START_TEST(test_remove_nonexistent)
}
END_TEST
-TCase *make_kernel_sad_tests(void)
+Suite *make_kernel_sad_tests()
{
- TCase *tc = tcase_create("Kernel SAD tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("kernel SAD tests");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_sad_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("insert");
tcase_add_test(tc, test_insert);
tcase_add_test(tc, test_insert_duplicate);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get_esa_id");
tcase_add_test(tc, test_get_esa_id);
tcase_add_test(tc, test_get_esa_id_nonexistent);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("remove");
tcase_add_test(tc, test_remove);
tcase_add_test(tc, test_remove_nonexistent);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c
index 2a7525d..1982671 100644
--- a/src/charon-tkm/tests/keymat_tests.c
+++ b/src/charon-tkm/tests/keymat_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <daemon.h>
#include <hydra.h>
#include <config/proposal.h>
@@ -139,11 +140,20 @@ START_TEST(test_derive_child_keys)
}
END_TEST
-TCase *make_keymat_tests(void)
+Suite *make_keymat_tests()
{
- TCase *tc = tcase_create("Keymat tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("keymat");
+
+ tc = tcase_create("derive IKE keys");
tcase_add_test(tc, test_derive_ike_keys);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("derive CHILD keys");
tcase_add_test(tc, test_derive_child_keys);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c
index 3a1effa..6f524cb 100644
--- a/src/charon-tkm/tests/nonceg_tests.c
+++ b/src/charon-tkm/tests/nonceg_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <tkm/client.h>
#include "tkm.h"
@@ -82,12 +83,24 @@ START_TEST(test_nonceg_get_nonce)
}
END_TEST
-TCase *make_nonceg_tests(void)
+Suite *make_nonceg_tests()
{
- TCase *tc = tcase_create("Nonce generator tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("nonce generator");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_nonceg_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("allocate");
tcase_add_test(tc, test_nonceg_allocate_nonce);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get");
tcase_add_test(tc, test_nonceg_get_nonce);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/test_runner.c b/src/charon-tkm/tests/test_runner.c
deleted file mode 100644
index 5ae0329..0000000
--- a/src/charon-tkm/tests/test_runner.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (C) 2012 Reto Buerki
- * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <library.h>
-#include <hydra.h>
-#include <daemon.h>
-
-#include "tkm.h"
-#include "tkm_nonceg.h"
-#include "tkm_diffie_hellman.h"
-#include "tkm_kernel_ipsec.h"
-#include "test_runner.h"
-
-int main(void)
-{
- library_init(NULL);
- libhydra_init("test_runner");
- libcharon_init("test_runner");
-
- lib->settings->set_int(lib->settings, "test_runner.filelog.stdout.default",
- 1);
- charon->load_loggers(charon, NULL, FALSE);
-
- /* Register TKM specific plugins */
- static plugin_feature_t features[] = {
- PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
- PLUGIN_PROVIDE(NONCE_GEN),
- PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
- PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
- };
- lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
- countof(features), TRUE);
-
- if (!charon->initialize(charon, PLUGINS))
- {
- fprintf(stderr, "Unable to init charon");
- return EXIT_FAILURE;
- }
-
- if (!tkm_init())
- {
- fprintf(stderr, "Could not connect to TKM, aborting tests\n");
- return EXIT_FAILURE;
- }
-
- int number_failed;
- Suite *s = suite_create("TKM tests");
- suite_add_tcase(s, make_id_manager_tests());
- suite_add_tcase(s, make_chunk_map_tests());
- suite_add_tcase(s, make_utility_tests());
- suite_add_tcase(s, make_nonceg_tests());
- suite_add_tcase(s, make_diffie_hellman_tests());
- suite_add_tcase(s, make_keymat_tests());
- suite_add_tcase(s, make_kernel_sad_tests());
-
- SRunner *sr = srunner_create(s);
-
- srunner_run_all(sr, CK_NORMAL);
- number_failed = srunner_ntests_failed(sr);
-
- tkm_deinit();
- libcharon_deinit();
- libhydra_deinit();
- library_deinit();
- srunner_free(sr);
-
- return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/src/charon-tkm/tests/test_runner.h b/src/charon-tkm/tests/test_runner.h
deleted file mode 100644
index 236a7f2..0000000
--- a/src/charon-tkm/tests/test_runner.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (C) 2012 Reto Buerki
- * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef TEST_RUNNER_H_
-#define TEST_RUNNER_H_
-
-#include <check.h>
-
-TCase *make_id_manager_tests(void);
-TCase *make_chunk_map_tests(void);
-TCase *make_utility_tests(void);
-TCase *make_nonceg_tests(void);
-TCase *make_diffie_hellman_tests(void);
-TCase *make_keymat_tests(void);
-TCase *make_kernel_sad_tests(void);
-
-#endif /** TEST_RUNNER_H_ */
diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
new file mode 100644
index 0000000..18754c7
--- /dev/null
+++ b/src/charon-tkm/tests/tests.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <tests/test_runner.h>
+
+#include <library.h>
+#include <hydra.h>
+#include <daemon.h>
+
+#include "tkm.h"
+#include "tkm_nonceg.h"
+#include "tkm_diffie_hellman.h"
+#include "tkm_kernel_ipsec.h"
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, args) \
+ { .suite = x, .feature = PLUGIN_DEPENDS(type, args) },
+#include "tests.h"
+ { .suite = NULL, }
+};
+
+static bool tkm_initialized = false;
+
+static bool test_runner_init(bool init)
+{
+ bool result = TRUE;
+
+ if (init)
+ {
+ libhydra_init();
+ libcharon_init();
+ lib->settings->set_int(lib->settings,
+ "test_runner.filelog.stdout.default", 0);
+ charon->load_loggers(charon, NULL, FALSE);
+
+ /* Register TKM specific plugins */
+ static plugin_feature_t features[] = {
+ PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
+ PLUGIN_PROVIDE(NONCE_GEN),
+ PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
+ PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+ };
+ lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
+ countof(features), TRUE);
+
+ lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
+ lib->ns, MODP_3072_BIT);
+ lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
+ lib->ns, MODP_4096_BIT);
+ register_dh_mapping();
+
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
+ PLUGINS);
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
+ PLUGINS);
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libcharon/plugins",
+ PLUGINS);
+ if (charon->initialize(charon, PLUGINS))
+ {
+ if (!tkm_initialized)
+ {
+ if (!tkm_init())
+ {
+ return FALSE;
+ }
+ tkm_initialized = true;
+ }
+ return TRUE;
+ }
+ result = FALSE;
+ }
+
+ destroy_dh_mapping();
+ libcharon_deinit();
+ libhydra_deinit();
+ return result;
+}
+
+int main(int argc, char *argv[])
+{
+ bool result;
+
+ /* disable leak detective because of how tkm_init/deinit is called, which
+ * does not work otherwise due to limitations of the external libraries */
+ setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
+
+ result = test_runner_run("tkm", tests, test_runner_init);
+ tkm_deinit();
+
+ return result;
+}
diff --git a/src/charon-tkm/tests/tests.h b/src/charon-tkm/tests/tests.h
new file mode 100644
index 0000000..fb5e96a
--- /dev/null
+++ b/src/charon-tkm/tests/tests.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(make_id_manager_tests)
+TEST_SUITE(make_chunk_map_tests)
+TEST_SUITE(make_utility_tests)
+TEST_SUITE(make_nonceg_tests)
+TEST_SUITE(make_diffie_hellman_tests)
+TEST_SUITE(make_keymat_tests)
+TEST_SUITE(make_kernel_sad_tests)
diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c
index b3ead76..0a4d6fb 100644
--- a/src/charon-tkm/tests/utils_tests.c
+++ b/src/charon-tkm/tests/utils_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <tkm/types.h>
#include "tkm_utils.h"
@@ -53,11 +54,17 @@ START_TEST(test_chunk_to_sequence)
}
END_TEST
-TCase *make_utility_tests(void)
+Suite *make_utility_tests()
{
- TCase *tc = tcase_create("Utility tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("utility tests");
+
+ tc = tcase_create("chunk<->sequence");
tcase_add_test(tc, test_sequence_to_chunk);
tcase_add_test(tc, test_chunk_to_sequence);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon/Android.mk b/src/charon/Android.mk
index 1dd27d5..852d73c 100644
--- a/src/charon/Android.mk
+++ b/src/charon/Android.mk
@@ -8,7 +8,6 @@ charon.c
# build charon -----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libcharon \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 0bb2e67..f3b7cfd 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -188,8 +188,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -257,6 +255,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -345,12 +348,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -365,6 +372,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 340f852..089ac45 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
dbg = dbg_stderr;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -303,7 +303,7 @@ int main(int argc, char *argv[])
exit(SS_RC_DAEMON_INTEGRITY);
}
- if (!libhydra_init("charon"))
+ if (!libhydra_init())
{
dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
libhydra_deinit();
@@ -311,7 +311,7 @@ int main(int argc, char *argv[])
exit(SS_RC_INITIALIZATION_FAILED);
}
- if (!libcharon_init("charon"))
+ if (!libcharon_init())
{
dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
goto deinit;
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index a22e91e..d172b15 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -4,15 +4,16 @@ ipseclib_LTLIBRARIES = $(LIBCHECKSUM_LIBS)
nodist_libchecksum_la_SOURCES = checksum.c
libchecksum_la_LDFLAGS = -module -avoid-version -rpath '$(ipseclibdir)'
-noinst_PROGRAMS = checksum_builder
+EXTRA_PROGRAMS = checksum_builder
checksum_builder_SOURCES = checksum_builder.c
checksum_builder_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libhydra/libhydra.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(DLLIB)
+checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)'
-CLEANFILES = checksum.c
+CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
@@ -88,28 +89,28 @@ endif
if USE_CHARON
deps += $(top_builddir)/src/libcharon/libcharon.la
libs += $(DESTDIR)$(ipseclibdir)/libcharon.so
- exes += $(top_builddir)/src/charon/.libs/charon
+ exes += $(DESTDIR)$(ipsecdir)/charon
if !MONOLITHIC
AM_CPPFLAGS += -DC_PLUGINS=\""${c_plugins}\""
endif
endif
if USE_CMD
- exes += $(top_builddir)/src/charon-cmd/.libs/charon-cmd
+ exes += $(DESTDIR)$(sbindir)/charon-cmd
endif
if USE_TOOLS
- exes += $(top_builddir)/src/openac/.libs/openac
- exes += $(top_builddir)/src/pki/.libs/pki
- exes += $(top_builddir)/src/scepclient/.libs/scepclient
+ exes += $(DESTDIR)$(ipsecdir)/openac
+ exes += $(DESTDIR)$(ipsecdir)/scepclient
+ exes += $(DESTDIR)$(bindir)/pki
endif
if USE_ATTR_SQL
- exes += $(top_builddir)/src/pool/.libs/pool
+ exes += $(DESTDIR)$(ipsecdir)/pool
endif
if USE_IMV_ATTESTATION
- exes += $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest
+ exes += $(DESTDIR)$(ipsecdir)/attest
endif
checksum.c : checksum_builder $(deps) $(exes)
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 7381336..cdfbf10 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -14,7 +14,6 @@
@SET_MAKE@
-
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -79,7 +78,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-noinst_PROGRAMS = checksum_builder$(EXEEXT)
+EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@MONOLITHIC_FALSE at am__append_1 = -DS_PLUGINS=\""${s_plugins}\""
@USE_LIBHYDRA_TRUE at am__append_2 = $(top_builddir)/src/libhydra/libhydra.la
@USE_LIBHYDRA_TRUE at am__append_3 = $(DESTDIR)$(ipseclibdir)/libhydra.so
@@ -103,15 +102,14 @@ noinst_PROGRAMS = checksum_builder$(EXEEXT)
@USE_PTS_TRUE at am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so
@USE_CHARON_TRUE at am__append_22 = $(top_builddir)/src/libcharon/libcharon.la
@USE_CHARON_TRUE at am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so
- at USE_CHARON_TRUE@am__append_24 = $(top_builddir)/src/charon/.libs/charon
+ at USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon
@MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_25 = -DC_PLUGINS=\""${c_plugins}\""
- at USE_CMD_TRUE@am__append_26 = $(top_builddir)/src/charon-cmd/.libs/charon-cmd
- at USE_TOOLS_TRUE@am__append_27 = \
- at USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \
- at USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \
- at USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient
- at USE_ATTR_SQL_TRUE@am__append_28 = $(top_builddir)/src/pool/.libs/pool
- at USE_IMV_ATTESTATION_TRUE@am__append_29 = $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest
+ at USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd
+ at USE_TOOLS_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/openac \
+ at USE_TOOLS_TRUE@ $(DESTDIR)$(ipsecdir)/scepclient \
+ at USE_TOOLS_TRUE@ $(DESTDIR)$(bindir)/pki
+ at USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool
+ at USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -172,7 +170,6 @@ libchecksum_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libchecksum_la_LDFLAGS) $(LDFLAGS) -o \
$@
-PROGRAMS = $(noinst_PROGRAMS)
am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT)
checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS)
am__DEPENDENCIES_1 =
@@ -181,6 +178,10 @@ checksum_builder_DEPENDENCIES = \
$(top_builddir)/src/libhydra/libhydra.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1)
+checksum_builder_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(checksum_builder_LDFLAGS) $(LDFLAGS) \
+ -o $@
AM_V_P = $(am__v_P_ at AM_V@)
am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
am__v_P_0 = false
@@ -256,8 +257,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -325,6 +324,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -413,12 +417,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -433,6 +441,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -456,7 +465,8 @@ checksum_builder_LDADD = \
$(top_builddir)/src/libcharon/libcharon.la \
$(DLLIB)
-CLEANFILES = checksum.c
+checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)'
+CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
@@ -552,18 +562,9 @@ clean-ipseclibLTLIBRARIES:
libchecksum.la: $(libchecksum_la_OBJECTS) $(libchecksum_la_DEPENDENCIES) $(EXTRA_libchecksum_la_DEPENDENCIES)
$(AM_V_CCLD)$(libchecksum_la_LINK) $(libchecksum_la_OBJECTS) $(libchecksum_la_LIBADD) $(LIBS)
-clean-noinstPROGRAMS:
- @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
checksum_builder$(EXEEXT): $(checksum_builder_OBJECTS) $(checksum_builder_DEPENDENCIES) $(EXTRA_checksum_builder_DEPENDENCIES)
@rm -f checksum_builder$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(checksum_builder_LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -688,7 +689,7 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+all-am: Makefile $(LTLIBRARIES)
installdirs:
for dir in "$(DESTDIR)$(ipseclibdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
@@ -727,7 +728,7 @@ maintainer-clean-generic:
clean: clean-am
clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
- clean-local clean-noinstPROGRAMS mostlyclean-am
+ clean-local mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -801,19 +802,19 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-ipseclibLTLIBRARIES clean-libtool clean-local \
- clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am \
- install-data-hook install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipseclibLTLIBRARIES install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-hook uninstall-ipseclibLTLIBRARIES
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipseclibLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-hook \
+ uninstall-ipseclibLTLIBRARIES
checksum.c : checksum_builder $(deps) $(exes)
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index bccd269..cc8185e 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -23,9 +23,6 @@
#include <daemon.h>
#include <collections/enumerator.h>
-/* we need to fake the pluto symbol to dlopen() the xauth plugin */
-void *pluto;
-
/**
* Integrity checker
*/
@@ -139,7 +136,7 @@ int main(int argc, char* argv[])
/* avoid confusing leak reports in build process */
setenv("LEAK_DETECTIVE_DISABLE", "1", 0);
/* don't use a strongswan.conf, forces integrity check to disabled */
- library_init("");
+ library_init("", "checksum_builder");
atexit(library_deinit);
integrity = integrity_checker_create(NULL);
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 73bf724..ee6bf57 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -202,8 +202,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -271,6 +269,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -359,12 +362,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -379,6 +386,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index faf9df9..584a269 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -81,7 +81,7 @@ static bool load_configs(char *suite_file, char *test_file)
}
conftest->test = settings_create(suite_file);
conftest->test->load_files(conftest->test, test_file, TRUE);
- conftest->suite_dir = strdup(dirname(suite_file));
+ conftest->suite_dir = path_dirname(suite_file);
return TRUE;
}
@@ -435,18 +435,18 @@ int main(int argc, char *argv[])
char *suite_file = "suite.conf", *test_file = NULL, *preload, *plugins;
file_logger_t *logger;
- if (!library_init(NULL))
+ if (!library_init(NULL, "conftest"))
{
library_deinit();
return SS_RC_LIBSTRONGSWAN_INTEGRITY;
}
- if (!libhydra_init("conftest"))
+ if (!libhydra_init())
{
libhydra_deinit();
library_deinit();
return SS_RC_INITIALIZATION_FAILED;
}
- if (!libcharon_init("conftest"))
+ if (!libcharon_init())
{
libcharon_deinit();
libhydra_deinit();
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index ab818f1..f1628ef 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -223,8 +223,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h
index b9334dc..6869e35 100644
--- a/src/dumm/cowfs.h
+++ b/src/dumm/cowfs.h
@@ -64,7 +64,7 @@ struct cowfs_t {
* @param master read only master file system directory
* @param host copy on write host directory
* @param mount mountpoint where union is mounted
- * @return instance, or NULL if FUSE initalization failed
+ * @return instance, or NULL if FUSE initialization failed
*/
cowfs_t *cowfs_create(char *master, char *host, char *mount);
diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c
index 5acda3a..03ecbe4 100644
--- a/src/dumm/ext/dumm.c
+++ b/src/dumm/ext/dumm.c
@@ -774,7 +774,7 @@ void Init_dumm()
/* there are too many to report, rubyruby... */
setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
- library_init(NULL);
+ library_init(NULL, "dumm");
dumm = dumm_create(NULL);
diff --git a/src/dumm/main.c b/src/dumm/main.c
index 4cdf468..a53e1f6 100644
--- a/src/dumm/main.c
+++ b/src/dumm/main.c
@@ -479,7 +479,7 @@ int main(int argc, char *argv[])
enumerator_t *enumerator;
guest_t *guest;
- library_init(NULL);
+ library_init(NULL, "dumm");
gtk_init(&argc, &argv);
pages = linked_list_create();
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 1e301fe..1987dbd 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -131,8 +131,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 0915192..69b736a 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 9548f9b..b7d820e 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.1.1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.1.2rc2" "strongSwan"
.
.SH NAME
.
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index 0fe88ef..cc52209 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -217,7 +217,6 @@ endif
# build libcharon --------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 4413d69..5f84536 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -715,8 +715,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -784,6 +782,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -872,12 +875,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -892,6 +899,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index cb6f6ca..c74daa0 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -14,12 +14,12 @@
* for more details.
*/
-#include "ike_cfg.h"
-
+#define _GNU_SOURCE /* for stdndup() */
#include <string.h>
-#include <daemon.h>
+#include "ike_cfg.h"
+#include <daemon.h>
ENUM(ike_version_names, IKE_ANY, IKEV2,
"IKEv1/2",
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 1f3f2ba..891d1be 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -741,6 +741,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
case ECP_256_BP:
case ECP_384_BP:
case ECP_512_BP:
+ case NTRU_112_BIT:
+ case NTRU_128_BIT:
+ case NTRU_192_BIT:
+ case NTRU_256_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index 5e3ae72..0cecd1d 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -181,7 +181,7 @@ static void handle_syslog_identifier(private_daemon_t *this)
char *identifier;
identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier",
- NULL, charon->name);
+ NULL, lib->ns);
if (identifier)
{ /* set identifier, which is prepended to each log line */
if (!this->syslog_identifier ||
@@ -292,15 +292,15 @@ static void load_sys_logger(private_daemon_t *this, char *facility,
sys_logger = add_sys_logger(this, facility, current_loggers);
sys_logger->set_options(sys_logger,
lib->settings->get_bool(lib->settings, "%s.syslog.%s.ike_name",
- FALSE, charon->name, facility));
+ FALSE, lib->ns, facility));
def = lib->settings->get_int(lib->settings, "%s.syslog.%s.default", 1,
- charon->name, facility);
+ lib->ns, facility);
for (group = 0; group < DBG_MAX; group++)
{
sys_logger->set_level(sys_logger, group,
lib->settings->get_int(lib->settings, "%s.syslog.%s.%N", def,
- charon->name, facility, debug_lower_names, group));
+ lib->ns, facility, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &sys_logger->logger);
}
@@ -318,25 +318,25 @@ static void load_file_logger(private_daemon_t *this, char *filename,
char *time_format;
time_format = lib->settings->get_str(lib->settings,
- "%s.filelog.%s.time_format", NULL, charon->name, filename);
+ "%s.filelog.%s.time_format", NULL, lib->ns, filename);
ike_name = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.ike_name", FALSE, charon->name, filename);
+ "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
flush_line = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.flush_line", FALSE, charon->name, filename);
+ "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
append = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.append", TRUE, charon->name, filename);
+ "%s.filelog.%s.append", TRUE, lib->ns, filename);
file_logger = add_file_logger(this, filename, current_loggers);
file_logger->set_options(file_logger, time_format, ike_name);
file_logger->open(file_logger, flush_line, append);
def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
- charon->name, filename);
+ lib->ns, filename);
for (group = 0; group < DBG_MAX; group++)
{
file_logger->set_level(file_logger, group,
lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
- charon->name, filename, debug_lower_names, group));
+ lib->ns, filename, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &file_logger->logger);
}
@@ -353,7 +353,7 @@ METHOD(daemon_t, load_loggers, void,
current_loggers = this->loggers;
this->loggers = linked_list_create();
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.syslog", charon->name);
+ "%s.syslog", lib->ns);
while (enumerator->enumerate(enumerator, &target))
{
load_sys_logger(this, target, current_loggers);
@@ -361,7 +361,7 @@ METHOD(daemon_t, load_loggers, void,
enumerator->destroy(enumerator);
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.filelog", charon->name);
+ "%s.filelog", lib->ns);
while (enumerator->enumerate(enumerator, &target))
{
load_file_logger(this, target, current_loggers);
@@ -473,7 +473,6 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.bus);
this->loggers->destroy_function(this->loggers, (void*)logger_entry_destroy);
this->mutex->destroy(this->mutex);
- free((void*)this->public.name);
free(this);
}
@@ -483,7 +482,7 @@ METHOD(daemon_t, start, void,
/* start the engine, go multithreaded */
lib->processor->set_threads(lib->processor,
lib->settings->get_int(lib->settings, "%s.threads",
- DEFAULT_THREADS, charon->name));
+ DEFAULT_THREADS, lib->ns));
}
@@ -525,7 +524,7 @@ METHOD(daemon_t, initialize, bool,
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_DEPENDS(CUSTOM, "socket"),
};
- lib->plugins->add_static_features(lib->plugins, charon->name, features,
+ lib->plugins->add_static_features(lib->plugins, lib->ns, features,
countof(features), TRUE);
/* load plugins, further infrastructure may need it */
@@ -558,7 +557,7 @@ METHOD(daemon_t, initialize, bool,
/**
* Create the daemon.
*/
-private_daemon_t *daemon_create(const char *name)
+private_daemon_t *daemon_create()
{
private_daemon_t *this;
@@ -569,7 +568,6 @@ private_daemon_t *daemon_create(const char *name)
.load_loggers = _load_loggers,
.set_level = _set_level,
.bus = bus_create(),
- .name = strdup(name ?: "libcharon"),
},
.loggers = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
@@ -607,7 +605,7 @@ void libcharon_deinit()
/**
* Described in header.
*/
-bool libcharon_init(const char *name)
+bool libcharon_init()
{
private_daemon_t *this;
@@ -618,7 +616,7 @@ bool libcharon_init(const char *name)
return !this->integrity_failed;
}
- this = daemon_create(name);
+ this = daemon_create();
/* for uncritical pseudo random numbers */
srandom(time(NULL) + getpid());
diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index 24e623c..36242bb 100644
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -272,11 +272,6 @@ struct daemon_t {
#endif /* ME */
/**
- * Name of the binary that uses the library (used for settings etc.)
- */
- const char *name;
-
- /**
* Initialize the daemon.
*
* @param plugins list of plugins to load
@@ -324,12 +319,11 @@ extern daemon_t *charon;
* calling initialize().
*
* libcharon_init() may be called multiple times in a single process, but each
- * caller should call libcharon_deinit() for each call to libcharon_init().
+ * caller must call libcharon_deinit() for each call to libcharon_init().
*
- * @param name name of the binary that uses the library
* @return FALSE if integrity check failed
*/
-bool libcharon_init(const char *name);
+bool libcharon_init();
/**
* Deinitialize libcharon and destroy the "charon" instance of daemon_t.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index f7a13d7..889ad63 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_
"ME_CONNECT_FAILED");
ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_NOTIFY_STATUS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -109,8 +109,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
"SECURE PASSWORD_METHOD",
"PSK_PERSIST",
"PSK_CONFIRM",
- "ERX_SUPPORTED");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED,
+ "ERX_SUPPORTED",
+ "IFOM_CAPABILITY");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -171,7 +172,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S
"ME_CONN_FAIL");
ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_STATUS");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -215,8 +216,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STA
"SEC_PASSWD",
"PSK_PST",
"PSK_CFM",
- "ERX_SUP");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED,
+ "ERX_SUP",
+ "IFOM_CAP");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 847fddc..c67644a 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -145,6 +145,8 @@ enum notify_type_t {
PSK_CONFIRM = 16426,
/* EAP Re-authentication Extension, RFC 6867 */
ERX_SUPPORTED = 16427,
+ /* IFOM capability, 3GPP TS 24.303, annex B.2 */
+ IFOM_CAPABILITY = 16428,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 2209f19..8dfb47b 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -633,27 +633,27 @@ receiver_t *receiver_create()
);
if (lib->settings->get_bool(lib->settings,
- "%s.dos_protection", TRUE, charon->name))
+ "%s.dos_protection", TRUE, lib->ns))
{
this->cookie_threshold = lib->settings->get_int(lib->settings,
- "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, charon->name);
+ "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, lib->ns);
this->block_threshold = lib->settings->get_int(lib->settings,
- "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, charon->name);
+ "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, lib->ns);
}
this->init_limit_job_load = lib->settings->get_int(lib->settings,
- "%s.init_limit_job_load", 0, charon->name);
+ "%s.init_limit_job_load", 0, lib->ns);
this->init_limit_half_open = lib->settings->get_int(lib->settings,
- "%s.init_limit_half_open", 0, charon->name);
+ "%s.init_limit_half_open", 0, lib->ns);
this->receive_delay = lib->settings->get_int(lib->settings,
- "%s.receive_delay", 0, charon->name);
+ "%s.receive_delay", 0, lib->ns);
this->receive_delay_type = lib->settings->get_int(lib->settings,
- "%s.receive_delay_type", 0, charon->name),
+ "%s.receive_delay_type", 0, lib->ns),
this->receive_delay_request = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_request", TRUE, charon->name),
+ "%s.receive_delay_request", TRUE, lib->ns),
this->receive_delay_response = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_response", TRUE, charon->name),
+ "%s.receive_delay_response", TRUE, lib->ns),
this->initiator_only = lib->settings->get_bool(lib->settings,
- "%s.initiator_only", FALSE, charon->name),
+ "%s.initiator_only", FALSE, lib->ns),
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!this->hasher)
diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c
index dd8efc1..bed4f35 100644
--- a/src/libcharon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -204,13 +204,13 @@ sender_t * sender_create()
.got = condvar_create(CONDVAR_TYPE_DEFAULT),
.sent = condvar_create(CONDVAR_TYPE_DEFAULT),
.send_delay = lib->settings->get_int(lib->settings,
- "%s.send_delay", 0, charon->name),
+ "%s.send_delay", 0, lib->ns),
.send_delay_type = lib->settings->get_int(lib->settings,
- "%s.send_delay_type", 0, charon->name),
+ "%s.send_delay_type", 0, lib->ns),
.send_delay_request = lib->settings->get_bool(lib->settings,
- "%s.send_delay_request", TRUE, charon->name),
+ "%s.send_delay_request", TRUE, lib->ns),
.send_delay_response = lib->settings->get_bool(lib->settings,
- "%s.send_delay_response", TRUE, charon->name),
+ "%s.send_delay_response", TRUE, lib->ns),
);
lib->processor->queue_job(lib->processor,
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 4a81502..bc32b5a 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index f2147f6..6278a62 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 7d8d12d..ae64a87 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_log/android_log_logger.c b/src/libcharon/plugins/android_log/android_log_logger.c
index 48bcaa5..99eb66b 100644
--- a/src/libcharon/plugins/android_log/android_log_logger.c
+++ b/src/libcharon/plugins/android_log/android_log_logger.c
@@ -100,7 +100,7 @@ android_log_logger_t *android_log_logger_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.level = lib->settings->get_int(lib->settings,
- "%s.plugins.android_log.loglevel", 1, charon->name),
+ "%s.plugins.android_log.loglevel", 1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 8fcd0f1..f812770 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/certexpire/certexpire_export.c b/src/libcharon/plugins/certexpire/certexpire_export.c
index f1205cf..4aa8490 100644
--- a/src/libcharon/plugins/certexpire/certexpire_export.c
+++ b/src/libcharon/plugins/certexpire/certexpire_export.c
@@ -430,31 +430,31 @@ certexpire_export_t *certexpire_export_create()
(hashtable_equals_t)equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.local_path = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.local",
- NULL, charon->name),
+ "%s.plugins.certexpire.csv.local",
+ NULL, lib->ns),
.remote_path = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.remote",
- NULL, charon->name),
+ "%s.plugins.certexpire.csv.remote",
+ NULL, lib->ns),
.separator = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.separator",
- ",", charon->name),
+ "%s.plugins.certexpire.csv.separator",
+ ",", lib->ns),
.format = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.format",
- "%d:%m:%Y", charon->name),
+ "%s.plugins.certexpire.csv.format",
+ "%d:%m:%Y", lib->ns),
.fixed_fields = lib->settings->get_bool(lib->settings,
- "%s.plugins.certexpire.csv.fixed_fields",
- TRUE, charon->name),
+ "%s.plugins.certexpire.csv.fixed_fields",
+ TRUE, lib->ns),
.empty_string = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.empty_string",
- "", charon->name),
+ "%s.plugins.certexpire.csv.empty_string",
+ "", lib->ns),
.force = lib->settings->get_bool(lib->settings,
- "%s.plugins.certexpire.csv.force",
- TRUE, charon->name),
+ "%s.plugins.certexpire.csv.force",
+ TRUE, lib->ns),
);
cron = lib->settings->get_str(lib->settings,
"%s.plugins.certexpire.csv.cron",
- NULL, charon->name);
+ NULL, lib->ns);
if (cron)
{
this->cron = certexpire_cron_create(cron,
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 4849259..d8eb802 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c
index 958bd2b..fc35462 100644
--- a/src/libcharon/plugins/coupling/coupling_validator.c
+++ b/src/libcharon/plugins/coupling/coupling_validator.c
@@ -214,12 +214,11 @@ coupling_validator_t *coupling_validator_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_couplings = lib->settings->get_int(lib->settings,
"%s.plugins.coupling.max", 1,
- charon->name),
+ lib->ns),
);
hash = lib->settings->get_str(lib->settings,
- "%s.plugins.coupling.hash", "sha1",
- charon->name);
+ "%s.plugins.coupling.hash", "sha1", lib->ns);
this->hasher = lib->crypto->create_hasher(lib->crypto,
enum_from_name(hash_algorithm_short_names, hash));
if (!this->hasher)
@@ -230,8 +229,7 @@ coupling_validator_t *coupling_validator_create()
}
path = lib->settings->get_str(lib->settings,
- "%s.plugins.coupling.file", NULL,
- charon->name);
+ "%s.plugins.coupling.file", NULL, lib->ns);
if (!path)
{
DBG1(DBG_CFG, "coupling file path unspecified");
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 4a2ebe7..395cd76 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 044c8a8..b8c1b40 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -643,6 +643,28 @@ METHOD(dhcp_socket_t, destroy, void,
}
/**
+ * Bind a socket to a particular interface name
+ */
+static bool bind_to_device(int fd, char *iface)
+{
+ struct ifreq ifreq;
+
+ if (strlen(iface) > sizeof(ifreq.ifr_name))
+ {
+ DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface);
+ return FALSE;
+ }
+ memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name));
+ if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq)))
+ {
+ DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s",
+ iface, strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
* See header
*/
dhcp_socket_t *dhcp_socket_create()
@@ -655,6 +677,7 @@ dhcp_socket_t *dhcp_socket_create()
.s_addr = INADDR_ANY,
},
};
+ char *iface;
int on = 1;
struct sock_filter dhcp_filter_code[] = {
BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
@@ -711,13 +734,15 @@ dhcp_socket_t *dhcp_socket_create()
}
this->identity_lease = lib->settings->get_bool(lib->settings,
"%s.plugins.dhcp.identity_lease", FALSE,
- charon->name);
+ lib->ns);
this->force_dst = lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.force_server_address", FALSE,
- charon->name);
+ lib->ns);
this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.server", "255.255.255.255",
- charon->name), DHCP_SERVER_PORT);
+ lib->ns), DHCP_SERVER_PORT);
+ iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface",
+ NULL, lib->ns);
if (!this->dst)
{
DBG1(DBG_CFG, "configured DHCP server address invalid");
@@ -766,6 +791,15 @@ dhcp_socket_t *dhcp_socket_create()
destroy(this);
return NULL;
}
+ if (iface)
+ {
+ if (!bind_to_device(this->send, iface) ||
+ !bind_to_device(this->receive, iface))
+ {
+ destroy(this);
+ return NULL;
+ }
+ }
lib->watcher->add(lib->watcher, this->receive, WATCHER_READ,
(watcher_cb_t)receive_dhcp, this);
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index c9222c2..4be453e 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/dnscert/dnscert_plugin.c b/src/libcharon/plugins/dnscert/dnscert_plugin.c
index 713bc9e..1b93480 100644
--- a/src/libcharon/plugins/dnscert/dnscert_plugin.c
+++ b/src/libcharon/plugins/dnscert/dnscert_plugin.c
@@ -74,7 +74,7 @@ METHOD(plugin_t, reload, bool,
private_dnscert_plugin_t *this)
{
bool enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.dnscert.enable", FALSE, charon->name);
+ "%s.plugins.dnscert.enable", FALSE, lib->ns);
if (enabled != this->enabled)
{
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index bac7d84..e9da68e 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -225,8 +225,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
index e3a4e17..f77b48b 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
@@ -130,7 +130,7 @@ duplicheck_notify_t *duplicheck_notify_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.duplicheck.socket", "unix://" DUPLICHECK_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 3);
if (!this->service)
{
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
index 4d018db..689c795 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
@@ -93,7 +93,7 @@ plugin_t *duplicheck_plugin_create()
private_duplicheck_plugin_t *this;
if (!lib->settings->get_bool(lib->settings,
- "%s.plugins.duplicheck.enable", TRUE, charon->name))
+ "%s.plugins.duplicheck.enable", TRUE, lib->ns))
{
return NULL;
}
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 139ce14..67cf667 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index b760838..eba7af8 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -721,7 +721,7 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
this->permanent = peer->clone(peer);
this->use_reauth = this->use_pseudonym = this->use_permanent =
lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-aka.request_identity", TRUE, charon->name);
+ "%s.plugins.eap-aka.request_identity", TRUE, lib->ns);
/* generate a non-zero identifier */
do {
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 9fb9ef7..7d6ae95 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index 1bfc39e..a71dae7 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
@@ -177,7 +177,7 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f)
#else /* !SEQ_CHECK */
FALSE,
#endif /* SEQ_CHECK */
- charon->name),
+ lib->ns),
);
eap_aka_3gpp2_get_sqn(this->sqn, 0);
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 61a9da1..6ff0acb 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
index d24cbd1..3216446 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
@@ -377,14 +377,14 @@ eap_dynamic_t *eap_dynamic_create(identification_t *server,
.server = server->clone(server),
.types = linked_list_create(),
.prefer_peer = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-dynamic.prefer_peer", FALSE, charon->name),
+ "%s.plugins.eap-dynamic.prefer_peer", FALSE, lib->ns),
);
/* get all supported EAP methods */
get_supported_eap_types(this);
/* move preferred methods to the front */
preferred = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-dynamic.preferred", NULL, charon->name);
+ "%s.plugins.eap-dynamic.preferred", NULL, lib->ns);
if (preferred)
{
handle_preferred_eap_types(this, preferred);
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index c48d955..99ae94e 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index 2f64f32..e751b51 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
@@ -149,7 +149,7 @@ METHOD(eap_method_t, process_server, status_t,
/* get XAuth backend to use for credential verification. Default to PAM
* to support legacy EAP-GTC configurations */
backend = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-gtc.backend", "pam", charon->name);
+ "%s.plugins.eap-gtc.backend", "pam", lib->ns);
xauth = charon->xauth->create_instance(charon->xauth, backend, XAUTH_SERVER,
this->server, this->peer);
if (!xauth)
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 01fbe22..688879a 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 6ae97da..150b131 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index bdc6a9d..d52f26a 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 35ec4db..7ac4a6e 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c
index 8aba703..c24dd57 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap.c
@@ -157,18 +157,18 @@ static eap_peap_t *eap_peap_create(private_eap_peap_t * this,
if (is_server && !lib->settings->get_bool(lib->settings,
"%s.plugins.eap-peap.request_peer_auth", FALSE,
- charon->name))
+ lib->ns))
{
peer = NULL;
}
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.include_length", FALSE, charon->name);
+ "%s.plugins.eap-peap.include_length", FALSE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP,
application, NULL);
this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count,
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 5237cb6..33b01e9 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -92,7 +92,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this)
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-peap.phase2_method", "mschapv2",
- charon->name);
+ lib->ns);
type = eap_type_from_string(eap_type_str);
if (type == 0)
{
@@ -129,7 +129,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this)
static status_t start_phase2_tnc(private_eap_peap_server_t *this)
{
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.phase2_tnc", FALSE, charon->name))
+ "%s.plugins.eap-peap.phase2_tnc", FALSE, lib->ns))
{
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_TNC,
@@ -274,7 +274,7 @@ METHOD(tls_application_t, process, status_t,
/* Start Phase 2 of EAP-PEAP authentication */
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.request_peer_auth", FALSE, charon->name))
+ "%s.plugins.eap-peap.request_peer_auth", FALSE, lib->ns))
{
return start_phase2_tnc(this);
}
@@ -425,7 +425,7 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
.start_phase2_tnc = TRUE,
.start_phase2_id = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-peap.phase2_piggyback",
- FALSE, charon->name),
+ FALSE, lib->ns),
.phase2_result = EAP_FAILURE,
.avp = eap_peap_avp_create(TRUE),
);
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index 3064cea..3e2bf04 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 6087a52..6719497 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -188,7 +188,7 @@ void eap_radius_build_attributes(radius_message_t *request)
}
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.station_id_with_port",
- TRUE, charon->name))
+ TRUE, lib->ns))
{
station_id_fmt = "%#H";
}
@@ -573,12 +573,12 @@ static void process_cfg_attributes(radius_message_t *msg)
void eap_radius_process_attributes(radius_message_t *message)
{
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE, charon->name))
+ "%s.plugins.eap-radius.class_group", FALSE, lib->ns))
{
process_class(message);
}
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.filter_id", FALSE, charon->name))
+ "%s.plugins.eap-radius.filter_id", FALSE, lib->ns))
{
process_filter_id(message);
}
@@ -720,10 +720,10 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
.type = EAP_RADIUS,
.eap_start = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.eap_start", FALSE,
- charon->name),
+ lib->ns),
.id_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.id_prefix", "",
- charon->name),
+ lib->ns),
);
this->client = eap_radius_create_client();
if (!this->client)
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index afb661e..8c780e7 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -712,7 +712,7 @@ eap_radius_accounting_t *eap_radius_accounting_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
+ "%s.plugins.eap-radius.station_id_with_port", TRUE, lib->ns))
{
this->station_id_fmt = "%#H";
}
@@ -721,14 +721,14 @@ eap_radius_accounting_t *eap_radius_accounting_create()
this->station_id_fmt = "%H";
}
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.accounting", FALSE, charon->name))
+ "%s.plugins.eap-radius.accounting", FALSE, lib->ns))
{
singleton = this;
charon->bus->add_listener(charon->bus, &this->public.listener);
}
this->acct_req_vip = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.accounting_requires_vip",
- FALSE, charon->name);
+ FALSE, lib->ns);
return &this->public;
}
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index f22ddc5..a0bf99e 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -452,11 +452,11 @@ static bool open_socket(private_eap_radius_dae_t *this)
host = host_create_from_string(
lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.dae.listen", "0.0.0.0",
- charon->name),
+ "%s.plugins.eap-radius.dae.listen", "0.0.0.0",
+ lib->ns),
lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT,
- charon->name));
+ "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT,
+ lib->ns));
if (!host)
{
DBG1(DBG_CFG, "invalid RADIUS DAE listen address");
@@ -504,7 +504,7 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting)
.secret = {
.ptr = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.dae.secret", NULL,
- charon->name),
+ lib->ns),
},
.hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
.signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
index 3e80e89..b873e1d 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
@@ -438,10 +438,10 @@ eap_radius_forward_t *eap_radius_forward_create()
},
.from_attr = parse_selector(lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.forward.ike_to_radius", "",
- charon->name)),
+ lib->ns)),
.to_attr = parse_selector(lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.forward.radius_to_ike", "",
- charon->name)),
+ lib->ns)),
.from = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 8),
.to = hashtable_create((hashtable_hash_t)hash,
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 90a4ef6..1a48c07 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -100,23 +100,23 @@ static void load_configs(private_eap_radius_plugin_t *this)
int auth_port, acct_port, sockets, preference;
address = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.server", NULL, charon->name);
+ "%s.plugins.eap-radius.server", NULL, lib->ns);
if (address)
{ /* legacy configuration */
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.secret", NULL, charon->name);
+ "%s.plugins.eap-radius.secret", NULL, lib->ns);
if (!secret)
{
DBG1(DBG_CFG, "no RADIUS secret defined");
return;
}
nas_identifier = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.nas_identifier", "strongSwan",
- charon->name);
+ "%s.plugins.eap-radius.nas_identifier", "strongSwan",
+ lib->ns);
auth_port = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.port", AUTH_PORT, charon->name);
+ "%s.plugins.eap-radius.port", AUTH_PORT, lib->ns);
sockets = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.sockets", 1, charon->name);
+ "%s.plugins.eap-radius.sockets", 1, lib->ns);
config = radius_config_create(address, address, auth_port, ACCT_PORT,
nas_identifier, secret, sockets, 0);
if (!config)
@@ -129,12 +129,12 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.plugins.eap-radius.servers", charon->name);
+ "%s.plugins.eap-radius.servers", lib->ns);
while (enumerator->enumerate(enumerator, §ion))
{
address = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.address", NULL,
- charon->name, section);
+ lib->ns, section);
if (!address)
{
DBG1(DBG_CFG, "RADIUS server '%s' misses address, skipped", section);
@@ -142,7 +142,7 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
secret = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.secret", NULL,
- charon->name, section);
+ lib->ns, section);
if (!secret)
{
DBG1(DBG_CFG, "RADIUS server '%s' misses secret, skipped", section);
@@ -150,22 +150,22 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
nas_identifier = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.nas_identifier", "strongSwan",
- charon->name, section);
+ lib->ns, section);
auth_port = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.auth_port",
lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.port",
- AUTH_PORT, charon->name, section),
- charon->name, section);
+ AUTH_PORT, lib->ns, section),
+ lib->ns, section);
acct_port = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.acct_port", ACCT_PORT,
- charon->name, section);
+ lib->ns, section);
sockets = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.sockets", 1,
- charon->name, section);
+ lib->ns, section);
preference = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.preference", 0,
- charon->name, section);
+ lib->ns, section);
config = radius_config_create(section, address, auth_port, acct_port,
nas_identifier, secret, sockets, preference);
if (!config)
@@ -203,7 +203,7 @@ static bool plugin_cb(private_eap_radius_plugin_t *this,
load_configs(this);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.dae.enable", FALSE, charon->name))
+ "%s.plugins.eap-radius.dae.enable", FALSE, lib->ns))
{
this->dae = eap_radius_dae_create(this->accounting);
}
@@ -368,7 +368,7 @@ void eap_radius_handle_timeout(ike_sa_id_t *id)
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.close_all_on_timeout",
- FALSE, charon->name))
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "deleting all IKE_SAs after RADIUS timeout");
lib->processor->queue_job(lib->processor,
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
index e66bbf3..d00f6bb 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
@@ -256,7 +256,7 @@ static bool parse_rounds(private_eap_radius_xauth_t *this, char *profile)
}
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.eap-radius.xauth.%s", charon->name, profile);
+ "%s.plugins.eap-radius.xauth.%s", lib->ns, profile);
while (enumerator->enumerate(enumerator, &type, &message))
{
bool invalid = TRUE;
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index c9d8068..3707f64 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index 334e2df..f22266b 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -635,7 +635,7 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server,
this->use_reauth = this->use_pseudonym = this->use_permanent =
lib->settings->get_bool(lib->settings,
"%s.plugins.eap-sim.request_identity", TRUE,
- charon->name);
+ lib->ns);
/* generate a non-zero identifier */
do {
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 3999549..05bbc31 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 2723f40..a22a5c3 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 27a9f0c..189baac 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 5c136ce..33443a1 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 86cf3a7..02cf153 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
index 6bcc58e..1763218 100644
--- a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
@@ -66,7 +66,7 @@ static bool load_db(private_eap_simaka_sql_t *this,
uri = lib->settings->get_str(lib->settings,
"%s.plugins.eap-simaka-sql.database", NULL,
- charon->name);
+ lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "eap-simaka-sql database URI missing");
@@ -80,7 +80,7 @@ static bool load_db(private_eap_simaka_sql_t *this,
}
remove_used = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-simaka-sql.remove_used", FALSE,
- charon->name);
+ lib->ns);
this->provider = eap_simaka_sql_provider_create(this->db, remove_used);
this->card = eap_simaka_sql_card_create(this->db, remove_used);
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index 7be6599..ec189f8 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c
index 48e3875..dffbaf2 100644
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@@ -145,12 +145,12 @@ static eap_tls_t *eap_tls_create(identification_t *server,
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-tls.include_length", TRUE, charon->name);
+ "%s.plugins.eap-tls.include_length", TRUE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL, NULL);
this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count,
include_length);
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index e482a71..6d4ff87 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index f9ab742..2147c04 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -273,10 +273,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
);
max_msg_count = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-tnc.max_message_count",
- EAP_TNC_MAX_MESSAGE_COUNT, charon->name);
+ "%s.plugins.eap-tnc.max_message_count",
+ EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
protocol = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-tnc.protocol", "tnccs-1.1", charon->name);
+ "%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns);
if (strcaseeq(protocol, "tnccs-2.0"))
{
type = TNCCS_2_0;
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index a774ad6..a22b1e2 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index ebd1c54..703cd3f 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -147,18 +147,18 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
);
if (is_server && !lib->settings->get_bool(lib->settings,
"%s.plugins.eap-ttls.request_peer_auth", FALSE,
- charon->name))
+ lib->ns))
{
peer = NULL;
}
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.include_length", TRUE, charon->name);
+ "%s.plugins.eap-ttls.include_length", TRUE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS,
application, NULL);
this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count,
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
index eef8d66..88c2b88 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
@@ -80,7 +80,7 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this)
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-ttls.phase2_method", "md5",
- charon->name);
+ lib->ns);
type = eap_type_from_string(eap_type_str);
if (type == 0)
{
@@ -115,7 +115,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
eap_inner_method_t *inner_method;
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.phase2_tnc", FALSE, charon->name))
+ "%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
{
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
this->method = charon->eap->create_instance(charon->eap, EAP_TNC,
@@ -242,7 +242,7 @@ METHOD(tls_application_t, process, status_t,
/* Start Phase 2 of EAP-TTLS authentication */
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.request_peer_auth", FALSE, charon->name))
+ "%s.plugins.eap-ttls.request_peer_auth", FALSE, lib->ns))
{
return start_phase2_tnc(this, EAP_TLS);
}
@@ -301,7 +301,7 @@ METHOD(tls_application_t, build, status_t,
if (this->method == NULL && this->start_phase2 &&
lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.phase2_piggyback", FALSE, charon->name))
+ "%s.plugins.eap-ttls.phase2_piggyback", FALSE, lib->ns))
{
/* generate an EAP Identity request which will be piggybacked right
* onto the TLS Finished message thus initiating EAP-TTLS phase2
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index ad8aba1..d8a135c 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -226,8 +226,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -295,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -383,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -403,6 +410,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c
index aafd0a4..959c4c6 100644
--- a/src/libcharon/plugins/error_notify/error_notify_socket.c
+++ b/src/libcharon/plugins/error_notify/error_notify_socket.c
@@ -142,7 +142,7 @@ error_notify_socket_t *error_notify_socket_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.error-notify.socket", "unix://" ERROR_NOTIFY_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 4d2a32e..60c55f0 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 9948ab3..2f32630 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c
index d26c383..dd55fae 100644
--- a/src/libcharon/plugins/ha/ha_attribute.c
+++ b/src/libcharon/plugins/ha/ha_attribute.c
@@ -309,7 +309,7 @@ static void load_pools(private_ha_attribute_t *this)
pool_t *pool;
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.ha.pools", charon->name);
+ "%s.plugins.ha.pools", lib->ns);
while (enumerator->enumerate(enumerator, &name, &net))
{
net = strdup(net);
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
index 5d4cc61..493cad5 100644
--- a/src/libcharon/plugins/ha/ha_plugin.c
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -160,19 +160,19 @@ plugin_t *ha_plugin_create()
bool fifo, monitor, resync;
local = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.local", NULL, charon->name);
+ "%s.plugins.ha.local", NULL, lib->ns);
remote = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.remote", NULL, charon->name);
+ "%s.plugins.ha.remote", NULL, lib->ns);
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.secret", NULL, charon->name);
+ "%s.plugins.ha.secret", NULL, lib->ns);
fifo = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.fifo_interface", TRUE, charon->name);
+ "%s.plugins.ha.fifo_interface", TRUE, lib->ns);
monitor = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.monitor", TRUE, charon->name);
+ "%s.plugins.ha.monitor", TRUE, lib->ns);
resync = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.resync", TRUE, charon->name);
+ "%s.plugins.ha.resync", TRUE, lib->ns);
count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings,
- "%s.plugins.ha.segment_count", 1, charon->name));
+ "%s.plugins.ha.segment_count", 1, lib->ns));
if (!local || !remote)
{
DBG1(DBG_CFG, "HA config misses local/remote address");
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
index cab38c6..fc7d7a8 100644
--- a/src/libcharon/plugins/ha/ha_segments.c
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -470,12 +470,12 @@ ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
.heartbeat_delay = lib->settings->get_int(lib->settings,
"%s.plugins.ha.heartbeat_delay", DEFAULT_HEARTBEAT_DELAY,
- charon->name),
+ lib->ns),
.heartbeat_timeout = lib->settings->get_int(lib->settings,
"%s.plugins.ha.heartbeat_timeout", DEFAULT_HEARTBEAT_TIMEOUT,
- charon->name),
+ lib->ns),
.autobalance = lib->settings->get_int(lib->settings,
- "%s.plugins.ha.autobalance", 0, charon->name),
+ "%s.plugins.ha.autobalance", 0, lib->ns),
);
if (monitor)
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 5c3d015..2ee5a49 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
index 9bc49ba..9f00abe 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -53,7 +53,7 @@ METHOD(plugin_t, reload, bool,
private_ipseckey_plugin_t *this)
{
bool enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.ipseckey.enable", FALSE, charon->name);
+ "%s.plugins.ipseckey.enable", FALSE, lib->ns);
if (enabled != this->enabled)
{
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index fa28bab..1726c68 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index d0744e3..b335807 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -695,7 +695,7 @@ kernel_libipsec_ipsec_t *kernel_libipsec_ipsec_create()
.policies = linked_list_create(),
.excludes = linked_list_create(),
.allow_peer_ts = lib->settings->get_bool(lib->settings,
- "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, hydra->daemon),
+ "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, lib->ns),
);
ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
index 56f5262..e3b688d 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
@@ -144,6 +144,6 @@ plugin_t *kernel_libipsec_plugin_create()
/* set TUN device as default to install VIPs */
lib->settings->set_str(lib->settings, "%s.install_virtual_ip_on",
- this->tun->get_name(this->tun), charon->name);
+ this->tun->get_name(this->tun), lib->ns);
return &this->public.plugin;
}
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 9373703..48163af 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/led/led_listener.c b/src/libcharon/plugins/led/led_listener.c
index be80bcd..3351f66 100644
--- a/src/libcharon/plugins/led/led_listener.c
+++ b/src/libcharon/plugins/led/led_listener.c
@@ -230,12 +230,12 @@ led_listener_t *led_listener_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.blink_time = lib->settings->get_int(lib->settings,
- "%s.plugins.led.blink_time", 50, charon->name),
+ "%s.plugins.led.blink_time", 50, lib->ns),
);
this->activity = open_led(lib->settings->get_str(lib->settings,
- "%s.plugins.led.activity_led", NULL, charon->name),
- &this->activity_max);
+ "%s.plugins.led.activity_led", NULL, lib->ns),
+ &this->activity_max);
set_led(this->activity, 0);
return &this->public;
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 93dd6b4..2369044 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -228,8 +228,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -297,6 +295,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -385,12 +388,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -405,6 +412,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index e4e47c1..e133190 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -236,11 +236,11 @@ static void load_addrs(private_load_tester_config_t *this)
mem_pool_t *pool;
this->keep = lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.addrs_keep", FALSE, charon->name);
+ "%s.plugins.load-tester.addrs_keep", FALSE, lib->ns);
this->prefix = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.addrs_prefix", 16, charon->name);
+ "%s.plugins.load-tester.addrs_prefix", 16, lib->ns);
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.load-tester.addrs", charon->name);
+ "%s.plugins.load-tester.addrs", lib->ns);
while (enumerator->enumerate(enumerator, &iface, &token))
{
tokens = enumerator_create_token(token, ",", " ");
@@ -917,72 +917,71 @@ load_tester_config_t *load_tester_config_create()
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.request_virtual_ip", FALSE, charon->name))
+ "%s.plugins.load-tester.request_virtual_ip", FALSE, lib->ns))
{
this->vip = host_create_from_string("0.0.0.0", 0);
}
this->pool = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.pool", NULL, charon->name);
+ "%s.plugins.load-tester.pool", NULL, lib->ns);
this->initiator = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator", "0.0.0.0", charon->name);
+ "%s.plugins.load-tester.initiator", "0.0.0.0", lib->ns);
this->responder = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder", "127.0.0.1", charon->name);
+ "%s.plugins.load-tester.responder", "127.0.0.1", lib->ns);
this->proposal = proposal_create_from_string(PROTO_IKE,
lib->settings->get_str(lib->settings,
"%s.plugins.load-tester.proposal", "aes128-sha1-modp768",
- charon->name));
+ lib->ns));
if (!this->proposal)
{ /* fallback */
this->proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha1-modp768");
}
this->esp = proposal_create_from_string(PROTO_ESP,
- lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.esp", "aes128-sha1",
- charon->name));
+ lib->settings->get_str(lib->settings,
+ "%s.plugins.load-tester.esp", "aes128-sha1", lib->ns));
if (!this->esp)
{ /* fallback */
this->esp = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
}
this->ike_rekey = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.ike_rekey", 0, charon->name);
+ "%s.plugins.load-tester.ike_rekey", 0, lib->ns);
this->child_rekey = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.child_rekey", 600, charon->name);
+ "%s.plugins.load-tester.child_rekey", 600, lib->ns);
this->dpd_delay = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dpd_delay", 0, charon->name);
+ "%s.plugins.load-tester.dpd_delay", 0, lib->ns);
this->dpd_timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dpd_timeout", 0, charon->name);
+ "%s.plugins.load-tester.dpd_timeout", 0, lib->ns);
this->initiator_auth = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_auth", "pubkey", charon->name);
+ "%s.plugins.load-tester.initiator_auth", "pubkey", lib->ns);
this->responder_auth = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_auth", "pubkey", charon->name);
+ "%s.plugins.load-tester.responder_auth", "pubkey", lib->ns);
this->initiator_id = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_id", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_id", NULL, lib->ns);
this->initiator_match = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_match", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_match", NULL, lib->ns);
this->responder_id = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_id", NULL, charon->name);
+ "%s.plugins.load-tester.responder_id", NULL, lib->ns);
this->mode = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.mode", NULL, charon->name);
+ "%s.plugins.load-tester.mode", NULL, lib->ns);
this->initiator_tsi = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_tsi", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_tsi", NULL, lib->ns);
this->responder_tsi =lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_tsi",
- this->initiator_tsi, charon->name);
+ "%s.plugins.load-tester.responder_tsi",
+ this->initiator_tsi, lib->ns);
this->initiator_tsr = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_tsr", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_tsr", NULL, lib->ns);
this->responder_tsr =lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_tsr",
- this->initiator_tsr, charon->name);
+ "%s.plugins.load-tester.responder_tsr",
+ this->initiator_tsr, lib->ns);
this->port = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dynamic_port", 0, charon->name);
+ "%s.plugins.load-tester.dynamic_port", 0, lib->ns);
this->version = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.version", IKE_ANY, charon->name);
+ "%s.plugins.load-tester.version", IKE_ANY, lib->ns);
load_addrs(this);
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
index f9ec914..5f089f5 100644
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
@@ -302,7 +302,7 @@ load_tester_control_t *load_tester_control_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.load-tester.socket", "unix://" LOAD_TESTER_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (this->service)
{
diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 028205b..f17d41f 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@@ -202,7 +202,7 @@ static private_key_t *load_issuer_key()
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.issuer_key", NULL, charon->name);
+ "%s.plugins.load-tester.issuer_key", NULL, lib->ns);
if (!path)
{
return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
@@ -222,7 +222,7 @@ static certificate_t *load_issuer_cert()
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.issuer_cert", NULL, charon->name);
+ "%s.plugins.load-tester.issuer_cert", NULL, lib->ns);
if (!path)
{
return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
@@ -246,7 +246,7 @@ static void load_ca_certs(private_load_tester_creds_t *this)
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.ca_dir", NULL, charon->name);
+ "%s.plugins.load-tester.ca_dir", NULL, lib->ns);
if (path)
{
enumerator = enumerator_create_directory(path);
@@ -445,11 +445,11 @@ load_tester_creds_t *load_tester_creds_create()
char *pwd, *psk, *digest;
psk = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.preshared_key", default_psk, charon->name);
+ "%s.plugins.load-tester.preshared_key", default_psk, lib->ns);
pwd = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.eap_password", default_pwd, charon->name);
+ "%s.plugins.load-tester.eap_password", default_pwd, lib->ns);
digest = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.digest", "sha1", charon->name);
+ "%s.plugins.load-tester.digest", "sha1", lib->ns);
INIT(this,
.public = {
diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c
index 7e832dd..068020e 100644
--- a/src/libcharon/plugins/load_tester/load_tester_listener.c
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.c
@@ -126,7 +126,7 @@ load_tester_listener_t *load_tester_listener_create(u_int shutdown_on,
},
.delete_after_established = lib->settings->get_bool(lib->settings,
"%s.plugins.load-tester.delete_after_established", FALSE,
- charon->name),
+ lib->ns),
.shutdown_on = shutdown_on,
.config = config,
);
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index 03557a2..e684f22 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -193,7 +193,7 @@ static bool register_load_tester(private_load_tester_plugin_t *this,
lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.shutdown_when_complete", 0, charon->name))
+ "%s.plugins.load-tester.shutdown_when_complete", 0, lib->ns))
{
shutdown_on = this->iterations * this->initiators;
}
@@ -262,8 +262,8 @@ plugin_t *load_tester_plugin_create()
{
private_load_tester_plugin_t *this;
- if (!lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.enable", FALSE, charon->name))
+ if (!lib->settings->get_bool(lib->settings, "%s.plugins.load-tester.enable",
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "disabling load-tester plugin, not configured");
return NULL;
@@ -279,19 +279,19 @@ plugin_t *load_tester_plugin_create()
},
},
.delay = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.delay", 0, charon->name),
+ "%s.plugins.load-tester.delay", 0, lib->ns),
.iterations = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.iterations", 1, charon->name),
+ "%s.plugins.load-tester.iterations", 1, lib->ns),
.initiators = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.initiators", 0, charon->name),
+ "%s.plugins.load-tester.initiators", 0, lib->ns),
.init_limit = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.init_limit", 0, charon->name),
+ "%s.plugins.load-tester.init_limit", 0, lib->ns),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.fake_kernel", FALSE, charon->name))
+ "%s.plugins.load-tester.fake_kernel", FALSE, lib->ns))
{
hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface,
(kernel_ipsec_constructor_t)load_tester_ipsec_create);
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index d74ce46..4b6d214 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -224,8 +224,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/lookip/lookip_socket.c b/src/libcharon/plugins/lookip/lookip_socket.c
index d25573b..4b33e3e 100644
--- a/src/libcharon/plugins/lookip/lookip_socket.c
+++ b/src/libcharon/plugins/lookip/lookip_socket.c
@@ -87,10 +87,21 @@ static void entry_destroy(entry_t *entry)
}
/**
- * Disconnect a stream, remove connection entry
+ * Data for async disconnect job
*/
-static void disconnect(private_lookip_socket_t *this, stream_t *stream)
+typedef struct {
+ /** socket ref */
+ private_lookip_socket_t *this;
+ /** stream to disconnect */
+ stream_t *stream;
+} disconnect_data_t;
+
+/**
+ * Disconnect a stream asynchronously, remove connection entry
+ */
+static job_requeue_t disconnect_async(disconnect_data_t *data)
{
+ private_lookip_socket_t *this = data->this;
enumerator_t *enumerator;
entry_t *entry;
@@ -98,7 +109,7 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream)
enumerator = this->connected->create_enumerator(this->connected);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->stream == stream)
+ if (entry->stream == data->stream)
{
this->connected->remove_at(this->connected, enumerator);
if (entry->up || entry->down)
@@ -111,6 +122,24 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream)
}
enumerator->destroy(enumerator);
this->mutex->unlock(this->mutex);
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Queue async disconnect job
+ */
+static void disconnect(private_lookip_socket_t *this, stream_t *stream)
+{
+ disconnect_data_t *data;
+
+ INIT(data,
+ .this = this,
+ .stream = stream,
+ );
+
+ lib->processor->queue_job(lib->processor,
+ (job_t*)callback_job_create((void*)disconnect_async, data,
+ free, NULL));
}
/**
@@ -393,8 +422,8 @@ lookip_socket_t *lookip_socket_create(lookip_listener_t *listener)
);
uri = lib->settings->get_str(lib->settings,
- "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET,
- charon->name);
+ "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET,
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index a8b793f..314088a 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 76b05c6..8d7ca04 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 20e3553..7abc23e 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index 9e794ce..b891f55 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index c8d8fae..bf85d57 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/radattr/radattr_listener.c b/src/libcharon/plugins/radattr/radattr_listener.c
index 5443800..aca83aa 100644
--- a/src/libcharon/plugins/radattr/radattr_listener.c
+++ b/src/libcharon/plugins/radattr/radattr_listener.c
@@ -19,7 +19,6 @@
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
-#include <sys/mman.h>
#include <errno.h>
#include <daemon.h>
@@ -110,10 +109,7 @@ static void add_radius_attribute(private_radattr_listener_t *this,
identification_t *id;
auth_cfg_t *auth;
char path[PATH_MAX];
- chunk_t data;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *data;
auth = ike_sa->get_auth_cfg(ike_sa, TRUE);
id = auth->get(auth, AUTH_RULE_EAP_IDENTITY);
@@ -123,44 +119,16 @@ static void add_radius_attribute(private_radattr_listener_t *this,
}
snprintf(path, sizeof(path), "%s/%Y", this->dir, id);
- fd = open(path, O_RDONLY);
- if (fd != -1)
+ data = chunk_map(path, FALSE);
+ if (data)
{
- if (fstat(fd, &sb) != -1)
+ if (data->len >= 2)
{
- if (sb.st_size <= MAX_ATTR_SIZE)
- {
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr != MAP_FAILED)
- {
- data = chunk_create(addr, sb.st_size);
- if (data.len >= 2)
- {
- DBG1(DBG_CFG, "adding RADIUS %N attribute",
- radius_attribute_type_names, data.ptr[0]);
- message->add_notify(message, FALSE,
- RADIUS_ATTRIBUTE, data);
- }
- munmap(addr, sb.st_size);
- }
- else
- {
- DBG1(DBG_CFG, "mapping RADIUS attribute '%s' failed: %s",
- path, strerror(errno));
- }
- }
- else
- {
- DBG1(DBG_CFG, "RADIUS attribute '%s' exceeds size limit",
- path);
- }
- }
- else
- {
- DBG1(DBG_CFG, "fstat RADIUS attribute '%s' failed: %s",
- path, strerror(errno));
+ DBG1(DBG_CFG, "adding RADIUS %N attribute",
+ radius_attribute_type_names, data->ptr[0]);
+ message->add_notify(message, FALSE, RADIUS_ATTRIBUTE, *data);
}
- close(fd);
+ chunk_unmap(data);
}
else
{
@@ -212,9 +180,9 @@ radattr_listener_t *radattr_listener_create()
.destroy = _destroy,
},
.dir = lib->settings->get_str(lib->settings,
- "%s.plugins.radattr.dir", NULL, charon->name),
+ "%s.plugins.radattr.dir", NULL, lib->ns),
.mid = lib->settings->get_int(lib->settings,
- "%s.plugins.radattr.message_id", -1, charon->name),
+ "%s.plugins.radattr.message_id", -1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index f568404..43f3c6f 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index cfcee2f..155113e 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index ea976df..081d3ef 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -617,7 +617,7 @@ static int open_socket(private_socket_default_socket_t *this,
mark_t mark;
fwmark = lib->settings->get_str(lib->settings,
- "%s.plugins.socket-default.fwmark", NULL, charon->name);
+ "%s.plugins.socket-default.fwmark", NULL, lib->ns);
if (fwmark && mark_from_string(fwmark, &mark))
{
if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value,
@@ -657,10 +657,10 @@ static bool use_family(int family)
{
case AF_INET:
return lib->settings->get_bool(lib->settings,
- "%s.plugins.socket-default.use_ipv4", TRUE, charon->name);
+ "%s.plugins.socket-default.use_ipv4", TRUE, lib->ns);
case AF_INET6:
return lib->settings->get_bool(lib->settings,
- "%s.plugins.socket-default.use_ipv6", TRUE, charon->name);
+ "%s.plugins.socket-default.use_ipv6", TRUE, lib->ns);
default:
return FALSE;
}
@@ -735,14 +735,14 @@ socket_default_socket_t *socket_default_socket_create()
},
},
.port = lib->settings->get_int(lib->settings,
- "%s.port", CHARON_UDP_PORT, charon->name),
+ "%s.port", CHARON_UDP_PORT, lib->ns),
.natt = lib->settings->get_int(lib->settings,
- "%s.port_nat_t", CHARON_NATT_PORT, charon->name),
+ "%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
.set_source = lib->settings->get_bool(lib->settings,
"%s.plugins.socket-default.set_source", TRUE,
- charon->name),
+ lib->ns),
);
if (this->port && this->port == this->natt)
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 1efbdab..da40a43 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index 012f18e..3161a70 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -668,7 +668,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create()
},
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
);
if (pipe(this->notify) != 0)
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 18461fa..9638049 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index 547e769..9a7a6e0 100644
--- a/src/libcharon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
@@ -141,7 +141,7 @@ sql_logger_t *sql_logger_create(database_t *db)
.db = db,
.recursive = thread_value_create(NULL),
.level = lib->settings->get_int(lib->settings,
- "%s.plugins.sql.loglevel", -1, charon->name),
+ "%s.plugins.sql.loglevel", -1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index c1b4461..c5dd6e8 100644
--- a/src/libcharon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -73,7 +73,7 @@ static bool open_database(private_sql_plugin_t *this,
char *uri;
uri = lib->settings->get_str(lib->settings, "%s.plugins.sql.database",
- NULL, charon->name);
+ NULL, lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "sql plugin: database URI not set");
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index a913e06..11a8771 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2e10f32..e5e6d92 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -880,7 +880,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
else
{
vip = host_create_from_string(token, 0);
- if (vip)
+ if (!vip)
{
DBG1(DBG_CFG, "ignored invalid subnet token: %s", token);
}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index b583bfc..f770d7c 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -778,7 +778,7 @@ stroke_control_t *stroke_control_create()
.destroy = _destroy,
},
.timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.stroke.timeout", 0, charon->name),
+ "%s.plugins.stroke.timeout", 0, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 8d00012..f908219 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -17,8 +17,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <limits.h>
-#include <libgen.h>
-#include <sys/mman.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
@@ -521,7 +519,16 @@ METHOD(stroke_cred_t, cache_cert, void,
if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
{
- chunk_write(chunk, buf, "crl", 022, TRUE);
+ if (chunk_write(chunk, buf, 022, TRUE))
+ {
+ DBG1(DBG_CFG, " written crl file '%s' (%d bytes)",
+ buf, chunk.len);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " writing crl file '%s' failed: %s",
+ buf, strerror(errno));
+ }
free(chunk.ptr);
}
}
@@ -1092,46 +1099,24 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr,
static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
char *file, int level, FILE *prompt)
{
- int line_nr = 0, fd;
- chunk_t src, line;
- struct stat sb;
- void *addr;
+ int line_nr = 0;
+ chunk_t *src, line;
DBG1(DBG_CFG, "loading secrets from '%s'", file);
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ src = chunk_map(file, FALSE);
+ if (!src)
{
DBG1(DBG_CFG, "opening secrets file '%s' failed: %s", file,
strerror(errno));
return;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return;
- }
- if (sb.st_size == 0)
- { /* skip empty files, as mmap() complains */
- close(fd);
- return;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return;
- }
- src = chunk_create(addr, sb.st_size);
if (!secrets)
{
secrets = mem_cred_create();
}
- while (fetchline(&src, &line))
+ while (fetchline(src, &line))
{
chunk_t ids, token;
shared_key_type_t type;
@@ -1172,8 +1157,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
}
else
{ /* use directory of current file if relative */
- dir = strdup(file);
- dir = dirname(dir);
+ dir = path_dirname(file);
if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern))
{
@@ -1272,8 +1256,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
break;
}
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(src);
if (level == 0)
{ /* replace secrets in active credential set */
@@ -1394,7 +1377,7 @@ stroke_cred_t *stroke_cred_create()
this->force_ca_cert = lib->settings->get_bool(lib->settings,
"%s.plugins.stroke.ignore_missing_ca_basic_constraint",
- FALSE, charon->name);
+ FALSE, lib->ns);
load_certs(this);
load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 3adebb5..169ff2b 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Tobias Brunner
+ * Copyright (C) 2011-2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -99,6 +99,11 @@ struct private_stroke_socket_t {
* Counter values for IKE events
*/
stroke_counter_t *counter;
+
+ /**
+ * TRUE if log level changes are not allowed
+ */
+ bool prevent_loglevel_changes;
};
/**
@@ -490,6 +495,25 @@ static void stroke_leases(private_stroke_socket_t *this,
}
/**
+ * Callback function for usage report
+ */
+static void report_usage(FILE *out, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ fprintf(out, "%zu bytes total, %d allocations, %zu bytes average:\n",
+ bytes, count, bytes / count);
+ bt->log(bt, out, detailed);
+}
+
+/**
+ * Callback function for memusage summary
+ */
+static void sum_usage(FILE *out, int count, size_t bytes, int whitelisted)
+{
+ fprintf(out, "Total memory usage: %zu\n", bytes);
+}
+
+/**
* Show memory usage
*/
static void stroke_memusage(private_stroke_socket_t *this,
@@ -497,7 +521,9 @@ static void stroke_memusage(private_stroke_socket_t *this,
{
if (lib->leak_detective)
{
- lib->leak_detective->usage(lib->leak_detective, out);
+ lib->leak_detective->usage(lib->leak_detective,
+ (leak_detective_report_cb_t)report_usage,
+ (leak_detective_summary_cb_t)sum_usage, out);
}
}
@@ -546,6 +572,12 @@ static void stroke_loglevel(private_stroke_socket_t *this,
DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
msg->loglevel.level, msg->loglevel.type);
+ if (this->prevent_loglevel_changes)
+ {
+ DBG1(DBG_CFG, "prevented log level change");
+ fprintf(out, "command not allowed!\n");
+ return;
+ }
if (strcaseeq(msg->loglevel.type, "any"))
{
group = DBG_ANY;
@@ -555,7 +587,7 @@ static void stroke_loglevel(private_stroke_socket_t *this,
group = enum_from_name(debug_names, msg->loglevel.type);
if ((int)group < 0)
{
- fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
+ fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
return;
}
}
@@ -591,8 +623,8 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
return FALSE;
}
- /* read message */
- msg = malloc(len);
+ /* read message (we need an additional byte to terminate the buffer) */
+ msg = malloc(len + 1);
msg->length = len;
if (!stream->read_all(stream, (char*)msg + sizeof(len), len - sizeof(len)))
{
@@ -603,6 +635,9 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
free(msg);
return FALSE;
}
+ /* make sure even incorrectly unterminated strings don't extend over the
+ * message boundaries */
+ ((char*)msg)[len] = '\0';
DBG3(DBG_CFG, "stroke message %b", (void*)msg, len);
@@ -727,6 +762,8 @@ stroke_socket_t *stroke_socket_create()
.public = {
.destroy = _destroy,
},
+ .prevent_loglevel_changes = lib->settings->get_bool(lib->settings,
+ "%s.plugins.stroke.prevent_loglevel_changes", FALSE, lib->ns),
);
this->cred = stroke_cred_create();
@@ -746,10 +783,10 @@ stroke_socket_t *stroke_socket_create()
charon->bus->add_listener(charon->bus, &this->counter->listener);
max_concurrent = lib->settings->get_int(lib->settings,
- "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
- charon->name);
+ "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
+ lib->ns);
uri = lib->settings->get_str(lib->settings,
- "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, charon->name);
+ "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 8ad5c88..6372472 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
index c859611..c1594b0 100644
--- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
+++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
@@ -178,9 +178,9 @@ static bool load_validator(private_systime_fix_plugin_t *this)
char *str, *fmt;
fmt = lib->settings->get_str(lib->settings,
- "%s.plugins.%s.threshold_format", "%Y", charon->name, get_name(this));
+ "%s.plugins.%s.threshold_format", "%Y", lib->ns, get_name(this));
str = lib->settings->get_str(lib->settings,
- "%s.plugins.%s.threshold", NULL, charon->name, get_name(this));
+ "%s.plugins.%s.threshold", NULL, lib->ns, get_name(this));
if (!str)
{
DBG1(DBG_CFG, "no threshold configured for %s, disabled",
@@ -274,9 +274,9 @@ plugin_t *systime_fix_plugin_create()
},
},
.interval = lib->settings->get_int(lib->settings,
- "%s.plugins.%s.interval", 0, charon->name, get_name(this)),
+ "%s.plugins.%s.interval", 0, lib->ns, get_name(this)),
.reauth = lib->settings->get_bool(lib->settings,
- "%s.plugins.%s.reauth", FALSE, charon->name, get_name(this)),
+ "%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)),
);
return &this->public.plugin;
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index ca995b0..ace18e7 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 4ad19c5..d2ba2e3 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -191,8 +191,8 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
/* schedule periodic transmission of IF-MAP renewSession request */
reschedule = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-ifmap.renew_session_interval",
- IFMAP_RENEW_SESSION_INTERVAL, charon->name);
+ "%s.plugins.tnc-ifmap.renew_session_interval",
+ IFMAP_RENEW_SESSION_INTERVAL, lib->ns);
job = (job_t*)tnc_ifmap_renew_session_job_create(
this->ifmap->get_ref(this->ifmap), reschedule);
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index df7d2e2..8f24dae 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -134,8 +134,8 @@ METHOD(tnc_ifmap_soap_t, newSession, bool,
/* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
this->device_name = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.device_name",
- this->ifmap_publisher_id, charon->name);
+ "%s.plugins.tnc-ifmap.device_name",
+ this->ifmap_publisher_id, lib->ns);
this->device_name = strdup(this->device_name);
return this->session_id && this->ifmap_publisher_id;
@@ -731,15 +731,15 @@ static bool soap_init(private_tnc_ifmap_soap_t *this)
/* getting configuration parameters from strongswan.conf */
server_uri = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, charon->name);
+ "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, lib->ns);
server_cert = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.server_cert", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.server_cert", NULL, lib->ns);
client_cert = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.client_cert", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.client_cert", NULL, lib->ns);
client_key = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.client_key", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.client_key", NULL, lib->ns);
user_pass = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.username_password", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.username_password", NULL, lib->ns);
/* load [self-signed] MAP server certificate */
if (!server_cert)
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index d263bde..b2958ef 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -222,8 +222,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -291,6 +289,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -379,12 +382,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -399,6 +406,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 31cee9e..89237f5 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -758,19 +758,19 @@ tnc_pdp_t *tnc_pdp_create(void)
bool radius_enable, pt_tls_enable;
server = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.server", NULL, charon->name);
+ "%s.plugins.tnc-pdp.server", NULL, lib->ns);
pt_tls_enable = lib->settings->get_bool(lib->settings,
- "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, charon->name);
+ "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, lib->ns);
pt_tls_port = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, charon->name);
+ "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, lib->ns);
radius_enable = lib->settings->get_bool(lib->settings,
- "%s.plugins.tnc-pdp.radius.enable", TRUE, charon->name);
+ "%s.plugins.tnc-pdp.radius.enable", TRUE, lib->ns);
radius_port = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, charon->name);
+ "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, lib->ns);
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.radius.secret", NULL, charon->name);
+ "%s.plugins.tnc-pdp.radius.secret", NULL, lib->ns);
eap_type_str = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.radius.method", "ttls", charon->name);
+ "%s.plugins.tnc-pdp.radius.method", "ttls", lib->ns);
if (!pt_tls_enable && !radius_enable)
{
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
index f789c31..6c7659b 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
@@ -298,7 +298,7 @@ tnc_pdp_connections_t *tnc_pdp_connections_create(void)
.list = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, charon->name),
+ "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index b36a533..b2b473c 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 2f8a65c..2d9f596 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 11d6091..65fe14e 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index edff51a..9f72a80 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -97,9 +97,9 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa,
}
/**
- * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits
+ * As initiator and responder, bump up TS to 0.0.0.0/0 for on-the-wire bits
*/
-static void narrow_initiator_pre(linked_list_t *list)
+static void narrow_pre(linked_list_t *list, char *side)
{
traffic_selector_t *ts;
@@ -112,7 +112,7 @@ static void narrow_initiator_pre(linked_list_t *list)
"255.255.255.255", 65535);
if (ts)
{
- DBG2(DBG_CFG, "changing proposed traffic selectors for other:");
+ DBG2(DBG_CFG, "changing proposed traffic selectors for %s:", side);
DBG2(DBG_CFG, " %R", ts);
list->insert_last(list, ts);
}
@@ -149,12 +149,15 @@ METHOD(listener_t, narrow, bool,
switch (type)
{
case NARROW_INITIATOR_PRE_AUTH:
- narrow_initiator_pre(remote);
+ narrow_pre(remote, "other");
break;
case NARROW_INITIATOR_POST_AUTH:
narrow_initiator(this, ike_sa,
child_sa->get_config(child_sa), remote);
break;
+ case NARROW_RESPONDER:
+ narrow_pre(local, "us");
+ break;
case NARROW_RESPONDER_POST:
narrow_responder_post(child_sa->get_config(child_sa), local);
break;
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index ac6f93d..86f81fc 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -16,6 +19,7 @@
#include "unity_provider.h"
#include <daemon.h>
+#include <bio/bio_writer.h>
typedef struct private_unity_provider_t private_unity_provider_t;
@@ -31,58 +35,70 @@ struct private_unity_provider_t {
};
/**
- * Attribute enumerator for traffic selector list
+ * Attribute enumerator for UNITY_SPLIT_INCLUDE attribute
*/
typedef struct {
/** Implements enumerator_t */
enumerator_t public;
/** list of traffic selectors to enumerate */
linked_list_t *list;
- /** currently enumerating subnet */
- u_char subnet[4];
- /** currently enumerating subnet mask */
- u_char mask[4];
+ /** attribute value */
+ chunk_t attr;
} attribute_enumerator_t;
+/**
+ * Append data from the given traffic selector to the attribute data
+ */
+static void append_ts(bio_writer_t *writer, traffic_selector_t *ts)
+{
+ host_t *net, *mask;
+ chunk_t padding;
+ u_int8_t bits;
+
+ if (!ts->to_subnet(ts, &net, &bits))
+ {
+ return;
+ }
+ mask = host_create_netmask(AF_INET, bits);
+ if (!mask)
+ {
+ net->destroy(net);
+ return;
+ }
+ writer->write_data(writer, net->get_address(net));
+ writer->write_data(writer, mask->get_address(mask));
+ /* the Cisco client parses the "padding" as protocol, src and dst port, the
+ * first two in network order the last in host order - no other clients seem
+ * to support these fields so we don't use them either */
+ padding = writer->skip(writer, 6);
+ memset(padding.ptr, 0, padding.len);
+ mask->destroy(mask);
+ net->destroy(net);
+}
+
METHOD(enumerator_t, attribute_enumerate, bool,
attribute_enumerator_t *this, configuration_attribute_type_t *type,
chunk_t *attr)
{
traffic_selector_t *ts;
- u_int8_t i, mask;
- host_t *net;
+ bio_writer_t *writer;
- while (TRUE)
+ if (this->list->get_count(this->list) == 0)
{
- if (this->list->remove_first(this->list, (void**)&ts) != SUCCESS)
- {
- return FALSE;
- }
- if (ts->to_subnet(ts, &net, &mask))
- {
- ts->destroy(ts);
- break;
- }
- ts->destroy(ts);
+ return FALSE;
}
- memset(this->mask, 0, sizeof(this->mask));
- for (i = 0; i < sizeof(this->mask); i++)
+ writer = bio_writer_create(14);
+ while (this->list->remove_first(this->list, (void**)&ts) == SUCCESS)
{
- if (mask < 8)
- {
- this->mask[i] = 0xFF << (8 - mask);
- break;
- }
- this->mask[i] = 0xFF;
- mask -= 8;
+ append_ts(writer, ts);
+ ts->destroy(ts);
}
- memcpy(this->subnet, net->get_address(net).ptr, sizeof(this->subnet));
- net->destroy(net);
*type = UNITY_SPLIT_INCLUDE;
- *attr = chunk_create(this->subnet, sizeof(this->subnet) + sizeof(this->mask));
+ *attr = this->attr = writer->extract_buf(writer);
+ writer->destroy(writer);
return TRUE;
}
@@ -90,6 +106,7 @@ METHOD(enumerator_t, attribute_destroy, void,
attribute_enumerator_t *this)
{
this->list->destroy_offset(this->list, offsetof(traffic_selector_t, destroy));
+ chunk_free(&this->attr);
free(this);
}
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 697c959..e2d6d32 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/updown/updown_handler.c b/src/libcharon/plugins/updown/updown_handler.c
index 3a64438..0894d2d 100644
--- a/src/libcharon/plugins/updown/updown_handler.c
+++ b/src/libcharon/plugins/updown/updown_handler.c
@@ -188,7 +188,7 @@ METHOD(updown_handler_t, create_dns_enumerator, enumerator_t*,
ike_sa = charon->bus->get_sa(charon->bus);
if (!ike_sa)
{
- return FALSE;
+ return enumerator_create_empty();
}
this->lock->read_lock(this->lock);
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 81adfdb..2c3f932 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -218,12 +219,12 @@ METHOD(listener_t, child_updown, bool,
enumerator = child_sa->create_policy_enumerator(child_sa);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
- char command[1024];
+ char command[2048];
host_t *my_client, *other_client;
u_int8_t my_client_mask, other_client_mask;
char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth;
mark_t mark;
- bool is_host, is_ipv6;
+ bool is_host, is_ipv6, use_ipcomp;
FILE *shell;
my_ts->to_subnet(my_ts, &my_client, &my_client_mask);
@@ -322,6 +323,9 @@ METHOD(listener_t, child_updown, bool,
dns = make_dns_vars(this, ike_sa);
+ /* check for IPComp */
+ use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE;
+
/* determine IPv4/IPv6 and client/host situation */
is_host = my_ts->is_host(my_ts, me);
is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) :
@@ -355,6 +359,7 @@ METHOD(listener_t, child_updown, bool,
"%s"
"%s"
"%s"
+ "%s"
"%s",
up ? "up" : "down",
is_host ? "-host" : "-client",
@@ -377,6 +382,7 @@ METHOD(listener_t, child_updown, bool,
mark_in,
mark_out,
udp_enc,
+ use_ipcomp ? "PLUTO_IPCOMP='1' " : "",
config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "",
dns,
script);
diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c
index 3c1aba5..d30267d 100644
--- a/src/libcharon/plugins/updown/updown_plugin.c
+++ b/src/libcharon/plugins/updown/updown_plugin.c
@@ -58,7 +58,7 @@ static bool plugin_cb(private_updown_plugin_t *this,
if (reg)
{
if (lib->settings->get_bool(lib->settings,
- "charon.plugins.updown.dns_handler", FALSE))
+ "%s.plugins.updown.dns_handler", FALSE, lib->ns))
{
this->handler = updown_handler_create();
hydra->attributes->add_handler(hydra->attributes,
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 218ecaa..aa8ad2e 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -225,8 +225,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c
index 996f263..c1b619c 100644
--- a/src/libcharon/plugins/whitelist/whitelist_control.c
+++ b/src/libcharon/plugins/whitelist/whitelist_control.c
@@ -157,7 +157,7 @@ whitelist_control_t *whitelist_control_create(whitelist_listener_t *listener)
uri = lib->settings->get_str(lib->settings,
"%s.plugins.whitelist.socket", "unix://" WHITELIST_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c
index 382ee3b..d0357b4 100644
--- a/src/libcharon/plugins/whitelist/whitelist_listener.c
+++ b/src/libcharon/plugins/whitelist/whitelist_listener.c
@@ -206,7 +206,7 @@ whitelist_listener_t *whitelist_listener_create()
.ids = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 32),
.enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.whitelist.enable", FALSE, charon->name),
+ "%s.plugins.whitelist.enable", FALSE, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index c5eba14..cf0c326 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c
index 5ac4f10..f597bb7 100644
--- a/src/libcharon/plugins/xauth_eap/xauth_eap.c
+++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c
@@ -224,7 +224,7 @@ METHOD(xauth_method_t, process, status_t,
name = lib->settings->get_str(lib->settings,
"%s.plugins.xauth-eap.backend", "radius",
- charon->name);
+ lib->ns);
type = eap_type_from_string(name);
if (!type)
{
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 47c2161..2d18f60 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 2224493..8173631 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.am b/src/libcharon/plugins/xauth_pam/Makefile.am
index a7d4f64..1875f81 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.am
+++ b/src/libcharon/plugins/xauth_pam/Makefile.am
@@ -14,6 +14,7 @@ endif
libstrongswan_xauth_pam_la_SOURCES = \
xauth_pam_plugin.h xauth_pam_plugin.c \
+ xauth_pam_listener.h xauth_pam_listener.c \
xauth_pam.h xauth_pam.c
libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index dbcc4f4..1ee269e 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -129,7 +129,7 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_xauth_pam_la_LIBADD =
am_libstrongswan_xauth_pam_la_OBJECTS = xauth_pam_plugin.lo \
- xauth_pam.lo
+ xauth_pam_listener.lo xauth_pam.lo
libstrongswan_xauth_pam_la_OBJECTS = \
$(am_libstrongswan_xauth_pam_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -417,6 +425,7 @@ AM_CFLAGS = \
@MONOLITHIC_FALSE at plugin_LTLIBRARIES = libstrongswan-xauth-pam.la
libstrongswan_xauth_pam_la_SOURCES = \
xauth_pam_plugin.h xauth_pam_plugin.c \
+ xauth_pam_listener.h xauth_pam_listener.c \
xauth_pam.h xauth_pam.c
libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam
@@ -511,6 +520,7 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/xauth_pam.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/xauth_pam_listener.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/xauth_pam_plugin.Plo at am__quote@
.c.o:
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c
index 8ba2c76..71c79ec 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c
@@ -116,7 +116,11 @@ static void attr2string(char *buf, size_t len, chunk_t chunk)
{
if (chunk.len && chunk.len < len)
{
- snprintf(buf, len, "%.*s", (int)chunk.len, chunk.ptr);
+ chunk_t sane;
+
+ chunk_printable(chunk, &sane, '?');
+ snprintf(buf, len, "%.*s", (int)sane.len, sane.ptr);
+ chunk_clear(&sane);
}
}
@@ -138,7 +142,7 @@ METHOD(xauth_method_t, process, status_t,
/* trim to username part if email address given */
if (lib->settings->get_bool(lib->settings,
"%s.plugins.xauth-pam.trim_email",
- TRUE, charon->name))
+ TRUE, lib->ns))
{
pos = memchr(chunk.ptr, '@', chunk.len);
if (pos)
@@ -171,9 +175,8 @@ METHOD(xauth_method_t, process, status_t,
service = lib->settings->get_str(lib->settings,
"%s.plugins.xauth-pam.pam_service",
lib->settings->get_str(lib->settings,
- "%s.plugins.eap-gtc.pam_service",
- "login", charon->name),
- charon->name);
+ "%s.plugins.eap-gtc.pam_service", "login", lib->ns),
+ lib->ns);
if (authenticate(service, user, pass))
{
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c
new file mode 100644
index 0000000..eb06f54
--- /dev/null
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2013 Endian srl
+ * Author: Andrea Bonomi - <a.bonomi at endian.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "xauth_pam_listener.h"
+
+#include <daemon.h>
+#include <library.h>
+
+#include <security/pam_appl.h>
+
+typedef struct private_xauth_pam_listener_t private_xauth_pam_listener_t;
+
+/**
+ * Private data of an xauth_pam_listener_t object.
+ */
+struct private_xauth_pam_listener_t {
+
+ /**
+ * Public xauth_pam_listener_t interface.
+ */
+ xauth_pam_listener_t public;
+
+ /**
+ * PAM service
+ */
+ char *service;
+};
+
+/**
+ * PAM conv callback function
+ */
+static int conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ int i;
+
+ for (i = 0; i < num_msg; i++)
+ {
+ /* ignore any text info, but fail on any interaction request */
+ if (msg[i]->msg_style != PAM_TEXT_INFO)
+ {
+ return PAM_CONV_ERR;
+ }
+ }
+ return PAM_SUCCESS;
+}
+
+METHOD(listener_t, ike_updown, bool,
+ private_xauth_pam_listener_t *this, ike_sa_t *ike_sa, bool up)
+{
+ struct pam_conv null_conv = {
+ .conv = conv,
+ };
+ pam_handle_t *pamh = NULL;
+ char *user;
+ int ret;
+
+ if (asprintf(&user, "%Y", ike_sa->get_other_eap_id(ike_sa)) != -1)
+ {
+ ret = pam_start(this->service, user, &null_conv, &pamh);
+ if (ret == PAM_SUCCESS)
+ {
+ if (up)
+ {
+ ret = pam_open_session(pamh, 0);
+ if (ret != PAM_SUCCESS)
+ {
+ DBG1(DBG_IKE, "XAuth pam_open_session for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ }
+ else
+ {
+ ret = pam_close_session(pamh, 0);
+ if (ret != PAM_SUCCESS)
+ {
+ DBG1(DBG_IKE, "XAuth pam_close_session for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ }
+ }
+ else
+ {
+ DBG1(DBG_IKE, "XAuth pam_start for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ pam_end(pamh, ret);
+ free(user);
+ }
+ return TRUE;
+}
+
+METHOD(xauth_pam_listener_t, listener_destroy, void,
+ private_xauth_pam_listener_t *this)
+{
+ free(this);
+}
+
+xauth_pam_listener_t *xauth_pam_listener_create()
+{
+ private_xauth_pam_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .ike_updown = _ike_updown,
+ },
+ .destroy = _listener_destroy,
+ },
+ /* Look for PAM service, with a legacy fallback for the eap-gtc plugin.
+ * Default to "login". */
+ .service = lib->settings->get_str(lib->settings,
+ "%s.plugins.xauth-pam.pam_service",
+ lib->settings->get_str(lib->settings,
+ "%s.plugins.eap-gtc.pam_service",
+ "login", lib->ns),
+ lib->ns),
+ );
+
+ return &this->public;
+}
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h
new file mode 100644
index 0000000..5b15410
--- /dev/null
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Endian srl
+ * Author: Andrea Bonomi - <a.bonomi at endian.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup xauth_pam_i xauth_pam
+ * @{ @ingroup xauth_pam
+ */
+
+#ifndef XAUTH_PAM_LISENER_H_
+#define XAUTH_PAM_LISTENER_H_
+
+typedef struct xauth_pam_listener_t xauth_pam_listener_t;
+
+#include <bus/listeners/listener.h>
+
+/**
+ * Listener
+ */
+struct xauth_pam_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a xauth_pam_listener_t.
+ */
+ void (*destroy)(xauth_pam_listener_t *this);
+};
+
+/**
+ * Create a xauth_pam_listener instance.
+ */
+xauth_pam_listener_t *xauth_pam_listener_create();
+
+
+#endif /** XAUTH_PAM_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index 2ef9a6c..497ad3d 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -15,6 +15,7 @@
#include "xauth_pam_plugin.h"
#include "xauth_pam.h"
+#include "xauth_pam_listener.h"
#include <daemon.h>
@@ -22,26 +23,73 @@
#define CAP_AUDIT_WRITE 29
#endif
+typedef struct private_xauth_pam_plugin_t private_xauth_pam_plugin_t;
+
+/**
+ * private data of xauth_pam plugin
+ */
+struct private_xauth_pam_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ xauth_pam_plugin_t public;
+
+ /**
+ * Listener
+ */
+ xauth_pam_listener_t *listener;
+
+ /**
+ * Do PAM session management?
+ */
+ bool session;
+};
+
+/**
+ * Register XAuth method and listener
+ */
+static bool register_listener(private_xauth_pam_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *data)
+{
+ if (reg)
+ {
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+ }
+ else
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ }
+ return TRUE;
+}
+
METHOD(plugin_t, get_name, char*,
- xauth_pam_plugin_t *this)
+ private_xauth_pam_plugin_t *this)
{
return "xauth-pam";
}
METHOD(plugin_t, get_features, int,
- xauth_pam_plugin_t *this, plugin_feature_t *features[])
+ private_xauth_pam_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
PLUGIN_CALLBACK(xauth_method_register, xauth_pam_create_server),
PLUGIN_PROVIDE(XAUTH_SERVER, "pam"),
+ PLUGIN_CALLBACK((plugin_feature_callback_t)register_listener, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "pam-session"),
};
*features = f;
+ if (!this->session)
+ {
+ return 2;
+ }
return countof(f);
}
METHOD(plugin_t, destroy, void,
- xauth_pam_plugin_t *this)
+ private_xauth_pam_plugin_t *this)
{
+ this->listener->destroy(this->listener),
free(this);
}
@@ -50,7 +98,7 @@ METHOD(plugin_t, destroy, void,
*/
plugin_t *xauth_pam_plugin_create()
{
- xauth_pam_plugin_t *this;
+ private_xauth_pam_plugin_t *this;
/* required for PAM authentication */
if (!lib->caps->keep(lib->caps, CAP_AUDIT_WRITE))
@@ -60,12 +108,17 @@ plugin_t *xauth_pam_plugin_create()
}
INIT(this,
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
},
+ .session = lib->settings->get_str(lib->settings,
+ "%s.plugins.xauth-pam.session", FALSE, lib->ns),
+ .listener = xauth_pam_listener_create(),
);
- return &this->plugin;
+ return &this->public.plugin;
}
diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index 9ab69b4..1977339 100644
--- a/src/libcharon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
@@ -73,12 +73,13 @@ METHOD(job_t, execute, job_requeue_t,
{
if (child_sa->get_reqid(child_sa) == this->reqid)
{
- time_t in, out, diff;
+ time_t in, out, install, diff;
child_sa->get_usestats(child_sa, TRUE, &in, NULL, NULL);
child_sa->get_usestats(child_sa, FALSE, &out, NULL, NULL);
+ install = child_sa->get_installtime(child_sa);
- diff = time_monotonic(NULL) - max(in, out);
+ diff = time_monotonic(NULL) - max(max(in, out), install);
if (diff >= this->timeout)
{
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 9c3876a..720a585 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -120,6 +120,11 @@ struct private_child_sa_t {
time_t expire_time;
/**
+ * absolute time when SA has been installed
+ */
+ time_t install_time;
+
+ /**
* state of the CHILD_SA
*/
child_sa_state_t state;
@@ -586,6 +591,12 @@ METHOD(child_sa_t, get_lifetime, time_t,
return hard ? this->expire_time : this->rekey_time;
}
+METHOD(child_sa_t, get_installtime, time_t,
+ private_child_sa_t *this)
+{
+ return this->install_time;
+}
+
METHOD(child_sa_t, alloc_spi, u_int32_t,
private_child_sa_t *this, protocol_id_t protocol)
{
@@ -1140,6 +1151,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
.get_proposal = _get_proposal,
.set_proposal = _set_proposal,
.get_lifetime = _get_lifetime,
+ .get_installtime = _get_installtime,
.get_usestats = _get_usestats,
.get_mark = _get_mark,
.has_encap = _has_encap,
@@ -1170,6 +1182,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
.reqid = config->get_reqid(config),
.mark_in = config->get_mark(config, TRUE),
.mark_out = config->get_mark(config, FALSE),
+ .install_time = time_monotonic(NULL),
);
this->config = config;
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index ed52d60..a0c6c35 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -265,6 +265,13 @@ struct child_sa_t {
time_t (*get_lifetime)(child_sa_t *this, bool hard);
/**
+ * Get the absolute time when this SA has been installed.
+ *
+ * @return monotonic absolute install time
+ */
+ time_t (*get_installtime)(child_sa_t *this);
+
+ /**
* Get last use time and the number of bytes processed.
*
* @param inbound TRUE for inbound traffic, FALSE for outbound
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0282087..2c15dc5 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
}
trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
+ if (trigger_dpd)
+ {
+ /* Some peers delay the DELETE after rekeying an IKE_SA.
+ * If this delay is longer than our DPD delay, we would
+ * send a DPD request here. The IKE_SA is not ready to do
+ * so yet, so prevent that. */
+ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
+ }
}
break;
}
@@ -1162,26 +1170,13 @@ METHOD(ike_sa_t, initiate, status_t,
#endif /* ME */
)
{
- bool is_anyaddr;
- host_t *host;
char *addr;
- addr = this->ike_cfg->get_my_addr(this->ike_cfg);
- host = this->ike_cfg->resolve_other(this->ike_cfg, AF_UNSPEC);
- is_anyaddr = host && host->is_anyaddr(host);
- DESTROY_IF(host);
-
- if (is_anyaddr || !this->retry_initiate_interval)
+ addr = this->ike_cfg->get_other_addr(this->ike_cfg);
+ if (!this->retry_initiate_interval)
{
- if (is_anyaddr)
- {
- DBG1(DBG_IKE, "unable to initiate to %s", addr);
- }
- else
- {
- DBG1(DBG_IKE, "unable to resolve %s, initiate aborted",
- addr);
- }
+ DBG1(DBG_IKE, "unable to resolve %s, initiate aborted",
+ addr);
DESTROY_IF(child_cfg);
charon->bus->alert(charon->bus, ALERT_PEER_ADDR_FAILED);
return DESTROY_ME;
@@ -2130,7 +2125,10 @@ METHOD(ike_sa_t, destroy, void,
charon->bus->set_sa(charon->bus, &this->public);
set_state(this, IKE_DESTROYING);
- DESTROY_IF(this->task_manager);
+ if (this->task_manager)
+ {
+ this->task_manager->flush(this->task_manager);
+ }
/* remove attributes first, as we pass the IKE_SA to the handler */
while (array_remove(this->attributes, ARRAY_TAIL, &entry))
@@ -2174,6 +2172,7 @@ METHOD(ike_sa_t, destroy, void,
charon->bus->set_sa(charon->bus, NULL);
array_destroy(this->child_sas);
+ DESTROY_IF(this->task_manager);
DESTROY_IF(this->keymat);
array_destroy(this->attributes);
array_destroy(this->my_vips);
@@ -2330,11 +2329,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.attributes = array_create(sizeof(attribute_entry_t), 0),
.unique_id = ref_get(&unique_id),
.keepalive_interval = lib->settings->get_time(lib->settings,
- "%s.keep_alive", KEEPALIVE_INTERVAL, charon->name),
+ "%s.keep_alive", KEEPALIVE_INTERVAL, lib->ns),
.retry_initiate_interval = lib->settings->get_time(lib->settings,
- "%s.retry_initiate_interval", 0, charon->name),
+ "%s.retry_initiate_interval", 0, lib->ns),
.flush_auth_cfg = lib->settings->get_bool(lib->settings,
- "%s.flush_auth_cfg", FALSE, charon->name),
+ "%s.flush_auth_cfg", FALSE, lib->ns),
);
if (version == IKEV2)
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 5768803..f2f81cf 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -2150,17 +2150,17 @@ ike_sa_manager_t *ike_sa_manager_create()
}
this->ikesa_limit = lib->settings->get_int(lib->settings,
- "%s.ikesa_limit", 0, charon->name);
+ "%s.ikesa_limit", 0, lib->ns);
this->table_size = get_nearest_powerof2(lib->settings->get_int(
lib->settings, "%s.ikesa_table_size",
- DEFAULT_HASHTABLE_SIZE, charon->name));
+ DEFAULT_HASHTABLE_SIZE, lib->ns));
this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE));
this->table_mask = this->table_size - 1;
this->segment_count = get_nearest_powerof2(lib->settings->get_int(
lib->settings, "%s.ikesa_table_segments",
- DEFAULT_SEGMENT_COUNT, charon->name));
+ DEFAULT_SEGMENT_COUNT, lib->ns));
this->segment_count = max(1, min(this->segment_count, this->table_size));
this->segment_mask = this->segment_count - 1;
@@ -2200,6 +2200,6 @@ ike_sa_manager_t *ike_sa_manager_create()
}
this->reuse_ikesa = lib->settings->get_bool(lib->settings,
- "%s.reuse_ikesa", TRUE, charon->name);
+ "%s.reuse_ikesa", TRUE, lib->ns);
return &this->public;
}
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 597416e..8fc158b 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -339,10 +339,8 @@ METHOD(task_manager_t, flush_queue, void,
}
}
-/**
- * flush all tasks in the task manager
- */
-static void flush(private_task_manager_t *this)
+METHOD(task_manager_t, flush, void,
+ private_task_manager_t *this)
{
flush_queue(this, TASK_QUEUE_QUEUED);
flush_queue(this, TASK_QUEUE_PASSIVE);
@@ -1581,7 +1579,7 @@ METHOD(task_manager_t, process_message, status_t,
lib->scheduler->schedule_job(lib->scheduler, job,
lib->settings->get_int(lib->settings,
"%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
- charon->name));
+ lib->ns));
}
this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
charon->bus->message(charon->bus, msg, TRUE, TRUE);
@@ -2070,6 +2068,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.adopt_child_tasks = _adopt_child_tasks,
.busy = _busy,
.create_task_enumerator = _create_task_enumerator,
+ .flush = _flush,
.flush_queue = _flush_queue,
.destroy = _destroy,
},
@@ -2083,9 +2082,9 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.frag = {
.exchange = ID_PROT,
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
.size = lib->settings->get_int(lib->settings,
- "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name),
+ "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns),
},
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
@@ -2093,11 +2092,11 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.active_tasks = linked_list_create(),
.passive_tasks = linked_list_create(),
.retransmit_tries = lib->settings->get_int(lib->settings,
- "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
+ "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
.retransmit_timeout = lib->settings->get_double(lib->settings,
- "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
+ "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
.retransmit_base = lib->settings->get_double(lib->settings,
- "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
+ "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
);
if (!this->rng)
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 46cbb87..6cc3e04 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -421,7 +421,7 @@ METHOD(task_t, process_r, status_t,
case AUTH_PSK:
if (!lib->settings->get_bool(lib->settings, "%s.i_dont_care"
"_about_security_and_use_aggressive_mode_psk",
- FALSE, charon->name))
+ FALSE, lib->ns))
{
DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
"security reasons");
@@ -478,7 +478,7 @@ METHOD(task_t, process_r, status_t,
while (TRUE)
{
if (this->ph1->verify_auth(this->ph1, this->method, message,
- this->id_data))
+ chunk_clone(this->id_data)))
{
break;
}
@@ -487,12 +487,10 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, NULL);
if (!this->peer_cfg)
{
- this->id_data = chunk_empty;
return send_delete(this);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
}
- this->id_data = chunk_empty;
if (!charon->bus->authorize(charon->bus, FALSE))
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 11155b2..e07ac0a 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -191,9 +191,9 @@ static void build(private_isakmp_vendor_t *this, message_t *message)
int i;
strongswan = lib->settings->get_bool(lib->settings,
- "%s.send_vendor_id", FALSE, charon->name);
+ "%s.send_vendor_id", FALSE, lib->ns);
cisco_unity = lib->settings->get_bool(lib->settings,
- "%s.cisco_unity", FALSE, charon->name);
+ "%s.cisco_unity", FALSE, lib->ns);
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
fragmentation = ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO;
if (!this->initiator && fragmentation)
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 12ee594..6e7da98 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -194,7 +194,7 @@ static void schedule_inactivity_timeout(private_quick_mode_t *this)
if (timeout)
{
close_ike = lib->settings->get_bool(lib->settings,
- "%s.inactivity_close_ike", FALSE, charon->name);
+ "%s.inactivity_close_ike", FALSE, lib->ns);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
timeout, close_ike), timeout);
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 4d0683f..8c7ba8d 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -278,6 +278,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
{
DBG1(DBG_IKE, "no %N selected",
transform_type_names, PSEUDO_RANDOM_FUNCTION);
+ chunk_clear(&secret);
return FALSE;
}
this->prf_alg = alg;
@@ -287,6 +288,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
DBG1(DBG_IKE, "%N %N not supported!",
transform_type_names, PSEUDO_RANDOM_FUNCTION,
pseudo_random_function_names, alg);
+ chunk_clear(&secret);
return FALSE;
}
DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
@@ -339,6 +341,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
{
DBG1(DBG_IKE, "PRF of old SA %N not supported!",
pseudo_random_function_names, rekey_function);
+ chunk_clear(&secret);
chunk_free(&full_nonce);
chunk_free(&fixed_nonce);
chunk_clear(&prf_plus_seed);
@@ -450,17 +453,6 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
chunk_t seed, secret = chunk_empty;
prf_plus_t *prf_plus;
- if (dh)
- {
- if (dh->get_shared_secret(dh, &secret) != SUCCESS)
- {
- return FALSE;
- }
- DBG4(DBG_CHD, "DH secret %B", &secret);
- }
- seed = chunk_cata("mcc", secret, nonce_i, nonce_r);
- DBG4(DBG_CHD, "seed %B", &seed);
-
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
&enc_alg, &enc_size))
{
@@ -527,7 +519,21 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
{
return FALSE;
}
+
+ if (dh)
+ {
+ if (dh->get_shared_secret(dh, &secret) != SUCCESS)
+ {
+ return FALSE;
+ }
+ DBG4(DBG_CHD, "DH secret %B", &secret);
+ }
+ seed = chunk_cata("scc", secret, nonce_i, nonce_r);
+ DBG4(DBG_CHD, "seed %B", &seed);
+
prf_plus = prf_plus_create(this->prf, TRUE, seed);
+ memwipe(seed.ptr, seed.len);
+
if (!prf_plus)
{
return FALSE;
@@ -590,7 +596,7 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
idx = chunk_cata("cc", chunk, id->get_encoding(id));
DBG3(DBG_IKE, "IDx' %B", &idx);
- DBG3(DBG_IKE, "SK_p %B", &skp);
+ DBG4(DBG_IKE, "SK_p %B", &skp);
if (!this->prf->set_key(this->prf, skp) ||
!this->prf->allocate_bytes(this->prf, idx, &chunk))
{
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 8e6da16..ac3be90 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -184,10 +184,8 @@ METHOD(task_manager_t, flush_queue, void,
}
}
-/**
- * flush all tasks in the task manager
- */
-static void flush(private_task_manager_t *this)
+METHOD(task_manager_t, flush, void,
+ private_task_manager_t *this)
{
flush_queue(this, TASK_QUEUE_QUEUED);
flush_queue(this, TASK_QUEUE_PASSIVE);
@@ -1231,7 +1229,7 @@ METHOD(task_manager_t, process_message, status_t,
lib->scheduler->schedule_job(lib->scheduler, job,
lib->settings->get_int(lib->settings,
"%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
- charon->name));
+ lib->ns));
}
return SUCCESS;
}
@@ -1569,6 +1567,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
.adopt_child_tasks = _adopt_child_tasks,
.busy = _busy,
.create_task_enumerator = _create_task_enumerator,
+ .flush = _flush,
.flush_queue = _flush_queue,
.destroy = _destroy,
},
@@ -1579,11 +1578,11 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
.active_tasks = array_create(0, 0),
.passive_tasks = array_create(0, 0),
.retransmit_tries = lib->settings->get_int(lib->settings,
- "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
+ "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
.retransmit_timeout = lib->settings->get_double(lib->settings,
- "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
+ "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
.retransmit_base = lib->settings->get_double(lib->settings,
- "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
+ "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 7cfa537..df7bc96 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -293,7 +293,7 @@ static void schedule_inactivity_timeout(private_child_create_t *this)
if (timeout)
{
close_ike = lib->settings->get_bool(lib->settings,
- "%s.inactivity_close_ike", FALSE, charon->name);
+ "%s.inactivity_close_ike", FALSE, lib->ns);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
timeout, close_ike), timeout);
@@ -1072,7 +1072,7 @@ static void handle_child_sa_failure(private_child_create_t *this,
{
if (message->get_exchange_type(message) == IKE_AUTH &&
lib->settings->get_bool(lib->settings,
- "%s.close_ike_on_child_failure", FALSE, charon->name))
+ "%s.close_ike_on_child_failure", FALSE, lib->ns))
{
/* we delay the delete for 100ms, as the IKE_AUTH response must arrive
* first */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 8f83c48..800dab0 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -120,7 +120,7 @@ struct private_ike_auth_t {
static bool multiple_auth_enabled()
{
return lib->settings->get_bool(lib->settings,
- "%s.multiple_authentication", TRUE, charon->name);
+ "%s.multiple_authentication", TRUE, lib->ns);
}
/**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index 2cbe8f8..bd28b29 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -428,7 +428,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
message->add_payload(message, (payload_t*)req);
if (lib->settings->get_bool(lib->settings,
- "%s.hash_and_url", FALSE, charon->name))
+ "%s.hash_and_url", FALSE, lib->ns))
{
message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED,
chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 2730f58..16ac166 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -42,24 +42,60 @@ struct private_ike_vendor_t {
};
/**
- * strongSwan specific vendor ID without version, MD5("strongSwan")
+ * Vendor ID database entry
*/
-static chunk_t strongswan_vid = chunk_from_chars(
- 0x88,0x2f,0xe5,0x6d,0x6f,0xd2,0x0d,0xbc,
- 0x22,0x51,0x61,0x3b,0x2e,0xbe,0x5b,0xeb
-);
+typedef struct {
+ /* Description */
+ char *desc;
+ /* extension flag negotiated with vendor ID, if any */
+ ike_extension_t extension;
+ /* length of vendor ID string, 0 for NULL terminated */
+ int len;
+ /* vendor ID string */
+ char *id;
+} vid_data_t;
+
+/**
+ * Get the data of a vendor ID as a chunk
+ */
+static chunk_t get_vid_data(vid_data_t *data)
+{
+ return chunk_create(data->id, data->len ?: strlen(data->id));
+}
+
+/**
+ * IKEv2 Vendor ID database entry
+ */
+static vid_data_t vids[] = {
+ /* strongSwan MD5("strongSwan") */
+ { "strongSwan", EXT_STRONGSWAN, 16,
+ "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
+ { "Cisco Delete Reason", 0, 0,
+ "CISCO-DELETE-REASON" },
+ { "Cisco Copyright (c) 2009", 0, 0,
+ "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
+ { "FRAGMENTATION", 0, 16,
+ "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"},
+};
METHOD(task_t, build, status_t,
private_ike_vendor_t *this, message_t *message)
{
- if (lib->settings->get_bool(lib->settings,
- "%s.send_vendor_id", FALSE, charon->name))
- {
- vendor_id_payload_t *vid;
+ vendor_id_payload_t *vid;
+ bool strongswan;
+ int i;
- vid = vendor_id_payload_create_data(VENDOR_ID,
- chunk_clone(strongswan_vid));
- message->add_payload(message, &vid->payload_interface);
+ strongswan = lib->settings->get_bool(lib->settings,
+ "%s.send_vendor_id", FALSE, lib->ns);
+ for (i = 0; i < countof(vids); i++)
+ {
+ if (vids[i].extension == EXT_STRONGSWAN && strongswan)
+ {
+ DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
+ vid = vendor_id_payload_create_data(VENDOR_ID,
+ chunk_clone(get_vid_data(&vids[i])));
+ message->add_payload(message, &vid->payload_interface);
+ }
}
return this->initiator ? NEED_MORE : SUCCESS;
@@ -70,6 +106,7 @@ METHOD(task_t, process, status_t,
{
enumerator_t *enumerator;
payload_t *payload;
+ int i;
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
@@ -78,16 +115,26 @@ METHOD(task_t, process, status_t,
{
vendor_id_payload_t *vid;
chunk_t data;
+ bool found = FALSE;
vid = (vendor_id_payload_t*)payload;
data = vid->get_data(vid);
- if (chunk_equals(data, strongswan_vid))
+ for (i = 0; i < countof(vids); i++)
{
- DBG1(DBG_IKE, "received strongSwan vendor ID");
- this->ike_sa->enable_extension(this->ike_sa, EXT_STRONGSWAN);
+ if (chunk_equals(get_vid_data(&vids[i]), data))
+ {
+ DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc);
+ if (vids[i].extension)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ vids[i].extension);
+ }
+ found = TRUE;
+ break;
+ }
}
- else
+ if (!found)
{
DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
}
diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h
index a1ebb41..e7a6bf4 100644
--- a/src/libcharon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
@@ -261,6 +261,11 @@ struct task_manager_t {
task_queue_t queue);
/**
+ * Flush all tasks, regardless of the queue.
+ */
+ void (*flush)(task_manager_t *this);
+
+ /**
* Flush a queue, cancelling all tasks.
*
* @param queue queue to flush
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 1f66d6c..7e55d6b 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -19,7 +19,6 @@
#include <hydra.h>
#include <daemon.h>
#include <threading/rwlock.h>
-#include <threading/thread_value.h>
#include <collections/linked_list.h>
@@ -63,11 +62,6 @@ struct private_trap_manager_t {
rwlock_t *lock;
/**
- * track if the current thread is installing a trap policy
- */
- thread_value_t *installing;
-
- /**
* listener to track acquiring IKE_SAs
*/
trap_listener_t listener;
@@ -77,6 +71,8 @@ struct private_trap_manager_t {
* A installed trap entry
*/
typedef struct {
+ /** name of the trapped CHILD_SA */
+ char *name;
/** ref to peer_cfg to initiate */
peer_cfg_t *peer_cfg;
/** ref to instanciated CHILD_SA */
@@ -94,6 +90,7 @@ static void destroy_entry(entry_t *entry)
{
entry->child_sa->destroy(entry->child_sa);
entry->peer_cfg->destroy(entry->peer_cfg);
+ free(entry->name);
free(entry);
}
@@ -137,27 +134,42 @@ METHOD(trap_manager_t, install, u_int32_t,
}
this->lock->write_lock(this->lock);
- this->installing->set(this->installing, this);
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (streq(entry->child_sa->get_name(entry->child_sa),
- child->get_name(child)))
+ if (streq(entry->name, child->get_name(child)))
{
- this->traps->remove_at(this->traps, enumerator);
found = entry;
+ if (entry->child_sa)
+ { /* replace it with an updated version, if already installed */
+ this->traps->remove_at(this->traps, enumerator);
+ }
break;
}
}
enumerator->destroy(enumerator);
if (found)
- { /* config might have changed so update everything */
- DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'",
- child->get_name(child));
+ {
+ if (!found->child_sa)
+ {
+ DBG1(DBG_CFG, "CHILD_SA '%s' is already being routed", found->name);
+ this->lock->unlock(this->lock);
+ return 0;
+ }
+ /* config might have changed so update everything */
+ DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", found->name);
reqid = found->child_sa->get_reqid(found->child_sa);
}
+ INIT(entry,
+ .name = strdup(child->get_name(child)),
+ .peer_cfg = peer->get_ref(peer),
+ );
+ this->traps->insert_first(this->traps, entry);
+ /* don't hold lock while creating CHILD_SA and installing policies */
+ this->lock->unlock(this->lock);
+
/* create and route CHILD_SA */
child_sa = child_sa_create(me, other, child, reqid, FALSE);
@@ -185,24 +197,19 @@ METHOD(trap_manager_t, install, u_int32_t,
if (status != SUCCESS)
{
DBG1(DBG_CFG, "installing trap failed");
+ this->lock->write_lock(this->lock);
+ this->traps->remove(this->traps, entry, NULL);
+ this->lock->unlock(this->lock);
+ entry->child_sa = child_sa;
+ destroy_entry(entry);
reqid = 0;
- /* hold off destroying the CHILD_SA until we released the lock */
}
else
{
- INIT(entry,
- .child_sa = child_sa,
- .peer_cfg = peer->get_ref(peer),
- );
- this->traps->insert_last(this->traps, entry);
reqid = child_sa->get_reqid(child_sa);
- }
- this->installing->set(this->installing, NULL);
- this->lock->unlock(this->lock);
-
- if (status != SUCCESS)
- {
- child_sa->destroy(child_sa);
+ this->lock->write_lock(this->lock);
+ entry->child_sa = child_sa;
+ this->lock->unlock(this->lock);
}
if (found)
{
@@ -221,7 +228,8 @@ METHOD(trap_manager_t, uninstall, bool,
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->child_sa->get_reqid(entry->child_sa) == reqid)
+ if (entry->child_sa &&
+ entry->child_sa->get_reqid(entry->child_sa) == reqid)
{
this->traps->remove_at(this->traps, enumerator);
found = entry;
@@ -236,7 +244,6 @@ METHOD(trap_manager_t, uninstall, bool,
DBG1(DBG_CFG, "trap %d not found to uninstall", reqid);
return FALSE;
}
-
destroy_entry(found);
return TRUE;
}
@@ -247,6 +254,10 @@ METHOD(trap_manager_t, uninstall, bool,
static bool trap_filter(rwlock_t *lock, entry_t **entry, peer_cfg_t **peer_cfg,
void *none, child_sa_t **child_sa)
{
+ if (!(*entry)->child_sa)
+ { /* skip entries that are currently being installed */
+ return FALSE;
+ }
if (peer_cfg)
{
*peer_cfg = (*entry)->peer_cfg;
@@ -271,28 +282,24 @@ METHOD(trap_manager_t, find_reqid, u_int32_t,
private_trap_manager_t *this, child_cfg_t *child)
{
enumerator_t *enumerator;
- child_cfg_t *current;
entry_t *entry;
u_int32_t reqid = 0;
- if (this->installing->get(this->installing))
- { /* current thread holds the lock */
- return reqid;
- }
this->lock->read_lock(this->lock);
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- current = entry->child_sa->get_config(entry->child_sa);
- if (streq(current->get_name(current), child->get_name(child)))
+ if (streq(entry->name, child->get_name(child)))
{
- reqid = entry->child_sa->get_reqid(entry->child_sa);
+ if (entry->child_sa)
+ {
+ reqid = entry->child_sa->get_reqid(entry->child_sa);
+ }
break;
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
return reqid;
}
@@ -310,7 +317,8 @@ METHOD(trap_manager_t, acquire, void,
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->child_sa->get_reqid(entry->child_sa) == reqid)
+ if (entry->child_sa &&
+ entry->child_sa->get_reqid(entry->child_sa) == reqid)
{
found = entry;
break;
@@ -365,6 +373,7 @@ METHOD(trap_manager_t, acquire, void,
else
{
ike_sa->destroy(ike_sa);
+ charon->bus->set_sa(charon->bus, NULL);
}
}
peer->destroy(peer);
@@ -445,7 +454,6 @@ METHOD(trap_manager_t, destroy, void,
{
charon->bus->remove_listener(charon->bus, &this->listener.listener);
this->traps->destroy_function(this->traps, (void*)destroy_entry);
- this->installing->destroy(this->installing);
this->lock->destroy(this->lock);
free(this);
}
@@ -476,7 +484,6 @@ trap_manager_t *trap_manager_create(void)
},
.traps = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- .installing = thread_value_create(NULL),
);
charon->bus->add_listener(charon->bus, &this->listener.listener);
diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c
index 17eecc2..3aabe7e 100644
--- a/src/libcharon/sa/xauth/xauth_manager.c
+++ b/src/libcharon/sa/xauth/xauth_manager.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "xauth_manager.h"
#include <collections/linked_list.h>
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 0323854..dbfb988 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libfast/fast_request.c b/src/libfast/fast_request.c
index 0673750..a56a591 100644
--- a/src/libfast/fast_request.c
+++ b/src/libfast/fast_request.c
@@ -23,7 +23,6 @@
#include <pthread.h>
#include <string.h>
#include <unistd.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -294,31 +293,17 @@ METHOD(fast_request_t, serve, void,
METHOD(fast_request_t, sendfile, bool,
private_fast_request_t *this, char *path, char *mime)
{
- struct stat sb;
- chunk_t data;
- void *addr;
- int fd, written;
+ chunk_t *data;
+ int written;
char buf[24];
- fd = open(path, O_RDONLY);
- if (fd == -1)
+ data = chunk_map(path, FALSE);
+ if (!data)
{
return FALSE;
}
- if (fstat(fd, &sb) == -1)
- {
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- close(fd);
- return FALSE;
- }
-
/* FCGX does not like large integers, print to a buffer using libc */
- snprintf(buf, sizeof(buf), "%lld", (int64_t)sb.st_size);
+ snprintf(buf, sizeof(buf), "%lld", (int64_t)data->len);
FCGX_FPrintF(this->req.out, "Content-Length: %s\n", buf);
if (mime)
{
@@ -326,22 +311,18 @@ METHOD(fast_request_t, sendfile, bool,
}
FCGX_FPrintF(this->req.out, "\n");
- data = chunk_create(addr, sb.st_size);
-
- while (data.len)
+ while (data->len)
{
- written = FCGX_PutStr(data.ptr, data.len, this->req.out);
+ written = FCGX_PutStr(data->ptr, data->len, this->req.out);
if (written == -1)
{
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(data);
return FALSE;
}
- data = chunk_skip(data, written);
+ *data = chunk_skip(*data, written);
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(data);
return TRUE;
}
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
index 429feed..ff134da 100644
--- a/src/libhydra/Android.mk
+++ b/src/libhydra/Android.mk
@@ -26,7 +26,6 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
# build libhydra ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index d3c3ed4..5e0bf3f 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -275,8 +275,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -344,6 +342,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -432,12 +435,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -452,6 +459,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
index 77567ce..cc45e56 100644
--- a/src/libhydra/attributes/mem_pool.c
+++ b/src/libhydra/attributes/mem_pool.c
@@ -573,7 +573,7 @@ static private_mem_pool_t *create_generic(char *name)
(hashtable_equals_t)id_equals, 16),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.reassign_online = lib->settings->get_bool(lib->settings,
- "%s.mem-pool.reassign_online", FALSE, hydra->daemon),
+ "%s.mem-pool.reassign_online", FALSE, lib->ns),
);
return this;
diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c
index f531bd5..1b50650 100644
--- a/src/libhydra/hydra.c
+++ b/src/libhydra/hydra.c
@@ -59,7 +59,6 @@ void libhydra_deinit()
this->public.attributes->destroy(this->public.attributes);
this->public.kernel_interface->destroy(this->public.kernel_interface);
- free((void*)this->public.daemon);
free(this);
hydra = NULL;
}
@@ -67,7 +66,7 @@ void libhydra_deinit()
/**
* Described in header.
*/
-bool libhydra_init(const char *daemon)
+bool libhydra_init()
{
private_hydra_t *this;
@@ -81,7 +80,6 @@ bool libhydra_init(const char *daemon)
INIT(this,
.public = {
.attributes = attribute_manager_create(),
- .daemon = strdup(daemon ?: "libhydra"),
},
.ref = 1,
);
diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h
index 2a8709d..94209ff 100644
--- a/src/libhydra/hydra.h
+++ b/src/libhydra/hydra.h
@@ -53,11 +53,6 @@ struct hydra_t {
* kernel interface to communicate with kernel
*/
kernel_interface_t *kernel_interface;
-
- /**
- * name of the daemon that initialized the library
- */
- const char *daemon;
};
/**
@@ -70,15 +65,12 @@ extern hydra_t *hydra;
/**
* Initialize libhydra.
*
- * The daemon's name is used to load daemon-specific settings.
- *
* libhydra_init() may be called multiple times in a single process, but each
- * caller should call libhydra_deinit() for each call to libhydra_init().
+ * caller must call libhydra_deinit() for each call to libhydra_init().
*
- * @param daemon name of the daemon that initializes the library
* @return FALSE if integrity check failed
*/
-bool libhydra_init(const char *daemon);
+bool libhydra_init();
/**
* Deinitialize libhydra.
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index cbfddd0..3e34d20 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -796,12 +796,12 @@ kernel_interface_t *kernel_interface_create()
);
ifaces = lib->settings->get_str(lib->settings,
- "%s.interfaces_use", NULL, hydra->daemon);
+ "%s.interfaces_use", NULL, lib->ns);
if (!ifaces)
{
this->ifaces_exclude = TRUE;
ifaces = lib->settings->get_str(lib->settings,
- "%s.interfaces_ignore", NULL, hydra->daemon);
+ "%s.interfaces_ignore", NULL, lib->ns);
}
if (ifaces)
{
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index af0a77f..e762b77 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 1a2fa7f..a27fd57 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -109,7 +109,7 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
host_t *host;
char *str;
- str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon,
+ str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, lib->ns,
key, nr);
if (str)
{
@@ -179,7 +179,7 @@ static void load_entries(private_attr_provider_t *this)
}
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.attr", hydra->daemon);
+ "%s.plugins.attr", lib->ns);
while (enumerator->enumerate(enumerator, &key, &value))
{
configuration_attribute_type_t type;
@@ -190,6 +190,10 @@ static void load_entries(private_attr_provider_t *this)
char *pos;
int i, mask = -1, family;
+ if (streq(key, "load"))
+ {
+ continue;
+ }
type = atoi(key);
if (!type)
{
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 7b7b5de..1d258f2 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index 702872c..dde9005 100644
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -61,7 +61,7 @@ static bool open_database(private_attr_sql_plugin_t *this,
char *uri;
uri = lib->settings->get_str(lib->settings,
- "libhydra.plugins.attr-sql.database", NULL);
+ "%s.plugins.attr-sql.database", NULL, lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
@@ -122,6 +122,8 @@ plugin_t *attr_sql_plugin_create()
},
},
);
+ lib->settings->add_fallback(lib->settings, "%s.plugins.attr-sql",
+ "libhydra.plugins.attr-sql", lib->ns);
return &this->public.plugin;
}
diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
index 0a06c41..d527c3f 100644
--- a/src/libhydra/plugins/attr_sql/sql_attribute.c
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.c
@@ -457,7 +457,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
},
.db = db,
.history = lib->settings->get_bool(lib->settings,
- "libhydra.plugins.attr-sql.lease_history", TRUE),
+ "%s.plugins.attr-sql.lease_history", TRUE, lib->ns),
);
/* close any "online" leases in the case we crashed */
diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in
index a639ef6..c804c8e 100644
--- a/src/libhydra/plugins/kernel_klips/Makefile.in
+++ b/src/libhydra/plugins/kernel_klips/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index a226162..a75ccf3 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -311,8 +311,8 @@ static status_t attach_ipsec_dev(char* name, char *phys_name)
}
mtu = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-klips.ipsec_dev_mtu", 0,
- hydra->daemon);
+ "%s.plugins.kernel-klips.ipsec_dev_mtu", 0,
+ lib->ns);
if (mtu <= 0)
{
/* guess MTU as physical MTU - ESP overhead [- NAT-T overhead]
@@ -2505,8 +2505,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
{
int i, count = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-klips.ipsec_dev_count",
- DEFAULT_IPSEC_DEV_COUNT, hydra->daemon);
+ "%s.plugins.kernel-klips.ipsec_dev_count",
+ DEFAULT_IPSEC_DEV_COUNT, lib->ns);
for (i = 0; i < count; ++i)
{
@@ -2611,7 +2611,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE,
- hydra->daemon),
+ lib->ns),
);
/* initialize ipsec devices */
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index 5f85da6..5910cfd 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8352b93..c864a92 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1203,6 +1203,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
struct nlmsghdr *hdr;
struct xfrm_usersa_info *sa;
u_int16_t icv_size = 64;
+ ipsec_mode_t original_mode = mode;
status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
@@ -1213,7 +1214,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, initiator, FALSE, FALSE, inbound,
- NULL, NULL);
+ src_ts, dst_ts);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
@@ -1243,7 +1244,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
break;
case MODE_BEET:
case MODE_TRANSPORT:
- if(src_ts && dst_ts)
+ if (original_mode == MODE_TUNNEL)
+ { /* don't install selectors for switched SAs. because only one
+ * selector can be installed other traffic would get dropped */
+ break;
+ }
+ if (src_ts && dst_ts)
{
sa->sel = ts2selector(src_ts, dst_ts);
/* don't install proto/port on SA. This would break
@@ -1459,8 +1465,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
- if (tfc)
- {
+ if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+ { /* the kernel supports TFC padding only for tunnel mode ESP SAs */
u_int32_t *tfcpad;
tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
@@ -2679,15 +2685,15 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.policy_history = TRUE,
.install_routes = lib->settings->get_bool(lib->settings,
- "%s.install_routes", TRUE, hydra->daemon),
+ "%s.install_routes", TRUE, lib->ns),
.replay_window = lib->settings->get_int(lib->settings,
- "%s.replay_window", DEFAULT_REPLAY_WINDOW, hydra->daemon),
+ "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
);
this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) /
(sizeof(u_int32_t) * 8);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
@@ -2697,7 +2703,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
{
fprintf(f, "%u", lib->settings->get_int(lib->settings,
"%s.plugins.kernel-netlink.xfrm_acq_expires",
- DEFAULT_ACQUIRE_LIFETIME, hydra->daemon));
+ DEFAULT_ACQUIRE_LIFETIME, lib->ns));
fclose(f);
}
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index d270750..3cf3176 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1962,10 +1962,13 @@ METHOD(kernel_net_t, add_route, status_t,
this->routes_lock->unlock(this->routes_lock);
return ALREADY_DONE;
}
- found = route_entry_clone(&route);
- this->routes->put(this->routes, found, found);
status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
dst_net, prefixlen, gateway, src_ip, if_name);
+ if (status == SUCCESS)
+ {
+ found = route_entry_clone(&route);
+ this->routes->put(this->routes, found, found);
+ }
this->routes_lock->unlock(this->routes_lock);
return status;
}
@@ -2122,7 +2125,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
fwmark = lib->settings->get_str(lib->settings,
- "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon);
+ "%s.plugins.kernel-netlink.fwmark", NULL, lib->ns);
if (fwmark)
{
#ifdef HAVE_LINUX_FIB_RULES_H
@@ -2282,30 +2285,30 @@ kernel_netlink_net_t *kernel_netlink_net_create()
.condvar = rwlock_condvar_create(),
.roam_lock = spinlock_create(),
.routing_table = lib->settings->get_int(lib->settings,
- "%s.routing_table", ROUTING_TABLE, hydra->daemon),
+ "%s.routing_table", ROUTING_TABLE, lib->ns),
.routing_table_prio = lib->settings->get_int(lib->settings,
- "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
+ "%s.routing_table_prio", ROUTING_TABLE_PRIO, lib->ns),
.process_route = lib->settings->get_bool(lib->settings,
- "%s.process_route", TRUE, hydra->daemon),
+ "%s.process_route", TRUE, lib->ns),
.install_virtual_ip = lib->settings->get_bool(lib->settings,
- "%s.install_virtual_ip", TRUE, hydra->daemon),
+ "%s.install_virtual_ip", TRUE, lib->ns),
.install_virtual_ip_on = lib->settings->get_str(lib->settings,
- "%s.install_virtual_ip_on", NULL, hydra->daemon),
+ "%s.install_virtual_ip_on", NULL, lib->ns),
.roam_events = lib->settings->get_bool(lib->settings,
- "%s.plugins.kernel-netlink.roam_events", TRUE, hydra->daemon),
+ "%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
check_kernel_features(this);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
exclude = lib->settings->get_str(lib->settings,
- "%s.ignore_routing_tables", NULL, hydra->daemon);
+ "%s.ignore_routing_tables", NULL, lib->ns);
if (exclude)
{
char *token;
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 8903a46..5d0e927 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 98a6f81..4704d41 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2861,10 +2861,10 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE,
- hydra->daemon),
+ lib->ns),
);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 29a7079..8e01d29 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index bc10610..a8a57a5 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1420,9 +1420,12 @@ METHOD(kernel_net_t, add_route, status_t,
this->routes_lock->unlock(this->routes_lock);
return ALREADY_DONE;
}
- found = route_entry_clone(&route);
- this->routes->put(this->routes, found, found);
status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
+ if (status == SUCCESS)
+ {
+ found = route_entry_clone(&route);
+ this->routes->put(this->routes, found, found);
+ }
this->routes_lock->unlock(this->routes_lock);
return status;
}
@@ -1782,7 +1785,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
.net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
.roam_lock = spinlock_create(),
.vip_wait = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon),
+ "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
@@ -1796,7 +1799,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
return NULL;
}
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{
/* starter has no threads, so we do not register for kernel events */
if (shutdown(this->socket, SHUT_RD) != 0)
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index 28b4b8f..0e520f1 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
index 2eee854..069466a 100644
--- a/src/libhydra/plugins/resolve/resolve_handler.c
+++ b/src/libhydra/plugins/resolve/resolve_handler.c
@@ -361,7 +361,7 @@ resolve_handler_t *resolve_handler_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.file = lib->settings->get_str(lib->settings, "%s.plugins.resolve.file",
- RESOLV_CONF, hydra->daemon),
+ RESOLV_CONF, lib->ns),
);
if (stat(RESOLVCONF_EXEC, &st) == 0)
@@ -369,7 +369,7 @@ resolve_handler_t *resolve_handler_create()
this->use_resolvconf = TRUE;
this->iface_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.resolve.resolvconf.iface_prefix",
- RESOLVCONF_PREFIX, hydra->daemon);
+ RESOLVCONF_PREFIX, lib->ns);
}
return &this->public;
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 86f172d..96e7597 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -24,7 +24,6 @@ libimcv_la_SOURCES = \
imv/imv_remediation_string.h imv/imv_remediation_string.c \
imv/imv_session.h imv/imv_session.c \
imv/imv_workitem.h imv/imv_workitem.c \
- imv/tables.sql imv/data.sql \
ietf/ietf_attr.h ietf/ietf_attr.c \
ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
@@ -53,6 +52,9 @@ libimcv_la_SOURCES = \
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy
+templatesdir = $(pkgdatadir)/templates/database/imv
+dist_templates_DATA = imv/tables.sql imv/data.sql
+
ipsec_PROGRAMS = imv_policy_manager
imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 2d488ea..4c8287b 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -16,6 +16,7 @@
+
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -89,7 +90,7 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
@USE_IMV_OS_TRUE at am__append_6 = plugins/imv_os
subdir = src/libimcv
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+ $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -135,7 +136,7 @@ am__uninstall_files_from_dir = { \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" \
- "$(DESTDIR)$(ipsecdir)"
+ "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"
LTLIBRARIES = $(ipseclib_LTLIBRARIES)
libimcv_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
@@ -224,6 +225,7 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+DATA = $(dist_templates_DATA)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
@@ -293,8 +295,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -362,6 +362,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -450,12 +455,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -470,6 +479,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -505,7 +515,6 @@ libimcv_la_SOURCES = \
imv/imv_remediation_string.h imv/imv_remediation_string.c \
imv/imv_session.h imv/imv_session.c \
imv/imv_workitem.h imv/imv_workitem.c \
- imv/tables.sql imv/data.sql \
ietf/ietf_attr.h ietf/ietf_attr.c \
ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
@@ -533,6 +542,8 @@ libimcv_la_SOURCES = \
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy
+templatesdir = $(pkgdatadir)/templates/database/imv
+dist_templates_DATA = imv/tables.sql imv/data.sql
imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
@@ -891,6 +902,27 @@ clean-libtool:
-rm -rf ita/.libs ita/_libs
-rm -rf os_info/.libs os_info/_libs
-rm -rf pa_tnc/.libs pa_tnc/_libs
+install-dist_templatesDATA: $(dist_templates_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+ done
+
+uninstall-dist_templatesDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir)
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
@@ -1048,10 +1080,10 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-recursive
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS)
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA)
installdirs: installdirs-recursive
installdirs-am:
- for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
@@ -1119,8 +1151,8 @@ info: info-recursive
info-am:
-install-data-am: install-ipsecPROGRAMS install-ipsecSCRIPTS \
- install-ipseclibLTLIBRARIES
+install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS \
+ install-ipsecSCRIPTS install-ipseclibLTLIBRARIES
install-dvi: install-dvi-recursive
@@ -1166,8 +1198,8 @@ ps: ps-recursive
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
- uninstall-ipseclibLTLIBRARIES
+uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
+ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
.MAKE: $(am__recursive_targets) install-am install-strip
@@ -1177,17 +1209,18 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-ipsecSCRIPTS \
+ install-data-am install-dist_templatesDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-ipsecSCRIPTS \
install-ipseclibLTLIBRARIES install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
- uninstall-ipseclibLTLIBRARIES
+ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
+ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
index b5862da..2a4fd33 100644
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@@ -109,7 +109,7 @@ bool libimcv_init(bool is_imv)
else
{
/* we are the first to initialize libstrongswan */
- if (!library_init(NULL))
+ if (!library_init(NULL, "libimcv"))
{
return FALSE;
}
@@ -134,6 +134,10 @@ bool libimcv_init(bool is_imv)
}
ref_get(&libstrongswan_ref);
+ lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
+ lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
+ lib->ns);
+
if (libimcv_ref == 0)
{
char *uri, *script;
@@ -149,9 +153,10 @@ bool libimcv_init(bool is_imv)
if (is_imv)
{
uri = lib->settings->get_str(lib->settings,
- "libimcv.database", NULL);
+ "%s.imcv.database", NULL, lib->ns);
script = lib->settings->get_str(lib->settings,
- "libimcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT);
+ "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
+ lib->ns);
if (uri)
{
imcv_db = imv_database_create(uri, script);
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 241a996..9d938b9 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -168,6 +168,42 @@ INSERT INTO products ( /* 28 */
'Debian 7.2 x86_64'
);
+INSERT INTO products ( /* 29 */
+ name
+) VALUES (
+ 'Android 4.1.2'
+);
+
+INSERT INTO products ( /* 30 */
+ name
+) VALUES (
+ 'Android 4.2.2'
+);
+
+INSERT INTO products ( /* 31 */
+ name
+) VALUES (
+ 'Android 4.3.1'
+);
+
+INSERT INTO products ( /* 32 */
+ name
+) VALUES (
+ 'Android 4.4'
+);
+
+INSERT INTO products ( /* 33 */
+ name
+) VALUES (
+ 'Android 4.4.1'
+);
+
+INSERT INTO products ( /* 34 */
+ name
+) VALUES (
+ 'Android 4.4.2'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -568,6 +604,24 @@ INSERT INTO groups ( /* 10 */
'Ref. Linux', 8
);
+INSERT INTO groups ( /* 11 */
+ name
+) VALUES (
+ 'TPM BIOS'
+);
+
+INSERT INTO groups ( /* 12 */
+ name
+) VALUES (
+ 'TPM IMA'
+);
+
+INSERT INTO groups ( /* 13 */
+ name
+) VALUES (
+ 'TPM BIOS/IMA'
+);
+
/* Default Product Groups */
INSERT INTO groups_product_defaults (
@@ -732,6 +786,42 @@ INSERT INTO groups_product_defaults (
3, 22
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 29
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 30
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 31
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 32
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 33
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 34
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
@@ -842,6 +932,24 @@ INSERT INTO policies ( /* 18 */
15, 'SWID Tags', '', 2, 2
);
+INSERT INTO policies ( /* 19 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM BIOS Measurements', 'B', 2, 2
+);
+
+INSERT INTO policies ( /* 20 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM IMA Measurements', 'I', 2, 2
+);
+
+INSERT INTO policies ( /* 21 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM BIOS/IMA Measurements', 'BI', 2, 2
+);
+
/* Enforcements */
INSERT INTO enforcements ( /* 1 */
@@ -928,6 +1036,24 @@ INSERT INTO enforcements ( /* 14 */
15, 9, 0
);
+INSERT INTO enforcements ( /* 15 */
+ policy, group_id, max_age
+) VALUES (
+ 19, 11, 60
+);
+
+INSERT INTO enforcements ( /* 16 */
+ policy, group_id, max_age
+) VALUES (
+ 20, 12, 60
+);
+
+INSERT INTO enforcements ( /* 17 */
+ policy, group_id, max_age
+) VALUES (
+ 21, 13, 60
+);
+
/* regids */
INSERT INTO regids ( /* 1 */
@@ -1058,3 +1184,9 @@ INSERT INTO tags (
10, 'strongSwan-5-1-1'
);
+INSERT INTO tags (
+ regid, unique_sw_id
+) VALUES (
+ 10, 'strongSwan-5-1-2'
+);
+
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index 642b479..e718175 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -208,8 +208,8 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
}
/* Send an IETF Assessment Result attribute if enabled */
- if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result",
- TRUE))
+ if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result",
+ TRUE, lib->ns))
{
this->state->get_recommendation(this->state, &rec, &eval);
attr = ietf_attr_assess_result_create(eval);
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 61e0cd0..028721a 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -188,7 +188,7 @@ static bool policy_start(database_t *db, int session_id)
e->destroy(e);
/* if a device ID with a creation date exists, get all group memberships */
- if (device_id & created)
+ if (device_id && created)
{
e = db->query(db,
"SELECT group_id FROM groups_members WHERE device_id = ?",
@@ -288,7 +288,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "imv_policy_manager"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -328,7 +328,12 @@ int main(int argc, char *argv[])
session_id = atoi(tnc_session_id);
/* attach IMV database */
- uri = lib->settings->get_str(lib->settings, "libimcv.database", NULL);
+ uri = lib->settings->get_str(lib->settings,
+ "imv_policy_manager.database",
+ lib->settings->get_str(lib->settings,
+ "charon.imcv.database",
+ lib->settings->get_str(lib->settings,
+ "libimcv.database", NULL)));
if (!uri)
{
fprintf(stderr, "database uri not defined.\n");
diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c
index d1447ec..c09b7bd 100644
--- a/src/libimcv/imv/imv_reason_string.c
+++ b/src/libimcv/imv/imv_reason_string.c
@@ -35,6 +35,11 @@ struct private_imv_reason_string_t {
char *lang;
/**
+ * Separator concatenating multiple reasons
+ */
+ char *separator;
+
+ /**
* Contains the concatenated reasons
*/
chunk_t reasons;
@@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void,
if (this->reasons.len)
{
/* append any further reasons */
- this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
+ this->reasons = chunk_cat("mcc", this->reasons,
+ chunk_from_str(this->separator),
chunk_create(s_reason, strlen(s_reason)));
}
else
@@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void,
/**
* Described in header.
*/
-imv_reason_string_t *imv_reason_string_create(char *lang)
+imv_reason_string_t *imv_reason_string_create(char *lang, char *separator)
{
private_imv_reason_string_t *this;
@@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang)
.destroy = _destroy,
},
.lang = lang,
+ .separator = separator,
);
return &this->public;
diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h
index cb4c27f..c35ec36 100644
--- a/src/libimcv/imv/imv_reason_string.h
+++ b/src/libimcv/imv/imv_reason_string.h
@@ -58,7 +58,8 @@ struct imv_reason_string_t {
* Creates an Reason String object
*
* @param lang Preferred language
+ * @param separator String separating multiple reasons
*/
- imv_reason_string_t* imv_reason_string_create(char *lang);
+ imv_reason_string_t* imv_reason_string_create(char *lang, char *separator);
#endif /** IMV_REASON_STRING_H_ @}*/
diff --git a/src/libimcv/imv/imv_workitem.c b/src/libimcv/imv/imv_workitem.c
index 2141f73..8784a0c 100644
--- a/src/libimcv/imv/imv_workitem.c
+++ b/src/libimcv/imv/imv_workitem.c
@@ -20,7 +20,7 @@
typedef struct private_imv_workitem_t private_imv_workitem_t;
-ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
+ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_TPM_ATTEST,
"PCKGS",
"UNSRC",
"FWDEN",
@@ -35,7 +35,8 @@ ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
"TCPBL",
"UDPOP",
"UDPBL",
- "SWIDT"
+ "SWIDT",
+ "TPMRA"
);
/**
diff --git a/src/libimcv/imv/imv_workitem.h b/src/libimcv/imv/imv_workitem.h
index 8689977..93a4b58 100644
--- a/src/libimcv/imv/imv_workitem.h
+++ b/src/libimcv/imv/imv_workitem.h
@@ -44,7 +44,8 @@ enum imv_workitem_type_t {
IMV_WORKITEM_TCP_PORT_BLOCK = 12,
IMV_WORKITEM_UDP_PORT_OPEN = 13,
IMV_WORKITEM_UDP_PORT_BLOCK = 14,
- IMV_WORKITEM_SWID_TAGS = 15
+ IMV_WORKITEM_SWID_TAGS = 15,
+ IMV_WORKITEM_TPM_ATTEST = 16
};
extern enum_name_t *imv_workitem_type_names;
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index f32ab2b..9692e1f 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -13,14 +13,15 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_command.h"
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_command_t private_ita_attr_command_t;
/**
diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c
index 1966131..d0bc31d 100644
--- a/src/libimcv/ita/ita_attr_get_settings.c
+++ b/src/libimcv/ita/ita_attr_get_settings.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_get_settings.h"
@@ -22,8 +25,6 @@
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_get_settings_t private_ita_attr_get_settings_t;
/**
@@ -166,7 +167,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
status = SUCCESS;
end:
- reader->destroy(reader);
+ reader->destroy(reader);
return status;
}
@@ -182,7 +183,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
if (ref_put(&this->ref))
{
- this->list->destroy_function(this->list, free);
+ this->list->destroy_function(this->list, free);
free(this->value.ptr);
free(this);
}
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index 9ce253d..0d2967e 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_settings.h"
@@ -22,8 +25,6 @@
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_settings_t private_ita_attr_settings_t;
typedef struct entry_t entry_t;
@@ -211,7 +212,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
status = SUCCESS;
end:
- reader->destroy(reader);
+ reader->destroy(reader);
return status;
}
@@ -227,7 +228,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
if (ref_put(&this->ref))
{
- this->list->destroy_function(this->list, (void*)free_entry);
+ this->list->destroy_function(this->list, (void*)free_entry);
free(this->value.ptr);
free(this);
}
diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c
index 17000cd..0642757 100644
--- a/src/libimcv/os_info/os_info.c
+++ b/src/libimcv/os_info/os_info.c
@@ -560,9 +560,9 @@ os_info_t *os_info_create(void)
/* As an option OS name and OS version can be configured manually */
name.ptr = lib->settings->get_str(lib->settings,
- "libimcv.os_info.name", NULL);
+ "%s.imcv.os_info.name", NULL, lib->ns);
version.ptr = lib->settings->get_str(lib->settings,
- "libimcv.os_info.version", NULL);
+ "%s.imcv.os_info.version", NULL, lib->ns);
if (name.ptr && version.ptr)
{
name.len = strlen(name.ptr);
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index a44721b..bfb3f00 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -213,8 +213,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 2558be9..647a449 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -387,7 +387,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
if (lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-os.push_info", TRUE))
+ "%s.plugins.imc-os.push_info", TRUE, lib->ns))
{
out_msg = imc_msg_create(imc_os, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 44b50e6..3db0f2b 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index c87e827..2be6a87 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -274,7 +274,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
if (lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-scanner.push_info", TRUE))
+ "%s.plugins.imc-scanner.push_info", TRUE, lib->ns))
{
out_msg = imc_msg_create(imc_scanner, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index afbd244..64e1c27 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -213,8 +213,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c
index c97d416..ee982d9 100644
--- a/src/libimcv/plugins/imc_test/imc_test.c
+++ b/src/libimcv/plugins/imc_test/imc_test.c
@@ -91,11 +91,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
{
case TNC_CONNECTION_STATE_CREATE:
command = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-test.command", "none");
+ "%s.plugins.imc-test.command", "none", lib->ns);
dummy_size = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-test.dummy_size", 0);
+ "%s.plugins.imc-test.dummy_size", 0, lib->ns);
retry = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-test.retry", FALSE);
+ "%s.plugins.imc-test.retry", FALSE, lib->ns);
state = imc_test_state_create(connection_id, command, dummy_size,
retry);
@@ -107,7 +107,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
/* Optionally reserve additional IMC IDs */
additional_ids = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-test.additional_ids", 0);
+ "%s.plugins.imc-test.additional_ids", 0, lib->ns);
imc_test->reserve_additional_ids(imc_test, additional_ids -
imc_test->count_additional_ids(imc_test));
@@ -127,8 +127,8 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
if (!test_state->is_first_handshake(test_state))
{
command = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-test.retry_command",
- test_state->get_command(test_state));
+ "%s.plugins.imc-test.retry_command",
+ test_state->get_command(test_state), lib->ns);
test_state->set_command(test_state, command);
}
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index ed3fbb2..856ced8 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index d2a08b0..12cf207 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -13,12 +13,13 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_os_database.h"
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_imv_os_database_t private_imv_os_database_t;
/**
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index f6d904c..4f5a4b0 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -421,7 +421,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->count_update || this->count_blacklist)
{
@@ -494,7 +494,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
*string = this->remediation_string->get_encoding(this->remediation_string);
*uri = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-os.remediation_uri", NULL);
+ "%s.plugins.imv-os.remediation_uri", NULL, lib->ns);
return TRUE;
}
diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c
index 57cc62a..019e2ad 100644
--- a/src/libimcv/plugins/imv_os/pacman.c
+++ b/src/libimcv/plugins/imv_os/pacman.c
@@ -466,12 +466,12 @@ int main(int argc, char *argv[])
atexit(cleanup);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "pacman"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "attest.load", "sqlite")))
+ lib->settings->get_str(lib->settings, "pacman.load", "sqlite")))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh
index 621905e..3dfea39 100755
--- a/src/libimcv/plugins/imv_os/pacman.sh
+++ b/src/libimcv/plugins/imv_os/pacman.sh
@@ -13,6 +13,7 @@ DEBIAN_ARCH="binary-amd64 binary-i386"
PACMAN=/usr/libexec/ipsec/pacman
PACMAN_LOG="$DIR/$DATE-pacman.log"
+mkdir -p $DIR/dists
cd $DIR/dists
for v in $UBUNTU_VERSIONS
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 52ac014..748b9a7 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 4c570c4..90475d3 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -281,7 +281,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
{
this->reason_string->add_reason(this->reason_string, reasons);
@@ -314,7 +314,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
this->violating_ports);
*string = this->remediation_string->get_encoding(this->remediation_string);
*uri = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-scanner.remediation_uri", NULL);
+ "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns);
return TRUE;
}
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index ec5bb83..3c73e8f 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c
index cdf0e18..4263000 100644
--- a/src/libimcv/plugins/imv_test/imv_test_agent.c
+++ b/src/libimcv/plugins/imv_test/imv_test_agent.c
@@ -103,7 +103,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
/* add any new IMC and set its number of rounds */
rounds = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-test.rounds", 0);
+ "%s.plugins.imv-test.rounds", 0, lib->ns);
test_state = (imv_test_state_t*)state;
test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds);
@@ -178,7 +178,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
@@ -200,7 +200,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
out_msg->add_attribute(out_msg, attr);
/* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
return result;
@@ -214,11 +214,11 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
else
- {
+ {
return TNC_RESULT_SUCCESS;
}
}
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 0da09df..f05db80 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -228,7 +228,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
this->reason_string->add_reason(this->reason_string, reasons);
*reason_string = this->reason_string->get_encoding(this->reason_string);
diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk
index 37f400f..c5d9879 100644
--- a/src/libipsec/Android.mk
+++ b/src/libipsec/Android.mk
@@ -20,7 +20,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libipsec_la_SOURCES))
# build libipsec ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index cf44fc6..737edad 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -255,8 +255,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -324,6 +322,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -412,12 +415,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -432,6 +439,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in
index a9b3f19..05c27d9 100644
--- a/src/libpts/Makefile.in
+++ b/src/libpts/Makefile.in
@@ -293,8 +293,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -362,6 +360,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -450,12 +453,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -470,6 +477,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in
index 2d92791..7a539ef 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ b/src/libpts/plugins/imc_attestation/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
index 92e2e3a..fbe81ee 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
@@ -109,8 +109,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
int nonce_len, min_nonce_len;
nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN);
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
@@ -165,8 +165,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN);
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
if (nonce_len != initiator_nonce.len)
{
DBG1(DBG_IMC, "initiator and responder DH nonces "
@@ -428,7 +428,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
}
use_quote2 = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-attestation.use_quote2", TRUE);
+ "%s.plugins.imc-attestation.use_quote2", TRUE,
+ lib->ns);
if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig))
{
DBG1(DBG_IMC, "error occurred during TPM quote operation");
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in
index f62c05a..e1c932e 100644
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ b/src/libpts/plugins/imc_swid/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
index e130580..d4aaeff 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libpts/plugins/imc_swid/imc_swid.c
@@ -181,8 +181,8 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
swid_directory = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY);
+ "%s.plugins.imc-swid.swid_directory",
+ SWID_DIRECTORY, lib->ns);
swid_inventory = swid_inventory_create(full_tags);
if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
{
diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libpts/plugins/imv_attestation/Makefile.in
index 032d07a..c1c14d4 100644
--- a/src/libpts/plugins/imv_attestation/Makefile.in
+++ b/src/libpts/plugins/imv_attestation/Makefile.in
@@ -227,8 +227,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -296,6 +294,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -384,12 +387,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -404,6 +411,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
index 4d25df3..b8a6854 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libpts/plugins/imv_attestation/attest.c
@@ -266,19 +266,20 @@ static void do_args(int argc, char *argv[])
continue;
case 'F':
{
- char *path = strdup(optarg);
- char *dir = dirname(path);
- char *file = basename(optarg);
+ char *dir = path_dirname(optarg);
+ char *file = path_basename(optarg);
if (*dir != '.')
{
if (!attest->set_directory(attest, dir, op == OP_ADD))
{
- free(path);
+ free(file);
+ free(dir);
exit(EXIT_FAILURE);
}
}
- free(path);
+ free(file);
+ free(dir);
if (!attest->set_file(attest, file, op == OP_ADD))
{
exit(EXIT_FAILURE);
@@ -439,7 +440,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "attest"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c
index d7654ab..7a8a113 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libpts/plugins/imv_attestation/attest_db.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -1555,7 +1555,7 @@ METHOD(attest_db_t, list_sessions, void,
device_len = min(strlen(device), DEVICE_MAX_LEN);
identity = identity.len ? identity : chunk_from_str("-");
printf("%4d: %T %2d %-20s %.*s%*s%.*s - %N\n", session_id, &created,
- FALSE, conn_id, product, device_len, device,
+ this->utc, conn_id, product, device_len, device,
DEVICE_MAX_LEN - device_len + 1, " ", (int)identity.len,
identity.ptr, TNC_IMV_Action_Recommendation_names, rec);
}
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libpts/plugins/imv_attestation/attest_usage.c
index 324fcaf..8f4afdb 100644
--- a/src/libpts/plugins/imv_attestation/attest_usage.c
+++ b/src/libpts/plugins/imv_attestation/attest_usage.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@ void usage(void)
{
printf("\
Usage:\n\
- ipsec attest --components|--devices|--files|--hashes|--keys [options]\n\
+ ipsec attest --components|--devices|--sessions|--files|--hashes|--keys [options]\n\
\n\
ipsec attest --measurements|--packages|--products|--add|--del [options]\n\
\n\
@@ -35,6 +35,9 @@ Usage:\n\
ipsec attest --devices [--utc]\n\
Show a list of registered devices and associated collected information\n\
\n\
+ ipsec attest --sessions [--utc]\n\
+ Show a chronologically sorted list of all TNC sessions\n\
+ \n\
ipsec attest --files [--product <name>|--pid <id>]\n\
Show a list of files with a software product name or\n\
its primary key as an optional selector.\n\
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index 978c740..e8c3c5e 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -14,6 +14,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_attestation_agent.h"
#include "imv_attestation_state.h"
#include "imv_attestation_process.h"
@@ -33,8 +36,11 @@
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/pts_creds.h>
+#include <pts/components/ita/ita_comp_func_name.h>
#include <tcg/tcg_attr.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
@@ -289,10 +295,15 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
imv_state_t *state;
imv_session_t *session;
imv_attestation_state_t *attestation_state;
+ imv_attestation_handshake_state_t handshake_state;
+ imv_workitem_t *workitem;
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
TNC_IMVID imv_id;
TNC_Result result = TNC_RESULT_SUCCESS;
pts_t *pts;
char *platform_info;
+ enumerator_t *enumerator;
if (!this->agent->get_state(this->agent, id, &state))
{
@@ -300,6 +311,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
}
attestation_state = (imv_attestation_state_t*)state;
pts = attestation_state->get_pts(attestation_state);
+ handshake_state = attestation_state->get_handshake_state(attestation_state);
platform_info = pts->get_platform_info(pts);
session = state->get_session(state);
imv_id = this->agent->get_id(this->agent);
@@ -336,21 +348,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
state->set_action_flags(state, IMV_ATTESTATION_FLAG_ATTR_REQ);
}
+ if (handshake_state == IMV_ATTESTATION_STATE_INIT)
+ {
+ pa_tnc_attr_t *attr;
+ pts_proto_caps_flag_t flags;
+
+ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
+ msg_types[0]);
+
+ /* Send Request Protocol Capabilities attribute */
+ flags = pts->get_proto_caps(pts);
+ attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Measurement Algorithms attribute */
+ attr = tcg_pts_attr_meas_algo_create(this->supported_algorithms, FALSE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_DISCOVERY);
+
+ /* send these initial PTS attributes and exit */
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+ }
+
+ /* exit if we are not ready yet for PTS measurements */
+ if (!platform_info || !session ||
+ !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO))
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
/* create an empty out message - we might need it */
out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
msg_types[0]);
- if (platform_info && session &&
- (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO) &&
- !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS))
+ /* establish the PTS measurements to be taken */
+ if (!(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS))
{
- imv_workitem_t *workitem;
bool is_dir, no_workitems = TRUE;
u_int32_t delimiter = SOLIDUS_UTF;
u_int16_t request_id;
pa_tnc_attr_t *attr;
char *pathname;
- enumerator_t *enumerator;
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
enumerator = session->create_workitem_enumerator(session);
if (enumerator)
@@ -374,10 +422,75 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
case IMV_WORKITEM_DIR_META:
is_dir = TRUE;
break;
+ case IMV_WORKITEM_TPM_ATTEST:
+ {
+ pts_component_t *comp;
+ pts_comp_func_name_t *comp_name;
+ bool no_d_flag, no_t_flag;
+ char result_str[BUF_LEN];
+
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ no_d_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D);
+ no_t_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T);
+ if (no_d_flag || no_t_flag)
+ {
+ snprintf(result_str, BUF_LEN, "%s%s%s",
+ (no_t_flag) ? "no TPM available" : "",
+ (no_t_flag && no_d_flag) ? ", " : "",
+ (no_d_flag) ? "no DH nonce negotiation" : "");
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ continue;
+ }
+
+ /* do TPM BIOS measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'B'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ /* do TPM IMA measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'I'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_NONCE_REQ);
+ continue;
+ }
default:
continue;
}
+ /* initiate file and directory measurements */
pathname = this->pts_db->get_pathname(this->pts_db, is_dir,
workitem->get_arg_int(workitem));
if (!pathname)
@@ -440,22 +553,35 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
}
/* check the IMV state for the next PA-TNC attributes to send */
- if (!imv_attestation_build(out_msg, state, this->supported_algorithms,
- this->supported_dh_groups, this->pts_db))
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
{
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- state->set_action_flags(state, IMV_ATTESTATION_FLAG_REC);
-
- if (result != TNC_RESULT_SUCCESS)
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
{
- return result;
+ if (!imv_attestation_build(out_msg, state,
+ this->supported_dh_groups, this->pts_db))
+ {
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+ char *result_str;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(attestation_state,
+ reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ }
+ break;
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ enumerator->destroy(enumerator);
/* finalized all workitems? */
if (session && session->get_policy_started(session) &&
@@ -524,18 +650,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
- session->remove_workitem(session, enumerator);
- result_str = "pending file measurements";
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
+ result_str = "Pending file measurements";
pending_file_meas++;
break;
- default:
+ case IMV_WORKITEM_TPM_ATTEST:
+ attestation_state->finalize_components(attestation_state);
+ result_str = "Pending component evidence";
break;
+ default:
+ continue;
}
+ session->remove_workitem(session, enumerator);
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
}
enumerator->destroy(enumerator);
@@ -585,11 +715,11 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
}
hash_alg = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
+ "%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns);
dh_group = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.dh_group", "ecp256");
+ "%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns);
cadir = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.cadir", NULL);
+ "%s.plugins.imv-attestation.cadir", NULL, lib->ns);
INIT(this,
.public = {
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
index 1fbde2c..84023c6 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,8 +17,6 @@
#include "imv_attestation_build.h"
#include "imv_attestation_state.h"
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
@@ -27,9 +26,7 @@
#include <utils/debug.h>
-bool imv_attestation_build(imv_msg_t *out_msg,
- imv_state_t *state,
- pts_meas_algorithms_t supported_algorithms,
+bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
pts_dh_group_t supported_dh_groups,
pts_database_t *pts_db)
{
@@ -42,67 +39,15 @@ bool imv_attestation_build(imv_msg_t *out_msg,
handshake_state = attestation_state->get_handshake_state(attestation_state);
pts = attestation_state->get_pts(attestation_state);
- /**
- * Received a response form the Attestation IMC so we can proceeed
- */
- if (handshake_state == IMV_ATTESTATION_STATE_DISCOVERY &&
- (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO))
- {
- handshake_state = IMV_ATTESTATION_STATE_NONCE_REQ;
- }
-
- /**
- * Skip DH Nonce Parameters Request attribute when
- * DH Nonce Exchange is not selected by PTS-IMC side
- */
- if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ &&
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- DBG2(DBG_IMV, "PTS-IMC does not support DH Nonce negotiation");
- handshake_state = IMV_ATTESTATION_STATE_TPM_INIT;
- }
-
- /**
- * Skip TPM Version Info and AIK attributes when
- * no TPM is available on the PTS-IMC side
- */
- if (handshake_state == IMV_ATTESTATION_STATE_TPM_INIT &&
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
- {
- DBG2(DBG_IMV, "PTS-IMC made no TPM available");
- handshake_state = IMV_ATTESTATION_STATE_END;
- }
-
switch (handshake_state)
{
- case IMV_ATTESTATION_STATE_INIT:
- {
- pts_proto_caps_flag_t flags;
-
- /* Send Request Protocol Capabilities attribute */
- flags = pts->get_proto_caps(pts);
- attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Measurement Algorithms attribute */
- attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_DISCOVERY);
- break;
- }
- case IMV_ATTESTATION_STATE_DISCOVERY:
- break;
case IMV_ATTESTATION_STATE_NONCE_REQ:
{
int min_nonce_len;
/* Send DH nonce parameters request attribute */
min_nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
supported_dh_groups);
attr->set_noskip_flag(attr, TRUE);
@@ -117,16 +62,13 @@ bool imv_attestation_build(imv_msg_t *out_msg,
pts_meas_algorithms_t selected_algorithm;
chunk_t initiator_value, initiator_nonce;
- if ((pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- /* Send DH nonce finish attribute */
- selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
- attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+ /* Send DH nonce finish attribute */
+ selected_algorithm = pts->get_meas_algorithm(pts);
+ pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+ attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
initiator_value, initiator_nonce);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
- }
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
/* Send Get TPM Version attribute */
attr = tcg_pts_attr_get_tpm_version_info_create();
@@ -146,73 +88,40 @@ bool imv_attestation_build(imv_msg_t *out_msg,
{
tcg_pts_attr_req_func_comp_evid_t *attr_cast;
enumerator_t *enumerator;
- pts_component_t *comp;
- pts_comp_func_name_t *comp_name;
+ pts_comp_func_name_t *name;
chunk_t keyid;
- int kid, vid, name, qualifier;
+ int kid;
u_int8_t flags;
u_int32_t depth;
- bool first = TRUE, first_component = TRUE;
+ bool first_component = TRUE;
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
- if (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) ||
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- DBG2(DBG_IMV, "PTS-IMC made no TPM available - "
- "skipping Component Measurements");
- break;
- }
- if (!pts->get_aik_keyid(pts, &keyid))
- {
- DBG1(DBG_IMV, "retrieval of AIK keyid failed");
- return FALSE;
- }
- if (!pts_db)
- {
- DBG1(DBG_IMV, "pts database not available");
- break;
- }
- if (pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS)
+ if (!pts->get_aik_keyid(pts, &keyid) ||
+ pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS)
{
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
return FALSE;
}
- enumerator = pts_db->create_comp_evid_enumerator(pts_db, kid);
- if (!enumerator)
- {
- break;
- }
- while (enumerator->enumerate(enumerator, &vid, &name,
- &qualifier, &depth))
- {
- if (first)
- {
- DBG2(DBG_IMV, "evidence request by");
- first = FALSE;
- }
- comp_name = pts_comp_func_name_create(vid, name, qualifier);
- comp_name->log(comp_name, " ");
- comp = attestation_state->create_component(attestation_state,
- comp_name, depth, pts_db);
- if (!comp)
- {
- DBG2(DBG_IMV, " not registered or duplicate"
- " - removed from request");
- comp_name->destroy(comp_name);
- continue;
- }
+ enumerator = attestation_state->create_component_enumerator(
+ attestation_state);
+ while (enumerator->enumerate(enumerator, &flags, &depth, &name))
+ {
if (first_component)
{
attr = tcg_pts_attr_req_func_comp_evid_create();
attr->set_noskip_flag(attr, TRUE);
first_component = FALSE;
+ DBG2(DBG_IMV, "evidence request by");
}
- flags = comp->get_evidence_flags(comp);
+ name->log(name, " ");
+
/* TODO check flags against negotiated_caps */
attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
- attr_cast->add_component(attr_cast, flags, depth, comp_name);
+ attr_cast->add_component(attr_cast, flags, depth, name);
}
enumerator->destroy(enumerator);
@@ -231,17 +140,9 @@ bool imv_attestation_build(imv_msg_t *out_msg,
}
break;
}
- case IMV_ATTESTATION_STATE_EVID_FINAL:
- if (attestation_state->components_finalized(attestation_state))
- {
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
- }
- break;
- case IMV_ATTESTATION_STATE_END:
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
+ default:
break;
}
+
return TRUE;
}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
index 0cee49b..88538b1 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
@@ -35,14 +35,11 @@
*
* @param out_msg outbound PA-TNC message to be built
* @param state state of a given connection
- * @param supported_algorithms supported PTS measurement algorithms
* @param supported_dh_groups supported DH groups
* @param pts_db PTS configuration database
* @return TRUE if successful
*/
-bool imv_attestation_build(imv_msg_t *out_msg,
- imv_state_t *state,
- pts_meas_algorithms_t supported_algorithms,
+bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
pts_dh_group_t supported_dh_groups,
pts_database_t *pts_db);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index 5137d64..e40c92a 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2013 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,6 +14,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_attestation_process.h"
#include <imcv.h>
@@ -92,7 +96,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
/* check compliance of responder nonce length */
min_nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
nonce_len = responder_nonce.len;
if (nonce_len < PTS_MIN_NONCE_LEN ||
(min_nonce_len > 0 && nonce_len < min_nonce_len))
@@ -162,7 +166,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
if (!aik)
{
DBG1(DBG_IMV, "AIK unavailable");
- return FALSE;
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
}
if (aik->get_type(aik) == CERT_X509)
{
@@ -186,7 +192,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
trusted ? "" : "not ");
if (!trusted)
{
- return FALSE;
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
}
}
pts->set_aik(pts, aik);
@@ -242,7 +250,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
}
type = found->get_type(found);
arg_int = found->get_arg_int(found);
-
+
switch (type)
{
default:
@@ -295,7 +303,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
e = measurements->create_enumerator(measurements);
while (e->enumerate(e, &filename, &measurement))
{
- if (pts_db->add_file_measurement(pts_db,
+ if (pts_db->add_file_measurement(pts_db,
platform_info, algo, measurement, filename,
is_dir, arg_int) != SUCCESS)
{
@@ -366,6 +374,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
pts_comp_evidence_t *evidence;
pts_component_t *comp;
u_int32_t depth;
+ status_t status;
attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
evidence = attr_cast->get_comp_evidence(attr_cast);
@@ -377,12 +386,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
DBG1(DBG_IMV, " no entry found for component evidence request");
break;
}
- if (comp->verify(comp, name->get_qualifier(name), pts,
- evidence) != SUCCESS)
+ status = comp->verify(comp, name->get_qualifier(name), pts, evidence);
+ if (status == VERIFY_ERROR || status == FAILED)
{
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
name->log(name, " measurement mismatch for ");
@@ -396,6 +402,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
pts_meas_algorithms_t comp_hash_algorithm;
chunk_t pcr_comp, tpm_quote_sig, evid_sig;
chunk_t pcr_composite, quote_info;
+ imv_session_t *session;
+ imv_workitem_t *workitem;
+ enumerator_t *enumerator;
bool use_quote2, use_ver_info;
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
@@ -420,9 +429,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
{
DBG1(DBG_IMV, "received PCR Composite does not match "
"constructed one");
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -431,9 +437,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
{
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -449,6 +452,52 @@ quote_error:
* if all expected component measurements were received
*/
attestation_state->finalize_components(attestation_state);
+
+ session = state->get_session(state);
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
+ {
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
+ char *result_str;
+ u_int32_t error;
+
+ error = attestation_state->get_measurement_error(
+ attestation_state);
+ if (error & (IMV_ATTESTATION_ERROR_COMP_EVID_FAIL |
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
+ {
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(
+ attestation_state, reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+ eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ else
+ {
+ result_str = strdup("attestation successful");
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ }
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ free(result_str);
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
}
if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index 4701175..9304b9a 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -127,7 +127,7 @@ struct private_imv_attestation_state_t {
*/
struct func_comp_t {
pts_component_t *comp;
- u_int8_t qualifier;
+ pts_comp_func_name_t* name;
};
/**
@@ -136,6 +136,7 @@ struct func_comp_t {
static void free_func_comp(func_comp_t *this)
{
this->comp->destroy(this->comp);
+ this->name->destroy(this->name);
free(this);
}
@@ -161,6 +162,12 @@ static imv_lang_string_t reason_file_meas_pend[] = {
{ NULL, NULL }
};
+static imv_lang_string_t reason_no_trusted_aik[] = {
+ { "en", "No trusted AIK available" },
+ { "de", "Kein vetrauenswürdiger AIK verfügbar" },
+ { NULL, NULL }
+};
+
static imv_lang_string_t reason_comp_evid_fail[] = {
{ "en", "Incorrect component evidence" },
{ "de", "Falsche Komponenten-Evidenz" },
@@ -290,42 +297,52 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
{
- *reason_language = imv_lang_string_select_lang(language_enumerator,
- languages, countof(languages));
-
- /* Instantiate a TNC Reason String object */
- DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
-
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_fail);
+ reason_string->add_reason(reason_string, reason_file_meas_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_pend);
+ reason_string->add_reason(reason_string, reason_file_meas_pend);
+ }
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK)
+ {
+ reason_string->add_reason(reason_string, reason_no_trusted_aik);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_fail);
+ reason_string->add_reason(reason_string, reason_comp_evid_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_pend);
+ reason_string->add_reason(reason_string, reason_comp_evid_pend);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_tpm_quote_fail);
+ reason_string->add_reason(reason_string, reason_tpm_quote_fail);
}
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+ private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *reason_string, char **reason_language)
+{
+ *reason_language = imv_lang_string_select_lang(language_enumerator,
+ languages, countof(languages));
+
+ /* Instantiate a TNC Reason String object */
+ DESTROY_IF(this->reason_string);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
+ add_file_meas_reasons(this, this->reason_string);
+ add_comp_evid_reasons(this, this->reason_string);
*reason_string = this->reason_string->get_encoding(this->reason_string);
return TRUE;
@@ -390,13 +407,13 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
if (found)
{
- if (name->get_qualifier(name) == entry->qualifier)
+ if (name->equals(name, entry->name))
{
/* duplicate entry */
return NULL;
}
new_entry = malloc_thing(func_comp_t);
- new_entry->qualifier = name->get_qualifier(name);
+ new_entry->name = name->clone(name);
new_entry->comp = entry->comp->get_ref(entry->comp);
this->components->insert_last(this->components, new_entry);
return entry->comp;
@@ -410,13 +427,41 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
return NULL;
}
new_entry = malloc_thing(func_comp_t);
- new_entry->qualifier = name->get_qualifier(name);
+ new_entry->name = name->clone(name);
new_entry->comp = component;
this->components->insert_last(this->components, new_entry);
return component;
}
}
+/**
+ * Enumerate file measurement entries
+ */
+static bool entry_filter(void *null, func_comp_t **entry, u_int8_t *flags,
+ void *i2, u_int32_t *depth,
+ void *i3, pts_comp_func_name_t **comp_name)
+{
+ pts_component_t *comp;
+ pts_comp_func_name_t *name;
+
+ comp = (*entry)->comp;
+ name = (*entry)->name;
+
+ *flags = comp->get_evidence_flags(comp);
+ *depth = comp->get_depth(comp);
+ *comp_name = name;
+
+ return TRUE;
+}
+
+METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
+ private_imv_attestation_state_t *this)
+{
+ return enumerator_create_filter(
+ this->components->create_enumerator(this->components),
+ (void*)entry_filter, NULL, NULL);
+}
+
METHOD(imv_attestation_state_t, get_component, pts_component_t*,
private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
{
@@ -427,8 +472,7 @@ METHOD(imv_attestation_state_t, get_component, pts_component_t*,
enumerator = this->components->create_enumerator(this->components);
while (enumerator->enumerate(enumerator, &entry))
{
- if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)) &&
- name->get_qualifier(name) == entry->qualifier)
+ if (name->equals(name, entry->name))
{
found = entry->comp;
break;
@@ -458,23 +502,15 @@ METHOD(imv_attestation_state_t, finalize_components, void,
while (this->components->remove_last(this->components,
(void**)&entry) == SUCCESS)
{
- if (!entry->comp->finalize(entry->comp, entry->qualifier))
+ if (!entry->comp->finalize(entry->comp,
+ entry->name->get_qualifier(entry->name)))
{
set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
- update_recommendation(this,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_ERROR);
}
free_func_comp(entry);
}
}
-METHOD(imv_attestation_state_t, components_finalized, bool,
- private_imv_attestation_state_t *this)
-{
- return this->components->get_count(this->components) == 0;
-}
-
/**
* Described in header.
*/
@@ -509,11 +545,13 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.set_handshake_state = _set_handshake_state,
.get_pts = _get_pts,
.create_component = _create_component,
+ .create_component_enumerator = _create_component_enumerator,
.get_component = _get_component,
.finalize_components = _finalize_components,
- .components_finalized = _components_finalized,
.get_measurement_error = _get_measurement_error,
.set_measurement_error = _set_measurement_error,
+ .add_file_meas_reasons = _add_file_meas_reasons,
+ .add_comp_evid_reasons = _add_comp_evid_reasons,
},
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index 27d1ae8..9369d30 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -25,6 +25,7 @@
#define IMV_ATTESTATION_STATE_H_
#include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/components/pts_component.h>
@@ -64,9 +65,10 @@ enum imv_attestation_handshake_state_t {
enum imv_meas_error_t {
IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL = 1,
IMV_ATTESTATION_ERROR_FILE_MEAS_PEND = 2,
- IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 4,
- IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 8,
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 16
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK = 4,
+ IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 8,
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 16,
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 32
};
/**
@@ -116,6 +118,13 @@ struct imv_attestation_state_t {
pts_database_t *pts_db);
/**
+ * Enumerate over all Functional Components
+ *
+ * @return Functional Component enumerator
+ */
+ enumerator_t* (*create_component_enumerator)(imv_attestation_state_t *this);
+
+ /**
* Get a Functional Component with a given name
*
* @param name Name of the requested Functional Component
@@ -131,11 +140,6 @@ struct imv_attestation_state_t {
void (*finalize_components)(imv_attestation_state_t *this);
/**
- * Have the Functional Component measurements been finalized?
- */
- bool (*components_finalized)(imv_attestation_state_t *this);
-
- /**
* Indicates the types of measurement errors that occurred
*
* @return Measurement error flags
@@ -150,6 +154,21 @@ struct imv_attestation_state_t {
void (*set_measurement_error)(imv_attestation_state_t *this,
u_int32_t error);
+ /**
+ * Returns a concatenation of File Measurement reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
+
+ /**
+ * Returns a concatenation of Component Evidence reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
};
/**
diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libpts/plugins/imv_swid/Makefile.in
index 852cd3d..b92f7d4 100644
--- a/src/libpts/plugins/imv_swid/Makefile.in
+++ b/src/libpts/plugins/imv_swid/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libpts/pts/components/ita/ita_comp_ima.c
index 02470f5..c6b4131 100644
--- a/src/libpts/pts/components/ita/ita_comp_ima.c
+++ b/src/libpts/pts/components/ita/ita_comp_ima.c
@@ -683,7 +683,7 @@ METHOD(pts_component_t, verify, status_t,
status = this->pts_db->check_comp_measurement(this->pts_db,
measurement, this->bios_cid, this->kid,
++this->seq_no, pcr, algo);
- if (status != SUCCESS)
+ if (status == FAILED)
{
return status;
}
@@ -803,7 +803,7 @@ METHOD(pts_component_t, verify, status_t,
}
if (pcrs->set(pcrs, pcr, pcr_after))
{
- return SUCCESS;
+ return status;
}
}
else
@@ -811,7 +811,7 @@ METHOD(pts_component_t, verify, status_t,
pcr_after = pcrs->extend(pcrs, pcr, measurement);
if (pcr_after.ptr)
{
- return SUCCESS;
+ return status;
}
}
return FAILED;
@@ -951,7 +951,7 @@ pts_component_t *pts_ita_comp_ima_create(u_int32_t depth,
.bios_list = linked_list_create(),
.ima_list = linked_list_create(),
.pcr_info = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-attestation.pcr_info", TRUE),
+ "%s.plugins.imc-attestation.pcr_info", TRUE, lib->ns),
.ref = 1,
);
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c
index 8fb5abd..f4859f8 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ b/src/libpts/pts/components/ita/ita_comp_tboot.c
@@ -130,21 +130,21 @@ METHOD(pts_component_t, measure, status_t,
/* dummy data since currently the TBOOT log is not retrieved */
time(&this->measurement_time);
meas_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
+ "%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns);
pcr_before_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_before", NULL);
+ "%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns);
pcr_after_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_after", NULL);
+ "%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns);
extended_pcr = PCR_TBOOT_POLICY;
break;
case 1:
/* dummy data since currently the TBOOT log is not retrieved */
meas_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
+ "%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns);
pcr_before_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_before", NULL);
+ "%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns);
pcr_after_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_after", NULL);
+ "%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns);
extended_pcr = PCR_TBOOT_MLE;
break;
default:
diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index f646d67..8699282 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -377,7 +377,7 @@ static void load_aik_blob(private_pts_t *this)
u_int32_t aikBlobLen;
blob_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_blob", NULL);
+ "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
if (blob_path)
{
@@ -418,9 +418,9 @@ static void load_aik(private_pts_t *this)
char *cert_path, *key_path;
cert_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_cert", NULL);
+ "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns);
key_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_key", NULL);
+ "%s.plugins.imc-attestation.aik_key", NULL, lib->ns);
if (cert_path)
{
@@ -627,7 +627,7 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
metadata->destroy(metadata);
return NULL;
}
- entry->filename = strdup(basename(pathname));
+ entry->filename = path_basename(pathname);
metadata->add(metadata, entry);
}
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c
index e5a06cc..07e8ae1 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -15,6 +15,7 @@
#define _GNU_SOURCE
#include <stdio.h>
+#include <libgen.h>
#include "pts_database.h"
@@ -248,13 +249,62 @@ METHOD(pts_database_t, check_file_measurement, status_t,
enumerator_t *e;
chunk_t hash;
status_t status = NOT_FOUND;
+ char *dir, *file;
+
+ if (strlen(filename) < 1)
+ {
+ return INVALID_ARG;
+ }
+
+ /* separate filename into directory and basename components */
+ dir = path_dirname(filename);
+ file = path_basename(filename);
+
+ if (*dir == '.')
+ { /* relative pathname */
+ e = this->db->query(this->db,
+ "SELECT fh.hash FROM file_hashes AS fh "
+ "JOIN files AS f ON f.id = fh.file "
+ "JOIN products AS p ON p.id = fh.product "
+ "WHERE p.name = ? AND f.name = ? AND fh.algo = ?",
+ DB_TEXT, product, DB_TEXT, file, DB_INT, algo, DB_BLOB);
+ }
+ else
+ { /* absolute pathname */
+ bool dir_found;
+ int did;
+
+ /* find directory entry first */
+ e = this->db->query(this->db,
+ "SELECT id FROM directories WHERE path = ?",
+ DB_TEXT, dir, DB_INT);
+ if (!e)
+ {
+ free(file);
+ free(dir);
+ return FAILED;
+ }
+ dir_found = e->enumerate(e, &did);
+ e->destroy(e);
+
+ if (!dir_found)
+ {
+ free(file);
+ free(dir);
+ return NOT_FOUND;
+ }
+
+ e = this->db->query(this->db,
+ "SELECT fh.hash FROM file_hashes AS fh "
+ "JOIN files AS f ON f.id = fh.file "
+ "JOIN products AS p ON p.id = fh.product "
+ "WHERE p.name = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?",
+ DB_TEXT, product, DB_INT, did, DB_TEXT, file, DB_INT, algo,
+ DB_BLOB);
+ }
+ free(file);
+ free(dir);
- e = this->db->query(this->db,
- "SELECT fh.hash FROM file_hashes AS fh "
- "JOIN files AS f ON f.id = fh.file "
- "JOIN products AS p ON p.id = fh.product "
- "WHERE p.name = ? AND f.path = ? AND fh.algo = ?",
- DB_TEXT, product, DB_TEXT, filename, DB_INT, algo, DB_BLOB);
if (!e)
{
return FAILED;
diff --git a/src/libpts/pts/pts_file_meas.c b/src/libpts/pts/pts_file_meas.c
index f684087..77a0957 100644
--- a/src/libpts/pts/pts_file_meas.c
+++ b/src/libpts/pts/pts_file_meas.c
@@ -341,9 +341,10 @@ pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id,
success = FALSE;
goto end;
}
- filename = use_rel_name ? basename(pathname) : pathname;
+ filename = use_rel_name ? path_basename(pathname) : strdup(pathname);
DBG2(DBG_PTS, " %#B for '%s'", &measurement, filename);
add(this, filename, measurement);
+ free(filename);
}
end:
diff --git a/src/libpts/swid/swid_inventory.c b/src/libpts/swid/swid_inventory.c
index a689ccd..a71682f 100644
--- a/src/libpts/swid/swid_inventory.c
+++ b/src/libpts/swid/swid_inventory.c
@@ -24,7 +24,6 @@
#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <libgen.h>
#include <errno.h>
@@ -178,40 +177,19 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
if (this->full_tags)
{
swid_tag_t *tag;
- chunk_t xml_tag;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *xml_tag;
- fd = open(abs_name, O_RDONLY);
- if (fd == -1)
+ xml_tag = chunk_map(abs_name, FALSE);
+ if (!xml_tag)
{
DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
strerror(errno));
goto end;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_IMC, " getting file size of '%s' failed: %s", abs_name,
- strerror(errno));
- close(fd);
- goto end;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_IMC, " mapping '%s' failed: %s", abs_name,
- strerror(errno));
- close(fd);
- goto end;
- }
- xml_tag = chunk_create(addr, sb.st_size);
- tag = swid_tag_create(xml_tag, unique_seq_id);
+ tag = swid_tag_create(*xml_tag, unique_seq_id);
this->list->insert_last(this->list, tag);
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(xml_tag);
}
else
{
@@ -290,5 +268,3 @@ swid_inventory_t *swid_inventory_create(bool full_tags)
return &this->public;
}
-
-
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
index f0bc7cf..c5a2f4b 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_req_file_meas.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -20,8 +23,6 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_req_file_meas_t private_tcg_pts_attr_req_file_meas_t;
/**
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
index e475cd3..8d703af 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_req_file_meta.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -20,8 +23,6 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_req_file_meta_t private_tcg_pts_attr_req_file_meta_t;
/**
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
index 5249fa2..e10845b 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@@ -286,7 +286,7 @@ METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void,
entry = malloc_thing(entry_t);
entry->flags = flags;
entry->depth = depth;
- entry->name = name;
+ entry->name = name->clone(name);
this->list->insert_last(this->list, entry);
}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
index f96371b..eff64c2 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_unix_file_meta.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -21,8 +24,6 @@
#include <collections/linked_list.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_file_meta_t private_tcg_pts_attr_file_meta_t;
/**
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index c9d6c39..c827cb5 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 8af4852..d903de8 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index 8e60502..ee824ab 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index 1a13fdd..4409130 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -36,7 +36,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/printf_hook/printf_hook_vstr.c utils/settings.c
+utils/printf_hook/printf_hook_builtin.c utils/settings.c utils/test.c \
+utils/utils/strerror.c
# adding the plugin source files
@@ -96,9 +97,6 @@ LOCAL_SRC_FILES += $(call add_plugin, xcbc)
# build libstrongswan ----------------------------------------------------------
-LOCAL_C_INCLUDES += \
- $(libvstr_PATH)
-
LOCAL_CFLAGS := $(strongswan_CFLAGS) \
-include $(LOCAL_PATH)/AndroidConfigLocal.h
@@ -110,6 +108,6 @@ LOCAL_ARM_MODE := arm
LOCAL_PRELINK_MODULE := false
-LOCAL_SHARED_LIBRARIES += libdl libvstr
+LOCAL_SHARED_LIBRARIES += libdl
include $(BUILD_SHARED_LIBRARY)
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 3804adb..b3a4eda 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -34,7 +34,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/settings.c
+utils/settings.c utils/test.c \
+utils/utils/strerror.c
if USE_DEV_HEADERS
strongswan_includedir = ${dev_headers}
@@ -82,7 +83,8 @@ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \
utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
utils/leak_detective.h utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
-utils/settings.h utils/integrity_checker.h
+utils/settings.h utils/test.h utils/integrity_checker.h \
+utils/utils/strerror.h
endif
library.lo : $(top_builddir)/config.status
@@ -481,6 +483,13 @@ if MONOLITHIC
endif
endif
+if USE_NTRU
+ SUBDIRS += plugins/ntru
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/ntru/libstrongswan-ntru.la
+endif
+endif
+
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC
@@ -488,9 +497,7 @@ if MONOLITHIC
endif
endif
-if UNITTESTS
if MONOLITHIC
SUBDIRS += .
endif
- SUBDIRS += tests
-endif
+SUBDIRS += tests
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index c9718e6..64396b5 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -178,10 +178,10 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_CCM_TRUE at am__append_97 = plugins/ccm/libstrongswan-ccm.la
@USE_GCM_TRUE at am__append_98 = plugins/gcm
@MONOLITHIC_TRUE@@USE_GCM_TRUE at am__append_99 = plugins/gcm/libstrongswan-gcm.la
- at USE_TEST_VECTORS_TRUE@am__append_100 = plugins/test_vectors
- at MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE at am__append_101 = plugins/test_vectors/libstrongswan-test-vectors.la
- at MONOLITHIC_TRUE@@UNITTESTS_TRUE at am__append_102 = .
- at UNITTESTS_TRUE@am__append_103 = tests
+ at USE_NTRU_TRUE@am__append_100 = plugins/ntru
+ at MONOLITHIC_TRUE@@USE_NTRU_TRUE at am__append_101 = plugins/ntru/libstrongswan-ntru.la
+ at USE_TEST_VECTORS_TRUE@am__append_102 = plugins/test_vectors
+ at MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE at am__append_103 = plugins/test_vectors/libstrongswan-test-vectors.la
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp \
@@ -254,7 +254,7 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_83) $(am__append_85) $(am__append_87) \
$(am__append_89) $(am__append_91) $(am__append_93) \
$(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101)
+ $(am__append_101) $(am__append_103)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -300,8 +300,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/settings.c \
- utils/leak_detective.c utils/integrity_checker.c \
- utils/printf_hook/printf_hook_vstr.c \
+ utils/test.c utils/utils/strerror.c utils/leak_detective.c \
+ utils/integrity_checker.c utils/printf_hook/printf_hook_vstr.c \
utils/printf_hook/printf_hook_builtin.c \
utils/printf_hook/printf_hook_glibc.c
am__dirstamp = $(am__leading_dot)dirstamp
@@ -355,9 +355,9 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
threading/spinlock.lo utils/utils.lo utils/chunk.lo \
utils/debug.lo utils/enum.lo utils/identification.lo \
utils/lexparser.lo utils/optionsfrom.lo utils/capabilities.lo \
- utils/backtrace.lo utils/settings.lo $(am__objects_1) \
- $(am__objects_2) $(am__objects_3) $(am__objects_4) \
- $(am__objects_5)
+ utils/backtrace.lo utils/settings.lo utils/test.lo \
+ utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3) $(am__objects_4) $(am__objects_5)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
@@ -468,7 +468,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h \
utils/printf_hook/printf_hook_builtin.h utils/settings.h \
- utils/integrity_checker.h
+ utils/test.h utils/integrity_checker.h utils/utils/strerror.h
HEADERS = $(nobase_strongswan_include_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -508,7 +508,8 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
plugins/soup plugins/ldap plugins/mysql plugins/sqlite \
plugins/padlock plugins/openssl plugins/gcrypt \
plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \
- plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors tests
+ plugins/ctr plugins/ccm plugins/gcm plugins/ntru \
+ plugins/test_vectors tests
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -549,8 +550,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -618,6 +617,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -706,12 +710,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -726,6 +734,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -781,8 +790,9 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/settings.c \
- $(am__append_2) $(am__append_5) $(am__append_6) \
- $(am__append_8) $(am__append_10)
+ utils/test.c utils/utils/strerror.c $(am__append_2) \
+ $(am__append_5) $(am__append_6) $(am__append_8) \
+ $(am__append_10)
@USE_DEV_HEADERS_TRUE at strongswan_includedir = ${dev_headers}
@USE_DEV_HEADERS_TRUE at nobase_strongswan_include_HEADERS = \
@USE_DEV_HEADERS_TRUE at library.h \
@@ -828,7 +838,8 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
@USE_DEV_HEADERS_TRUE at utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
@USE_DEV_HEADERS_TRUE at utils/leak_detective.h utils/printf_hook/printf_hook.h \
@USE_DEV_HEADERS_TRUE at utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
- at USE_DEV_HEADERS_TRUE@utils/settings.h utils/integrity_checker.h
+ at USE_DEV_HEADERS_TRUE@utils/settings.h utils/test.h utils/integrity_checker.h \
+ at USE_DEV_HEADERS_TRUE@utils/utils/strerror.h
libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_7) \
@@ -847,7 +858,7 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(am__append_81) $(am__append_83) $(am__append_85) \
$(am__append_87) $(am__append_89) $(am__append_91) \
$(am__append_93) $(am__append_95) $(am__append_97) \
- $(am__append_99) $(am__append_101)
+ $(am__append_99) $(am__append_101) $(am__append_103)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -894,8 +905,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_FALSE@ $(am__append_88) $(am__append_90) \
@MONOLITHIC_FALSE@ $(am__append_92) $(am__append_94) \
@MONOLITHIC_FALSE@ $(am__append_96) $(am__append_98) \
- at MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) \
- at MONOLITHIC_FALSE@ $(am__append_103)
+ at MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) tests
# build plugins with their own Makefile
#######################################
@@ -921,8 +931,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_TRUE@ $(am__append_88) $(am__append_90) \
@MONOLITHIC_TRUE@ $(am__append_92) $(am__append_94) \
@MONOLITHIC_TRUE@ $(am__append_96) $(am__append_98) \
- at MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) \
- at MONOLITHIC_TRUE@ $(am__append_103)
+ at MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) . tests
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -1354,6 +1363,15 @@ utils/backtrace.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/settings.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
+utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/utils/$(am__dirstamp):
+ @$(MKDIR_P) utils/utils
+ @: > utils/utils/$(am__dirstamp)
+utils/utils/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) utils/utils/$(DEPDIR)
+ @: > utils/utils/$(DEPDIR)/$(am__dirstamp)
+utils/utils/strerror.lo: utils/utils/$(am__dirstamp) \
+ utils/utils/$(DEPDIR)/$(am__dirstamp)
utils/leak_detective.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/integrity_checker.lo: utils/$(am__dirstamp) \
@@ -1443,6 +1461,8 @@ mostlyclean-compile:
-rm -f utils/*.lo
-rm -f utils/printf_hook/*.$(OBJEXT)
-rm -f utils/printf_hook/*.lo
+ -rm -f utils/utils/*.$(OBJEXT)
+ -rm -f utils/utils/*.lo
distclean-compile:
-rm -f *.tab.c
@@ -1536,10 +1556,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/lexparser.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/optionsfrom.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/settings.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/test.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/utils.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/printf_hook/$(DEPDIR)/printf_hook_builtin.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/printf_hook/$(DEPDIR)/printf_hook_glibc.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/printf_hook/$(DEPDIR)/printf_hook_vstr.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/utils/$(DEPDIR)/strerror.Plo at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -1602,6 +1624,7 @@ clean-libtool:
-rm -rf threading/.libs threading/_libs
-rm -rf utils/.libs utils/_libs
-rm -rf utils/printf_hook/.libs utils/printf_hook/_libs
+ -rm -rf utils/utils/.libs utils/utils/_libs
install-nobase_strongswan_includeHEADERS: $(nobase_strongswan_include_HEADERS)
@$(NORMAL_INSTALL)
@list='$(nobase_strongswan_include_HEADERS)'; test -n "$(strongswan_includedir)" || list=; \
@@ -1881,6 +1904,8 @@ distclean-generic:
-rm -f utils/$(am__dirstamp)
-rm -f utils/printf_hook/$(DEPDIR)/$(am__dirstamp)
-rm -f utils/printf_hook/$(am__dirstamp)
+ -rm -f utils/utils/$(DEPDIR)/$(am__dirstamp)
+ -rm -f utils/utils/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -1893,7 +1918,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipse [...]
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipse [...]
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1940,7 +1965,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipse [...]
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipse [...]
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index d860ad9..38a6ad6 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -88,7 +88,7 @@ int asn1_known_oid(chunk_t object)
}
}
}
- return -1;
+ return OID_UNKNOWN;
}
/*
@@ -129,7 +129,8 @@ chunk_t asn1_build_known_oid(int n)
chunk_t asn1_oid_from_string(char *str)
{
enumerator_t *enumerator;
- u_char buf[64];
+ size_t buf_len = 64;
+ u_char buf[buf_len];
char *end;
int i = 0, pos = 0, shift;
u_int val, shifted_val, first = 0;
@@ -138,7 +139,7 @@ chunk_t asn1_oid_from_string(char *str)
while (enumerator->enumerate(enumerator, &str))
{
val = strtoul(str, &end, 10);
- if (end == str || pos > countof(buf))
+ if (end == str || pos > buf_len-4)
{
pos = 0;
break;
@@ -175,8 +176,9 @@ chunk_t asn1_oid_from_string(char *str)
*/
char *asn1_oid_to_string(chunk_t oid)
{
- char buf[64], *pos = buf;
- int len;
+ size_t len = 64;
+ char buf[len], *pos = buf;
+ int written;
u_int val;
if (!oid.len)
@@ -184,13 +186,14 @@ char *asn1_oid_to_string(chunk_t oid)
return NULL;
}
val = oid.ptr[0] / 40;
- len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40);
+ written = snprintf(buf, len, "%u.%u", val, oid.ptr[0] - val * 40);
oid = chunk_skip(oid, 1);
- if (len < 0 || len >= sizeof(buf))
+ if (written < 0 || written >= len)
{
return NULL;
}
- pos += len;
+ pos += written;
+ len -= written;
val = 0;
while (oid.len)
@@ -199,12 +202,13 @@ char *asn1_oid_to_string(chunk_t oid)
if (oid.ptr[0] < 128)
{
- len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val);
- if (len < 0 || len >= sizeof(buf) + buf - pos)
+ written = snprintf(pos, len, ".%u", val);
+ if (written < 0 || written >= len)
{
return NULL;
}
- pos += len;
+ pos += written;
+ len -= written;
val = 0;
}
oid = chunk_skip(oid, 1);
@@ -296,7 +300,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
else
{ /* composite length, determine number of length octets */
len &= 0x7f;
- if (len == 0 || len > sizeof(res.len))
+ if (len == 0 || len > blob->len || len > sizeof(res.len))
{
return ASN1_INVALID;
}
@@ -389,8 +393,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
tm_year += (tm_year < 50) ? 2000 : 1900;
}
- /* prevent large 32 bit integer overflows */
- if (sizeof(time_t) == 4 && tm_year > 2038)
+ /* prevent obvious 32 bit integer overflows */
+ if (sizeof(time_t) == 4 && (tm_year > 2038 || tm_year < 1901))
{
return TIME_32_BIT_SIGNED_MAX;
}
@@ -398,13 +402,24 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
/* representation of months as 0..11*/
if (tm_mon < 1 || tm_mon > 12)
{
- return 0; /* error in month format */
+ return 0;
}
tm_mon--;
/* representation of days as 0..30 */
+ if (tm_day < 1 || tm_day > 31)
+ { /* we don't actually validate the day in relation to tm_year/tm_mon */
+ return 0;
+ }
tm_day--;
+ if (tm_hour < 0 || tm_hour > 23 ||
+ tm_min < 0 || tm_min > 59 ||
+ tm_sec < 0 || tm_sec > 60 /* allow leap seconds */)
+ {
+ return 0;
+ }
+
/* number of leap years between last year and 1970? */
tm_leap_4 = (tm_year - 1) / 4;
tm_leap_100 = tm_leap_4 / 25;
@@ -420,8 +435,20 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
- /* has a 32 bit signed integer overflow occurred? */
- return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs;
+ if (sizeof(time_t) == 4)
+ { /* has a 32 bit signed integer overflow occurred? */
+ if (tm_year > 1970 && tm_secs < 0)
+ { /* depending on the time zone, the first days in 1970 may result in
+ * a negative value, but dates after 1970 never will */
+ return TIME_32_BIT_SIGNED_MAX;
+ }
+ if (tm_year < 1969 && tm_secs > 0)
+ { /* similarly, tm_secs is not positive for dates before 1970, except
+ * for the last days in 1969, depending on the time zone */
+ return TIME_32_BIT_SIGNED_MAX;
+ }
+ }
+ return tm_secs;
}
/**
@@ -537,7 +564,7 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
len = asn1_length(object);
- if (len == ASN1_INVALID_LENGTH || object->len < len)
+ if (len == ASN1_INVALID_LENGTH)
{
DBG2(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large",
level, name);
@@ -675,7 +702,9 @@ bool asn1_is_printablestring(chunk_t str)
for (i = 0; i < str.len; i++)
{
if (strchr(printablestring_charset, str.ptr[i]) == NULL)
+ {
return FALSE;
+ }
}
return TRUE;
}
@@ -781,10 +810,17 @@ chunk_t asn1_integer(const char *mode, chunk_t content)
chunk_t object;
size_t len;
u_char *pos;
+ bool move;
+
if (content.len == 0)
{ /* make sure 0 is encoded properly */
content = chunk_from_chars(0x00);
+ move = FALSE;
+ }
+ else
+ {
+ move = (*mode == 'm');
}
/* ASN.1 integers must be positive numbers in two's complement */
@@ -794,11 +830,9 @@ chunk_t asn1_integer(const char *mode, chunk_t content)
{
*pos++ = 0x00;
}
- if (len)
- {
- memcpy(pos, content.ptr, content.len);
- }
- if (*mode == 'm')
+ memcpy(pos, content.ptr, content.len);
+
+ if (move)
{
free(content.ptr);
}
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index a1d6253..7a48292 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -191,6 +191,13 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private);
/**
* Converts an ASN.1 UTCTIME or GENERALIZEDTIME string to time_t
*
+ * On systems where sizeof(time_t) == 4 there will be an overflow
+ * for dates
+ * > Tue, 19 Jan 2038 03:14:07 UTC (0x7fffffff)
+ * and
+ * < Fri, 13 Dec 1901 20:45:52 UTC (0x80000000)
+ * in both cases TIME_32_BIT_SIGNED_MAX is returned.
+ *
* @param utctime body of an ASN.1 coded time object
* @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME
* @return time_t in UTC
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index c31fb75..e7b7a42 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -160,6 +160,7 @@ METHOD(asn1_parser_t, iterate, bool,
DBG1(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
this->success = FALSE;
+ goto end;
}
blob1->ptr = blob->ptr;
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index a0e882b..6fa8f4e 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -75,7 +75,7 @@ const oid_t oid_names[] = {
{ 0x36, 63, 0, 2, "inhibitAnyPolicy" }, /* 62 */
{ 0x37, 64, 0, 2, "targetInformation" }, /* 63 */
{ 0x38, 0, 0, 2, "noRevAvail" }, /* 64 */
- {0x2A, 188, 1, 0, "" }, /* 65 */
+ {0x2A, 189, 1, 0, "" }, /* 65 */
{ 0x83, 78, 1, 1, "" }, /* 66 */
{ 0x08, 0, 1, 2, "jp" }, /* 67 */
{ 0x8C, 0, 1, 3, "" }, /* 68 */
@@ -90,7 +90,7 @@ const oid_t oid_names[] = {
{ 0x04, 0, 0, 10, "camellia256-cbc" }, /* 77 */
{ 0x86, 0, 1, 1, "" }, /* 78 */
{ 0x48, 0, 1, 2, "us" }, /* 79 */
- { 0x86, 147, 1, 3, "" }, /* 80 */
+ { 0x86, 148, 1, 3, "" }, /* 80 */
{ 0xF6, 86, 1, 4, "" }, /* 81 */
{ 0x7D, 0, 1, 5, "NortelNetworks" }, /* 82 */
{ 0x07, 0, 1, 6, "Entrust" }, /* 83 */
@@ -98,320 +98,344 @@ const oid_t oid_names[] = {
{ 0x00, 0, 0, 8, "entrustVersInfo" }, /* 85 */
{ 0xF7, 0, 1, 4, "" }, /* 86 */
{ 0x0D, 0, 1, 5, "RSADSI" }, /* 87 */
- { 0x01, 142, 1, 6, "PKCS" }, /* 88 */
- { 0x01, 100, 1, 7, "PKCS-1" }, /* 89 */
+ { 0x01, 143, 1, 6, "PKCS" }, /* 88 */
+ { 0x01, 101, 1, 7, "PKCS-1" }, /* 89 */
{ 0x01, 91, 0, 8, "rsaEncryption" }, /* 90 */
{ 0x02, 92, 0, 8, "md2WithRSAEncryption" }, /* 91 */
{ 0x04, 93, 0, 8, "md5WithRSAEncryption" }, /* 92 */
{ 0x05, 94, 0, 8, "sha-1WithRSAEncryption" }, /* 93 */
{ 0x07, 95, 0, 8, "id-RSAES-OAEP" }, /* 94 */
- { 0x09, 96, 0, 8, "id-pSpecified" }, /* 95 */
- { 0x0B, 97, 0, 8, "sha256WithRSAEncryption" }, /* 96 */
- { 0x0C, 98, 0, 8, "sha384WithRSAEncryption" }, /* 97 */
- { 0x0D, 99, 0, 8, "sha512WithRSAEncryption" }, /* 98 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 99 */
- { 0x05, 105, 1, 7, "PKCS-5" }, /* 100 */
- { 0x03, 102, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 101 */
- { 0x0A, 103, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 102 */
- { 0x0C, 104, 0, 8, "id-PBKDF2" }, /* 103 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 104 */
- { 0x07, 112, 1, 7, "PKCS-7" }, /* 105 */
- { 0x01, 107, 0, 8, "data" }, /* 106 */
- { 0x02, 108, 0, 8, "signedData" }, /* 107 */
- { 0x03, 109, 0, 8, "envelopedData" }, /* 108 */
- { 0x04, 110, 0, 8, "signedAndEnvelopedData" }, /* 109 */
- { 0x05, 111, 0, 8, "digestedData" }, /* 110 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 111 */
- { 0x09, 126, 1, 7, "PKCS-9" }, /* 112 */
- { 0x01, 114, 0, 8, "E" }, /* 113 */
- { 0x02, 115, 0, 8, "unstructuredName" }, /* 114 */
- { 0x03, 116, 0, 8, "contentType" }, /* 115 */
- { 0x04, 117, 0, 8, "messageDigest" }, /* 116 */
- { 0x05, 118, 0, 8, "signingTime" }, /* 117 */
- { 0x06, 119, 0, 8, "counterSignature" }, /* 118 */
- { 0x07, 120, 0, 8, "challengePassword" }, /* 119 */
- { 0x08, 121, 0, 8, "unstructuredAddress" }, /* 120 */
- { 0x0E, 122, 0, 8, "extensionRequest" }, /* 121 */
- { 0x0F, 123, 0, 8, "S/MIME Capabilities" }, /* 122 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 123 */
- { 0x01, 125, 0, 9, "X.509" }, /* 124 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 125 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 126 */
- { 0x01, 134, 1, 8, "pbeIds" }, /* 127 */
- { 0x01, 129, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 128 */
- { 0x02, 130, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 129 */
- { 0x03, 131, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 130 */
- { 0x04, 132, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 131 */
- { 0x05, 133, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 132 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 133 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 134 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 135 */
- { 0x01, 137, 0, 10, "keyBag" }, /* 136 */
- { 0x02, 138, 0, 10, "pkcs8ShroudedKeyBag" }, /* 137 */
- { 0x03, 139, 0, 10, "certBag" }, /* 138 */
- { 0x04, 140, 0, 10, "crlBag" }, /* 139 */
- { 0x05, 141, 0, 10, "secretBag" }, /* 140 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 141 */
- { 0x02, 145, 1, 6, "digestAlgorithm" }, /* 142 */
- { 0x02, 144, 0, 7, "md2" }, /* 143 */
- { 0x05, 0, 0, 7, "md5" }, /* 144 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 145 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 146 */
- { 0xCE, 0, 1, 3, "" }, /* 147 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 148 */
- { 0x02, 151, 1, 5, "id-publicKeyType" }, /* 149 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 150 */
- { 0x03, 181, 1, 5, "ellipticCurve" }, /* 151 */
- { 0x00, 173, 1, 6, "c-TwoCurve" }, /* 152 */
- { 0x01, 154, 0, 7, "c2pnb163v1" }, /* 153 */
- { 0x02, 155, 0, 7, "c2pnb163v2" }, /* 154 */
- { 0x03, 156, 0, 7, "c2pnb163v3" }, /* 155 */
- { 0x04, 157, 0, 7, "c2pnb176w1" }, /* 156 */
- { 0x05, 158, 0, 7, "c2tnb191v1" }, /* 157 */
- { 0x06, 159, 0, 7, "c2tnb191v2" }, /* 158 */
- { 0x07, 160, 0, 7, "c2tnb191v3" }, /* 159 */
- { 0x08, 161, 0, 7, "c2onb191v4" }, /* 160 */
- { 0x09, 162, 0, 7, "c2onb191v5" }, /* 161 */
- { 0x0A, 163, 0, 7, "c2pnb208w1" }, /* 162 */
- { 0x0B, 164, 0, 7, "c2tnb239v1" }, /* 163 */
- { 0x0C, 165, 0, 7, "c2tnb239v2" }, /* 164 */
- { 0x0D, 166, 0, 7, "c2tnb239v3" }, /* 165 */
- { 0x0E, 167, 0, 7, "c2onb239v4" }, /* 166 */
- { 0x0F, 168, 0, 7, "c2onb239v5" }, /* 167 */
- { 0x10, 169, 0, 7, "c2pnb272w1" }, /* 168 */
- { 0x11, 170, 0, 7, "c2pnb304w1" }, /* 169 */
- { 0x12, 171, 0, 7, "c2tnb359v1" }, /* 170 */
- { 0x13, 172, 0, 7, "c2pnb368w1" }, /* 171 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 172 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 173 */
- { 0x01, 175, 0, 7, "prime192v1" }, /* 174 */
- { 0x02, 176, 0, 7, "prime192v2" }, /* 175 */
- { 0x03, 177, 0, 7, "prime192v3" }, /* 176 */
- { 0x04, 178, 0, 7, "prime239v1" }, /* 177 */
- { 0x05, 179, 0, 7, "prime239v2" }, /* 178 */
- { 0x06, 180, 0, 7, "prime239v3" }, /* 179 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 180 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 181 */
- { 0x01, 183, 0, 6, "ecdsa-with-SHA1" }, /* 182 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 183 */
- { 0x01, 185, 0, 7, "ecdsa-with-SHA224" }, /* 184 */
- { 0x02, 186, 0, 7, "ecdsa-with-SHA256" }, /* 185 */
- { 0x03, 187, 0, 7, "ecdsa-with-SHA384" }, /* 186 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 187 */
- {0x2B, 348, 1, 0, "" }, /* 188 */
- { 0x06, 262, 1, 1, "dod" }, /* 189 */
- { 0x01, 0, 1, 2, "internet" }, /* 190 */
- { 0x04, 213, 1, 3, "private" }, /* 191 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 192 */
- { 0x82, 206, 1, 5, "" }, /* 193 */
- { 0x37, 203, 1, 6, "Microsoft" }, /* 194 */
- { 0x0A, 199, 1, 7, "" }, /* 195 */
- { 0x03, 0, 1, 8, "" }, /* 196 */
- { 0x03, 198, 0, 9, "msSGC" }, /* 197 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 198 */
- { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 199 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 200 */
- { 0x02, 202, 0, 9, "msSmartcardLogon" }, /* 201 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 202 */
- { 0xA0, 0, 1, 6, "" }, /* 203 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 204 */
- { 0x01, 0, 0, 8, "strongSwan" }, /* 205 */
- { 0x89, 0, 1, 5, "" }, /* 206 */
- { 0x31, 0, 1, 6, "" }, /* 207 */
- { 0x01, 0, 1, 7, "" }, /* 208 */
- { 0x01, 0, 1, 8, "" }, /* 209 */
- { 0x02, 0, 1, 9, "" }, /* 210 */
- { 0x02, 0, 1, 10, "" }, /* 211 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 212 */
- { 0x05, 0, 1, 3, "security" }, /* 213 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 214 */
- { 0x07, 259, 1, 5, "id-pkix" }, /* 215 */
- { 0x01, 220, 1, 6, "id-pe" }, /* 216 */
- { 0x01, 218, 0, 7, "authorityInfoAccess" }, /* 217 */
- { 0x03, 219, 0, 7, "qcStatements" }, /* 218 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 219 */
- { 0x02, 223, 1, 6, "id-qt" }, /* 220 */
- { 0x01, 222, 0, 7, "cps" }, /* 221 */
- { 0x02, 0, 0, 7, "unotice" }, /* 222 */
- { 0x03, 233, 1, 6, "id-kp" }, /* 223 */
- { 0x01, 225, 0, 7, "serverAuth" }, /* 224 */
- { 0x02, 226, 0, 7, "clientAuth" }, /* 225 */
- { 0x03, 227, 0, 7, "codeSigning" }, /* 226 */
- { 0x04, 228, 0, 7, "emailProtection" }, /* 227 */
- { 0x05, 229, 0, 7, "ipsecEndSystem" }, /* 228 */
- { 0x06, 230, 0, 7, "ipsecTunnel" }, /* 229 */
- { 0x07, 231, 0, 7, "ipsecUser" }, /* 230 */
- { 0x08, 232, 0, 7, "timeStamping" }, /* 231 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 232 */
- { 0x08, 241, 1, 6, "id-otherNames" }, /* 233 */
- { 0x01, 235, 0, 7, "personalData" }, /* 234 */
- { 0x02, 236, 0, 7, "userGroup" }, /* 235 */
- { 0x03, 237, 0, 7, "id-on-permanentIdentifier" }, /* 236 */
- { 0x04, 238, 0, 7, "id-on-hardwareModuleName" }, /* 237 */
- { 0x05, 239, 0, 7, "xmppAddr" }, /* 238 */
- { 0x06, 240, 0, 7, "id-on-SIM" }, /* 239 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 240 */
- { 0x0A, 246, 1, 6, "id-aca" }, /* 241 */
- { 0x01, 243, 0, 7, "authenticationInfo" }, /* 242 */
- { 0x02, 244, 0, 7, "accessIdentity" }, /* 243 */
- { 0x03, 245, 0, 7, "chargingIdentity" }, /* 244 */
- { 0x04, 0, 0, 7, "group" }, /* 245 */
- { 0x0B, 247, 0, 6, "subjectInfoAccess" }, /* 246 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 247 */
- { 0x01, 256, 1, 7, "ocsp" }, /* 248 */
- { 0x01, 250, 0, 8, "basic" }, /* 249 */
- { 0x02, 251, 0, 8, "nonce" }, /* 250 */
- { 0x03, 252, 0, 8, "crl" }, /* 251 */
- { 0x04, 253, 0, 8, "response" }, /* 252 */
- { 0x05, 254, 0, 8, "noCheck" }, /* 253 */
- { 0x06, 255, 0, 8, "archiveCutoff" }, /* 254 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 255 */
- { 0x02, 257, 0, 7, "caIssuers" }, /* 256 */
- { 0x03, 258, 0, 7, "timeStamping" }, /* 257 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 258 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 259 */
- { 0x02, 0, 1, 6, "certificate" }, /* 260 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 261 */
- { 0x0E, 268, 1, 1, "oiw" }, /* 262 */
- { 0x03, 0, 1, 2, "secsig" }, /* 263 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 264 */
- { 0x07, 266, 0, 4, "des-cbc" }, /* 265 */
- { 0x1A, 267, 0, 4, "sha-1" }, /* 266 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 267 */
- { 0x24, 314, 1, 1, "TeleTrusT" }, /* 268 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 269 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 270 */
- { 0x01, 275, 1, 4, "rsaSignature" }, /* 271 */
- { 0x02, 273, 0, 5, "rsaSigWithripemd160" }, /* 272 */
- { 0x03, 274, 0, 5, "rsaSigWithripemd128" }, /* 273 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 274 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 275 */
- { 0x01, 277, 0, 5, "ecSignWithsha1" }, /* 276 */
- { 0x02, 278, 0, 5, "ecSignWithripemd160" }, /* 277 */
- { 0x03, 279, 0, 5, "ecSignWithmd2" }, /* 278 */
- { 0x04, 280, 0, 5, "ecSignWithmd5" }, /* 279 */
- { 0x05, 297, 1, 5, "ttt-ecg" }, /* 280 */
- { 0x01, 285, 1, 6, "fieldType" }, /* 281 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 282 */
- { 0x01, 0, 1, 8, "basisType" }, /* 283 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 284 */
- { 0x02, 287, 1, 6, "keyType" }, /* 285 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 286 */
- { 0x03, 288, 0, 6, "curve" }, /* 287 */
- { 0x04, 295, 1, 6, "signatures" }, /* 288 */
- { 0x01, 290, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 289 */
- { 0x02, 291, 0, 7, "ecgdsa-with-SHA1" }, /* 290 */
- { 0x03, 292, 0, 7, "ecgdsa-with-SHA224" }, /* 291 */
- { 0x04, 293, 0, 7, "ecgdsa-with-SHA256" }, /* 292 */
- { 0x05, 294, 0, 7, "ecgdsa-with-SHA384" }, /* 293 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 294 */
- { 0x05, 0, 1, 6, "module" }, /* 295 */
- { 0x01, 0, 0, 7, "1" }, /* 296 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 297 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 298 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 299 */
- { 0x01, 301, 0, 8, "brainpoolP160r1" }, /* 300 */
- { 0x02, 302, 0, 8, "brainpoolP160t1" }, /* 301 */
- { 0x03, 303, 0, 8, "brainpoolP192r1" }, /* 302 */
- { 0x04, 304, 0, 8, "brainpoolP192t1" }, /* 303 */
- { 0x05, 305, 0, 8, "brainpoolP224r1" }, /* 304 */
- { 0x06, 306, 0, 8, "brainpoolP224t1" }, /* 305 */
- { 0x07, 307, 0, 8, "brainpoolP256r1" }, /* 306 */
- { 0x08, 308, 0, 8, "brainpoolP256t1" }, /* 307 */
- { 0x09, 309, 0, 8, "brainpoolP320r1" }, /* 308 */
- { 0x0A, 310, 0, 8, "brainpoolP320t1" }, /* 309 */
- { 0x0B, 311, 0, 8, "brainpoolP384r1" }, /* 310 */
- { 0x0C, 312, 0, 8, "brainpoolP384t1" }, /* 311 */
- { 0x0D, 313, 0, 8, "brainpoolP512r1" }, /* 312 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 313 */
- { 0x81, 0, 1, 1, "" }, /* 314 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 315 */
- { 0x00, 0, 1, 3, "curve" }, /* 316 */
- { 0x01, 318, 0, 4, "sect163k1" }, /* 317 */
- { 0x02, 319, 0, 4, "sect163r1" }, /* 318 */
- { 0x03, 320, 0, 4, "sect239k1" }, /* 319 */
- { 0x04, 321, 0, 4, "sect113r1" }, /* 320 */
- { 0x05, 322, 0, 4, "sect113r2" }, /* 321 */
- { 0x06, 323, 0, 4, "secp112r1" }, /* 322 */
- { 0x07, 324, 0, 4, "secp112r2" }, /* 323 */
- { 0x08, 325, 0, 4, "secp160r1" }, /* 324 */
- { 0x09, 326, 0, 4, "secp160k1" }, /* 325 */
- { 0x0A, 327, 0, 4, "secp256k1" }, /* 326 */
- { 0x0F, 328, 0, 4, "sect163r2" }, /* 327 */
- { 0x10, 329, 0, 4, "sect283k1" }, /* 328 */
- { 0x11, 330, 0, 4, "sect283r1" }, /* 329 */
- { 0x16, 331, 0, 4, "sect131r1" }, /* 330 */
- { 0x17, 332, 0, 4, "sect131r2" }, /* 331 */
- { 0x18, 333, 0, 4, "sect193r1" }, /* 332 */
- { 0x19, 334, 0, 4, "sect193r2" }, /* 333 */
- { 0x1A, 335, 0, 4, "sect233k1" }, /* 334 */
- { 0x1B, 336, 0, 4, "sect233r1" }, /* 335 */
- { 0x1C, 337, 0, 4, "secp128r1" }, /* 336 */
- { 0x1D, 338, 0, 4, "secp128r2" }, /* 337 */
- { 0x1E, 339, 0, 4, "secp160r2" }, /* 338 */
- { 0x1F, 340, 0, 4, "secp192k1" }, /* 339 */
- { 0x20, 341, 0, 4, "secp224k1" }, /* 340 */
- { 0x21, 342, 0, 4, "secp224r1" }, /* 341 */
- { 0x22, 343, 0, 4, "secp384r1" }, /* 342 */
- { 0x23, 344, 0, 4, "secp521r1" }, /* 343 */
- { 0x24, 345, 0, 4, "sect409k1" }, /* 344 */
- { 0x25, 346, 0, 4, "sect409r1" }, /* 345 */
- { 0x26, 347, 0, 4, "sect571k1" }, /* 346 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 347 */
- {0x60, 396, 1, 0, "" }, /* 348 */
- { 0x86, 0, 1, 1, "" }, /* 349 */
- { 0x48, 0, 1, 2, "" }, /* 350 */
- { 0x01, 0, 1, 3, "organization" }, /* 351 */
- { 0x65, 372, 1, 4, "gov" }, /* 352 */
- { 0x03, 0, 1, 5, "csor" }, /* 353 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 354 */
- { 0x01, 365, 1, 7, "aes" }, /* 355 */
- { 0x02, 357, 0, 8, "id-aes128-CBC" }, /* 356 */
- { 0x06, 358, 0, 8, "id-aes128-GCM" }, /* 357 */
- { 0x07, 359, 0, 8, "id-aes128-CCM" }, /* 358 */
- { 0x16, 360, 0, 8, "id-aes192-CBC" }, /* 359 */
- { 0x1A, 361, 0, 8, "id-aes192-GCM" }, /* 360 */
- { 0x1B, 362, 0, 8, "id-aes192-CCM" }, /* 361 */
- { 0x2A, 363, 0, 8, "id-aes256-CBC" }, /* 362 */
- { 0x2E, 364, 0, 8, "id-aes256-GCM" }, /* 363 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 364 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 365 */
- { 0x01, 367, 0, 8, "id-SHA-256" }, /* 366 */
- { 0x02, 368, 0, 8, "id-SHA-384" }, /* 367 */
- { 0x03, 369, 0, 8, "id-SHA-512" }, /* 368 */
- { 0x04, 370, 0, 8, "id-SHA-224" }, /* 369 */
- { 0x05, 371, 0, 8, "id-SHA-512-224" }, /* 370 */
- { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 371 */
- { 0x86, 0, 1, 4, "" }, /* 372 */
- { 0xf8, 0, 1, 5, "" }, /* 373 */
- { 0x42, 386, 1, 6, "netscape" }, /* 374 */
- { 0x01, 381, 1, 7, "" }, /* 375 */
- { 0x01, 377, 0, 8, "nsCertType" }, /* 376 */
- { 0x03, 378, 0, 8, "nsRevocationUrl" }, /* 377 */
- { 0x04, 379, 0, 8, "nsCaRevocationUrl" }, /* 378 */
- { 0x08, 380, 0, 8, "nsCaPolicyUrl" }, /* 379 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 380 */
- { 0x03, 384, 1, 7, "directory" }, /* 381 */
- { 0x01, 0, 1, 8, "" }, /* 382 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 383 */
- { 0x04, 0, 1, 7, "policy" }, /* 384 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 385 */
- { 0x45, 0, 1, 6, "verisign" }, /* 386 */
- { 0x01, 0, 1, 7, "pki" }, /* 387 */
- { 0x09, 0, 1, 8, "attributes" }, /* 388 */
- { 0x02, 390, 0, 9, "messageType" }, /* 389 */
- { 0x03, 391, 0, 9, "pkiStatus" }, /* 390 */
- { 0x04, 392, 0, 9, "failInfo" }, /* 391 */
- { 0x05, 393, 0, 9, "senderNonce" }, /* 392 */
- { 0x06, 394, 0, 9, "recipientNonce" }, /* 393 */
- { 0x07, 395, 0, 9, "transID" }, /* 394 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 395 */
- {0x67, 0, 1, 0, "" }, /* 396 */
- { 0x81, 0, 1, 1, "" }, /* 397 */
- { 0x05, 0, 1, 2, "" }, /* 398 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 399 */
- { 0x01, 401, 0, 4, "tcg-at-tpmManufacturer" }, /* 400 */
- { 0x02, 402, 0, 4, "tcg-at-tpmModel" }, /* 401 */
- { 0x03, 403, 0, 4, "tcg-at-tpmVersion" }, /* 402 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 403 */
+ { 0x08, 96, 0, 8, "id-mgf1" }, /* 95 */
+ { 0x09, 97, 0, 8, "id-pSpecified" }, /* 96 */
+ { 0x0B, 98, 0, 8, "sha256WithRSAEncryption" }, /* 97 */
+ { 0x0C, 99, 0, 8, "sha384WithRSAEncryption" }, /* 98 */
+ { 0x0D, 100, 0, 8, "sha512WithRSAEncryption" }, /* 99 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 100 */
+ { 0x05, 106, 1, 7, "PKCS-5" }, /* 101 */
+ { 0x03, 103, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 102 */
+ { 0x0A, 104, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 103 */
+ { 0x0C, 105, 0, 8, "id-PBKDF2" }, /* 104 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 105 */
+ { 0x07, 113, 1, 7, "PKCS-7" }, /* 106 */
+ { 0x01, 108, 0, 8, "data" }, /* 107 */
+ { 0x02, 109, 0, 8, "signedData" }, /* 108 */
+ { 0x03, 110, 0, 8, "envelopedData" }, /* 109 */
+ { 0x04, 111, 0, 8, "signedAndEnvelopedData" }, /* 110 */
+ { 0x05, 112, 0, 8, "digestedData" }, /* 111 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 112 */
+ { 0x09, 127, 1, 7, "PKCS-9" }, /* 113 */
+ { 0x01, 115, 0, 8, "E" }, /* 114 */
+ { 0x02, 116, 0, 8, "unstructuredName" }, /* 115 */
+ { 0x03, 117, 0, 8, "contentType" }, /* 116 */
+ { 0x04, 118, 0, 8, "messageDigest" }, /* 117 */
+ { 0x05, 119, 0, 8, "signingTime" }, /* 118 */
+ { 0x06, 120, 0, 8, "counterSignature" }, /* 119 */
+ { 0x07, 121, 0, 8, "challengePassword" }, /* 120 */
+ { 0x08, 122, 0, 8, "unstructuredAddress" }, /* 121 */
+ { 0x0E, 123, 0, 8, "extensionRequest" }, /* 122 */
+ { 0x0F, 124, 0, 8, "S/MIME Capabilities" }, /* 123 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 124 */
+ { 0x01, 126, 0, 9, "X.509" }, /* 125 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 126 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 127 */
+ { 0x01, 135, 1, 8, "pbeIds" }, /* 128 */
+ { 0x01, 130, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 129 */
+ { 0x02, 131, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 130 */
+ { 0x03, 132, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 131 */
+ { 0x04, 133, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 132 */
+ { 0x05, 134, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 133 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 134 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 135 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 136 */
+ { 0x01, 138, 0, 10, "keyBag" }, /* 137 */
+ { 0x02, 139, 0, 10, "pkcs8ShroudedKeyBag" }, /* 138 */
+ { 0x03, 140, 0, 10, "certBag" }, /* 139 */
+ { 0x04, 141, 0, 10, "crlBag" }, /* 140 */
+ { 0x05, 142, 0, 10, "secretBag" }, /* 141 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 142 */
+ { 0x02, 146, 1, 6, "digestAlgorithm" }, /* 143 */
+ { 0x02, 145, 0, 7, "md2" }, /* 144 */
+ { 0x05, 0, 0, 7, "md5" }, /* 145 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 146 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 147 */
+ { 0xCE, 0, 1, 3, "" }, /* 148 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 149 */
+ { 0x02, 152, 1, 5, "id-publicKeyType" }, /* 150 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 151 */
+ { 0x03, 182, 1, 5, "ellipticCurve" }, /* 152 */
+ { 0x00, 174, 1, 6, "c-TwoCurve" }, /* 153 */
+ { 0x01, 155, 0, 7, "c2pnb163v1" }, /* 154 */
+ { 0x02, 156, 0, 7, "c2pnb163v2" }, /* 155 */
+ { 0x03, 157, 0, 7, "c2pnb163v3" }, /* 156 */
+ { 0x04, 158, 0, 7, "c2pnb176w1" }, /* 157 */
+ { 0x05, 159, 0, 7, "c2tnb191v1" }, /* 158 */
+ { 0x06, 160, 0, 7, "c2tnb191v2" }, /* 159 */
+ { 0x07, 161, 0, 7, "c2tnb191v3" }, /* 160 */
+ { 0x08, 162, 0, 7, "c2onb191v4" }, /* 161 */
+ { 0x09, 163, 0, 7, "c2onb191v5" }, /* 162 */
+ { 0x0A, 164, 0, 7, "c2pnb208w1" }, /* 163 */
+ { 0x0B, 165, 0, 7, "c2tnb239v1" }, /* 164 */
+ { 0x0C, 166, 0, 7, "c2tnb239v2" }, /* 165 */
+ { 0x0D, 167, 0, 7, "c2tnb239v3" }, /* 166 */
+ { 0x0E, 168, 0, 7, "c2onb239v4" }, /* 167 */
+ { 0x0F, 169, 0, 7, "c2onb239v5" }, /* 168 */
+ { 0x10, 170, 0, 7, "c2pnb272w1" }, /* 169 */
+ { 0x11, 171, 0, 7, "c2pnb304w1" }, /* 170 */
+ { 0x12, 172, 0, 7, "c2tnb359v1" }, /* 171 */
+ { 0x13, 173, 0, 7, "c2pnb368w1" }, /* 172 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 173 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 174 */
+ { 0x01, 176, 0, 7, "prime192v1" }, /* 175 */
+ { 0x02, 177, 0, 7, "prime192v2" }, /* 176 */
+ { 0x03, 178, 0, 7, "prime192v3" }, /* 177 */
+ { 0x04, 179, 0, 7, "prime239v1" }, /* 178 */
+ { 0x05, 180, 0, 7, "prime239v2" }, /* 179 */
+ { 0x06, 181, 0, 7, "prime239v3" }, /* 180 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 181 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 182 */
+ { 0x01, 184, 0, 6, "ecdsa-with-SHA1" }, /* 183 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 184 */
+ { 0x01, 186, 0, 7, "ecdsa-with-SHA224" }, /* 185 */
+ { 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */
+ { 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */
+ {0x2B, 372, 1, 0, "" }, /* 189 */
+ { 0x06, 286, 1, 1, "dod" }, /* 190 */
+ { 0x01, 0, 1, 2, "internet" }, /* 191 */
+ { 0x04, 237, 1, 3, "private" }, /* 192 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 193 */
+ { 0x82, 207, 1, 5, "" }, /* 194 */
+ { 0x37, 204, 1, 6, "Microsoft" }, /* 195 */
+ { 0x0A, 200, 1, 7, "" }, /* 196 */
+ { 0x03, 0, 1, 8, "" }, /* 197 */
+ { 0x03, 199, 0, 9, "msSGC" }, /* 198 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 199 */
+ { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 200 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 201 */
+ { 0x02, 203, 0, 9, "msSmartcardLogon" }, /* 202 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 203 */
+ { 0xA0, 0, 1, 6, "" }, /* 204 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 205 */
+ { 0x01, 0, 0, 8, "strongSwan" }, /* 206 */
+ { 0x89, 214, 1, 5, "" }, /* 207 */
+ { 0x31, 0, 1, 6, "" }, /* 208 */
+ { 0x01, 0, 1, 7, "" }, /* 209 */
+ { 0x01, 0, 1, 8, "" }, /* 210 */
+ { 0x02, 0, 1, 9, "" }, /* 211 */
+ { 0x02, 0, 1, 10, "" }, /* 212 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 213 */
+ { 0xc1, 0, 1, 5, "" }, /* 214 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 215 */
+ { 0x01, 0, 1, 7, "eess" }, /* 216 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 217 */
+ { 0x01, 222, 1, 9, "eess1-algs" }, /* 218 */
+ { 0x01, 220, 0, 10, "ntru-EESS1v1-SVES" }, /* 219 */
+ { 0x02, 221, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 220 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 221 */
+ { 0x02, 236, 1, 9, "eess1-params" }, /* 222 */
+ { 0x01, 224, 0, 10, "ees251ep1" }, /* 223 */
+ { 0x02, 225, 0, 10, "ees347ep1" }, /* 224 */
+ { 0x03, 226, 0, 10, "ees503ep1" }, /* 225 */
+ { 0x07, 227, 0, 10, "ees251sp2" }, /* 226 */
+ { 0x0C, 228, 0, 10, "ees251ep4" }, /* 227 */
+ { 0x0D, 229, 0, 10, "ees251ep5" }, /* 228 */
+ { 0x0E, 230, 0, 10, "ees251sp3" }, /* 229 */
+ { 0x0F, 231, 0, 10, "ees251sp4" }, /* 230 */
+ { 0x10, 232, 0, 10, "ees251sp5" }, /* 231 */
+ { 0x11, 233, 0, 10, "ees251sp6" }, /* 232 */
+ { 0x12, 234, 0, 10, "ees251sp7" }, /* 233 */
+ { 0x13, 235, 0, 10, "ees251sp8" }, /* 234 */
+ { 0x14, 0, 0, 10, "ees251sp9" }, /* 235 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 236 */
+ { 0x05, 0, 1, 3, "security" }, /* 237 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 238 */
+ { 0x07, 283, 1, 5, "id-pkix" }, /* 239 */
+ { 0x01, 244, 1, 6, "id-pe" }, /* 240 */
+ { 0x01, 242, 0, 7, "authorityInfoAccess" }, /* 241 */
+ { 0x03, 243, 0, 7, "qcStatements" }, /* 242 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 243 */
+ { 0x02, 247, 1, 6, "id-qt" }, /* 244 */
+ { 0x01, 246, 0, 7, "cps" }, /* 245 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 246 */
+ { 0x03, 257, 1, 6, "id-kp" }, /* 247 */
+ { 0x01, 249, 0, 7, "serverAuth" }, /* 248 */
+ { 0x02, 250, 0, 7, "clientAuth" }, /* 249 */
+ { 0x03, 251, 0, 7, "codeSigning" }, /* 250 */
+ { 0x04, 252, 0, 7, "emailProtection" }, /* 251 */
+ { 0x05, 253, 0, 7, "ipsecEndSystem" }, /* 252 */
+ { 0x06, 254, 0, 7, "ipsecTunnel" }, /* 253 */
+ { 0x07, 255, 0, 7, "ipsecUser" }, /* 254 */
+ { 0x08, 256, 0, 7, "timeStamping" }, /* 255 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 256 */
+ { 0x08, 265, 1, 6, "id-otherNames" }, /* 257 */
+ { 0x01, 259, 0, 7, "personalData" }, /* 258 */
+ { 0x02, 260, 0, 7, "userGroup" }, /* 259 */
+ { 0x03, 261, 0, 7, "id-on-permanentIdentifier" }, /* 260 */
+ { 0x04, 262, 0, 7, "id-on-hardwareModuleName" }, /* 261 */
+ { 0x05, 263, 0, 7, "xmppAddr" }, /* 262 */
+ { 0x06, 264, 0, 7, "id-on-SIM" }, /* 263 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 264 */
+ { 0x0A, 270, 1, 6, "id-aca" }, /* 265 */
+ { 0x01, 267, 0, 7, "authenticationInfo" }, /* 266 */
+ { 0x02, 268, 0, 7, "accessIdentity" }, /* 267 */
+ { 0x03, 269, 0, 7, "chargingIdentity" }, /* 268 */
+ { 0x04, 0, 0, 7, "group" }, /* 269 */
+ { 0x0B, 271, 0, 6, "subjectInfoAccess" }, /* 270 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 271 */
+ { 0x01, 280, 1, 7, "ocsp" }, /* 272 */
+ { 0x01, 274, 0, 8, "basic" }, /* 273 */
+ { 0x02, 275, 0, 8, "nonce" }, /* 274 */
+ { 0x03, 276, 0, 8, "crl" }, /* 275 */
+ { 0x04, 277, 0, 8, "response" }, /* 276 */
+ { 0x05, 278, 0, 8, "noCheck" }, /* 277 */
+ { 0x06, 279, 0, 8, "archiveCutoff" }, /* 278 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 279 */
+ { 0x02, 281, 0, 7, "caIssuers" }, /* 280 */
+ { 0x03, 282, 0, 7, "timeStamping" }, /* 281 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 282 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 283 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 284 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 285 */
+ { 0x0E, 292, 1, 1, "oiw" }, /* 286 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 287 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 288 */
+ { 0x07, 290, 0, 4, "des-cbc" }, /* 289 */
+ { 0x1A, 291, 0, 4, "sha-1" }, /* 290 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 291 */
+ { 0x24, 338, 1, 1, "TeleTrusT" }, /* 292 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 293 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 294 */
+ { 0x01, 299, 1, 4, "rsaSignature" }, /* 295 */
+ { 0x02, 297, 0, 5, "rsaSigWithripemd160" }, /* 296 */
+ { 0x03, 298, 0, 5, "rsaSigWithripemd128" }, /* 297 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 298 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 299 */
+ { 0x01, 301, 0, 5, "ecSignWithsha1" }, /* 300 */
+ { 0x02, 302, 0, 5, "ecSignWithripemd160" }, /* 301 */
+ { 0x03, 303, 0, 5, "ecSignWithmd2" }, /* 302 */
+ { 0x04, 304, 0, 5, "ecSignWithmd5" }, /* 303 */
+ { 0x05, 321, 1, 5, "ttt-ecg" }, /* 304 */
+ { 0x01, 309, 1, 6, "fieldType" }, /* 305 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 306 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 307 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 308 */
+ { 0x02, 311, 1, 6, "keyType" }, /* 309 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 310 */
+ { 0x03, 312, 0, 6, "curve" }, /* 311 */
+ { 0x04, 319, 1, 6, "signatures" }, /* 312 */
+ { 0x01, 314, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 313 */
+ { 0x02, 315, 0, 7, "ecgdsa-with-SHA1" }, /* 314 */
+ { 0x03, 316, 0, 7, "ecgdsa-with-SHA224" }, /* 315 */
+ { 0x04, 317, 0, 7, "ecgdsa-with-SHA256" }, /* 316 */
+ { 0x05, 318, 0, 7, "ecgdsa-with-SHA384" }, /* 317 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 318 */
+ { 0x05, 0, 1, 6, "module" }, /* 319 */
+ { 0x01, 0, 0, 7, "1" }, /* 320 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 321 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 322 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 323 */
+ { 0x01, 325, 0, 8, "brainpoolP160r1" }, /* 324 */
+ { 0x02, 326, 0, 8, "brainpoolP160t1" }, /* 325 */
+ { 0x03, 327, 0, 8, "brainpoolP192r1" }, /* 326 */
+ { 0x04, 328, 0, 8, "brainpoolP192t1" }, /* 327 */
+ { 0x05, 329, 0, 8, "brainpoolP224r1" }, /* 328 */
+ { 0x06, 330, 0, 8, "brainpoolP224t1" }, /* 329 */
+ { 0x07, 331, 0, 8, "brainpoolP256r1" }, /* 330 */
+ { 0x08, 332, 0, 8, "brainpoolP256t1" }, /* 331 */
+ { 0x09, 333, 0, 8, "brainpoolP320r1" }, /* 332 */
+ { 0x0A, 334, 0, 8, "brainpoolP320t1" }, /* 333 */
+ { 0x0B, 335, 0, 8, "brainpoolP384r1" }, /* 334 */
+ { 0x0C, 336, 0, 8, "brainpoolP384t1" }, /* 335 */
+ { 0x0D, 337, 0, 8, "brainpoolP512r1" }, /* 336 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 337 */
+ { 0x81, 0, 1, 1, "" }, /* 338 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 339 */
+ { 0x00, 0, 1, 3, "curve" }, /* 340 */
+ { 0x01, 342, 0, 4, "sect163k1" }, /* 341 */
+ { 0x02, 343, 0, 4, "sect163r1" }, /* 342 */
+ { 0x03, 344, 0, 4, "sect239k1" }, /* 343 */
+ { 0x04, 345, 0, 4, "sect113r1" }, /* 344 */
+ { 0x05, 346, 0, 4, "sect113r2" }, /* 345 */
+ { 0x06, 347, 0, 4, "secp112r1" }, /* 346 */
+ { 0x07, 348, 0, 4, "secp112r2" }, /* 347 */
+ { 0x08, 349, 0, 4, "secp160r1" }, /* 348 */
+ { 0x09, 350, 0, 4, "secp160k1" }, /* 349 */
+ { 0x0A, 351, 0, 4, "secp256k1" }, /* 350 */
+ { 0x0F, 352, 0, 4, "sect163r2" }, /* 351 */
+ { 0x10, 353, 0, 4, "sect283k1" }, /* 352 */
+ { 0x11, 354, 0, 4, "sect283r1" }, /* 353 */
+ { 0x16, 355, 0, 4, "sect131r1" }, /* 354 */
+ { 0x17, 356, 0, 4, "sect131r2" }, /* 355 */
+ { 0x18, 357, 0, 4, "sect193r1" }, /* 356 */
+ { 0x19, 358, 0, 4, "sect193r2" }, /* 357 */
+ { 0x1A, 359, 0, 4, "sect233k1" }, /* 358 */
+ { 0x1B, 360, 0, 4, "sect233r1" }, /* 359 */
+ { 0x1C, 361, 0, 4, "secp128r1" }, /* 360 */
+ { 0x1D, 362, 0, 4, "secp128r2" }, /* 361 */
+ { 0x1E, 363, 0, 4, "secp160r2" }, /* 362 */
+ { 0x1F, 364, 0, 4, "secp192k1" }, /* 363 */
+ { 0x20, 365, 0, 4, "secp224k1" }, /* 364 */
+ { 0x21, 366, 0, 4, "secp224r1" }, /* 365 */
+ { 0x22, 367, 0, 4, "secp384r1" }, /* 366 */
+ { 0x23, 368, 0, 4, "secp521r1" }, /* 367 */
+ { 0x24, 369, 0, 4, "sect409k1" }, /* 368 */
+ { 0x25, 370, 0, 4, "sect409r1" }, /* 369 */
+ { 0x26, 371, 0, 4, "sect571k1" }, /* 370 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 371 */
+ {0x60, 420, 1, 0, "" }, /* 372 */
+ { 0x86, 0, 1, 1, "" }, /* 373 */
+ { 0x48, 0, 1, 2, "" }, /* 374 */
+ { 0x01, 0, 1, 3, "organization" }, /* 375 */
+ { 0x65, 396, 1, 4, "gov" }, /* 376 */
+ { 0x03, 0, 1, 5, "csor" }, /* 377 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 378 */
+ { 0x01, 389, 1, 7, "aes" }, /* 379 */
+ { 0x02, 381, 0, 8, "id-aes128-CBC" }, /* 380 */
+ { 0x06, 382, 0, 8, "id-aes128-GCM" }, /* 381 */
+ { 0x07, 383, 0, 8, "id-aes128-CCM" }, /* 382 */
+ { 0x16, 384, 0, 8, "id-aes192-CBC" }, /* 383 */
+ { 0x1A, 385, 0, 8, "id-aes192-GCM" }, /* 384 */
+ { 0x1B, 386, 0, 8, "id-aes192-CCM" }, /* 385 */
+ { 0x2A, 387, 0, 8, "id-aes256-CBC" }, /* 386 */
+ { 0x2E, 388, 0, 8, "id-aes256-GCM" }, /* 387 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 388 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 389 */
+ { 0x01, 391, 0, 8, "id-SHA-256" }, /* 390 */
+ { 0x02, 392, 0, 8, "id-SHA-384" }, /* 391 */
+ { 0x03, 393, 0, 8, "id-SHA-512" }, /* 392 */
+ { 0x04, 394, 0, 8, "id-SHA-224" }, /* 393 */
+ { 0x05, 395, 0, 8, "id-SHA-512-224" }, /* 394 */
+ { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 395 */
+ { 0x86, 0, 1, 4, "" }, /* 396 */
+ { 0xf8, 0, 1, 5, "" }, /* 397 */
+ { 0x42, 410, 1, 6, "netscape" }, /* 398 */
+ { 0x01, 405, 1, 7, "" }, /* 399 */
+ { 0x01, 401, 0, 8, "nsCertType" }, /* 400 */
+ { 0x03, 402, 0, 8, "nsRevocationUrl" }, /* 401 */
+ { 0x04, 403, 0, 8, "nsCaRevocationUrl" }, /* 402 */
+ { 0x08, 404, 0, 8, "nsCaPolicyUrl" }, /* 403 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 404 */
+ { 0x03, 408, 1, 7, "directory" }, /* 405 */
+ { 0x01, 0, 1, 8, "" }, /* 406 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 407 */
+ { 0x04, 0, 1, 7, "policy" }, /* 408 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 409 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 410 */
+ { 0x01, 0, 1, 7, "pki" }, /* 411 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 412 */
+ { 0x02, 414, 0, 9, "messageType" }, /* 413 */
+ { 0x03, 415, 0, 9, "pkiStatus" }, /* 414 */
+ { 0x04, 416, 0, 9, "failInfo" }, /* 415 */
+ { 0x05, 417, 0, 9, "senderNonce" }, /* 416 */
+ { 0x06, 418, 0, 9, "recipientNonce" }, /* 417 */
+ { 0x07, 419, 0, 9, "transID" }, /* 418 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 419 */
+ {0x67, 0, 1, 0, "" }, /* 420 */
+ { 0x81, 0, 1, 1, "" }, /* 421 */
+ { 0x05, 0, 1, 2, "" }, /* 422 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 423 */
+ { 0x01, 425, 0, 4, "tcg-at-tpmManufacturer" }, /* 424 */
+ { 0x02, 426, 0, 4, "tcg-at-tpmModel" }, /* 425 */
+ { 0x03, 427, 0, 4, "tcg-at-tpmVersion" }, /* 426 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 427 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 236c867..14f774a 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -69,170 +69,170 @@ extern const oid_t oid_names[];
#define OID_MD5_WITH_RSA 92
#define OID_SHA1_WITH_RSA 93
#define OID_RSAES_OAEP 94
-#define OID_SHA256_WITH_RSA 96
-#define OID_SHA384_WITH_RSA 97
-#define OID_SHA512_WITH_RSA 98
-#define OID_SHA224_WITH_RSA 99
-#define OID_PBE_MD5_DES_CBC 101
-#define OID_PBE_SHA1_DES_CBC 102
-#define OID_PBKDF2 103
-#define OID_PBES2 104
-#define OID_PKCS7_DATA 106
-#define OID_PKCS7_SIGNED_DATA 107
-#define OID_PKCS7_ENVELOPED_DATA 108
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 109
-#define OID_PKCS7_DIGESTED_DATA 110
-#define OID_PKCS7_ENCRYPTED_DATA 111
-#define OID_EMAIL_ADDRESS 113
-#define OID_UNSTRUCTURED_NAME 114
-#define OID_PKCS9_CONTENT_TYPE 115
-#define OID_PKCS9_MESSAGE_DIGEST 116
-#define OID_PKCS9_SIGNING_TIME 117
-#define OID_CHALLENGE_PASSWORD 119
-#define OID_UNSTRUCTURED_ADDRESS 120
-#define OID_EXTENSION_REQUEST 121
-#define OID_X509_CERTIFICATE 124
-#define OID_PBE_SHA1_RC4_128 128
-#define OID_PBE_SHA1_RC4_40 129
-#define OID_PBE_SHA1_3DES_CBC 130
-#define OID_PBE_SHA1_3DES_2KEY_CBC 131
-#define OID_PBE_SHA1_RC2_CBC_128 132
-#define OID_PBE_SHA1_RC2_CBC_40 133
-#define OID_P12_KEY_BAG 136
-#define OID_P12_PKCS8_KEY_BAG 137
-#define OID_P12_CERT_BAG 138
-#define OID_P12_CRL_BAG 139
-#define OID_MD2 143
-#define OID_MD5 144
-#define OID_3DES_EDE_CBC 146
-#define OID_EC_PUBLICKEY 150
-#define OID_C2PNB163V1 153
-#define OID_C2PNB163V2 154
-#define OID_C2PNB163V3 155
-#define OID_C2PNB176W1 156
-#define OID_C2PNB191V1 157
-#define OID_C2PNB191V2 158
-#define OID_C2PNB191V3 159
-#define OID_C2PNB191V4 160
-#define OID_C2PNB191V5 161
-#define OID_C2PNB208W1 162
-#define OID_C2PNB239V1 163
-#define OID_C2PNB239V2 164
-#define OID_C2PNB239V3 165
-#define OID_C2PNB239V4 166
-#define OID_C2PNB239V5 167
-#define OID_C2PNB272W1 168
-#define OID_C2PNB304W1 169
-#define OID_C2PNB359V1 170
-#define OID_C2PNB368W1 171
-#define OID_C2PNB431R1 172
-#define OID_PRIME192V1 174
-#define OID_PRIME192V2 175
-#define OID_PRIME192V3 176
-#define OID_PRIME239V1 177
-#define OID_PRIME239V2 178
-#define OID_PRIME239V3 179
-#define OID_PRIME256V1 180
-#define OID_ECDSA_WITH_SHA1 182
-#define OID_ECDSA_WITH_SHA224 184
-#define OID_ECDSA_WITH_SHA256 185
-#define OID_ECDSA_WITH_SHA384 186
-#define OID_ECDSA_WITH_SHA512 187
-#define OID_USER_PRINCIPAL_NAME 202
-#define OID_STRONGSWAN 205
-#define OID_TCGID 212
-#define OID_AUTHORITY_INFO_ACCESS 217
-#define OID_IP_ADDR_BLOCKS 219
-#define OID_POLICY_QUALIFIER_CPS 221
-#define OID_POLICY_QUALIFIER_UNOTICE 222
-#define OID_SERVER_AUTH 224
-#define OID_CLIENT_AUTH 225
-#define OID_OCSP_SIGNING 232
-#define OID_XMPP_ADDR 238
-#define OID_AUTHENTICATION_INFO 242
-#define OID_ACCESS_IDENTITY 243
-#define OID_CHARGING_IDENTITY 244
-#define OID_GROUP 245
-#define OID_OCSP 248
-#define OID_BASIC 249
-#define OID_NONCE 250
-#define OID_CRL 251
-#define OID_RESPONSE 252
-#define OID_NO_CHECK 253
-#define OID_ARCHIVE_CUTOFF 254
-#define OID_SERVICE_LOCATOR 255
-#define OID_CA_ISSUERS 256
-#define OID_IKE_INTERMEDIATE 261
-#define OID_DES_CBC 265
-#define OID_SHA1 266
-#define OID_SHA1_WITH_RSA_OIW 267
-#define OID_ECGDSA_PUBKEY 286
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 289
-#define OID_ECGDSA_SIG_WITH_SHA1 290
-#define OID_ECGDSA_SIG_WITH_SHA224 291
-#define OID_ECGDSA_SIG_WITH_SHA256 292
-#define OID_ECGDSA_SIG_WITH_SHA384 293
-#define OID_ECGDSA_SIG_WITH_SHA512 294
-#define OID_SECT163K1 317
-#define OID_SECT163R1 318
-#define OID_SECT239K1 319
-#define OID_SECT113R1 320
-#define OID_SECT113R2 321
-#define OID_SECT112R1 322
-#define OID_SECT112R2 323
-#define OID_SECT160R1 324
-#define OID_SECT160K1 325
-#define OID_SECT256K1 326
-#define OID_SECT163R2 327
-#define OID_SECT283K1 328
-#define OID_SECT283R1 329
-#define OID_SECT131R1 330
-#define OID_SECT131R2 331
-#define OID_SECT193R1 332
-#define OID_SECT193R2 333
-#define OID_SECT233K1 334
-#define OID_SECT233R1 335
-#define OID_SECT128R1 336
-#define OID_SECT128R2 337
-#define OID_SECT160R2 338
-#define OID_SECT192K1 339
-#define OID_SECT224K1 340
-#define OID_SECT224R1 341
-#define OID_SECT384R1 342
-#define OID_SECT521R1 343
-#define OID_SECT409K1 344
-#define OID_SECT409R1 345
-#define OID_SECT571K1 346
-#define OID_SECT571R1 347
-#define OID_AES128_CBC 356
-#define OID_AES128_GCM 357
-#define OID_AES128_CCM 358
-#define OID_AES192_CBC 359
-#define OID_AES192_GCM 360
-#define OID_AES192_CCM 361
-#define OID_AES256_CBC 362
-#define OID_AES256_GCM 363
-#define OID_AES256_CCM 364
-#define OID_SHA256 366
-#define OID_SHA384 367
-#define OID_SHA512 368
-#define OID_SHA224 369
-#define OID_NS_REVOCATION_URL 377
-#define OID_NS_CA_REVOCATION_URL 378
-#define OID_NS_CA_POLICY_URL 379
-#define OID_NS_COMMENT 380
-#define OID_EMPLOYEE_NUMBER 383
-#define OID_PKI_MESSAGE_TYPE 389
-#define OID_PKI_STATUS 390
-#define OID_PKI_FAIL_INFO 391
-#define OID_PKI_SENDER_NONCE 392
-#define OID_PKI_RECIPIENT_NONCE 393
-#define OID_PKI_TRANS_ID 394
-#define OID_TPM_MANUFACTURER 400
-#define OID_TPM_MODEL 401
-#define OID_TPM_VERSION 402
-#define OID_TPM_ID_LABEL 403
+#define OID_SHA256_WITH_RSA 97
+#define OID_SHA384_WITH_RSA 98
+#define OID_SHA512_WITH_RSA 99
+#define OID_SHA224_WITH_RSA 100
+#define OID_PBE_MD5_DES_CBC 102
+#define OID_PBE_SHA1_DES_CBC 103
+#define OID_PBKDF2 104
+#define OID_PBES2 105
+#define OID_PKCS7_DATA 107
+#define OID_PKCS7_SIGNED_DATA 108
+#define OID_PKCS7_ENVELOPED_DATA 109
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 110
+#define OID_PKCS7_DIGESTED_DATA 111
+#define OID_PKCS7_ENCRYPTED_DATA 112
+#define OID_EMAIL_ADDRESS 114
+#define OID_UNSTRUCTURED_NAME 115
+#define OID_PKCS9_CONTENT_TYPE 116
+#define OID_PKCS9_MESSAGE_DIGEST 117
+#define OID_PKCS9_SIGNING_TIME 118
+#define OID_CHALLENGE_PASSWORD 120
+#define OID_UNSTRUCTURED_ADDRESS 121
+#define OID_EXTENSION_REQUEST 122
+#define OID_X509_CERTIFICATE 125
+#define OID_PBE_SHA1_RC4_128 129
+#define OID_PBE_SHA1_RC4_40 130
+#define OID_PBE_SHA1_3DES_CBC 131
+#define OID_PBE_SHA1_3DES_2KEY_CBC 132
+#define OID_PBE_SHA1_RC2_CBC_128 133
+#define OID_PBE_SHA1_RC2_CBC_40 134
+#define OID_P12_KEY_BAG 137
+#define OID_P12_PKCS8_KEY_BAG 138
+#define OID_P12_CERT_BAG 139
+#define OID_P12_CRL_BAG 140
+#define OID_MD2 144
+#define OID_MD5 145
+#define OID_3DES_EDE_CBC 147
+#define OID_EC_PUBLICKEY 151
+#define OID_C2PNB163V1 154
+#define OID_C2PNB163V2 155
+#define OID_C2PNB163V3 156
+#define OID_C2PNB176W1 157
+#define OID_C2PNB191V1 158
+#define OID_C2PNB191V2 159
+#define OID_C2PNB191V3 160
+#define OID_C2PNB191V4 161
+#define OID_C2PNB191V5 162
+#define OID_C2PNB208W1 163
+#define OID_C2PNB239V1 164
+#define OID_C2PNB239V2 165
+#define OID_C2PNB239V3 166
+#define OID_C2PNB239V4 167
+#define OID_C2PNB239V5 168
+#define OID_C2PNB272W1 169
+#define OID_C2PNB304W1 170
+#define OID_C2PNB359V1 171
+#define OID_C2PNB368W1 172
+#define OID_C2PNB431R1 173
+#define OID_PRIME192V1 175
+#define OID_PRIME192V2 176
+#define OID_PRIME192V3 177
+#define OID_PRIME239V1 178
+#define OID_PRIME239V2 179
+#define OID_PRIME239V3 180
+#define OID_PRIME256V1 181
+#define OID_ECDSA_WITH_SHA1 183
+#define OID_ECDSA_WITH_SHA224 185
+#define OID_ECDSA_WITH_SHA256 186
+#define OID_ECDSA_WITH_SHA384 187
+#define OID_ECDSA_WITH_SHA512 188
+#define OID_USER_PRINCIPAL_NAME 203
+#define OID_STRONGSWAN 206
+#define OID_TCGID 213
+#define OID_AUTHORITY_INFO_ACCESS 241
+#define OID_IP_ADDR_BLOCKS 243
+#define OID_POLICY_QUALIFIER_CPS 245
+#define OID_POLICY_QUALIFIER_UNOTICE 246
+#define OID_SERVER_AUTH 248
+#define OID_CLIENT_AUTH 249
+#define OID_OCSP_SIGNING 256
+#define OID_XMPP_ADDR 262
+#define OID_AUTHENTICATION_INFO 266
+#define OID_ACCESS_IDENTITY 267
+#define OID_CHARGING_IDENTITY 268
+#define OID_GROUP 269
+#define OID_OCSP 272
+#define OID_BASIC 273
+#define OID_NONCE 274
+#define OID_CRL 275
+#define OID_RESPONSE 276
+#define OID_NO_CHECK 277
+#define OID_ARCHIVE_CUTOFF 278
+#define OID_SERVICE_LOCATOR 279
+#define OID_CA_ISSUERS 280
+#define OID_IKE_INTERMEDIATE 285
+#define OID_DES_CBC 289
+#define OID_SHA1 290
+#define OID_SHA1_WITH_RSA_OIW 291
+#define OID_ECGDSA_PUBKEY 310
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 313
+#define OID_ECGDSA_SIG_WITH_SHA1 314
+#define OID_ECGDSA_SIG_WITH_SHA224 315
+#define OID_ECGDSA_SIG_WITH_SHA256 316
+#define OID_ECGDSA_SIG_WITH_SHA384 317
+#define OID_ECGDSA_SIG_WITH_SHA512 318
+#define OID_SECT163K1 341
+#define OID_SECT163R1 342
+#define OID_SECT239K1 343
+#define OID_SECT113R1 344
+#define OID_SECT113R2 345
+#define OID_SECT112R1 346
+#define OID_SECT112R2 347
+#define OID_SECT160R1 348
+#define OID_SECT160K1 349
+#define OID_SECT256K1 350
+#define OID_SECT163R2 351
+#define OID_SECT283K1 352
+#define OID_SECT283R1 353
+#define OID_SECT131R1 354
+#define OID_SECT131R2 355
+#define OID_SECT193R1 356
+#define OID_SECT193R2 357
+#define OID_SECT233K1 358
+#define OID_SECT233R1 359
+#define OID_SECT128R1 360
+#define OID_SECT128R2 361
+#define OID_SECT160R2 362
+#define OID_SECT192K1 363
+#define OID_SECT224K1 364
+#define OID_SECT224R1 365
+#define OID_SECT384R1 366
+#define OID_SECT521R1 367
+#define OID_SECT409K1 368
+#define OID_SECT409R1 369
+#define OID_SECT571K1 370
+#define OID_SECT571R1 371
+#define OID_AES128_CBC 380
+#define OID_AES128_GCM 381
+#define OID_AES128_CCM 382
+#define OID_AES192_CBC 383
+#define OID_AES192_GCM 384
+#define OID_AES192_CCM 385
+#define OID_AES256_CBC 386
+#define OID_AES256_GCM 387
+#define OID_AES256_CCM 388
+#define OID_SHA256 390
+#define OID_SHA384 391
+#define OID_SHA512 392
+#define OID_SHA224 393
+#define OID_NS_REVOCATION_URL 401
+#define OID_NS_CA_REVOCATION_URL 402
+#define OID_NS_CA_POLICY_URL 403
+#define OID_NS_COMMENT 404
+#define OID_EMPLOYEE_NUMBER 407
+#define OID_PKI_MESSAGE_TYPE 413
+#define OID_PKI_STATUS 414
+#define OID_PKI_FAIL_INFO 415
+#define OID_PKI_SENDER_NONCE 416
+#define OID_PKI_RECIPIENT_NONCE 417
+#define OID_PKI_TRANS_ID 418
+#define OID_TPM_MANUFACTURER 424
+#define OID_TPM_MODEL 425
+#define OID_TPM_VERSION 426
+#define OID_TPM_ID_LABEL 427
-#define OID_MAX 404
+#define OID_MAX 428
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 740dc50..c15a1cc 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -93,6 +93,7 @@
0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA
0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA
0x07 "id-RSAES-OAEP" OID_RSAES_OAEP
+ 0x08 "id-mgf1"
0x09 "id-pSpecified"
0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA
0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA
@@ -211,6 +212,29 @@
0x02 ""
0x02 ""
0x4B "TCGID" OID_TCGID
+ 0xc1 ""
+ 0x16 "ntruCryptosystems"
+ 0x01 "eess"
+ 0x01 "eess1"
+ 0x01 "eess1-algs"
+ 0x01 "ntru-EESS1v1-SVES"
+ 0x02 "ntru-EESS1v1-SVSSA"
+ 0x03 "ntru-EESS1v1-NTRUSign"
+ 0x02 "eess1-params"
+ 0x01 "ees251ep1"
+ 0x02 "ees347ep1"
+ 0x03 "ees503ep1"
+ 0x07 "ees251sp2"
+ 0x0C "ees251ep4"
+ 0x0D "ees251ep5"
+ 0x0E "ees251sp3"
+ 0x0F "ees251sp4"
+ 0x10 "ees251sp5"
+ 0x11 "ees251sp6"
+ 0x12 "ees251sp7"
+ 0x13 "ees251sp8"
+ 0x14 "ees251sp9"
+ 0x03 "eess1-encodingMethods"
0x05 "security"
0x05 "mechanisms"
0x07 "id-pkix"
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index 387e2a5..314e8e9 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -13,8 +16,15 @@
* for more details.
*/
+#define _GNU_SOURCE /* for qsort_r() */
+#include <stdlib.h>
+
#include "array.h"
+#ifndef HAVE_QSORT_R
+#include <threading/thread_value.h>
+#endif
+
/**
* Data is an allocated block, with potentially unused head and tail:
*
@@ -43,6 +53,11 @@ struct array_t {
void *data;
};
+#ifndef HAVE_QSORT_R
+ /* store data to replicate qsort_r in thread local storage */
+ static thread_value_t *sort_data;
+#endif
+
/** maximum number of unused head/tail elements before cleanup */
#define ARRAY_MAX_UNUSED 32
@@ -314,7 +329,7 @@ void array_insert(array_t *array, int idx, void *data)
}
}
-bool array_remove(array_t *array, int idx, void *data)
+bool array_get(array_t *array, int idx, void *data)
{
if (!array)
{
@@ -337,12 +352,25 @@ bool array_remove(array_t *array, int idx, void *data)
memcpy(data, array->data + get_size(array, array->head + idx),
get_size(array, 1));
}
+ return TRUE;
+}
+
+bool array_remove(array_t *array, int idx, void *data)
+{
+ if (!array_get(array, idx, data))
+ {
+ return FALSE;
+ }
if (idx > array_count(array) / 2)
{
remove_tail(array, idx);
}
else
{
+ if (idx < 0)
+ {
+ idx = array_count(array) - 1;
+ }
remove_head(array, idx);
}
if (array->head + array->tail > ARRAY_MAX_UNUSED)
@@ -352,6 +380,113 @@ bool array_remove(array_t *array, int idx, void *data)
return TRUE;
}
+typedef struct {
+ /** the array */
+ array_t *array;
+ /** comparison function */
+ int (*cmp)(const void*,const void*,void*);
+ /** optional user arg */
+ void *arg;
+} sort_data_t;
+
+#ifdef HAVE_QSORT_R_GNU
+static int compare_elements(const void *a, const void *b, void *arg)
+#elif defined(HAVE_QSORT_R_BSD)
+static int compare_elements(void *arg, const void *a, const void *b)
+#else /* !HAVE_QSORT_R */
+static int compare_elements(const void *a, const void *b)
+#endif
+{
+#ifdef HAVE_QSORT_R
+ sort_data_t *data = (sort_data_t*)arg;
+#else
+ sort_data_t *data = sort_data->get(sort_data);
+#endif
+
+ if (data->array->esize)
+ {
+ return data->cmp(a, b, data->arg);
+ }
+ return data->cmp(*(void**)a, *(void**)b, data->arg);
+}
+
+void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*),
+ void *user)
+{
+ if (array)
+ {
+ sort_data_t data = {
+ .array = array,
+ .cmp = cmp,
+ .arg = user,
+ };
+ void *start;
+
+ start = array->data + get_size(array, array->head);
+
+#ifdef HAVE_QSORT_R_GNU
+ qsort_r(start, array->count, get_size(array, 1), compare_elements,
+ &data);
+#elif defined(HAVE_QSORT_R_BSD)
+ qsort_r(start, array->count, get_size(array, 1), &data,
+ compare_elements);
+#else /* !HAVE_QSORT_R */
+ sort_data->set(sort_data, &data);
+ qsort(start, array->count, get_size(array, 1), compare_elements);
+#endif
+ }
+}
+
+typedef struct {
+ /** the array */
+ array_t *array;
+ /** the key */
+ const void *key;
+ /** comparison function */
+ int (*cmp)(const void*,const void*);
+} bsearch_data_t;
+
+static int search_elements(const void *a, const void *b)
+{
+ bsearch_data_t *data = (bsearch_data_t*)a;
+
+ if (data->array->esize)
+ {
+ return data->cmp(data->key, b);
+ }
+ return data->cmp(data->key, *(void**)b);
+}
+
+int array_bsearch(array_t *array, const void *key,
+ int (*cmp)(const void*,const void*), void *out)
+{
+ int idx = -1;
+
+ if (array)
+ {
+ bsearch_data_t data = {
+ .array = array,
+ .key = key,
+ .cmp = cmp,
+ };
+ void *start, *item;
+
+ start = array->data + get_size(array, array->head);
+
+ item = bsearch(&data, start, array->count, get_size(array, 1),
+ search_elements);
+ if (item)
+ {
+ if (out)
+ {
+ memcpy(out, item, get_size(array, 1));
+ }
+ idx = (item - start) / get_size(array, 1);
+ }
+ }
+ return idx;
+}
+
void array_invoke(array_t *array, array_callback_t cb, void *user)
{
if (array)
@@ -414,3 +549,17 @@ void array_destroy_offset(array_t *array, size_t offset)
array_invoke_offset(array, offset);
array_destroy(array);
}
+
+void arrays_init()
+{
+#ifndef HAVE_QSORT_R
+ sort_data = thread_value_create(NULL);
+#endif
+}
+
+void arrays_deinit()
+{
+#ifndef HAVE_QSORT_R
+ sort_data->destroy(sort_data);
+#endif
+}
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index 0dc7b22..ce702eb 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -87,7 +90,7 @@ void array_compress(array_t *array);
* The enumerater enumerates directly over the array element (pass a pointer to
* element types), unless the array is pointer based. If zero is passed as
* element size during construction, the enumerator enumerates over the
- * deferenced pointer values.
+ * dereferenced pointer values.
*
* @param array array to create enumerator for, or NULL
* @return enumerator, over elements or pointers
@@ -140,6 +143,18 @@ void array_insert_create(array_t **array, int idx, void *ptr);
void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator);
/**
+ * Get an element from the array.
+ *
+ * If data is given, the element is copied to that position.
+ *
+ * @param array array to get element from, or NULL
+ * @param idx index of the item to get
+ * @param data data to copy element to, or NULL
+ * @return TRUE if idx valid and item returned
+ */
+bool array_get(array_t *array, int idx, void *data);
+
+/**
* Remove an element from the array.
*
* If data is given, the element is copied to that position.
@@ -152,6 +167,50 @@ void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator);
bool array_remove(array_t *array, int idx, void *data);
/**
+ * Sort the array.
+ *
+ * The comparison function must return an integer less than, equal to, or
+ * greater than zero if the first argument is considered to be respectively less
+ * than, equal to, or greater than the second. If two elements compare as
+ * equal, their order in the sorted array is undefined.
+ *
+ * The comparison function receives pointers to the array elements (esize != 0)
+ * or the actual pointers (esize = 0). The third argument is the user data
+ * supplied to this function.
+ *
+ * @param array array to sort, or NULL
+ * @param cmp comparison function
+ * @param user user data to pass to comparison function
+ */
+void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*),
+ void *user);
+
+/**
+ * Binary search of a sorted array.
+ *
+ * The array should be sorted in ascending order according to the given
+ * comparison function.
+ *
+ * The comparison function must return an integer less than, equal to, or
+ * greater than zero if the first argument (the key) is considered to be
+ * respectively less than, equal to, or greater than the second.
+ *
+ * If there are multiple elements that match the key it is not specified which
+ * element is returned.
+ *
+ * The comparison function receives the key object and a pointer to an array
+ * element (esize != 0) or an actual pointer (esize = 0).
+ *
+ * @param array array to search, or NULL
+ * @param key key to search for
+ * @param cmp comparison function
+ * @param data data to copy element to, or NULL
+ * @return index of the element if found, -1 if not
+ */
+int array_bsearch(array_t *array, const void *key,
+ int (*cmp)(const void*,const void*), void *data);
+
+/**
* Invoke a callback for all array members.
*
* @param array array to traverse, or NULL
@@ -192,4 +251,16 @@ void array_destroy_function(array_t *array, array_callback_t cb, void *user);
*/
void array_destroy_offset(array_t *array, size_t offset);
+
+/**
+ * Required on some platforms to initialize thread local value to implement
+ * array_sort().
+ */
+void arrays_init();
+
+/**
+ * Destroys the thread local value if required.
+ */
+void arrays_deinit();
+
#endif /** ARRAY_H_ @}*/
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index de19c8d..3ec0714 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1349,7 +1349,7 @@ credential_manager_t *credential_manager_create()
this->local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
this->exclusive_local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
- if (lib->settings->get_bool(lib->settings, "libstrongswan.cert_cache", TRUE))
+ if (lib->settings->get_bool(lib->settings, "%s.cert_cache", TRUE, lib->ns))
{
this->cache = cert_cache_create();
this->sets->insert_first(this->sets, this->cache);
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index edcabfe..dba3f6f 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -967,11 +967,11 @@ crypto_factory_t *crypto_factory_create()
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.tester = crypto_tester_create(),
.test_on_add = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_add", FALSE),
+ "%s.crypto_test.on_add", FALSE, lib->ns),
.test_on_create = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_create", FALSE),
+ "%s.crypto_test.on_create", FALSE, lib->ns),
.bench = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.bench", FALSE),
+ "%s.crypto_test.bench", FALSE, lib->ns),
);
return &this->public;
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 5a0dccc..30724b1 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1207,13 +1207,13 @@ crypto_tester_t *crypto_tester_create()
.rng = linked_list_create(),
.required = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.required", FALSE),
+ "%s.crypto_test.required", FALSE, lib->ns),
.rng_true = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.rng_true", FALSE),
+ "%s.crypto_test.rng_true", FALSE, lib->ns),
.bench_time = lib->settings->get_int(lib->settings,
- "libstrongswan.crypto_test.bench_time", 50),
+ "%s.crypto_test.bench_time", 50, lib->ns),
.bench_size = lib->settings->get_int(lib->settings,
- "libstrongswan.crypto_test.bench_size", 1024),
+ "%s.crypto_test.bench_size", 1024, lib->ns),
);
/* enforce a block size of 16, should be fine for all algorithms */
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 3d319d2..5c1d08d 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -45,7 +45,12 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
"MODP_NULL",
"MODP_CUSTOM");
-ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
+ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM,
+ "NTRU_112",
+ "NTRU_128",
+ "NTRU_192",
+ "NTRU_256");
+ENUM_END(diffie_hellman_group_names, NTRU_256_BIT);
/**
@@ -439,7 +444,7 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
{
if (!dh_params[i].public.subgroup.len &&
lib->settings->get_int(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
{
dh_params[i].public.exp_len = dh_params[i].public.prime.len;
}
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index edf6bbd..00d7003 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -64,6 +64,11 @@ enum diffie_hellman_group_t {
MODP_NULL = 1024,
/** MODP group with custom generator/prime */
MODP_CUSTOM = 1025,
+ /** Parameters defined by IEEE 1363.1, in PRIVATE USE */
+ NTRU_112_BIT = 1030,
+ NTRU_128_BIT = 1031,
+ NTRU_192_BIT = 1032,
+ NTRU_256_BIT = 1033
};
/**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 4db504e..bbb97d0 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -56,6 +56,11 @@ struct private_proposal_keywords_t {
linked_list_t * tokens;
/**
+ * registered algname parsers, as proposal_algname_parser_t
+ */
+ linked_list_t *parsers;
+
+ /**
* rwlock to lock access to modules
*/
rwlock_t *lock;
@@ -85,11 +90,46 @@ static const proposal_token_t* find_token(private_proposal_keywords_t *this,
return found;
}
+/**
+ * Parse the given algorithm into a token with user defined parser functions.
+ */
+static const proposal_token_t* parse_token(private_proposal_keywords_t *this,
+ const char *str)
+{
+ proposal_algname_parser_t parser;
+ enumerator_t *enumerator;
+ proposal_token_t *found = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->parsers->create_enumerator(this->parsers);
+ while (enumerator->enumerate(enumerator, &parser))
+ {
+ found = parser(str);
+ if (found)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return found;
+}
+
METHOD(proposal_keywords_t, get_token, const proposal_token_t*,
private_proposal_keywords_t *this, const char *str)
{
- const proposal_token_t *token = proposal_get_token_static(str, strlen(str));
- return token ?: find_token(this, str);
+ const proposal_token_t *token;
+
+ token = proposal_get_token_static(str, strlen(str));
+ if (!token)
+ {
+ token = find_token(this, str);
+ }
+ if (!token)
+ {
+ token = parse_token(this, str);
+ }
+ return token;
}
METHOD(proposal_keywords_t, register_token, void,
@@ -110,6 +150,14 @@ METHOD(proposal_keywords_t, register_token, void,
this->lock->unlock(this->lock);
}
+METHOD(proposal_keywords_t, register_algname_parser, void,
+ private_proposal_keywords_t *this, proposal_algname_parser_t parser)
+{
+ this->lock->write_lock(this->lock);
+ this->tokens->insert_first(this->parsers, parser);
+ this->lock->unlock(this->lock);
+}
+
METHOD(proposal_keywords_t, destroy, void,
private_proposal_keywords_t *this)
{
@@ -121,6 +169,7 @@ METHOD(proposal_keywords_t, destroy, void,
free(token);
}
this->tokens->destroy(this->tokens);
+ this->parsers->destroy(this->parsers);
this->lock->destroy(this->lock);
free(this);
}
@@ -136,9 +185,11 @@ proposal_keywords_t *proposal_keywords_create()
.public = {
.get_token = _get_token,
.register_token = _register_token,
+ .register_algname_parser = _register_algname_parser,
.destroy = _destroy,
},
.tokens = linked_list_create(),
+ .parsers = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index d6107ab..5cdbafc 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -46,6 +46,8 @@
typedef struct proposal_token_t proposal_token_t;
typedef struct proposal_keywords_t proposal_keywords_t;
+typedef proposal_token_t*(*proposal_algname_parser_t)(const char *algname);
+
#include <library.h>
#include <crypto/transform.h>
@@ -102,6 +104,17 @@ struct proposal_keywords_t {
u_int16_t keysize);
/**
+ * Register an algorithm name parser.
+ *
+ * It is meant to parse an algorithm name into a proposal token in a
+ * generic, user defined way.
+ *
+ * @param parser a pointer to the parser function
+ */
+ void (*register_algname_parser)(proposal_keywords_t *this,
+ proposal_algname_parser_t parser);
+
+ /**
* Destroy a proposal_keywords_t instance.
*/
void (*destroy)(proposal_keywords_t *this);
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index a238f64..1da1421 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -1,6 +1,6 @@
/* C code produced by gperf version 3.0.4 */
/* Command-line: /usr/bin/gperf -N proposal_get_token_static -m 10 -C -G -c -t -D */
-/* Computed positions: -k'1,5,7,10,15,$' */
+/* Computed positions: -k'1,5-7,10,15,$' */
#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
&& ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
@@ -31,8 +31,8 @@ error "gperf generated tables don't work with this execution character set. Plea
/*
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * Copyright (C) 2009-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 134
+#define TOTAL_KEYWORDS 138
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 4
-#define MAX_HASH_VALUE 215
-/* maximum key range = 212, duplicates = 0 */
+#define MIN_HASH_VALUE 20
+#define MAX_HASH_VALUE 295
+/* maximum key range = 276, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -78,34 +78,34 @@ hash (str, len)
register const char *str;
register unsigned int len;
{
- static const unsigned char asso_values[] =
+ static const unsigned short asso_values[] =
{
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 0, 4,
- 1, 21, 15, 13, 9, 16, 2, 0, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 76, 216, 2, 28, 16,
- 0, 39, 112, 42, 31, 0, 216, 216, 0, 9,
- 100, 0, 7, 20, 95, 12, 44, 55, 216, 216,
- 1, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 47, 6,
+ 15, 8, 64, 24, 12, 14, 7, 5, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 120, 296, 9, 5, 22,
+ 48, 114, 28, 76, 6, 5, 296, 296, 5, 20,
+ 7, 14, 82, 7, 81, 98, 10, 86, 296, 296,
+ 5, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296
};
register int hval = len;
@@ -127,6 +127,8 @@ hash (str, len)
hval += asso_values[(unsigned char)str[6]];
/*FALLTHROUGH*/
case 6:
+ hval += asso_values[(unsigned char)str[5]];
+ /*FALLTHROUGH*/
case 5:
hval += asso_values[(unsigned char)str[4]];
/*FALLTHROUGH*/
@@ -142,166 +144,178 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
- {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
- {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
- {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
- {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
- {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
{"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
+ {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
{"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
+ {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
{"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
+ {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
{"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
{"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
- {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
- {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
{"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
{"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
- {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
- {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
- {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
- {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}
+ {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
{
- -1, -1, -1, -1, 0, -1, -1, -1, -1, -1,
- 1, -1, 2, -1, 3, 4, -1, -1, -1, 5,
- 6, 7, 8, 9, 10, 11, 12, -1, -1, 13,
- 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
- 24, 25, 26, 27, 28, -1, -1, -1, -1, 29,
- -1, -1, 30, 31, 32, 33, 34, -1, 35, 36,
- 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
- 47, 48, 49, 50, 51, 52, 53, 54, -1, 55,
- 56, 57, -1, 58, 59, 60, 61, 62, 63, 64,
- 65, 66, 67, -1, 68, 69, 70, 71, 72, 73,
- 74, 75, 76, 77, -1, 78, 79, 80, 81, 82,
- 83, 84, 85, 86, 87, 88, 89, 90, 91, 92,
- -1, 93, 94, 95, 96, 97, 98, 99, 100, -1,
- -1, -1, 101, 102, 103, 104, -1, 105, 106, 107,
- 108, 109, 110, -1, 111, 112, 113, 114, 115, 116,
- 117, 118, 119, 120, 121, 122, 123, 124, -1, 125,
- -1, 126, -1, -1, -1, -1, -1, -1, 127, -1,
- -1, -1, -1, 128, -1, -1, -1, -1, 129, 130,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 131, -1, -1, 132, -1,
- -1, -1, -1, -1, -1, 133
+ 0, -1, 1, 2, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 3, 4, -1, -1, -1, 5, -1,
+ 6, 7, -1, -1, -1, -1, 8, -1, 9, 10,
+ -1, -1, 11, -1, 12, -1, 13, -1, 14, 15,
+ -1, 16, 17, 18, 19, 20, -1, -1, -1, 21,
+ 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+ 32, 33, 34, 35, 36, 37, -1, 38, 39, -1,
+ 40, 41, 42, -1, 43, 44, 45, 46, 47, 48,
+ -1, 49, 50, 51, -1, 52, 53, 54, 55, 56,
+ 57, 58, 59, -1, -1, 60, 61, 62, 63, 64,
+ 65, 66, -1, -1, 67, 68, 69, 70, 71, 72,
+ 73, 74, 75, 76, 77, 78, 79, 80, -1, 81,
+ 82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
+ 92, 93, -1, 94, -1, 95, -1, 96, 97, 98,
+ 99, 100, -1, 101, -1, 102, 103, 104, -1, 105,
+ 106, 107, 108, 109, -1, 110, -1, 111, -1, 112,
+ -1, 113, 114, 115, 116, -1, 117, 118, 119, 120,
+ 121, -1, -1, -1, 122, -1, -1, 123, -1, -1,
+ 124, -1, 125, 126, 127, -1, -1, -1, 128, -1,
+ -1, -1, -1, -1, 129, 130, -1, 131, -1, 132,
+ -1, -1, -1, -1, 133, -1, -1, -1, -1, 134,
+ -1, -1, -1, -1, -1, 135, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 136, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 137
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index c484320..70e7915 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -1,7 +1,7 @@
%{
/*
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * Copyright (C) 2009-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -161,5 +161,9 @@ ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0
ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0
ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0
ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0
+ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0
+ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0
+ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0
+ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index 21cd1af..2fad486 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -43,7 +43,7 @@ struct private_fetcher_manager_t {
};
typedef struct {
- /** assocaited fetcher construction function */
+ /** associated fetcher construction function */
fetcher_constructor_t create;
/** URL this fetcher support */
char *url;
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index f2fa3e0..8472c30 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -22,6 +22,7 @@
#include <threading/thread.h>
#include <utils/identification.h>
#include <networking/host.h>
+#include <collections/array.h>
#include <collections/hashtable.h>
#include <utils/backtrace.h>
#include <selectors/traffic_selector.h>
@@ -61,6 +62,39 @@ struct private_library_t {
*/
library_t *lib = NULL;
+#ifdef LEAK_DETECTIVE
+/**
+ * Default leak report callback
+ */
+static void report_leaks(void *user, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
+ bytes, count, bytes / count);
+ bt->log(bt, stderr, detailed);
+}
+
+/**
+ * Default leak report summary callback
+ */
+static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
+{
+ switch (count)
+ {
+ case 0:
+ fprintf(stderr, "No leaks detected");
+ break;
+ case 1:
+ fprintf(stderr, "One leak detected");
+ break;
+ default:
+ fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
+ break;
+ }
+ fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
+}
+#endif /* LEAK_DETECTIVE */
+
/**
* Deinitialize library
*/
@@ -75,7 +109,7 @@ void library_deinit()
}
detailed = lib->settings->get_bool(lib->settings,
- "libstrongswan.leak_detective.detailed", TRUE);
+ "%s.leak_detective.detailed", TRUE, lib->ns);
/* make sure the cache is clear before unloading plugins */
lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
@@ -109,9 +143,11 @@ void library_deinit()
lib->leak_detective->destroy(lib->leak_detective);
}
+ arrays_deinit();
threads_deinit();
backtrace_deinit();
+ free((void*)this->public.ns);
free(this);
lib = NULL;
}
@@ -201,7 +237,7 @@ static bool check_memwipe()
/*
* see header file
*/
-bool library_init(char *settings)
+bool library_init(char *settings, const char *namespace)
{
private_library_t *this;
printf_hook_t *pfh;
@@ -217,6 +253,7 @@ bool library_init(char *settings)
.public = {
.get = _get,
.set = _set,
+ .ns = strdup(namespace ?: "libstrongswan"),
},
.ref = 1,
);
@@ -224,9 +261,12 @@ bool library_init(char *settings)
backtrace_init();
threads_init();
+ arrays_init();
#ifdef LEAK_DETECTIVE
lib->leak_detective = leak_detective_create();
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ report_leaks, sum_leaks, NULL);
#endif /* LEAK_DETECTIVE */
pfh = printf_hook_create();
@@ -256,6 +296,9 @@ bool library_init(char *settings)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
this->public.settings = settings_create(settings);
+ /* all namespace settings may fall back to libstrongswan */
+ lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
+
this->public.hosts = host_resolver_create();
this->public.proposal = proposal_keywords_create();
this->public.caps = capabilities_create();
@@ -278,7 +321,7 @@ bool library_init(char *settings)
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.integrity_test", FALSE))
+ "%s.integrity_test", FALSE, lib->ns))
{
#ifdef INTEGRITY_TEST
this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index e53cf09..4125328 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -140,6 +141,12 @@ struct library_t {
bool (*set)(library_t *this, char *name, void *object);
/**
+ * Namespace used for settings etc. (i.e. the name of the binary that uses
+ * the library)
+ */
+ const char *ns;
+
+ /**
* Printf hook registering facility
*/
printf_hook_t *printf_hook;
@@ -239,12 +246,17 @@ struct library_t {
* Initialize library, creates "lib" instance.
*
* library_init() may be called multiple times in a single process, but each
- * caller should call library_deinit() for each call to library_init().
+ * caller must call library_deinit() for each call to library_init().
+ *
+ * The settings and namespace arguments are only used on the first call.
*
* @param settings file to read settings from, may be NULL for default
+ * @param namespace name of the binary that uses the library, determines
+ * the first section name when reading config options.
+ * Defaults to libstrongswan if NULL.
* @return FALSE if integrity check failed
*/
-bool library_init(char *settings);
+bool library_init(char *settings, const char *namespace);
/**
* Deinitialize library, destroys "lib" instance.
diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c
index 99a17d1..10af11a 100644
--- a/src/libstrongswan/networking/host_resolver.c
+++ b/src/libstrongswan/networking/host_resolver.c
@@ -355,11 +355,11 @@ host_resolver_t *host_resolver_create()
);
this->min_threads = max(0, lib->settings->get_int(lib->settings,
- "libstrongswan.host_resolver.min_threads",
- MIN_THREADS_DEFAULT));
+ "%s.host_resolver.min_threads",
+ MIN_THREADS_DEFAULT, lib->ns));
this->max_threads = max(this->min_threads ?: 1,
lib->settings->get_int(lib->settings,
- "libstrongswan.host_resolver.max_threads",
- MAX_THREADS_DEFAULT));
+ "%s.host_resolver.max_threads",
+ MAX_THREADS_DEFAULT, lib->ns));
return &this->public;
}
diff --git a/src/libstrongswan/networking/streams/stream.c b/src/libstrongswan/networking/streams/stream.c
index 8ecb89f..f6fec0b 100644
--- a/src/libstrongswan/networking/streams/stream.c
+++ b/src/libstrongswan/networking/streams/stream.c
@@ -159,17 +159,6 @@ METHOD(stream_t, write_all, bool,
}
/**
- * Remove a registered watcher
- */
-static void remove_watcher(private_stream_t *this)
-{
- if (this->read_cb || this->write_cb)
- {
- lib->watcher->remove(lib->watcher, this->fd);
- }
-}
-
-/**
* Watcher callback
*/
static bool watch(private_stream_t *this, int fd, watcher_event_t event)
@@ -228,7 +217,7 @@ static void add_watcher(private_stream_t *this)
METHOD(stream_t, on_read, void,
private_stream_t *this, stream_cb_t cb, void *data)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
this->read_cb = cb;
this->read_data = data;
@@ -239,7 +228,7 @@ METHOD(stream_t, on_read, void,
METHOD(stream_t, on_write, void,
private_stream_t *this, stream_cb_t cb, void *data)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
this->write_cb = cb;
this->write_data = data;
@@ -270,7 +259,7 @@ METHOD(stream_t, get_file, FILE*,
METHOD(stream_t, destroy, void,
private_stream_t *this)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
close(this->fd);
free(this);
}
diff --git a/src/libstrongswan/networking/streams/stream.h b/src/libstrongswan/networking/streams/stream.h
index 810514d..3516d91 100644
--- a/src/libstrongswan/networking/streams/stream.h
+++ b/src/libstrongswan/networking/streams/stream.h
@@ -39,9 +39,8 @@ typedef stream_t*(*stream_constructor_t)(char *uri);
/**
* Callback function prototype, called when stream is ready.
*
- * It is allowed to destroy the stream during the callback, but only if it has
- * no other active on_read()/on_write() callback and returns FALSE. It is not
- * allowed to to call on_read()/on_write/() during the callback.
+ * It is not allowed to destroy the stream nor to call on_read()/on_write/()
+ * during the callback.
*
* As select() may return even if a read()/write() would actually block, it is
* recommended to use the non-blocking calls and handle return values
diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c
index 65268d2..ecefdc2 100644
--- a/src/libstrongswan/networking/tun_device.c
+++ b/src/libstrongswan/networking/tun_device.c
@@ -27,9 +27,11 @@
#include <unistd.h>
#include <net/if.h>
+#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H)
+
#include "tun_device.h"
-#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H)
+#include <utils/debug.h>
#warning TUN devices are not supported!
@@ -46,12 +48,14 @@ tun_device_t *tun_device_create(const char *name_tmpl)
#include <netinet/in_var.h>
#include <sys/kern_control.h>
#elif defined(__linux__)
+#include <linux/types.h>
#include <linux/if_tun.h>
#else
#include <net/if_tun.h>
#endif
-#include <library.h>
+#include "tun_device.h"
+
#include <utils/debug.h>
#include <threading/thread.h>
diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h
index 1d330f1..543125b 100644
--- a/src/libstrongswan/networking/tun_device.h
+++ b/src/libstrongswan/networking/tun_device.h
@@ -23,7 +23,6 @@
#ifndef TUN_DEVICE_H_
#define TUN_DEVICE_H_
-#include <library.h>
#include <networking/host.h>
typedef struct tun_device_t tun_device_t;
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 5ae5537..9e91e86 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index cdecc5b..4ea1e8f 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index b840d0e..150e8d4 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 322ded4..dc6adc4 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -63,6 +63,13 @@ plugin_t *agent_plugin_create()
{
private_agent_plugin_t *this;
+ /* required to connect to ssh-agent socket */
+ if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE))
+ {
+ DBG1(DBG_DMN, "agent plugin requires CAP_DAC_OVERRIDE capability");
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
@@ -75,4 +82,3 @@ plugin_t *agent_plugin_create()
return &this->public.plugin;
}
-
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 8a3fb15..c2e82a9 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -442,4 +442,3 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
}
return &this->public;
}
-
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 8b2f743..f13a964 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 486af34..ed3f056 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index b8fe6de..620d835 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 1f79120..060287d 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 3d4f711..ff34435 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index f6625dd..a756a0a 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index a8cca98..644f277 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -80,7 +80,7 @@ static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data)
METHOD(fetcher_t, fetch, status_t,
private_curl_fetcher_t *this, char *uri, void *userdata)
{
- char error[CURL_ERROR_SIZE];
+ char error[CURL_ERROR_SIZE], *enc_uri;
status_t status;
cb_data_t data = {
.cb = this->cb,
@@ -92,9 +92,14 @@ METHOD(fetcher_t, fetch, status_t,
*(chunk_t*)userdata = chunk_empty;
}
- if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK)
+ /* the URI has to be URL-encoded, we only replace spaces as replacing other
+ * characters (e.g. '/' or ':') would render the URI invalid */
+ enc_uri = strreplace(uri, " ", "%20");
+
+ if (curl_easy_setopt(this->curl, CURLOPT_URL, enc_uri) != CURLE_OK)
{ /* URL type not supported by curl */
- return NOT_SUPPORTED;
+ status = NOT_SUPPORTED;
+ goto out;
}
curl_easy_setopt(this->curl, CURLOPT_ERRORBUFFER, error);
curl_easy_setopt(this->curl, CURLOPT_FAILONERROR, TRUE);
@@ -125,6 +130,12 @@ METHOD(fetcher_t, fetch, status_t,
status = FAILED;
break;
}
+
+out:
+ if (enc_uri != uri)
+ {
+ free(enc_uri);
+ }
return status;
}
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 81e91bc..ca79430 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index a012700..b94b644 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 06d9129..3bb540d 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index e499ae1..7bce3c9 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 7663405..4ce3cf9 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 160db04..44f3f84 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -194,8 +194,8 @@ plugin_t *gcrypt_plugin_create()
/* we currently do not use secure memory */
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.gcrypt.quick_random", FALSE))
+ if (lib->settings->get_bool(lib->settings, "%s.plugins.gcrypt.quick_random",
+ FALSE, lib->ns))
{
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
}
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index f12827f..73e0645 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index f1956a9..f5e38fa 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 5f7291c..42093e4 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 35af703..7f14fbf 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 812d986..bdd446c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 082aebc..32aac7b 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 2daf01c..a35f805 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 4088483..25437bd 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am
new file mode 100644
index 0000000..b33cbc8
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/Makefile.am
@@ -0,0 +1,33 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ -rdynamic @COVERAGE_CFLAGS@
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ntru.la
+else
+plugin_LTLIBRARIES = libstrongswan-ntru.la
+endif
+
+libstrongswan_ntru_la_SOURCES = \
+ ntru_plugin.h ntru_plugin.c \
+ ntru_drbg.h ntru_drbg.c \
+ ntru_ke.h ntru_ke.c \
+ ntru_mgf1.h ntru_mgf1.c \
+ ntru_poly.h ntru_poly.c \
+ ntru_trits.h ntru_trits.c \
+ ntru_crypto/ntru_crypto.h \
+ ntru_crypto/ntru_crypto_ntru_convert.h \
+ ntru_crypto/ntru_crypto_ntru_convert.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \
+ ntru_crypto/ntru_crypto_ntru_poly.h \
+ ntru_crypto/ntru_crypto_ntru_poly.c
+
+libstrongswan_ntru_la_LDFLAGS = -module -avoid-version
+
+
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
new file mode 100644
index 0000000..af192d2
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -0,0 +1,812 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ntru
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ntru_la_LIBADD =
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libstrongswan_ntru_la_OBJECTS = ntru_plugin.lo ntru_drbg.lo \
+ ntru_ke.lo ntru_mgf1.lo ntru_poly.lo ntru_trits.lo \
+ ntru_crypto/ntru_crypto_ntru_convert.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo \
+ ntru_crypto/ntru_crypto_ntru_poly.lo
+libstrongswan_ntru_la_OBJECTS = $(am_libstrongswan_ntru_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_ntru_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ntru_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MONOLITHIC_FALSE@am_libstrongswan_ntru_la_rpath = -rpath $(plugindir)
+ at MONOLITHIC_TRUE@am_libstrongswan_ntru_la_rpath =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_ntru_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ntru_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ -rdynamic @COVERAGE_CFLAGS@
+
+ at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ntru.la
+ at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ntru.la
+libstrongswan_ntru_la_SOURCES = \
+ ntru_plugin.h ntru_plugin.c \
+ ntru_drbg.h ntru_drbg.c \
+ ntru_ke.h ntru_ke.c \
+ ntru_mgf1.h ntru_mgf1.c \
+ ntru_poly.h ntru_poly.c \
+ ntru_trits.h ntru_trits.c \
+ ntru_crypto/ntru_crypto.h \
+ ntru_crypto/ntru_crypto_ntru_convert.h \
+ ntru_crypto/ntru_crypto_ntru_convert.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \
+ ntru_crypto/ntru_crypto_ntru_poly.h \
+ ntru_crypto/ntru_crypto_ntru_poly.c
+
+libstrongswan_ntru_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+ntru_crypto/$(am__dirstamp):
+ @$(MKDIR_P) ntru_crypto
+ @: > ntru_crypto/$(am__dirstamp)
+ntru_crypto/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) ntru_crypto/$(DEPDIR)
+ @: > ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_convert.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt_key.lo: \
+ ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo: \
+ ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_poly.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+
+libstrongswan-ntru.la: $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_DEPENDENCIES) $(EXTRA_libstrongswan_ntru_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_ntru_la_LINK) $(am_libstrongswan_ntru_la_rpath) $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f ntru_crypto/*.$(OBJEXT)
+ -rm -f ntru_crypto/*.lo
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_drbg.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_ke.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_mgf1.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_plugin.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_poly.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntru_trits.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_convert.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_key.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_param_sets.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_poly.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+ -rm -rf ntru_crypto/.libs ntru_crypto/_libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ -rm -f ntru_crypto/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h
new file mode 100644
index 0000000..72f4703
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h
@@ -0,0 +1,235 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+
+/******************************************************************************
+ *
+ * File: ntru_crypto.h
+ *
+ * Contents: Public header file for NTRUEncrypt.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_H
+#define NTRU_CRYPTO_H
+
+#include <library.h>
+
+#include "ntru_drbg.h"
+
+#if !defined( NTRUCALL )
+ #if !defined(WIN32) || defined (NTRUCRYPTO_STATIC)
+ // Linux, or a Win32 static library
+ #define NTRUCALL extern uint32_t
+ #elif defined (NTRUCRYPTO_EXPORTS)
+ // Win32 DLL build
+ #define NTRUCALL extern __declspec(dllexport) uint32_t
+ #else
+ // Win32 DLL import
+ #define NTRUCALL extern __declspec(dllimport) uint32_t
+ #endif
+#endif /* NTRUCALL */
+
+/* parameter set ID list */
+
+typedef enum _NTRU_ENCRYPT_PARAM_SET_ID {
+ NTRU_EES401EP1,
+ NTRU_EES449EP1,
+ NTRU_EES677EP1,
+ NTRU_EES1087EP2,
+ NTRU_EES541EP1,
+ NTRU_EES613EP1,
+ NTRU_EES887EP1,
+ NTRU_EES1171EP1,
+ NTRU_EES659EP1,
+ NTRU_EES761EP1,
+ NTRU_EES1087EP1,
+ NTRU_EES1499EP1,
+ NTRU_EES401EP2,
+ NTRU_EES439EP1,
+ NTRU_EES593EP1,
+ NTRU_EES743EP1,
+} NTRU_ENCRYPT_PARAM_SET_ID;
+
+
+/* error codes */
+
+#define NTRU_OK 0
+#define NTRU_FAIL 1
+#define NTRU_BAD_PARAMETER 2
+#define NTRU_BAD_LENGTH 3
+#define NTRU_BUFFER_TOO_SMALL 4
+#define NTRU_INVALID_PARAMETER_SET 5
+#define NTRU_BAD_PUBLIC_KEY 6
+#define NTRU_BAD_PRIVATE_KEY 7
+#define NTRU_OUT_OF_MEMORY 8
+#define NTRU_BAD_ENCODING 9
+#define NTRU_OID_NOT_RECOGNIZED 10
+#define NTRU_DRBG_FAIL 11
+#define NTRU_MGF1_FAIL 12
+
+/* function declarations */
+
+/* ntru_crypto_ntru_encrypt
+ *
+ * Implements NTRU encryption (SVES) for the parameter set specified in
+ * the public key blob.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH.
+ *
+ * The required minimum size of the output ciphertext buffer (ct) may be
+ * queried by invoking this function with ct = NULL. In this case, no
+ * encryption is performed, NTRU_OK is returned, and the required minimum
+ * size for ct is returned in ct_len.
+ *
+ * When ct != NULL, at invocation *ct_len must be the size of the ct buffer.
+ * Upon return it is the actual size of the ciphertext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is
+ * zero, or if pt_len exceeds the maximum plaintext length for the parameter set.
+ * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_encrypt(
+ ntru_drbg_t *drbg , /* in - handle for DRBG */
+ uint16_t pubkey_blob_len, /* in - no. of octets in public key
+ blob */
+ uint8_t const *pubkey_blob, /* in - pointer to public key */
+ uint16_t pt_len, /* in - no. of octets in plaintext */
+ uint8_t const *pt, /* in - pointer to plaintext */
+ uint16_t *ct_len, /* in/out - no. of octets in ct, addr for
+ no. of octets in ciphertext */
+ uint8_t *ct); /* out - address for ciphertext */
+
+
+/* ntru_crypto_ntru_decrypt
+ *
+ * Implements NTRU decryption (SVES) for the parameter set specified in
+ * the private key blob.
+ *
+ * The maximum size of the output plaintext may be queried by invoking
+ * this function with pt = NULL. In this case, no decryption is performed,
+ * NTRU_OK is returned, and the maximum size the plaintext could be is
+ * returned in pt_len.
+ * Note that until the decryption is performed successfully, the actual size
+ * of the resulting plaintext cannot be known.
+ *
+ * When pt != NULL, at invocation *pt_len must be the size of the pt buffer.
+ * Upon return it is the actual size of the plaintext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if
+ * ct_len is invalid for the parameter set.
+ * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if a decryption error occurs.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_decrypt(
+ uint16_t privkey_blob_len, /* in - no. of octets in private key
+ blob */
+ uint8_t const *privkey_blob, /* in - pointer to private key */
+ uint16_t ct_len, /* in - no. of octets in ciphertext */
+ uint8_t const *ct, /* in - pointer to ciphertext */
+ uint16_t *pt_len, /* in/out - no. of octets in pt, addr for
+ no. of octets in plaintext */
+ uint8_t *pt); /* out - address for plaintext */
+
+
+/* ntru_crypto_ntru_encrypt_keygen
+ *
+ * Implements key generation for NTRUEncrypt for the parameter set specified.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning NTRU_DRBG_FAIL.
+ *
+ * The required minimum size of the output public-key buffer (pubkey_blob)
+ * may be queried by invoking this function with pubkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for pubkey_blob is returned in pubkey_blob_len.
+ *
+ * The required minimum size of the output private-key buffer (privkey_blob)
+ * may be queried by invoking this function with privkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for privkey_blob is returned in privkey_blob_len.
+ *
+ * The required minimum sizes of both pubkey_blob and privkey_blob may be
+ * queried as described above, in a single invocation of this function.
+ *
+ * When pubkey_blob != NULL and privkey_blob != NULL, at invocation
+ * *pubkey_blob_len must be the size of the pubkey_blob buffer and
+ * *privkey_blob_len must be the size of the privkey_blob buffer.
+ * Upon return, *pubkey_blob_len is the actual size of the public-key blob
+ * and *privkey_blob_len is the actual size of the private-key blob.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob
+ * or privkey_blob) is NULL.
+ * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid.
+ * Returns NTRU_BAD_LENGTH if a length argument is invalid.
+ * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the
+ * privkey_blob buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if the polynomial generated for f is not invertible in
+ * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely.
+ * Should this occur, this function should simply be invoked again.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_encrypt_keygen(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */
+ uint16_t *pubkey_blob_len, /* in/out - no. of octets in
+ pubkey_blob, addr
+ for no. of octets
+ in pubkey_blob */
+ uint8_t *pubkey_blob, /* out - address for
+ public key blob */
+ uint16_t *privkey_blob_len, /* in/out - no. of octets in
+ privkey_blob, addr
+ for no. of octets
+ in privkey_blob */
+ uint8_t *privkey_blob); /* out - address for
+ private key blob */
+#endif /* NTRU_CRYPTO_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c
new file mode 100644
index 0000000..3d6dfde
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c
@@ -0,0 +1,581 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_convert.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_convert.c
+ *
+ * Contents: Conversion routines for NTRUEncrypt, including packing, unpacking,
+ * and others.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto_ntru_convert.h"
+
+
+/* 3-bit to 2-trit conversion tables: 2 represents -1 */
+
+static uint8_t const bits_2_trit1[] = {0, 0, 0, 1, 1, 1, 2, 2};
+static uint8_t const bits_2_trit2[] = {0, 1, 2, 0, 1, 2, 0, 1};
+
+
+/* ntru_bits_2_trits
+ *
+ * Each 3 bits in an array of octets is converted to 2 trits in an array
+ * of trits.
+ *
+ * The octet array may overlap the end of the trit array.
+ */
+
+void
+ntru_bits_2_trits(
+ uint8_t const *octets, /* in - pointer to array of octets */
+ uint16_t num_trits, /* in - number of trits to produce */
+ uint8_t *trits) /* out - address for array of trits */
+{
+ uint32_t bits24;
+ uint32_t bits3;
+ uint32_t shift;
+
+ assert(octets);
+ assert(trits);
+
+ while (num_trits >= 16) {
+
+ /* get next three octets */
+
+ bits24 = ((uint32_t)(*octets++)) << 16;
+ bits24 |= ((uint32_t)(*octets++)) << 8;
+ bits24 |= (uint32_t)(*octets++);
+
+ /* for each 3 bits in the three octets, output 2 trits */
+
+ bits3 = (bits24 >> 21) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 18) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 15) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 12) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 9) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 6) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 3) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = bits24 & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ num_trits -= 16;
+ }
+ if (num_trits == 0)
+ return;
+
+ /* get three octets */
+
+ bits24 = ((uint32_t)(*octets++)) << 16;
+ bits24 |= ((uint32_t)(*octets++)) << 8;
+ bits24 |= (uint32_t)(*octets++);
+
+ shift = 21;
+ while (num_trits) {
+
+ /* for each 3 bits in the three octets, output up to 2 trits
+ * until all trits needed are produced
+ */
+
+ bits3 = (bits24 >> shift) & 0x7;
+ shift -= 3;
+ *trits++ = bits_2_trit1[bits3];
+ if (--num_trits) {
+ *trits++ = bits_2_trit2[bits3];
+ --num_trits;
+ }
+ }
+}
+
+
+/* ntru_trits_2_bits
+ *
+ * Each 2 trits in an array of trits is converted to 3 bits, and the bits
+ * are packed in an array of octets. A multiple of 3 octets is output.
+ * Any bits in the final octets not derived from trits are zero.
+ *
+ * Returns TRUE if all trits were valid.
+ * Returns FALSE if invalid trits were found.
+ */
+
+bool
+ntru_trits_2_bits(
+ uint8_t const *trits, /* in - pointer to array of trits */
+ uint32_t num_trits, /* in - number of trits to convert */
+ uint8_t *octets) /* out - address for array of octets */
+{
+ bool all_trits_valid = TRUE;
+ uint32_t bits24;
+ uint32_t bits3;
+ uint32_t shift;
+
+ assert(octets);
+ assert(trits);
+
+ while (num_trits >= 16) {
+
+ /* convert each 2 trits to 3 bits and pack */
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 = (bits3 << 21);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 18);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 15);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 12);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 9);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 6);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 3);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= bits3;
+
+ num_trits -= 16;
+
+ /* output three octets */
+
+ *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
+ *octets++ = (uint8_t)((bits24 >> 8) & 0xff);
+ *octets++ = (uint8_t)(bits24 & 0xff);
+ }
+
+ bits24 = 0;
+ shift = 21;
+ while (num_trits) {
+
+ /* convert each 2 trits to 3 bits and pack */
+
+ bits3 = *trits++ * 3;
+ if (--num_trits) {
+ bits3 += *trits++;
+ --num_trits;
+ }
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << shift);
+ shift -= 3;
+ }
+
+ /* output three octets */
+
+ *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
+ *octets++ = (uint8_t)((bits24 >> 8) & 0xff);
+ *octets++ = (uint8_t)(bits24 & 0xff);
+
+ return all_trits_valid;
+}
+
+
+/* ntru_coeffs_mod4_2_octets
+ *
+ * Takes an array of ring element coefficients mod 4 and packs the
+ * results into an octet string.
+ */
+
+void
+ntru_coeffs_mod4_2_octets(
+ uint16_t num_coeffs, /* in - number of coefficients */
+ uint16_t const *coeffs, /* in - pointer to coefficients */
+ uint8_t *octets) /* out - address for octets */
+{
+ uint8_t bits2;
+ int shift;
+ uint16_t i;
+
+ assert(coeffs);
+ assert(octets);
+
+ *octets = 0;
+ shift = 6;
+ for (i = 0; i < num_coeffs; i++) {
+ bits2 = (uint8_t)(coeffs[i] & 0x3);
+ *octets |= bits2 << shift;
+ shift -= 2;
+ if (shift < 0) {
+ ++octets;
+ *octets = 0;
+ shift = 6;
+ }
+ }
+}
+
+
+/* ntru_trits_2_octet
+ *
+ * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1).
+ */
+
+void
+ntru_trits_2_octet(
+ uint8_t const *trits, /* in - pointer to trits */
+ uint8_t *octet) /* out - address for octet */
+{
+ int i;
+
+ assert(trits);
+ assert(octet);
+
+ *octet = 0;
+ for (i = 4; i >= 0; i--) {
+ *octet = (*octet * 3) + trits[i];
+ }
+}
+
+
+/* ntru_octet_2_trits
+ *
+ * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1).
+ */
+
+void
+ntru_octet_2_trits(
+ uint8_t octet, /* in - octet to be unpacked */
+ uint8_t *trits) /* out - address for trits */
+{
+ int i;
+
+ assert(trits);
+
+ for (i = 0; i < 5; i++) {
+ trits[i] = octet % 3;
+ octet = (octet - trits[i]) / 3;
+ }
+}
+
+
+/* ntru_indices_2_trits
+ *
+ * Converts a list of the nonzero indices of a polynomial into an array of
+ * trits.
+ */
+
+void
+ntru_indices_2_trits(
+ uint16_t in_len, /* in - no. of indices */
+ uint16_t const *in, /* in - pointer to list of indices */
+ bool plus1, /* in - if list is +1 cofficients */
+ uint8_t *out) /* out - address of output polynomial */
+{
+ uint8_t trit = plus1 ? 1 : 2;
+ uint16_t i;
+
+ assert(in);
+ assert(out);
+
+ for (i = 0; i < in_len; i++) {
+ out[in[i]] = trit;
+ }
+}
+
+
+/* ntru_packed_trits_2_indices
+ *
+ * Unpacks an array of N trits and creates a list of array indices
+ * corresponding to trits = +1, and list of array indices corresponding to
+ * trits = -1.
+ */
+
+void
+ntru_packed_trits_2_indices(
+ uint8_t const *in, /* in - pointer to packed-trit octets */
+ uint16_t num_trits, /* in - no. of packed trits */
+ uint16_t *indices_plus1, /* out - address for indices of +1 trits */
+ uint16_t *indices_minus1) /* out - address for indices of -1 trits */
+{
+ uint8_t trits[5];
+ uint16_t i = 0;
+ int j;
+
+ assert(in);
+ assert(indices_plus1);
+ assert(indices_minus1);
+
+ while (num_trits >= 5) {
+ ntru_octet_2_trits(*in++, trits);
+ num_trits -= 5;
+ for (j = 0; j < 5; j++, i++) {
+ if (trits[j] == 1) {
+ *indices_plus1 = i;
+ ++indices_plus1;
+ } else if (trits[j] == 2) {
+ *indices_minus1 = i;
+ ++indices_minus1;
+ }
+ }
+ }
+ if (num_trits) {
+ ntru_octet_2_trits(*in, trits);
+ for (j = 0; num_trits && (j < 5); j++, i++) {
+ if (trits[j] == 1) {
+ *indices_plus1 = i;
+ ++indices_plus1;
+ } else if (trits[j] == 2) {
+ *indices_minus1 = i;
+ ++indices_minus1;
+ }
+ --num_trits;
+ }
+ }
+}
+
+
+/* ntru_indices_2_packed_trits
+ *
+ * Takes a list of array indices corresponding to elements whose values
+ * are +1 or -1, and packs the N-element array of trits described by these
+ * lists into octets, 5 trits per octet.
+ */
+
+void
+ntru_indices_2_packed_trits(
+ uint16_t const *indices, /* in - pointer to indices */
+ uint16_t num_plus1, /* in - no. of indices for +1 trits */
+ uint16_t num_minus1, /* in - no. of indices for -1 trits */
+ uint16_t num_trits, /* in - N, no. of trits in array */
+ uint8_t *buf, /* in - temp buf, N octets */
+ uint8_t *out) /* out - address for packed octets */
+{
+ assert(indices);
+ assert(buf);
+ assert(out);
+
+ /* convert indices to an array of trits */
+
+ memset(buf, 0, num_trits);
+ ntru_indices_2_trits(num_plus1, indices, TRUE, buf);
+ ntru_indices_2_trits(num_minus1, indices + num_plus1, FALSE, buf);
+
+ /* pack the array of trits */
+
+ while (num_trits >= 5) {
+ ntru_trits_2_octet(buf, out);
+ num_trits -= 5;
+ buf += 5;
+ ++out;
+ }
+ if (num_trits) {
+ uint8_t trits[5];
+
+ memcpy(trits, buf, num_trits);
+ memset(trits + num_trits, 0, sizeof(trits) - num_trits);
+ ntru_trits_2_octet(trits, out);
+ }
+}
+
+
+/* ntru_elements_2_octets
+ *
+ * Packs an array of n-bit elements into an array of
+ * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16.
+ */
+
+void
+ntru_elements_2_octets(
+ uint16_t in_len, /* in - no. of elements to be packed */
+ uint16_t const *in, /* in - ptr to elements to be packed */
+ uint8_t n_bits, /* in - no. of bits in input element */
+ uint8_t *out) /* out - addr for output octets */
+{
+ uint16_t temp;
+ int shift;
+ uint16_t i;
+
+ assert(in_len);
+ assert(in);
+ assert((n_bits > 8) && (n_bits < 16));
+ assert(out);
+
+ /* pack */
+
+ temp = 0;
+ shift = n_bits - 8;
+ i = 0;
+ while (i < in_len) {
+
+ /* add bits to temp to fill an octet and output the octet */
+
+ temp |= in[i] >> shift;
+ *out++ = (uint8_t)(temp & 0xff);
+ shift = 8 - shift;
+ if (shift < 1) {
+
+ /* next full octet is in current input word */
+
+ shift += n_bits;
+ temp = 0;
+
+ } else {
+
+ /* put remaining bits of input word in temp as partial octet,
+ * and increment index to next input word
+ */
+ temp = in[i] << (uint16_t)shift;
+
+ ++i;
+ }
+ shift = n_bits - shift;
+ }
+
+ /* output any bits remaining in last input word */
+
+ if (shift != n_bits - 8) {
+ *out++ = (uint8_t)(temp & 0xff);
+ }
+}
+
+
+/* ntru_octets_2_elements
+ *
+ * Unpacks an octet string into an array of ((in_len * 8) / n_bits)
+ * n-bit elements, 8 < n_bits < 16. Any extra bits are discarded.
+ */
+
+void
+ntru_octets_2_elements(
+ uint16_t in_len, /* in - no. of octets to be unpacked */
+ uint8_t const *in, /* in - ptr to octets to be unpacked */
+ uint8_t n_bits, /* in - no. of bits in output element */
+ uint16_t *out) /* out - addr for output elements */
+{
+ uint16_t temp;
+ uint16_t mask = (1 << n_bits) - 1;
+ int shift;
+ uint16_t i;
+
+ assert(in_len > 1);
+ assert(in);
+ assert((n_bits > 8) && (n_bits < 16));
+ assert(out);
+
+ /* unpack */
+
+ temp = 0;
+ shift = n_bits;
+ i = 0;
+ while (i < in_len) {
+ shift = 8 - shift;
+ if (shift < 0) {
+
+ /* the current octet will not fill the current element */
+
+ shift += n_bits;
+
+ } else {
+
+ /* add bits from the current octet to fill the current element and
+ * output the element
+ */
+
+ temp |= ((uint16_t)in[i]) >> shift;
+ *out++ = temp & mask;
+ temp = 0;
+ }
+
+ /* add the remaining bits of the current octet to start an element */
+
+ shift = n_bits - shift;
+ temp |= ((uint16_t)in[i]) << shift;
+ ++i;
+ }
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h
new file mode 100644
index 0000000..1c4b35b
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h
@@ -0,0 +1,183 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_convert.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_convert.h
+ *
+ * Contents: Definitions and declarations for conversion routines
+ * for NTRUEncrypt, including packing, unpacking and others.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_NTRU_CONVERT_H
+#define NTRU_CRYPTO_NTRU_CONVERT_H
+
+#include "ntru_crypto.h"
+
+
+/* function declarations */
+
+/* ntru_bits_2_trits
+ *
+ * Each 3 bits in an array of octets is converted to 2 trits in an array
+ * of trits.
+ */
+
+extern void
+ntru_bits_2_trits(
+ uint8_t const *octets, /* in - pointer to array of octets */
+ uint16_t num_trits, /* in - number of trits to produce */
+ uint8_t *trits); /* out - address for array of trits */
+
+
+/* ntru_trits_2_bits
+ *
+ * Each 2 trits in an array of trits is converted to 3 bits, and the bits
+ * are packed in an array of octets. A multiple of 3 octets is output.
+ * Any bits in the final octets not derived from trits are zero.
+ *
+ * Returns TRUE if all trits were valid.
+ * Returns FALSE if invalid trits were found.
+ */
+
+extern bool
+ntru_trits_2_bits(
+ uint8_t const *trits, /* in - pointer to array of trits */
+ uint32_t num_trits, /* in - number of trits to convert */
+ uint8_t *octets); /* out - address for array of octets */
+
+
+/* ntru_coeffs_mod4_2_octets
+ *
+ * Takes an array of coefficients mod 4 and packs the results into an
+ * octet string.
+ */
+
+extern void
+ntru_coeffs_mod4_2_octets(
+ uint16_t num_coeffs, /* in - number of coefficients */
+ uint16_t const *coeffs, /* in - pointer to coefficients */
+ uint8_t *octets); /* out - address for octets */
+
+
+/* ntru_trits_2_octet
+ *
+ * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1).
+ */
+
+extern void
+ntru_trits_2_octet(
+ uint8_t const *trits, /* in - pointer to trits */
+ uint8_t *octet); /* out - address for octet */
+
+
+/* ntru_octet_2_trits
+ *
+ * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1).
+ */
+
+extern void
+ntru_octet_2_trits(
+ uint8_t octet, /* in - octet to be unpacked */
+ uint8_t *trits); /* out - address for trits */
+
+
+/* ntru_indices_2_trits
+ *
+ * Converts a list of the nonzero indices of a polynomial into an array of
+ * trits.
+ */
+
+extern void
+ntru_indices_2_trits(
+ uint16_t in_len, /* in - no. of indices */
+ uint16_t const *in, /* in - pointer to list of indices */
+ bool plus1, /* in - if list is +1 coefficients */
+ uint8_t *out); /* out - address of output polynomial */
+
+
+/* ntru_packed_trits_2_indices
+ *
+ * Unpacks an array of N trits and creates a list of array indices
+ * corresponding to trits = +1, and list of array indices corresponding to
+ * trits = -1.
+ */
+
+extern void
+ntru_packed_trits_2_indices(
+ uint8_t const *in, /* in - pointer to packed-trit octets */
+ uint16_t num_trits, /* in - no. of packed trits */
+ uint16_t *indices_plus1, /* out - address for indices of +1 trits */
+ uint16_t *indices_minus1); /* out - address for indices of -1 trits */
+
+
+/* ntru_indices_2_packed_trits
+ *
+ * Takes a list of array indices corresponding to elements whose values
+ * are +1 or -1, and packs the N-element array of trits described by these
+ * lists into octets, 5 trits per octet.
+ */
+
+extern void
+ntru_indices_2_packed_trits(
+ uint16_t const *indices, /* in - pointer to indices */
+ uint16_t num_plus1, /* in - no. of indices for +1 trits */
+ uint16_t num_minus1, /* in - no. of indices for -1 trits */
+ uint16_t num_trits, /* in - N, no. of trits in array */
+ uint8_t *buf, /* in - temp buf, N octets */
+ uint8_t *out); /* out - address for packed octets */
+
+
+/* ntru_elements_2_octets
+ *
+ * Packs an array of n-bit elements into an array of
+ * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16.
+ */
+
+extern void
+ntru_elements_2_octets(
+ uint16_t in_len, /* in - no. of elements to be packed */
+ uint16_t const *in, /* in - ptr to elements to be packed */
+ uint8_t n_bits, /* in - no. of bits in input element */
+ uint8_t *out); /* out - addr for output octets */
+
+
+/* ntru_octets_2_elements
+ *
+ * Unpacks an octet string into an array of ((in_len * 8) / n_bits)
+ * n-bit elements, 8 < n < 16. Any extra bits are discarded.
+ */
+
+extern void
+ntru_octets_2_elements(
+ uint16_t in_len, /* in - no. of octets to be unpacked */
+ uint8_t const *in, /* in - ptr to octets to be unpacked */
+ uint8_t n_bits, /* in - no. of bits in output element */
+ uint16_t *out); /* out - addr for output elements */
+
+
+#endif /* NTRU_CRYPTO_NTRU_CONVERT_H */
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
new file mode 100644
index 0000000..dba8191
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
@@ -0,0 +1,1034 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt.c
+ *
+ * Contents: Routines implementing NTRUEncrypt encryption and decryption and
+ * key generation.
+ *
+ *****************************************************************************/
+
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto.h"
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+#include "ntru_crypto_ntru_encrypt_key.h"
+#include "ntru_crypto_ntru_convert.h"
+#include "ntru_crypto_ntru_poly.h"
+#
+#include "ntru_trits.h"
+#include "ntru_poly.h"
+
+/* ntru_crypto_ntru_encrypt
+ *
+ * Implements NTRU encryption (SVES) for the parameter set specified in
+ * the public key blob.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH.
+ *
+ * The required minimum size of the output ciphertext buffer (ct) may be
+ * queried by invoking this function with ct = NULL. In this case, no
+ * encryption is performed, NTRU_OK is returned, and the required minimum
+ * size for ct is returned in ct_len.
+ *
+ * When ct != NULL, at invocation *ct_len must be the size of the ct buffer.
+ * Upon return it is the actual size of the ciphertext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is
+ * zero, or if pt_len exceeds the maximum plaintext length for the parameter set.
+ * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ */
+
+uint32_t
+ntru_crypto_ntru_encrypt(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ uint16_t pubkey_blob_len, /* in - no. of octets in public key
+ blob */
+ uint8_t const *pubkey_blob, /* in - pointer to public key */
+ uint16_t pt_len, /* in - no. of octets in plaintext */
+ uint8_t const *pt, /* in - pointer to plaintext */
+ uint16_t *ct_len, /* in/out - no. of octets in ct, addr for
+ no. of octets in ciphertext */
+ uint8_t *ct) /* out - address for ciphertext */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint8_t const *pubkey_packed = NULL;
+ uint8_t pubkey_pack_type = 0x00;
+ uint16_t packed_ct_len;
+ size_t scratch_buf_len;
+ uint32_t dr;
+ uint32_t dr1 = 0;
+ uint32_t dr2 = 0;
+ uint32_t dr3 = 0;
+ uint16_t ring_mult_tmp_len;
+ int16_t m1 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf = NULL;
+ uint8_t *b_buf = NULL;
+ uint8_t *tmp_buf = NULL;
+ bool msg_rep_good = FALSE;
+ hash_algorithm_t hash_algid;
+ uint16_t mprime_len = 0;
+ uint16_t mod_q_mask;
+ uint32_t result = NTRU_OK;
+ ntru_trits_t *mask;
+ uint8_t *mask_trits;
+ chunk_t seed;
+ ntru_poly_t *r_poly;
+
+ /* check for bad parameters */
+
+ if (!pubkey_blob || !pt || !ct_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+ if ((pubkey_blob_len == 0) || (pt_len == 0))
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* get a pointer to the parameter-set parameters, the packing type for
+ * the public key, and a pointer to the packed public key
+ */
+
+ if (!ntru_crypto_ntru_encrypt_key_parse(TRUE /* pubkey */, pubkey_blob_len,
+ pubkey_blob, &pubkey_pack_type,
+ NULL, ¶ms, &pubkey_packed,
+ NULL))
+ {
+ return NTRU_BAD_PUBLIC_KEY;
+ }
+
+ /* return the ciphertext size if requested */
+
+ packed_ct_len = (params->N * params->q_bits + 7) >> 3;
+ if (!ct)
+ {
+ *ct_len = packed_ct_len;
+ return NTRU_OK;
+ }
+
+ /* check the ciphertext buffer size */
+
+ if (*ct_len < packed_ct_len)
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+
+ /* check the plaintext length */
+
+ if (pt_len > params->m_len_max)
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* allocate memory for all operations */
+
+ if (params->is_product_form)
+ {
+ ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */
+ dr1 = params->dF_r & 0xff;
+ dr2 = (params->dF_r >> 8) & 0xff;
+ dr3 = (params->dF_r >> 16) & 0xff;
+ dr = dr1 + dr2 + dr3;
+ }
+ else
+ {
+ ring_mult_tmp_len = params->N; /* N 16-bit word buffer */
+ dr = params->dF_r;
+ }
+ scratch_buf_len = (ring_mult_tmp_len << 1) +
+ /* X-byte temp buf for ring mult and
+ other intermediate results */
+ (params->N << 1) + /* 2N-byte buffer for ring elements
+ and overflow from temp buffer */
+ (dr << 2) + /* buffer for r indices */
+ params->sec_strength_len;
+ /* buffer for b */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf = scratch_buf + ring_mult_tmp_len;
+ b_buf = (uint8_t *)(ringel_buf + params->N);
+ tmp_buf = (uint8_t *)scratch_buf;
+
+ /* set hash algorithm based on security strength */
+ hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256;
+
+ /* set constants */
+ mod_q_mask = params->q - 1;
+
+ /* loop until a message representative with proper weight is achieved */
+
+ do {
+ uint8_t *ptr = tmp_buf;
+
+ /* get b */
+ if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ params->sec_strength_len, b_buf))
+ {
+ result = NTRU_OK;
+ }
+ else
+ {
+ result = NTRU_FAIL;
+ }
+
+ if (result == NTRU_OK)
+ {
+
+ /* form sData (OID || m || b || hTrunc) */
+ memcpy(ptr, params->OID, 3);
+ ptr += 3;
+ memcpy(ptr, pt, pt_len);
+ ptr += pt_len;
+ memcpy(ptr, b_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ memcpy(ptr, pubkey_packed, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+
+ DBG2(DBG_LIB, "generate polynomial r");
+
+ seed = chunk_create(tmp_buf, ptr - tmp_buf);
+ r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!r_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint16_t pubkey_packed_len;
+
+ /* unpack the public key */
+ assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS);
+ pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+ ntru_octets_2_elements(pubkey_packed_len, pubkey_packed,
+ params->q_bits, ringel_buf);
+
+ /* form R = h * r */
+ r_poly->ring_mult(r_poly, ringel_buf, ringel_buf);
+ r_poly->destroy(r_poly);
+
+ /* form R mod 4 */
+ ntru_coeffs_mod4_2_octets(params->N, ringel_buf, tmp_buf);
+
+ /* form mask */
+ seed = chunk_create(tmp_buf, (params->N + 3)/4);
+ mask = ntru_trits_create(params->N, hash_algid, seed);
+ if (!mask)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint8_t *Mtrin_buf = tmp_buf + params->N;
+ uint8_t *M_buf = Mtrin_buf + params->N -
+ (params->sec_strength_len + params->m_len_len +
+ params->m_len_max + 2);
+ uint16_t i;
+
+ /* form the padded message M */
+ ptr = M_buf;
+ memcpy(ptr, b_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ if (params->m_len_len == 2)
+ *ptr++ = (uint8_t)((pt_len >> 8) & 0xff);
+ *ptr++ = (uint8_t)(pt_len & 0xff);
+ memcpy(ptr, pt, pt_len);
+ ptr += pt_len;
+
+ /* add an extra zero byte in case without it the bit string
+ * is not a multiple of 3 bits and therefore might not be
+ * able to produce enough trits
+ */
+
+ memset(ptr, 0, params->m_len_max - pt_len + 2);
+
+ /* convert M to trits (Mbin to Mtrin) */
+ mprime_len = params->N;
+ if (params->is_product_form)
+ {
+ --mprime_len;
+ }
+
+ ntru_bits_2_trits(M_buf, mprime_len, Mtrin_buf);
+ mask_trits = mask->get_trits(mask);
+
+ /* form the msg representative m' by adding Mtrin to mask, mod p */
+ if (params->is_product_form)
+ {
+ for (i = 0; i < mprime_len; i++)
+ {
+ tmp_buf[i] = mask_trits[i] + Mtrin_buf[i];
+ if (tmp_buf[i] >= 3)
+ {
+ tmp_buf[i] -= 3;
+ }
+ if (tmp_buf[i] == 1)
+ {
+ ++m1;
+ }
+ else if (tmp_buf[i] == 2)
+ {
+ --m1;
+ }
+ }
+ }
+ else
+ {
+ for (i = 0; i < mprime_len; i++)
+ {
+ tmp_buf[i] = mask_trits[i] + Mtrin_buf[i];
+ if (tmp_buf[i] >= 3)
+ {
+ tmp_buf[i] -= 3;
+ }
+ }
+ }
+ mask->destroy(mask);
+
+ /* check that message representative meets minimum weight
+ * requirements
+ */
+
+ if (params->is_product_form)
+ msg_rep_good = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) :
+ (bool)( m1 <= params->min_msg_rep_wt);
+ else
+ msg_rep_good = ntru_poly_check_min_weight(mprime_len, tmp_buf,
+ params->min_msg_rep_wt);
+ msg_rep_good = TRUE;
+ }
+ } while ((result == NTRU_OK) && !msg_rep_good);
+
+ if (result == NTRU_OK)
+ {
+ uint16_t i;
+
+ /* form ciphertext e by adding m' to R mod q */
+
+ for (i = 0; i < mprime_len; i++) {
+ if (tmp_buf[i] == 1)
+ ringel_buf[i] = (ringel_buf[i] + 1) & mod_q_mask;
+ else if (tmp_buf[i] == 2)
+ ringel_buf[i] = (ringel_buf[i] - 1) & mod_q_mask;
+ }
+ if (params->is_product_form)
+ ringel_buf[i] = (ringel_buf[i] - m1) & mod_q_mask;
+
+ /* pack ciphertext */
+ ntru_elements_2_octets(params->N, ringel_buf, params->q_bits, ct);
+ *ct_len = packed_ct_len;
+ }
+
+ /* cleanup */
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ return result;
+}
+
+
+/* ntru_crypto_ntru_decrypt
+ *
+ * Implements NTRU decryption (SVES) for the parameter set specified in
+ * the private key blob.
+ *
+ * The maximum size of the output plaintext may be queried by invoking
+ * this function with pt = NULL. In this case, no decryption is performed,
+ * NTRU_OK is returned, and the maximum size the plaintext could be is
+ * returned in pt_len.
+ * Note that until the decryption is performed successfully, the actual size
+ * of the resulting plaintext cannot be known.
+ *
+ * When pt != NULL, at invocation *pt_len must be the size of the pt buffer.
+ * Upon return it is the actual size of the plaintext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if
+ * ct_len is invalid for the parameter set.
+ * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if a decryption error occurs.
+ */
+
+uint32_t
+ntru_crypto_ntru_decrypt(
+ uint16_t privkey_blob_len, /* in - no. of octets in private key
+ blob */
+ uint8_t const *privkey_blob, /* in - pointer to private key */
+ uint16_t ct_len, /* in - no. of octets in ciphertext */
+ uint8_t const *ct, /* in - pointer to ciphertext */
+ uint16_t *pt_len, /* in/out - no. of octets in pt, addr for
+ no. of octets in plaintext */
+ uint8_t *pt) /* out - address for plaintext */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint8_t const *privkey_packed = NULL;
+ uint8_t const *pubkey_packed = NULL;
+ uint8_t privkey_pack_type = 0x00;
+ uint8_t pubkey_pack_type = 0x00;
+ size_t scratch_buf_len;
+ uint32_t dF_r;
+ uint32_t dF_r1 = 0;
+ uint32_t dF_r2 = 0;
+ uint32_t dF_r3 = 0;
+ uint16_t ring_mult_tmp_len;
+ int16_t m1 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf1 = NULL;
+ uint16_t *ringel_buf2 = NULL;
+ uint16_t *i_buf = NULL;
+ uint8_t *m_buf = NULL;
+ uint8_t *tmp_buf = NULL;
+ uint8_t *Mtrin_buf = NULL;
+ uint8_t *M_buf = NULL;
+ uint8_t *ptr = NULL;
+ hash_algorithm_t hash_algid;
+ uint16_t cmprime_len;
+ uint16_t mod_q_mask;
+ uint16_t q_mod_p;
+ uint16_t cm_len = 0;
+ uint16_t num_zeros;
+ uint16_t i;
+ bool decryption_ok = TRUE;
+ uint32_t result = NTRU_OK;
+ ntru_trits_t *mask;
+ uint8_t *mask_trits;
+ chunk_t seed;
+ ntru_poly_t *F_poly, *r_poly;
+
+ /* check for bad parameters */
+ if (!privkey_blob || !ct || !pt_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+ if ((privkey_blob_len == 0) || (ct_len == 0))
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* get a pointer to the parameter-set parameters, the packing types for
+ * the public and private keys, and pointers to the packed public and
+ * private keys
+ */
+
+ if (!ntru_crypto_ntru_encrypt_key_parse(FALSE /* privkey */,
+ privkey_blob_len,
+ privkey_blob, &pubkey_pack_type,
+ &privkey_pack_type, ¶ms,
+ &pubkey_packed, &privkey_packed))
+ {
+ return NTRU_BAD_PRIVATE_KEY;
+ }
+
+ /* return the max plaintext size if requested */
+
+ if (!pt)
+ {
+ *pt_len = params->m_len_max;
+ return NTRU_OK;
+ }
+
+ /* cannot check the plaintext buffer size until after the plaintext
+ * is derived, if we allow plaintext buffers only as large as the
+ * actual plaintext
+ */
+
+ /* check the ciphertext length */
+
+ if (ct_len != (params->N * params->q_bits + 7) >> 3)
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* allocate memory for all operations */
+
+ if (params->is_product_form)
+ {
+ ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */
+ dF_r1 = params->dF_r & 0xff;
+ dF_r2 = (params->dF_r >> 8) & 0xff;
+ dF_r3 = (params->dF_r >> 16) & 0xff;
+ dF_r = dF_r1 + dF_r2 + dF_r3;
+ } else {
+ ring_mult_tmp_len = params->N; /* N 16-bit word buffer */
+ dF_r = params->dF_r;
+ }
+ scratch_buf_len = (ring_mult_tmp_len << 1) +
+ /* X-byte temp buf for ring mult and
+ other intermediate results */
+ (params->N << 2) + /* 2 2N-byte bufs for ring elements
+ and overflow from temp buffer */
+ (dF_r << 2) + /* buffer for F, r indices */
+ params->m_len_max; /* buffer for plaintext */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf1 = scratch_buf + ring_mult_tmp_len;
+ ringel_buf2 = ringel_buf1 + params->N;
+ i_buf = ringel_buf2 + params->N;
+ m_buf = (uint8_t *)(i_buf + (dF_r << 1));
+ tmp_buf = (uint8_t *)scratch_buf;
+ Mtrin_buf = (uint8_t *)ringel_buf1;
+ M_buf = Mtrin_buf + params->N;
+
+ /* set hash algorithm based on security strength */
+ hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256;
+
+ /* set constants */
+ mod_q_mask = params->q - 1;
+ q_mod_p = params->q % 3;
+
+ /* unpack the ciphertext */
+ ntru_octets_2_elements(ct_len, ct, params->q_bits, ringel_buf2);
+
+ /* unpack the private key */
+ if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS)
+ {
+ ntru_packed_trits_2_indices(privkey_packed, params->N, i_buf,
+ i_buf + dF_r);
+
+ }
+ else if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_INDICES)
+ {
+ ntru_octets_2_elements(
+ (((uint16_t)dF_r << 1) * params->N_bits + 7) >> 3,
+ privkey_packed, params->N_bits, i_buf);
+
+ }
+ else
+ {
+ assert(FALSE);
+ }
+
+ /* form cm':
+ * F * e
+ * A = e * (1 + pF) mod q = e + pFe mod q
+ * a = A in the range [-q/2, q/2)
+ * cm' = a mod p
+ */
+ F_poly = ntru_poly_create_from_data(i_buf, params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ F_poly->ring_mult(F_poly, ringel_buf2, ringel_buf1);
+ F_poly->destroy(F_poly);
+
+ cmprime_len = params->N;
+ if (params->is_product_form)
+ {
+ --cmprime_len;
+ for (i = 0; i < cmprime_len; i++)
+ {
+ ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask;
+ if (ringel_buf1[i] >= (params->q >> 1))
+ {
+ ringel_buf1[i] = ringel_buf1[i] - q_mod_p;
+ }
+ Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3);
+ if (Mtrin_buf[i] == 1)
+ {
+ ++m1;
+ }
+ else if (Mtrin_buf[i] == 2)
+ {
+ --m1;
+ }
+ }
+ }
+ else
+ {
+ for (i = 0; i < cmprime_len; i++)
+ {
+ ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask;
+ if (ringel_buf1[i] >= (params->q >> 1))
+ {
+ ringel_buf1[i] = ringel_buf1[i] - q_mod_p;
+ }
+ Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3);
+ }
+ }
+
+ /* check that the candidate message representative meets minimum weight
+ * requirements
+ */
+
+ if (params->is_product_form)
+ {
+ decryption_ok = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) :
+ (bool)( m1 <= params->min_msg_rep_wt);
+ }
+ else
+ {
+ decryption_ok = ntru_poly_check_min_weight(cmprime_len, Mtrin_buf,
+ params->min_msg_rep_wt);
+ }
+
+ /* form cR = e - cm' mod q */
+ for (i = 0; i < cmprime_len; i++)
+ {
+ if (Mtrin_buf[i] == 1)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] - 1) & mod_q_mask;
+ }
+ else if (Mtrin_buf[i] == 2)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] + 1) & mod_q_mask;
+ }
+ }
+ if (params->is_product_form)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] + m1) & mod_q_mask;
+ }
+
+ /* form cR mod 4 */
+ ntru_coeffs_mod4_2_octets(params->N, ringel_buf2, tmp_buf);
+
+ /* form mask */
+ seed = chunk_create(tmp_buf, (params->N + 3)/4);
+ mask = ntru_trits_create(params->N, hash_algid, seed);
+ if (!mask)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ else
+ {
+ mask_trits = mask->get_trits(mask);
+
+ /* form cMtrin by subtracting mask from cm', mod p */
+ for (i = 0; i < cmprime_len; i++)
+ {
+ Mtrin_buf[i] = Mtrin_buf[i] - mask_trits[i];
+ if (Mtrin_buf[i] >= 3)
+ {
+ Mtrin_buf[i] += 3;
+ }
+ }
+ mask->destroy(mask);
+
+ if (params->is_product_form)
+
+ /* set the last trit to zero since that's what it was, and
+ * because it can't be calculated from (cm' - mask) since
+ * we don't have the correct value for the last cm' trit
+ */
+
+ Mtrin_buf[i] = 0;
+
+ /* convert cMtrin to cM (Mtrin to Mbin) */
+
+ if (!ntru_trits_2_bits(Mtrin_buf, params->N, M_buf))
+ decryption_ok = FALSE;
+
+ /* validate the padded message cM and copy cm to m_buf */
+
+ ptr = M_buf + params->sec_strength_len;
+ if (params->m_len_len == 2)
+ cm_len = (uint16_t)(*ptr++) << 16;
+ cm_len |= (uint16_t)(*ptr++);
+ if (cm_len > params->m_len_max) {
+ cm_len = params->m_len_max;
+ decryption_ok = FALSE;
+ }
+ memcpy(m_buf, ptr, cm_len);
+ ptr += cm_len;
+ num_zeros = params->m_len_max - cm_len + 1;
+ for (i = 0; i < num_zeros; i++) {
+ if (ptr[i] != 0)
+ decryption_ok = FALSE;
+ }
+
+ /* form sData (OID || m || b || hTrunc) */
+
+ ptr = tmp_buf;
+ memcpy(ptr, params->OID, 3);
+ ptr += 3;
+ memcpy(ptr, m_buf, cm_len);
+ ptr += cm_len;
+ memcpy(ptr, M_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ memcpy(ptr, pubkey_packed, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+
+ /* generate cr */
+ DBG2(DBG_LIB, "generate polynomial r");
+
+ seed = chunk_create(tmp_buf, ptr - tmp_buf);
+ r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!r_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ /* unpack the public key */
+ {
+ uint16_t pubkey_packed_len;
+
+ assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS);
+ pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+ ntru_octets_2_elements(pubkey_packed_len, pubkey_packed,
+ params->q_bits, ringel_buf1);
+ }
+
+ /* form cR' = h * cr */
+ r_poly->ring_mult(r_poly, ringel_buf1, ringel_buf1);
+ r_poly->destroy(r_poly);
+
+ /* compare cR' to cR */
+ for (i = 0; i < params->N; i++)
+ {
+ if (ringel_buf1[i] != ringel_buf2[i])
+ {
+ decryption_ok = FALSE;
+ }
+ }
+
+ /* output plaintext and plaintext length */
+ if (decryption_ok)
+ {
+ if (*pt_len < cm_len)
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+ memcpy(pt, m_buf, cm_len);
+ *pt_len = cm_len;
+ }
+ }
+
+ /* cleanup */
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ if (!decryption_ok)
+ {
+ return NTRU_FAIL;
+ }
+
+ return result;
+}
+
+
+/* ntru_crypto_ntru_encrypt_keygen
+ *
+ * Implements key generation for NTRUEncrypt for the parameter set specified.
+ *
+ * The required minimum size of the output public-key buffer (pubkey_blob)
+ * may be queried by invoking this function with pubkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for pubkey_blob is returned in pubkey_blob_len.
+ *
+ * The required minimum size of the output private-key buffer (privkey_blob)
+ * may be queried by invoking this function with privkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for privkey_blob is returned in privkey_blob_len.
+ *
+ * The required minimum sizes of both pubkey_blob and privkey_blob may be
+ * queried as described above, in a single invocation of this function.
+ *
+ * When pubkey_blob != NULL and privkey_blob != NULL, at invocation
+ * *pubkey_blob_len must be the size of the pubkey_blob buffer and
+ * *privkey_blob_len must be the size of the privkey_blob buffer.
+ * Upon return, *pubkey_blob_len is the actual size of the public-key blob
+ * and *privkey_blob_len is the actual size of the private-key blob.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob or
+ * privkey_blob) is NULL.
+ * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid.
+ * Returns NTRU_BAD_LENGTH if a length argument is invalid.
+ * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the
+ * privkey_blob buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if the polynomial generated for f is not invertible in
+ * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely.
+ * Should this occur, this function should simply be invoked again.
+ */
+
+uint32_t
+ntru_crypto_ntru_encrypt_keygen(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */
+ uint16_t *pubkey_blob_len, /* in/out - no. of octets in
+ pubkey_blob, addr
+ for no. of octets
+ in pubkey_blob */
+ uint8_t *pubkey_blob, /* out - address for
+ public key blob */
+ uint16_t *privkey_blob_len, /* in/out - no. of octets in
+ privkey_blob, addr
+ for no. of octets
+ in privkey_blob */
+ uint8_t *privkey_blob) /* out - address for
+ private key blob */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint16_t public_key_blob_len;
+ uint16_t private_key_blob_len;
+ uint8_t pubkey_pack_type;
+ uint8_t privkey_pack_type;
+ size_t scratch_buf_len;
+ uint32_t dF;
+ uint32_t dF1 = 0;
+ uint32_t dF2 = 0;
+ uint32_t dF3 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf1 = NULL;
+ uint16_t *ringel_buf2 = NULL;
+ uint8_t *tmp_buf = NULL;
+ uint16_t mod_q_mask;
+ hash_algorithm_t hash_algid;
+ uint16_t seed_len;
+ chunk_t seed;
+ uint32_t result = NTRU_OK;
+ ntru_poly_t *F_poly = NULL;
+ ntru_poly_t *g_poly = NULL;
+ uint16_t *F_indices;
+
+ /* get a pointer to the parameter-set parameters */
+
+ if ((params = ntru_encrypt_get_params_with_id(param_set_id)) == NULL)
+ {
+ return NTRU_INVALID_PARAMETER_SET;
+ }
+
+ /* check for bad parameters */
+
+ if (!pubkey_blob_len || !privkey_blob_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+
+ /* get public and private key packing types and blob lengths */
+
+ ntru_crypto_ntru_encrypt_key_get_blob_params(params, &pubkey_pack_type,
+ &public_key_blob_len,
+ &privkey_pack_type,
+ &private_key_blob_len);
+
+ /* return the pubkey_blob size and/or privkey_blob size if requested */
+
+ if (!pubkey_blob || !privkey_blob)
+ {
+ if (!pubkey_blob)
+ *pubkey_blob_len = public_key_blob_len;
+ if (!privkey_blob)
+ *privkey_blob_len = private_key_blob_len;
+ return NTRU_OK;
+ }
+
+ /* check size of output buffers */
+
+ if ((*pubkey_blob_len < public_key_blob_len) ||
+ (*privkey_blob_len < private_key_blob_len))
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+
+ /* allocate memory for all operations */
+ if (params->is_product_form) {
+ dF1 = params->dF_r & 0xff;
+ dF2 = (params->dF_r >> 8) & 0xff;
+ dF3 = (params->dF_r >> 16) & 0xff;
+ dF = dF1 + dF2 + dF3;
+ } else {
+ dF = params->dF_r;
+ }
+
+ scratch_buf_len = (params->N * 8) + /* 4N-byte temp buffer for ring inv
+ and other intermediate results,
+ 2N-byte buffer for f, g indices
+ and overflow from temp buffer,
+ 2N-byte buffer for f^-1 */
+ (dF << 2); /* buffer for F indices */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf1 = scratch_buf + (params->N << 1);
+ ringel_buf2 = ringel_buf1 + params->N;
+ tmp_buf = (uint8_t *)scratch_buf;
+
+ /* set hash algorithm and seed length based on security strength */
+ if (params->sec_strength_len <= 20)
+ {
+ hash_algid = HASH_SHA1;
+ }
+ else
+ {
+ hash_algid = HASH_SHA256;
+ }
+ seed_len = params->sec_strength_len + 8;
+
+ /* set constants */
+
+ mod_q_mask = params->q - 1;
+
+ /* get random bytes for seed for generating trinary F
+ * as a list of indices
+ */
+
+ if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ seed_len, tmp_buf))
+ {
+ result = NTRU_OK;
+ }
+ else
+ {
+ result = NTRU_DRBG_FAIL;
+ }
+
+ if (result == NTRU_OK)
+ {
+ DBG2(DBG_LIB, "generate polynomial F");
+
+ seed = chunk_create(tmp_buf, seed_len);
+ F_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!F_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ int i;
+
+ F_poly->get_array(F_poly, ringel_buf1);
+
+ /* form f = 1 + pF */
+ for (i = 0; i < params->N; i++)
+ {
+ ringel_buf1[i] = (ringel_buf1[i] * 3) & mod_q_mask;
+ }
+ ringel_buf1[0] = (ringel_buf1[0] + 1) & mod_q_mask;
+
+ /* find f^-1 in (Z/qZ)[X]/(X^N - 1) */
+ if (!ntru_ring_inv(ringel_buf1, params->N, params->q,
+ scratch_buf, ringel_buf2))
+ {
+ result = NTRU_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+
+ /* get random bytes for seed for generating trinary polynomial g
+ * as a list of indices
+ */
+ if (!drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ seed_len, tmp_buf))
+ {
+ result = NTRU_DRBG_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ DBG2(DBG_LIB, "generate polynomial g");
+
+ seed = chunk_create(tmp_buf, seed_len);
+ g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dg + 1, params->dg, FALSE);
+ if (!g_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint16_t i;
+
+ /* compute h = p * (f^-1 * g) mod q */
+ g_poly->ring_mult(g_poly, ringel_buf2, ringel_buf2);
+ g_poly->destroy(g_poly);
+
+ for (i = 0; i < params->N; i++)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] * 3) & mod_q_mask;
+ }
+
+ /* create public key blob */
+ ntru_crypto_ntru_encrypt_key_create_pubkey_blob(params, ringel_buf2,
+ pubkey_pack_type,
+ pubkey_blob);
+ *pubkey_blob_len = public_key_blob_len;
+
+ /* create private key blob */
+ F_indices = F_poly->get_indices(F_poly);
+ ntru_crypto_ntru_encrypt_key_create_privkey_blob(params, ringel_buf2,
+ F_indices,
+ privkey_pack_type,
+ tmp_buf, privkey_blob);
+ *privkey_blob_len = private_key_blob_len;
+ }
+
+ /* cleanup */
+ DESTROY_IF(F_poly);
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ return result;
+}
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c
new file mode 100644
index 0000000..90baaad
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c
@@ -0,0 +1,360 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt_key.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_key.c
+ *
+ * Contents: Routines for exporting and importing public and private keys
+ * for NTRUEncrypt.
+ *
+ *****************************************************************************/
+
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto_ntru_encrypt_key.h"
+
+
+/* ntru_crypto_ntru_encrypt_key_parse
+ *
+ * Parses an NTRUEncrypt key blob.
+ * If the blob is not corrupt, returns packing types for public and private
+ * keys, a pointer to the parameter set, a pointer to the public key, and
+ * a pointer to the private key if it exists.
+ *
+ * Returns TRUE if successful.
+ * Returns FALSE if the blob is invalid.
+ */
+
+bool
+ntru_crypto_ntru_encrypt_key_parse(
+ bool pubkey_parse, /* in - if parsing pubkey
+ blob */
+ uint16_t key_blob_len, /* in - no. octets in key
+ blob */
+ uint8_t const *key_blob, /* in - pointer to key blob */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to
+ parameter set */
+ uint8_t const **pubkey, /* out - addr for ptr to
+ packed pubkey */
+ uint8_t const **privkey) /* out - addr for ptr to
+ packed privkey */
+{
+ uint8_t tag;
+
+ assert(key_blob_len);
+ assert(key_blob);
+ assert(pubkey_pack_type);
+ assert(params);
+ assert(pubkey);
+
+ /* parse key blob based on tag */
+
+ tag = key_blob[0];
+ switch (tag) {
+ case NTRU_ENCRYPT_PUBKEY_TAG:
+ if (!pubkey_parse)
+ return FALSE;
+ break;
+ case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG:
+ assert(privkey_pack_type);
+ assert(privkey);
+ if (pubkey_parse)
+ return FALSE;
+ break;
+ default:
+ return FALSE;
+ }
+
+ switch (tag) {
+ case NTRU_ENCRYPT_PUBKEY_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG:
+
+ /* Version 0:
+ * byte 0: tag
+ * byte 1: no. of octets in OID
+ * bytes 2-4: OID
+ * bytes 5- : packed pubkey
+ * [packed privkey]
+ */
+
+ {
+ NTRU_ENCRYPT_PARAM_SET *p = NULL;
+ uint16_t pubkey_packed_len;
+
+ /* check OID length and minimum blob length for tag and OID */
+
+ if ((key_blob_len < 5) || (key_blob[1] != 3))
+ return FALSE;
+
+ /* get a pointer to the parameter set corresponding to the OID */
+
+ if ((p = ntru_encrypt_get_params_with_OID(key_blob + 2)) == NULL)
+ return FALSE;
+
+ /* check blob length and assign pointers to blob fields */
+
+ pubkey_packed_len = (p->N * p->q_bits + 7) / 8;
+ if (pubkey_parse) { /* public-key parsing */
+ if (key_blob_len != 5 + pubkey_packed_len)
+ return FALSE;
+
+ *pubkey = key_blob + 5;
+
+ } else { /* private-key parsing */
+ uint16_t privkey_packed_len;
+ uint16_t privkey_packed_trits_len = (p->N + 4) / 5;
+ uint16_t privkey_packed_indices_len;
+ uint16_t dF;
+
+ /* check packing type for product-form private keys */
+
+ if (p->is_product_form &&
+ (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG))
+ return FALSE;
+
+ /* set packed-key length for packed indices */
+
+ if (p->is_product_form)
+ dF = (uint16_t)( (p->dF_r & 0xff) + /* df1 */
+ ((p->dF_r >> 8) & 0xff) + /* df2 */
+ ((p->dF_r >> 16) & 0xff)); /* df3 */
+ else
+ dF = (uint16_t)p->dF_r;
+ privkey_packed_indices_len = ((dF << 1) * p->N_bits + 7) >> 3;
+
+ /* set private-key packing type if defaulted */
+
+ if (tag == NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG) {
+ if (p->is_product_form ||
+ (privkey_packed_indices_len <=
+ privkey_packed_trits_len))
+ tag = NTRU_ENCRYPT_PRIVKEY_INDICES_TAG;
+ else
+ tag = NTRU_ENCRYPT_PRIVKEY_TRITS_TAG;
+ }
+
+ if (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG)
+ privkey_packed_len = privkey_packed_trits_len;
+ else
+ privkey_packed_len = privkey_packed_indices_len;
+
+ if (key_blob_len != 5 + pubkey_packed_len + privkey_packed_len)
+ return FALSE;
+
+ *pubkey = key_blob + 5;
+ *privkey = *pubkey + pubkey_packed_len;
+ *privkey_pack_type = (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG) ?
+ NTRU_ENCRYPT_KEY_PACKED_TRITS :
+ NTRU_ENCRYPT_KEY_PACKED_INDICES;
+ }
+
+ /* return parameter set pointer */
+
+ *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS;
+ *params = p;
+ }
+ default:
+ break; /* can't get here */
+ }
+ return TRUE;
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_get_blob_params
+ *
+ * Returns public and private key packing types and blob lengths given
+ * a packing format. For now, only a default packing format exists.
+ *
+ * Only public-key params may be returned by setting privkey_pack_type
+ * and privkey_blob_len to NULL.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_get_blob_params(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint16_t *pubkey_blob_len, /* out - addr for no. of
+ bytes in
+ pubkey blob */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ uint16_t *privkey_blob_len) /* out - addr for no. of
+ bytes in
+ privkey blob */
+{
+ uint16_t pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+
+ assert(params);
+ assert(pubkey_pack_type);
+ assert(pubkey_blob_len);
+
+ *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS;
+ *pubkey_blob_len = 5 + pubkey_packed_len;
+
+ if (privkey_pack_type && privkey_blob_len) {
+ uint16_t privkey_packed_trits_len = (params->N + 4) / 5;
+ uint16_t privkey_packed_indices_len;
+ uint16_t dF;
+
+ if (params->is_product_form)
+ dF = (uint16_t)( (params->dF_r & 0xff) + /* df1 */
+ ((params->dF_r >> 8) & 0xff) + /* df2 */
+ ((params->dF_r >> 16) & 0xff)); /* df3 */
+ else
+ dF = (uint16_t)params->dF_r;
+ privkey_packed_indices_len = ((dF << 1) * params->N_bits + 7) >> 3;
+
+ if (params->is_product_form ||
+ (privkey_packed_indices_len <= privkey_packed_trits_len)) {
+ *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_INDICES;
+ *privkey_blob_len =
+ 5 + pubkey_packed_len + privkey_packed_indices_len;
+ } else {
+ *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_TRITS;
+ *privkey_blob_len =
+ 5 + pubkey_packed_len + privkey_packed_trits_len;
+ }
+ }
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob
+ *
+ * Returns a public key blob, packed according to the packing type provided.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_create_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint8_t pubkey_pack_type, /* out - pubkey packing
+ type */
+ uint8_t *pubkey_blob) /* out - addr for the
+ pubkey blob */
+{
+ assert(params);
+ assert(pubkey);
+ assert(pubkey_blob);
+
+ switch (pubkey_pack_type) {
+ case NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS:
+ *pubkey_blob++ = NTRU_ENCRYPT_PUBKEY_TAG;
+ *pubkey_blob++ = (uint8_t)sizeof(params->OID);
+ memcpy(pubkey_blob, params->OID, sizeof(params->OID));
+ pubkey_blob += sizeof(params->OID);
+ ntru_elements_2_octets(params->N, pubkey, params->q_bits,
+ pubkey_blob);
+ break;
+ default:
+ assert(FALSE);
+ }
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_create_privkey_blob
+ *
+ * Returns a private key blob, packed according to the packing type provided.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_create_privkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint16_t const *privkey, /* in - pointer to the
+ indices of the
+ privkey */
+ uint8_t privkey_pack_type, /* in - privkey packing
+ type */
+ uint8_t *buf, /* in - temp, N bytes */
+ uint8_t *privkey_blob) /* out - addr for the
+ privkey blob */
+{
+ assert(params);
+ assert(pubkey);
+ assert(privkey);
+ assert(privkey_blob);
+
+ switch (privkey_pack_type) {
+ case NTRU_ENCRYPT_KEY_PACKED_TRITS:
+ case NTRU_ENCRYPT_KEY_PACKED_INDICES:
+
+ /* format header and packed public key */
+
+ *privkey_blob++ = NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG;
+ *privkey_blob++ = (uint8_t)sizeof(params->OID);
+ memcpy(privkey_blob, params->OID, sizeof(params->OID));
+ privkey_blob += sizeof(params->OID);
+ ntru_elements_2_octets(params->N, pubkey, params->q_bits,
+ privkey_blob);
+ privkey_blob += (params->N * params->q_bits + 7) >> 3;
+
+ /* add packed private key */
+
+ if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS) {
+ ntru_indices_2_packed_trits(privkey, (uint16_t)params->dF_r,
+ (uint16_t)params->dF_r,
+ params->N, buf, privkey_blob);
+ } else {
+ uint32_t dF;
+
+ if (params->is_product_form) {
+ dF = (params->dF_r & 0xff) +
+ ((params->dF_r >> 8) & 0xff) +
+ ((params->dF_r >> 16) & 0xff);
+ } else {
+ dF = params->dF_r;
+ }
+ ntru_elements_2_octets((uint16_t)dF << 1, privkey,
+ params->N_bits, privkey_blob);
+ }
+ break;
+ default:
+ assert(FALSE);
+ break;
+ }
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h
new file mode 100644
index 0000000..6734f2a
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h
@@ -0,0 +1,167 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_cencrypt_key.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+
+#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H
+#define NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H
+
+#include "ntru_crypto_ntru_convert.h"
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+
+
+/* key-blob definitions */
+
+#define NTRU_ENCRYPT_PUBKEY_TAG 0x01
+#define NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG 0x02
+#define NTRU_ENCRYPT_PRIVKEY_TRITS_TAG 0xfe
+#define NTRU_ENCRYPT_PRIVKEY_INDICES_TAG 0xff
+
+/* packing types */
+
+#define NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS 0x01
+#define NTRU_ENCRYPT_KEY_PACKED_INDICES 0x02
+#define NTRU_ENCRYPT_KEY_PACKED_TRITS 0x03
+
+/* function declarations */
+
+
+/* ntru_crypto_ntru_encrypt_key_parse
+ *
+ * Parses an NTRUEncrypt key blob.
+ * If the blob is not corrupt, returns packing types for public and private
+ * keys, a pointer to the parameter set, a pointer to the public key, and
+ * a pointer to the private key if it exists.
+ *
+ * Returns TRUE if successful.
+ * Returns FALSE if the blob is invalid.
+ */
+
+extern bool
+ntru_crypto_ntru_encrypt_key_parse(
+ bool pubkey_parse, /* in - if parsing pubkey
+ blob */
+ uint16_t key_blob_len, /* in - no. octets in key
+ blob */
+ uint8_t const *key_blob, /* in - pointer to key blob */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to
+ parameter set */
+ uint8_t const **pubkey, /* out - addr for ptr to
+ packed pubkey */
+ uint8_t const **privkey); /* out - addr for ptr to
+ packed privkey */
+
+
+/* ntru_crypto_ntru_encrypt_key_get_blob_params
+ *
+ * Returns public and private key packing types and blob lengths given
+ * a packing format. For now, only a default packing format exists.
+ *
+ * Only public-key params may be returned by setting privkey_pack_type
+ * and privkey_blob_len to NULL.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_get_blob_params(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint16_t *pubkey_blob_len, /* out - addr for no. of
+ bytes in
+ pubkey blob */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ uint16_t *privkey_blob_len); /* out - addr for no. of
+ bytes in
+ privkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob
+ *
+ * Returns a public key blob, packed according to the packing type provided.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_create_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint8_t pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *pubkey_blob); /* out - addr for the
+ pubkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob
+ *
+ * Returns a public key blob, recreated from an already-packed public key.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t packed_pubkey_len, /* in - no. octets in
+ packed pubkey */
+ uint8_t const *packed_pubkey, /* in - pointer to the
+ packed pubkey */
+ uint8_t pubkey_pack_type, /* out - pubkey packing
+ type */
+ uint8_t *pubkey_blob); /* out - addr for the
+ pubkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_create_privkey_blob
+ *
+ * Returns a privlic key blob, packed according to the packing type provided.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_create_privkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint16_t const *privkey, /* in - pointer to the
+ indices of the
+ privkey */
+ uint8_t privkey_pack_type, /* in - privkey packing
+ type */
+ uint8_t *buf, /* in - temp, N bytes */
+ uint8_t *privkey_blob); /* out - addr for the
+ privkey blob */
+
+
+#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
new file mode 100644
index 0000000..5ddf91d
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
@@ -0,0 +1,384 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_param_sets.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_param_sets.c
+ *
+ * Contents: Defines the NTRUEncrypt parameter sets.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+
+
+/* parameter sets */
+
+static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
+
+ {
+ NTRU_EES401EP1, /* parameter-set id */
+ {0x00, 0x02, 0x04}, /* OID */
+ 0x22, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 401, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 113, /* df, dr */
+ 133, /* dg */
+ 60, /* maxMsgLenBytes */
+ 113, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES449EP1, /* parameter-set id */
+ {0x00, 0x03, 0x03}, /* OID */
+ 0x23, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 449, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 134, /* df, dr */
+ 149, /* dg */
+ 67, /* maxMsgLenBytes */
+ 134, /* dm0 */
+ 9, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES677EP1, /* parameter-set id */
+ {0x00, 0x05, 0x03}, /* OID */
+ 0x24, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 677, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 157, /* df, dr */
+ 225, /* dg */
+ 101, /* maxMsgLenBytes */
+ 157, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1087EP2, /* parameter-set id */
+ {0x00, 0x06, 0x03}, /* OID */
+ 0x25, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 1087, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 120, /* df, dr */
+ 362, /* dg */
+ 170, /* maxMsgLenBytes */
+ 120, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES541EP1, /* parameter-set id */
+ {0x00, 0x02, 0x05}, /* OID */
+ 0x26, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 541, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 49, /* df, dr */
+ 180, /* dg */
+ 86, /* maxMsgLenBytes */
+ 49, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES613EP1, /* parameter-set id */
+ {0x00, 0x03, 0x04}, /* OID */
+ 0x27, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 613, /* N */
+ 16, /* securuity strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 55, /* df, dr */
+ 204, /* dg */
+ 97, /* maxMsgLenBytes */
+ 55, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES887EP1, /* parameter-set id */
+ {0x00, 0x05, 0x04}, /* OID */
+ 0x28, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 887, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 81, /* df, dr */
+ 295, /* dg */
+ 141, /* maxMsgLenBytes */
+ 81, /* dm0 */
+ 10, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1171EP1, /* parameter-set id */
+ {0x00, 0x06, 0x04}, /* OID */
+ 0x29, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1171, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 106, /* df, dr */
+ 390, /* dg */
+ 186, /* maxMsgLenBytes */
+ 106, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES659EP1, /* parameter-set id */
+ {0x00, 0x02, 0x06}, /* OID */
+ 0x2a, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 659, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 38, /* df, dr */
+ 219, /* dg */
+ 108, /* maxMsgLenBytes */
+ 38, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES761EP1, /* parameter-set id */
+ {0x00, 0x03, 0x05}, /* OID */
+ 0x2b, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 761, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 42, /* df, dr */
+ 253, /* dg */
+ 125, /* maxMsgLenBytes */
+ 42, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1087EP1, /* parameter-set id */
+ {0x00, 0x05, 0x05}, /* OID */
+ 0x2c, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1087, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 63, /* df, dr */
+ 362, /* dg */
+ 178, /* maxMsgLenBytes */
+ 63, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1499EP1, /* parameter-set id */
+ {0x00, 0x06, 0x05}, /* OID */
+ 0x2d, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1499, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 79, /* df, dr */
+ 499, /* dg */
+ 247, /* maxMsgLenBytes */
+ 79, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES401EP2, /* parameter-set id */
+ {0x00, 0x02, 0x10}, /* OID */
+ 0x2e, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 401, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 8 + (8 << 8) + (6 << 16), /* df, dr */
+ 133, /* dg */
+ 60, /* maxMsgLenBytes */
+ 136, /* m(1)_max */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES439EP1, /* parameter-set id */
+ {0x00, 0x03, 0x10}, /* OID */
+ 0x2f, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 439, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 9 + (8 << 8) + (5 << 16), /* df, dr */
+ 146, /* dg */
+ 65, /* maxMsgLenBytes */
+ 126, /* m(1)_max */
+ 9, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES593EP1, /* parameter-set id */
+ {0x00, 0x05, 0x10}, /* OID */
+ 0x30, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 593, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 10 + (10 << 8) + (8 << 16), /* df, dr */
+ 197, /* dg */
+ 86, /* maxMsgLenBytes */
+ 90, /* m(1)_max */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES743EP1, /* parameter-set id */
+ {0x00, 0x06, 0x10}, /* OID */
+ 0x31, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 743, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 11 + (11 << 8) + (15 << 16), /* df, dr */
+ 247, /* dg */
+ 106, /* maxMsgLenBytes */
+ 60, /* m(1)_max */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+};
+
+static size_t numParamSets =
+ sizeof(ntruParamSets)/sizeof(NTRU_ENCRYPT_PARAM_SET);
+
+
+/* functions */
+
+/* ntru_encrypt_get_params_with_id
+ *
+ * Looks up a set of NTRUEncrypt parameters based on the id of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_id(
+ NTRU_ENCRYPT_PARAM_SET_ID id) /* in - parameter-set id */
+{
+ size_t i;
+
+ for (i = 0; i < numParamSets; i++) {
+ if (ntruParamSets[i].id == id) {
+ return &(ntruParamSets[i]);
+ }
+ }
+ return NULL;
+}
+
+
+/* ntru_encrypt_get_params_with_OID
+ *
+ * Looks up a set of NTRUEncrypt parameters based on the OID of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_OID(
+ uint8_t const *oid) /* in - pointer to parameter-set OID */
+{
+ size_t i;
+
+ for (i = 0; i < numParamSets; i++) {
+ if (!memcmp(ntruParamSets[i].OID, oid, 3)) {
+ return &(ntruParamSets[i]);
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
new file mode 100644
index 0000000..e5e977a
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
@@ -0,0 +1,101 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt_param_sets.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_param_sets.h
+ *
+ * Contents: Definitions and declarations for the NTRUEncrypt parameter sets.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H
+#define NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H
+
+#include "ntru_crypto.h"
+
+/* structures */
+
+typedef struct _NTRU_ENCRYPT_PARAM_SET {
+ NTRU_ENCRYPT_PARAM_SET_ID id; /* parameter-set ID */
+ uint8_t const OID[3]; /* pointer to OID */
+ uint8_t der_id; /* parameter-set DER id */
+ uint8_t N_bits; /* no. of bits in N (i.e. in
+ an index */
+ uint16_t N; /* ring dimension */
+ uint16_t sec_strength_len; /* no. of octets of
+ security strength */
+ uint16_t q; /* big modulus */
+ uint8_t q_bits; /* no. of bits in q (i.e. in
+ a coefficient */
+ bool is_product_form; /* if product form used */
+ uint32_t dF_r; /* no. of 1 or -1 coefficients
+ in ring elements F, r */
+ uint16_t dg; /* no. - 1 of 1 coefficients
+ or no. of -1 coefficients
+ in ring element g */
+ uint16_t m_len_max; /* max no. of plaintext
+ octets */
+ uint16_t min_msg_rep_wt; /* min. message
+ representative weight */
+ uint8_t c_bits; /* no. bits in candidate for
+ deriving an index in
+ IGF-2 */
+ uint8_t m_len_len; /* no. of octets to hold
+ mLenOctets */
+} NTRU_ENCRYPT_PARAM_SET;
+
+
+
+/* function declarations */
+
+/* ntru_encrypt_get_params_with_id
+ *
+ * Looks up a set of NTRU Encrypt parameters based on the id of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+extern NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_id(
+ NTRU_ENCRYPT_PARAM_SET_ID id); /* in - parameter-set id */
+
+
+/* ntru_encrypt_get_params_with_OID
+ *
+ * Looks up a set of NTRU Encrypt parameters based on the OID of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+extern NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_OID(
+ uint8_t const *oid); /* in - pointer to parameter-set OID */
+
+#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H */
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c
new file mode 100644
index 0000000..8e4eede
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c
@@ -0,0 +1,242 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_poly.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include "ntru_crypto_ntru_poly.h"
+
+/* ntru_poly_check_min_weight
+ *
+ * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed
+ * a minimum weight.
+ */
+
+bool
+ntru_poly_check_min_weight(
+ uint16_t num_els, /* in - degree of polynomial */
+ uint8_t *ringels, /* in - pointer to trinary ring elements */
+ uint16_t min_wt) /* in - minimum weight */
+{
+ uint16_t wt[3];
+ uint16_t i;
+
+ wt[0] = wt[1] = wt[2] = 0;
+ for (i = 0; i < num_els; i++) {
+ ++wt[ringels[i]];
+ }
+ if ((wt[0] < min_wt) || (wt[1] < min_wt) || (wt[2] < min_wt)) {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/* ntru_ring_mult_coefficients
+ *
+ * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b"
+ * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1).
+ * This is a convolution operation.
+ *
+ * Ring element "b" has coefficients in the range [0,N).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum
+ * beyond 16 bits does not matter.
+ */
+
+void
+ntru_ring_mult_coefficients(
+ uint16_t const *a, /* in - pointer to polynomial a */
+ uint16_t const *b, /* in - pointer to polynomial b */
+ uint16_t N, /* in - no. of coefficients in a, b, c */
+ uint16_t q, /* in - large modulus */
+ uint16_t *c) /* out - address for polynomial c */
+{
+ uint16_t const *bptr = b;
+ uint16_t mod_q_mask = q - 1;
+ uint16_t i, k;
+
+ /* c[k] = sum(a[i] * b[k-i]) mod q */
+ memset(c, 0, N * sizeof(uint16_t));
+ for (k = 0; k < N; k++) {
+ i = 0;
+ while (i <= k)
+ c[k] += a[i++] * *bptr--;
+ bptr += N;
+ while (i < N)
+ c[k] += a[i++] * *bptr--;
+ c[k] &= mod_q_mask;
+ ++bptr;
+ }
+}
+
+
+/* ntru_ring_inv
+ *
+ * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that operations mod q can
+ * wait until the end, and only 16-bit arrays need to be used.
+ */
+
+bool
+ntru_ring_inv(
+ uint16_t *a, /* in - pointer to polynomial a */
+ uint16_t N, /* in - no. of coefficients in a */
+ uint16_t q, /* in - large modulus */
+ uint16_t *t, /* in - temp buffer of 2N elements */
+ uint16_t *a_inv) /* out - address for polynomial a^-1 */
+{
+ uint8_t *b = (uint8_t *)t; /* b cannot be in a_inv since it must be
+ rotated and copied there as a^-1 mod 2 */
+ uint8_t *c = b + N; /* c cannot be in a_inv since it exchanges
+ with b, and b cannot be in a_inv */
+ uint8_t *f = c + N;
+ uint8_t *g = (uint8_t *)a_inv; /* g needs N + 1 bytes */
+ uint16_t *t2 = t + N;
+ uint16_t deg_b;
+ uint16_t deg_c;
+ uint16_t deg_f;
+ uint16_t deg_g;
+ uint16_t k = 0;
+ bool done = FALSE;
+ uint16_t i, j;
+
+ /* form a^-1 in (Z/2Z)[X]/X^N - 1) */
+ memset(b, 0, (N << 1)); /* clear to init b, c */
+
+ /* b(X) = 1 */
+ b[0] = 1;
+ deg_b = 0;
+
+ /* c(X) = 0 (cleared above) */
+ deg_c = 0;
+
+ /* f(X) = a(X) mod 2 */
+ for (i = 0; i < N; i++)
+ f[i] = (uint8_t)(a[i] & 1);
+ deg_f = N - 1;
+
+ /* g(X) = X^N - 1 */
+ g[0] = 1;
+ memset(g + 1, 0, N - 1);
+ g[N] = 1;
+ deg_g = N;
+
+ /* until f(X) = 1 */
+
+ while (!done)
+ {
+
+ /* while f[0] = 0, f(X) /= X, c(X) *= X, k++ */
+
+ for (i = 0; (i <= deg_f) && (f[i] == 0); ++i);
+ if (i > deg_f)
+ return FALSE;
+ if (i) {
+ f = f + i;
+ deg_f = deg_f - i;
+ deg_c = deg_c + i;
+ for (j = deg_c; j >= i; j--)
+ c[j] = c[j-i];
+ for (j = 0; j < i; j++)
+ c[j] = 0;
+ k = k + i;
+ }
+
+ /* adjust degree of f(X) if the highest coefficients are zero
+ * Note: f[0] = 1 from above so the loop will terminate.
+ */
+
+ while (f[deg_f] == 0)
+ --deg_f;
+
+ /* if f(X) = 1, done
+ * Note: f[0] = 1 from above, so only check the x term and up
+ */
+
+ for (i = 1; (i <= deg_f) && (f[i] == 0); ++i);
+ if (i > deg_f) {
+ done = TRUE;
+ break;
+ }
+
+ /* if deg_f < deg_g, f <-> g, b <-> c */
+
+ if (deg_f < deg_g) {
+ uint8_t *x;
+
+ x = f;
+ f = g;
+ g = x;
+ deg_f ^= deg_g;
+ deg_g ^= deg_f;
+ deg_f ^= deg_g;
+ x = b;
+ b = c;
+ c = x;
+ deg_b ^= deg_c;
+ deg_c ^= deg_b;
+ deg_b ^= deg_c;
+ }
+
+ /* f(X) += g(X), b(X) += c(X) */
+
+ for (i = 0; i <= deg_g; i++)
+ f[i] ^= g[i];
+
+ if (deg_c > deg_b)
+ deg_b = deg_c;
+ for (i = 0; i <= deg_c; i++)
+ b[i] ^= c[i];
+ }
+
+ /* a^-1 in (Z/2Z)[X]/(X^N - 1) = b(X) shifted left k coefficients */
+
+ j = 0;
+ if (k >= N)
+ k = k - N;
+ for (i = k; i < N; i++)
+ a_inv[j++] = (uint16_t)(b[i]);
+ for (i = 0; i < k; i++)
+ a_inv[j++] = (uint16_t)(b[i]);
+
+ /* lift a^-1 in (Z/2Z)[X]/(X^N - 1) to a^-1 in (Z/qZ)[X]/(X^N -1) */
+
+ for (j = 0; j < 4; ++j) { /* assumes 256 < q <= 65536 */
+
+ /* a^-1 = a^-1 * (2 - a * a^-1) mod q */
+
+ memcpy(t2, a_inv, N * sizeof(uint16_t));
+ ntru_ring_mult_coefficients(a, t2, N, q, t);
+ for (i = 0; i < N; ++i)
+ t[i] = q - t[i];
+ t[0] = t[0] + 2;
+ ntru_ring_mult_coefficients(t2, t, N, q, a_inv);
+ }
+
+ return TRUE;
+
+
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h
new file mode 100644
index 0000000..1e9d467
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h
@@ -0,0 +1,96 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_poly.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_poly.h
+ *
+ * Contents: Public header file for generating and operating on polynomials
+ * in the NTRU algorithm.
+ *
+ *****************************************************************************/
+
+
+#ifndef NTRU_CRYPTO_NTRU_POLY_H
+#define NTRU_CRYPTO_NTRU_POLY_H
+
+
+#include "ntru_crypto.h"
+
+#include <crypto/hashers/hasher.h>
+
+
+/* function declarations */
+
+/* ntru_poly_check_min_weight
+ *
+ * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed
+ * a minimum weight.
+ */
+
+extern bool
+ntru_poly_check_min_weight(
+ uint16_t num_els, /* in - degree of polynomial */
+ uint8_t *ringels, /* in - pointer to trinary ring elements */
+ uint16_t min_wt); /* in - minimum weight */
+
+/* ntru_ring_mult_coefficients
+ *
+ * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b"
+ * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1).
+ * This is a convolution operation.
+ *
+ * Ring element "b" has coefficients in the range [0,N).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum
+ * beyond 16 bits does not matter.
+ */
+
+extern void
+ntru_ring_mult_coefficients(
+ uint16_t const *a, /* in - pointer to polynomial a */
+ uint16_t const *b, /* in - pointer to polynomial b */
+ uint16_t N, /* in - no. of coefficients in a, b, c */
+ uint16_t q, /* in - large modulus */
+ uint16_t *c); /* out - address for polynomial c */
+
+
+/* ntru_ring_inv
+ *
+ * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that operations mod q can
+ * wait until the end, and only 16-bit arrays need to be used.
+ */
+
+extern bool
+ntru_ring_inv(
+ uint16_t *a, /* in - pointer to polynomial a */
+ uint16_t N, /* in - no. of coefficients in a */
+ uint16_t q, /* in - large modulus */
+ uint16_t *t, /* in - temp buffer of 2N elements */
+ uint16_t *a_inv); /* out - address for polynomial a^-1 */
+
+
+#endif /* NTRU_CRYPTO_NTRU_POLY_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c
new file mode 100644
index 0000000..181a589
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_drbg.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+#define MAX_STRENGTH_BITS 256
+#define MAX_DRBG_REQUESTS 0xfffffffe
+
+typedef struct private_ntru_drbg_t private_ntru_drbg_t;
+
+/**
+ * Private data of an ntru_drbg_t object.
+ */
+struct private_ntru_drbg_t {
+ /**
+ * Public ntru_drbg_t interface.
+ */
+ ntru_drbg_t public;
+
+ /**
+ * Security strength in bits of the DRBG
+ */
+ u_int32_t strength;
+
+ /**
+ * Number of requests for pseudorandom bits
+ */
+ u_int32_t reseed_counter;
+
+ /**
+ * Maximum number of requests for pseudorandom bits
+ */
+ u_int32_t max_requests;
+
+ /**
+ * True entropy source
+ */
+ rng_t *entropy;
+
+ /**
+ * HMAC-SHA256
+ */
+ signer_t *hmac;
+
+ /**
+ * Internal state of HMAC-SHA256: key
+ */
+ chunk_t key;
+
+ /**
+ * Internal state of HMAC-SHA256: value
+ */
+ chunk_t value;
+
+};
+
+/**
+ * Update the internal state of the HMAC_DRBG
+ */
+static bool update(private_ntru_drbg_t *this, chunk_t data)
+{
+ chunk_t ch_00 = chunk_from_chars(0x00);
+ chunk_t ch_01 = chunk_from_chars(0x01);
+
+ if (!this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value, NULL) ||
+ !this->hmac->get_signature(this->hmac, ch_00, NULL) ||
+ !this->hmac->get_signature(this->hmac, data, this->key.ptr) ||
+ !this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+
+ if (data.len > 0)
+ {
+ if (!this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value, NULL) ||
+ !this->hmac->get_signature(this->hmac, ch_01, NULL) ||
+ !this->hmac->get_signature(this->hmac, data, this->key.ptr) ||
+ !this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+ }
+ DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value);
+ DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key);
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, get_strength, u_int32_t,
+ private_ntru_drbg_t *this)
+{
+ return this->strength;
+}
+
+METHOD(ntru_drbg_t, reseed, bool,
+ private_ntru_drbg_t *this)
+{
+ chunk_t seed;
+
+ seed = chunk_alloc(this->strength / BITS_PER_BYTE);
+ DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
+
+ if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+ {
+ chunk_free(&seed);
+ return FALSE;
+ }
+ if (!update(this, seed))
+ {
+ chunk_free(&seed);
+ return FALSE;
+ }
+ chunk_clear(&seed);
+ this->reseed_counter = 1;
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, generate, bool,
+ private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out)
+{
+ size_t delta;
+ chunk_t output;
+
+ DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
+ if (!out || len == 0)
+ {
+ return FALSE;
+ }
+ output = chunk_create(out, len);
+
+ if (this->reseed_counter > this->max_requests)
+ {
+ if (!reseed(this))
+ {
+ return FALSE;
+ }
+ }
+ while (len)
+ {
+ if (!this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+ delta = min(len, this->value.len);
+ memcpy(out, this->value.ptr, delta);
+ len -= delta;
+ out += delta;
+ }
+ DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output);
+
+ if (!update(this, chunk_empty))
+ {
+ return FALSE;
+ }
+ this->reseed_counter++;
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, destroy, void,
+ private_ntru_drbg_t *this)
+{
+ this->hmac->destroy(this->hmac);
+ chunk_clear(&this->key);
+ chunk_clear(&this->value);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ rng_t *entropy)
+{
+ private_ntru_drbg_t *this;
+ chunk_t seed;
+ signer_t *hmac;
+ size_t entropy_len;
+ u_int32_t max_requests;
+
+ if (strength > MAX_STRENGTH_BITS)
+ {
+ return NULL;
+ }
+ if (strength <= 112)
+ {
+ strength = 112;
+ }
+ else if (strength <= 128)
+ {
+ strength = 128;
+ }
+ else if (strength <= 192)
+ {
+ strength = 192;
+ }
+ else
+ {
+ strength = 256;
+ }
+
+ hmac = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA2_256_256);
+ if (!hmac)
+ {
+ DBG1(DBG_LIB, "could not instantiate HMAC-SHA256");
+ return NULL;
+ }
+
+ max_requests = lib->settings->get_int(lib->settings,
+ "%s.plugins.ntru.max_drbg_requests",
+ MAX_DRBG_REQUESTS, lib->ns);
+
+ INIT(this,
+ .public = {
+ .get_strength = _get_strength,
+ .reseed = _reseed,
+ .generate = _generate,
+ .destroy = _destroy,
+ },
+ .strength = strength,
+ .entropy = entropy,
+ .hmac = hmac,
+ .key = chunk_alloc(hmac->get_key_size(hmac)),
+ .value = chunk_alloc(hmac->get_block_size(hmac)),
+ .max_requests = max_requests,
+ .reseed_counter = 1,
+ );
+
+ memset(this->key.ptr, 0x00, this->key.len);
+ memset(this->value.ptr, 0x01, this->value.len);
+
+ entropy_len = (strength + strength/2) / BITS_PER_BYTE;
+ seed = chunk_alloc(entropy_len + pers_str.len);
+ DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
+
+ if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+ {
+ chunk_free(&seed);
+ destroy(this);
+ return NULL;
+ }
+ memcpy(seed.ptr + entropy_len, pers_str.ptr, pers_str.len);
+ DBG4(DBG_LIB, "seed: %B", &seed);
+
+ if (!update(this, seed))
+ {
+ chunk_free(&seed);
+ destroy(this);
+ return NULL;
+ }
+ chunk_clear(&seed);
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h
new file mode 100644
index 0000000..38ac718
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_drbg ntru_drbg
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_DRBG_H_
+#define NTRU_DRBG_H_
+
+typedef struct ntru_drbg_t ntru_drbg_t;
+
+#include <library.h>
+
+/**
+ * Implements a HMAC Deterministic Random Bit Generator (HMAC_DRBG)
+ * compliant with NIST SP 800-90A
+ */
+struct ntru_drbg_t {
+
+ /**
+ * Reseed the instantiated DRBG
+ *
+ * @return configured security strength in bits
+ */
+ u_int32_t (*get_strength)(ntru_drbg_t *this);
+
+ /**
+ * Reseed the instantiated DRBG
+ *
+ * @return TRUE if successful
+ */
+ bool (*reseed)(ntru_drbg_t *this);
+
+ /**
+ * Generate pseudorandom bytes.
+ * If the maximum number of requests has been reached, reseeding occurs
+ *
+ * @param strength requested security strength in bits
+ * @param len number of octets to generate
+ * @param out address of output buffer
+ * @return TRUE if successful
+ */
+ bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len,
+ u_int8_t *out);
+
+ /**
+ * Uninstantiate and destroy the DRBG object
+ */
+ void (*destroy)(ntru_drbg_t *this);
+};
+
+/**
+ * Create and instantiate a new DRBG objet.
+ *
+ * @param strength security strength in bits
+ * @param pers_str personalization string
+ * @param entropy entropy source to use
+ */
+ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ rng_t *entropy);
+
+#endif /** NTRU_DRBG_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
new file mode 100644
index 0000000..39fb261
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_ke.h"
+#include "ntru_drbg.h"
+
+#include "ntru_crypto/ntru_crypto.h"
+
+#include <crypto/diffie_hellman.h>
+#include <utils/debug.h>
+
+typedef struct private_ntru_ke_t private_ntru_ke_t;
+typedef struct param_set_t param_set_t;
+
+/**
+ * Defines an NTRU parameter set by ID or OID
+ */
+struct param_set_t {
+ NTRU_ENCRYPT_PARAM_SET_ID id;
+ char oid[3];
+ char *name;
+};
+
+/* Best bandwidth and speed, no X9.98 compatibility */
+static param_set_t param_sets_optimum[] = {
+ { NTRU_EES401EP2, {0x00, 0x02, 0x10}, "ees401ep2" },
+ { NTRU_EES439EP1, {0x00, 0x03, 0x10}, "ees439ep1" },
+ { NTRU_EES593EP1, {0x00, 0x05, 0x10}, "ees593ep1" },
+ { NTRU_EES743EP1, {0x00, 0x06, 0x10}, "ees743ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best speed */
+static param_set_t param_sets_x9_98_speed[] = {
+ { NTRU_EES659EP1, {0x00, 0x02, 0x06}, "ees659ep1" },
+ { NTRU_EES761EP1, {0x00, 0x03, 0x05}, "ees761ep1" },
+ { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" },
+ { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
+static param_set_t param_sets_x9_98_bandwidth[] = {
+ { NTRU_EES401EP1, {0x00, 0x02, 0x04}, "ees401ep1" },
+ { NTRU_EES449EP1, {0x00, 0x03, 0x03}, "ees449ep1" },
+ { NTRU_EES677EP1, {0x00, 0x05, 0x03}, "ees677ep1" },
+ { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
+static param_set_t param_sets_x9_98_balance[] = {
+ { NTRU_EES541EP1, {0x00, 0x02, 0x05}, "ees541ep1" },
+ { NTRU_EES613EP1, {0x00, 0x03, 0x04}, "ees613ep1" },
+ { NTRU_EES887EP1, {0x00, 0x05, 0x04}, "ees887ep1" },
+ { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" }
+};
+
+/**
+ * Private data of an ntru_ke_t object.
+ */
+struct private_ntru_ke_t {
+ /**
+ * Public ntru_ke_t interface.
+ */
+ ntru_ke_t public;
+
+ /**
+ * Diffie Hellman group number.
+ */
+ u_int16_t group;
+
+ /**
+ * NTRU Parameter Set
+ */
+ param_set_t *param_set;
+
+ /**
+ * Cryptographical strength in bits of the NTRU Parameter Set
+ */
+ u_int32_t strength;
+
+ /**
+ * NTRU Public Key
+ */
+ chunk_t pub_key;
+
+ /**
+ * NTRU Private Key
+ */
+ chunk_t priv_key;
+
+ /**
+ * NTRU encrypted shared secret
+ */
+ chunk_t ciphertext;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+
+ /**
+ * True if peer is responder
+ */
+ bool responder;
+
+ /**
+ * True if shared secret is computed
+ */
+ bool computed;
+
+ /**
+ * True Random Generator
+ */
+ rng_t *entropy;
+
+ /**
+ * Deterministic Random Bit Generator
+ */
+ ntru_drbg_t *drbg;
+};
+
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_ntru_ke_t *this, chunk_t *value)
+{
+ uint16_t pub_key_len, priv_key_len;
+
+ *value = chunk_empty;
+
+ if (this->responder)
+ {
+ if (this->ciphertext.len)
+ {
+ *value = chunk_clone(this->ciphertext);
+ }
+ }
+ else
+ {
+ if (this->pub_key.len == 0)
+ {
+ /* determine the NTRU public and private key sizes */
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
+ &pub_key_len, NULL,
+ &priv_key_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining NTRU public and private key "
+ "sizes");
+ return;
+ }
+ this->pub_key = chunk_alloc(pub_key_len);
+ this->priv_key = chunk_alloc(priv_key_len);
+
+ /* generate a random NTRU public/private key pair */
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
+ &pub_key_len, this->pub_key.ptr,
+ &priv_key_len, this->priv_key.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU keypair generation failed");
+ chunk_free(&this->priv_key);
+ chunk_free(&this->pub_key);
+ return;
+ }
+ DBG3(DBG_LIB, "NTRU public key: %B", &this->pub_key);
+ DBG4(DBG_LIB, "NTRU private key: %B", &this->priv_key);
+ }
+ *value = chunk_clone(this->pub_key);
+ }
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_ntru_ke_t *this, chunk_t *secret)
+{
+ if (!this->computed || !this->shared_secret.len)
+ {
+ *secret = chunk_empty;
+ return FAILED;
+ }
+ *secret = chunk_clone(this->shared_secret);
+
+ return SUCCESS;
+}
+
+
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_ntru_ke_t *this, chunk_t value)
+{
+ u_int16_t plaintext_len, ciphertext_len;
+
+ if (this->priv_key.len)
+ {
+ /* initiator decrypting shared secret */
+ if (value.len == 0)
+ {
+ DBG1(DBG_LIB, "empty NTRU ciphertext");
+ return;
+ }
+ this->ciphertext = chunk_clone(value);
+ DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
+
+ /* determine the size of the maximum plaintext */
+ if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr,
+ this->ciphertext.len, this->ciphertext.ptr,
+ &plaintext_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining maximum plaintext size");
+ return;
+ }
+ this->shared_secret = chunk_alloc(plaintext_len);
+
+ /* decrypt the shared secret */
+ if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr,
+ this->ciphertext.len, this->ciphertext.ptr,
+ &plaintext_len, this->shared_secret.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU decryption of shared secret failed");
+ chunk_free(&this->shared_secret);
+ return;
+ }
+ this->shared_secret.len = plaintext_len;
+ this->computed = TRUE;
+ }
+ else
+ {
+ /* responder generating and encrypting the shared secret */
+ this->responder = TRUE;
+
+ /* check the NTRU public key format */
+ if (value.len < 5 || value.ptr[0] != 1 || value.ptr[1] != 3)
+ {
+ DBG1(DBG_LIB, "received NTRU public key with invalid header");
+ return;
+ }
+ if (!memeq(value.ptr + 2, this->param_set->oid, 3))
+ {
+ DBG1(DBG_LIB, "received NTRU public key with wrong OID");
+ return;
+ }
+ this->pub_key = chunk_clone(value);
+
+ /* shared secret size is chosen as twice the cryptographical strength */
+ this->shared_secret = chunk_alloc(2 * this->strength / BITS_PER_BYTE);
+
+ /* generate the random shared secret */
+ if (!this->drbg->generate(this->drbg, this->strength,
+ this->shared_secret.len, this->shared_secret.ptr))
+ {
+ DBG1(DBG_LIB, "generation of shared secret failed");
+ chunk_free(&this->shared_secret);
+ return;
+ }
+ this->computed = TRUE;
+
+ /* determine the size of the ciphertext */
+ if (ntru_crypto_ntru_encrypt(this->drbg,
+ this->pub_key.len, this->pub_key.ptr,
+ this->shared_secret.len, this->shared_secret.ptr,
+ &ciphertext_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining ciphertext size");
+ return;
+ }
+ this->ciphertext = chunk_alloc(ciphertext_len);
+
+ /* encrypt the shared secret */
+ if (ntru_crypto_ntru_encrypt(this->drbg,
+ this->pub_key.len, this->pub_key.ptr,
+ this->shared_secret.len, this->shared_secret.ptr,
+ &ciphertext_len, this->ciphertext.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU encryption of shared secret failed");
+ chunk_free(&this->ciphertext);
+ return;
+ }
+ DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
+ }
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_ntru_ke_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_ntru_ke_t *this)
+{
+ this->drbg->destroy(this->drbg);
+ this->entropy->destroy(this->entropy);
+ chunk_free(&this->pub_key);
+ chunk_free(&this->ciphertext);
+ chunk_clear(&this->priv_key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+ private_ntru_ke_t *this;
+ param_set_t *param_sets, *param_set;
+ rng_t *entropy;
+ ntru_drbg_t *drbg;
+ char *parameter_set;
+ u_int32_t strength;
+
+ parameter_set = lib->settings->get_str(lib->settings,
+ "%s.plugins.ntru.parameter_set", "optimum", lib->ns);
+
+ if (streq(parameter_set, "x9_98_speed"))
+ {
+ param_sets = param_sets_x9_98_speed;
+ }
+ else if (streq(parameter_set, "x9_98_bandwidth"))
+ {
+ param_sets = param_sets_x9_98_bandwidth;
+ }
+ else if (streq(parameter_set, "x9_98_balance"))
+ {
+ param_sets = param_sets_x9_98_balance;
+ }
+ else
+ {
+ param_sets = param_sets_optimum;
+ }
+
+ switch (group)
+ {
+ case NTRU_112_BIT:
+ strength = 112;
+ param_set = ¶m_sets[0];
+ break;
+ case NTRU_128_BIT:
+ strength = 128;
+ param_set = ¶m_sets[1];
+ break;
+ case NTRU_192_BIT:
+ strength = 192;
+ param_set = ¶m_sets[2];
+ break;
+ case NTRU_256_BIT:
+ strength = 256;
+ param_set = ¶m_sets[3];
+ break;
+ default:
+ return NULL;
+ }
+ DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength,
+ parameter_set, param_set->name);
+
+ entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
+ if (!entropy)
+ {
+ DBG1(DBG_LIB, "could not attach entropy source for DRBG");
+ return NULL;
+ }
+
+ drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy);
+ if (!drbg)
+ {
+ DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength);
+ entropy->destroy(entropy);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .param_set = param_set,
+ .strength = strength,
+ .entropy = entropy,
+ .drbg = drbg,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.h b/src/libstrongswan/plugins/ntru/ntru_ke.h
new file mode 100644
index 0000000..b8bbf5e
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_ke ntru_ke
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_KE_H_
+#define NTRU_KE_H_
+
+typedef struct ntru_ke_t ntru_ke_t;
+
+#include <library.h>
+
+/**
+ * Implementation of a key exchange algorithm using NTRU encryption
+ */
+struct ntru_ke_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new ntru_ke_t object.
+ *
+ * @param group NTRU group number to use
+ * @param g not used
+ * @param p not used
+ * @return ntru_ke_t object, NULL if not supported
+ */
+ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
+#endif /** NTRU_KE_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.c b/src/libstrongswan/plugins/ntru/ntru_mgf1.c
new file mode 100644
index 0000000..2338db2
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_mgf1.h"
+
+#include <crypto/hashers/hasher.h>
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_mgf1_t private_ntru_mgf1_t;
+
+/**
+ * Private data of an ntru_mgf1_t object.
+ */
+struct private_ntru_mgf1_t {
+
+ /**
+ * Public ntru_mgf1_t interface.
+ */
+ ntru_mgf1_t public;
+
+ /**
+ * Hasher the MGF1 Mask Generation Function is based on
+ */
+ hasher_t *hasher;
+
+ /**
+ * Counter
+ */
+ u_int32_t counter;
+
+ /**
+ * Set if counter has reached 2^32
+ */
+ bool overflow;
+
+ /**
+ * Current state to be hashed
+ */
+ chunk_t state;
+
+ /**
+ * Position of the 4 octet counter string
+ */
+ u_char *ctr_str;
+
+};
+
+METHOD(ntru_mgf1_t, get_hash_size, size_t,
+ private_ntru_mgf1_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(ntru_mgf1_t, get_mask, bool,
+ private_ntru_mgf1_t *this, size_t mask_len, u_char *mask)
+{
+ u_char buf[HASH_SIZE_SHA512];
+ size_t hash_len;
+
+ hash_len = this->hasher->get_hash_size(this->hasher);
+
+ while (mask_len > 0)
+ {
+ /* detect overflow, set counter string and increment counter */
+ if (this->overflow)
+ {
+ return FALSE;
+ }
+ htoun32(this->ctr_str, this->counter++);
+ if (this->counter == 0)
+ {
+ this->overflow = TRUE;
+ }
+
+ /* get the next or final mask block from the hash function */
+ if (!this->hasher->get_hash(this->hasher, this->state,
+ (mask_len < hash_len) ? buf : mask))
+ {
+ return FALSE;
+ }
+ if (mask_len < hash_len)
+ {
+ memcpy(mask, buf, mask_len);
+ return TRUE;
+ }
+ mask_len -= hash_len;
+ mask += hash_len;
+ }
+ return TRUE;
+}
+
+METHOD(ntru_mgf1_t, allocate_mask, bool,
+ private_ntru_mgf1_t *this, size_t mask_len, chunk_t *mask)
+{
+ if (mask_len == 0)
+ {
+ *mask = chunk_empty;
+ return TRUE;
+ }
+ *mask = chunk_alloc(mask_len);
+
+ return get_mask(this, mask_len, mask->ptr);
+}
+
+METHOD(ntru_mgf1_t, destroy, void,
+ private_ntru_mgf1_t *this)
+{
+ this->hasher->destroy(this->hasher);
+ chunk_clear(&this->state);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
+ bool hash_seed)
+{
+ private_ntru_mgf1_t *this;
+ hasher_t *hasher;
+ size_t state_len;
+
+ if (seed.len == 0)
+ {
+ DBG1(DBG_LIB, "empty seed for MGF1");
+ return NULL;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, alg);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
+ hash_algorithm_names, alg);
+ return NULL;
+ }
+ state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
+
+ INIT(this,
+ .public = {
+ .get_hash_size = _get_hash_size,
+ .allocate_mask = _allocate_mask,
+ .get_mask = _get_mask,
+ .destroy = _destroy,
+ },
+ .hasher = hasher,
+ .state = chunk_alloc(state_len),
+ );
+
+ /* determine position of the 4 octet counter string */
+ this->ctr_str = this->state.ptr + state_len - 4;
+
+ if (hash_seed)
+ {
+ if (!hasher->get_hash(hasher, seed, this->state.ptr))
+ {
+ DBG1(DBG_LIB, "failed to hash seed for MGF1");
+ destroy(this);
+ return NULL;
+ }
+ }
+ else
+ {
+ memcpy(this->state.ptr, seed.ptr, seed.len);
+ }
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.h b/src/libstrongswan/plugins/ntru/ntru_mgf1.h
new file mode 100644
index 0000000..53e9041
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_mgf1 ntru_mgf1
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_MGF1_H_
+#define NTRU_MGF1_H_
+
+typedef struct ntru_mgf1_t ntru_mgf1_t;
+
+#include <library.h>
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct ntru_mgf1_t {
+
+ /**
+ * Get the hash size of the underlying hash function
+ *
+ * @return hash size in bytes
+ */
+ size_t (*get_hash_size)(ntru_mgf1_t *this);
+
+ /**
+ * Generate a mask pattern and copy it to an output buffer
+ * If the maximum number of requests has been reached, reseeding occurs
+ *
+ * @param mask_len number of mask bytes to generate
+ * @param mask output buffer of minimum size mask_len
+ * @return TRUE if successful
+ */
+ bool (*get_mask)(ntru_mgf1_t *this, size_t mask_len, u_char *mask);
+
+ /**
+ * Generate a mask pattern and return it in an allocated chunk
+ *
+ * @param mask_len number of mask bytes to generate
+ * @param mask chunk containing generated mask
+ * @return TRUE if successful
+ */
+ bool (*allocate_mask)(ntru_mgf1_t *this, size_t mask_len, chunk_t *mask);
+
+ /**
+ * Destroy the MGF1 object
+ */
+ void (*destroy)(ntru_mgf1_t *this);
+};
+
+/**
+ * Create an MGF1 object
+ *
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate mask from
+ * @param hash_seed hash seed before using it as a seed from MGF1
+ */
+ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
+ bool hash_seed);
+
+#endif /** NTRU_MGF1_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c
new file mode 100644
index 0000000..66be7c7
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_plugin.h"
+#include "ntru_ke.h"
+
+#include <library.h>
+
+typedef struct private_ntru_plugin_t private_ntru_plugin_t;
+
+/**
+ * private data of ntru_plugin
+ */
+struct private_ntru_plugin_t {
+
+ /**
+ * public functions
+ */
+ ntru_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_ntru_plugin_t *this)
+{
+ return "ntru";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_ntru_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(DH, ntru_ke_create),
+ PLUGIN_PROVIDE(DH, NTRU_112_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_128_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_192_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_256_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA1)
+ };
+ *features = f;
+
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_ntru_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ntru_plugin_create()
+{
+ private_ntru_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.h b/src/libstrongswan/plugins/ntru/ntru_plugin.h
new file mode 100644
index 0000000..187b834
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_p ntru
+ * @ingroup plugins
+ *
+ * @defgroup ntru_plugin ntru_plugin
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_PLUGIN_H_
+#define NTRU_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ntru_plugin_t ntru_plugin_t;
+
+/**
+ * Plugin implementing NTRU-base key exchange
+ */
+struct ntru_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** NTRU_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
new file mode 100644
index 0000000..3f754f2
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.c
@@ -0,0 +1,416 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_poly.h"
+#include "ntru_mgf1.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_poly_t private_ntru_poly_t;
+typedef struct indices_len_t indices_len_t;
+
+/**
+ * Stores number of +1 and -1 coefficients
+ */
+struct indices_len_t {
+ int p;
+ int m;
+};
+
+/**
+ * Private data of an ntru_poly_t object.
+ */
+struct private_ntru_poly_t {
+
+ /**
+ * Public ntru_poly_t interface.
+ */
+ ntru_poly_t public;
+
+ /**
+ * Ring dimension equal to the number of polynomial coefficients
+ */
+ uint16_t N;
+
+ /**
+ * Large modulus
+ */
+ uint16_t q;
+
+ /**
+ * Array containing the indices of the non-zero coefficients
+ */
+ uint16_t *indices;
+
+ /**
+ * Number of indices of the non-zero coefficients
+ */
+ size_t num_indices;
+
+ /**
+ * Number of sparse polynomials
+ */
+ int num_polynomials;
+
+ /**
+ * Number of nonzero coefficients for up to 3 sparse polynomials
+ */
+ indices_len_t indices_len[3];
+
+};
+
+METHOD(ntru_poly_t, get_size, size_t,
+ private_ntru_poly_t *this)
+{
+ return this->num_indices;
+}
+
+METHOD(ntru_poly_t, get_indices, uint16_t*,
+ private_ntru_poly_t *this)
+{
+ return this->indices;
+}
+
+/**
+ * Multiplication of polynomial a with a sparse polynomial b given by
+ * the indices of its +1 and -1 coefficients results in polynomial c.
+ * This is a convolution operation
+ */
+static void ring_mult_i(uint16_t *a, indices_len_t len, uint16_t *indices,
+ uint16_t N, uint16_t mod_q_mask, uint16_t *t,
+ uint16_t *c)
+{
+ int i, j, k;
+
+ /* initialize temporary array t */
+ for (k = 0; k < N; k++)
+ {
+ t[k] = 0;
+ }
+
+ /* t[(i+k)%N] = sum i=0 through N-1 of a[i], for b[k] = -1 */
+ for (j = len.p; j < len.p + len.m; j++)
+ {
+ k = indices[j];
+ for (i = 0; k < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ for (k = 0; i < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ }
+
+ /* t[(i+k)%N] = -(sum i=0 through N-1 of a[i] for b[k] = -1) */
+ for (k = 0; k < N; k++)
+ {
+ t[k] = -t[k];
+ }
+
+ /* t[(i+k)%N] += sum i=0 through N-1 of a[i] for b[k] = +1 */
+ for (j = 0; j < len.p; j++)
+ {
+ k = indices[j];
+ for (i = 0; k < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ for (k = 0; i < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ }
+
+ /* c = (a * b) mod q */
+ for (k = 0; k < N; k++)
+ {
+ c[k] = t[k] & mod_q_mask;
+ }
+}
+
+METHOD(ntru_poly_t, get_array, void,
+ private_ntru_poly_t *this, uint16_t *array)
+{
+ uint16_t *t, *bi;
+ uint16_t mod_q_mask = this->q - 1;
+ indices_len_t len;
+ int i;
+
+ /* form polynomial F or F1 */
+ memset(array, 0x00, this->N * sizeof(uint16_t));
+ bi = this->indices;
+ len = this->indices_len[0];
+ for (i = 0; i < len.p + len.m; i++)
+ {
+ array[bi[i]] = (i < len.p) ? 1 : mod_q_mask;
+ }
+
+ if (this->num_polynomials == 3)
+ {
+ /* allocate temporary array t */
+ t = malloc(this->N * sizeof(uint16_t));
+
+ /* form F1 * F2 */
+ bi += len.p + len.m;
+ len = this->indices_len[1];
+ ring_mult_i(array, len, bi, this->N, mod_q_mask, t, array);
+
+ /* form (F1 * F2) + F3 */
+ bi += len.p + len.m;
+ len = this->indices_len[2];
+ for (i = 0; i < len.p + len.m; i++)
+ {
+ if (i < len.p)
+ {
+ array[bi[i]] += 1;
+ }
+ else
+ {
+ array[bi[i]] -= 1;
+ }
+ array[bi[i]] &= mod_q_mask;
+ }
+ free(t);
+ }
+}
+
+METHOD(ntru_poly_t, ring_mult, void,
+ private_ntru_poly_t *this, uint16_t *a, uint16_t *c)
+{
+ uint16_t *t1, *t2;
+ uint16_t *bi = this->indices;
+ uint16_t mod_q_mask = this->q - 1;
+ int i;
+
+ /* allocate temporary array t1 */
+ t1 = malloc(this->N * sizeof(uint16_t));
+
+ if (this->num_polynomials == 1)
+ {
+ ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, c);
+ }
+ else
+ {
+ /* allocate temporary array t2 */
+ t2 = malloc(this->N * sizeof(uint16_t));
+
+ /* t1 = a * b1 */
+ ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, t1);
+
+ /* t1 = (a * b1) * b2 */
+ bi += this->indices_len[0].p + this->indices_len[0].m;
+ ring_mult_i(t1, this->indices_len[1], bi, this->N, mod_q_mask, t2, t1);
+
+ /* t2 = a * b3 */
+ bi += this->indices_len[1].p + this->indices_len[1].m;
+ ring_mult_i(a, this->indices_len[2], bi, this->N, mod_q_mask, t2, t2);
+
+ /* c = (a * b1 * b2) + (a * b3) */
+ for (i = 0; i < this->N; i++)
+ {
+ c[i] = (t1[i] + t2[i]) & mod_q_mask;
+ }
+ free(t2);
+ }
+ free(t1);
+}
+
+METHOD(ntru_poly_t, destroy, void,
+ private_ntru_poly_t *this)
+{
+ memwipe(this->indices, sizeof(uint16_t) * get_size(this));
+ free(this->indices);
+ free(this);
+}
+
+static void init_indices(private_ntru_poly_t *this, bool is_product_form,
+ uint32_t indices_len_p, uint32_t indices_len_m)
+{
+ int n;
+
+ if (is_product_form)
+ {
+ this->num_polynomials = 3;
+ for (n = 0; n < 3; n++)
+ {
+ this->indices_len[n].p = 0xff & indices_len_p;
+ this->indices_len[n].m = 0xff & indices_len_m;
+ this->num_indices += this->indices_len[n].p +
+ this->indices_len[n].m;
+ indices_len_p >>= 8;
+ indices_len_m >>= 8;
+ }
+ }
+ else
+ {
+ this->num_polynomials = 1;
+ this->indices_len[0].p = indices_len_p;
+ this->indices_len[0].m = indices_len_m;
+ this->num_indices = indices_len_p + indices_len_m;
+ }
+ this->indices = malloc(sizeof(uint16_t) * this->num_indices);
+}
+
+/*
+ * Described in header.
+ */
+ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ uint8_t c_bits, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form)
+{
+ private_ntru_poly_t *this;
+ size_t hash_len, octet_count = 0, i;
+ uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
+ uint16_t index, limit, left = 0;
+ int n, num_indices, index_i = 0;
+ ntru_mgf1_t *mgf1;
+
+ DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
+ mgf1 = ntru_mgf1_create(alg, seed, TRUE);
+ if (!mgf1)
+ {
+ return NULL;
+ }
+ i = hash_len = mgf1->get_hash_size(mgf1);
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_indices = _get_indices,
+ .get_array = _get_array,
+ .ring_mult = _ring_mult,
+ .destroy = _destroy,
+ },
+ .N = N,
+ .q = q,
+ );
+
+ init_indices(this, is_product_form, indices_len_p, indices_len_m);
+ used = malloc(N);
+ limit = N * ((1 << c_bits) / N);
+
+ /* generate indices for all polynomials */
+ for (n = 0; n < this->num_polynomials; n++)
+ {
+ memset(used, 0, N);
+ num_indices = this->indices_len[n].p + this->indices_len[n].m;
+
+ /* generate indices for a single polynomial */
+ while (num_indices)
+ {
+ /* generate a random candidate index with a size of c_bits */
+ do
+ {
+ /* use any leftover bits first */
+ index = num_left ? left << (c_bits - num_left) : 0;
+
+ /* get the rest of the bits needed from new octets */
+ num_needed = c_bits - num_left;
+
+ while (num_needed)
+ {
+ if (i == hash_len)
+ {
+ /* get another block from MGF1 */
+ if (!mgf1->get_mask(mgf1, hash_len, octets))
+ {
+ mgf1->destroy(mgf1);
+ destroy(this);
+ free(used);
+ return NULL;
+ }
+ octet_count += hash_len;
+ i = 0;
+ }
+ left = octets[i++];
+
+ if (num_needed <= 8)
+ {
+ /* all bits needed to fill the index are in this octet */
+ index |= left >> (8 - num_needed);
+ num_left = 8 - num_needed;
+ num_needed = 0;
+ left &= 0xff >> (8 - num_left);
+ }
+ else
+ {
+ /* more than one octet will be needed */
+ index |= left << (num_needed - 8);
+ num_needed -= 8;
+ }
+ }
+ }
+ while (index >= limit);
+
+ /* form index and check if unique */
+ index %= N;
+ if (!used[index])
+ {
+ used[index] = 1;
+ this->indices[index_i++] = index;
+ num_indices--;
+ }
+ }
+ }
+
+ DBG2(DBG_LIB, "MGF1 generates %u octets to derive %u indices",
+ octet_count, this->num_indices);
+ mgf1->destroy(mgf1);
+ free(used);
+
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form)
+{
+ private_ntru_poly_t *this;
+ int i;
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_indices = _get_indices,
+ .get_array = _get_array,
+ .ring_mult = _ring_mult,
+ .destroy = _destroy,
+ },
+ .N = N,
+ .q = q,
+ );
+
+ init_indices(this, is_product_form, indices_len_p, indices_len_m);
+ for (i = 0; i < this->num_indices; i++)
+ {
+ this->indices[i] = data[i];
+ }
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed);
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data);
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
new file mode 100644
index 0000000..87c7710
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_poly ntru_poly
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_POLY_H_
+#define NTRU_POLY_H_
+
+typedef struct ntru_poly_t ntru_poly_t;
+
+#include <library.h>
+
+/**
+ * Implements a trinary polynomial storing the indices of non-zero coefficients
+ */
+struct ntru_poly_t {
+
+ /**
+ * Get the size of the indices array
+ *
+ * @return number of indices
+ */
+ size_t (*get_size)(ntru_poly_t *this);
+
+ /**
+ * @return array containing the indices of the non-zero coefficients
+ */
+ uint16_t* (*get_indices)(ntru_poly_t *this);
+
+ /**
+ * @param array array containing all N coefficients of the polynomial
+ */
+ void (*get_array)(ntru_poly_t *this, uint16_t *array);
+
+ /**
+ * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+ * to form result polynomial c = a * b
+ *
+ * @param a input polynomial a
+ * @param b output polynomial c
+ */
+ void (*ring_mult)(ntru_poly_t *this, uint16_t *a, uint16_t *c);
+
+ /**
+ * Destroy ntru_poly_t object
+ */
+ void (*destroy)(ntru_poly_t *this);
+};
+
+/**
+ * Create a trits polynomial from a seed using MGF1 with a base hash function
+ *
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate trits from
+ * @param N ring dimension, number of polynomial coefficients
+ * @param q large modulus
+ * @param c_bits number of bits for candidate index
+ * @param indices_len_p number of indices for +1 coefficients
+ * @param indices_len_m number of indices for -1 coefficients
+ * @param is_product_form generate multiple polynomials
+ */
+ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ uint8_t c_bits, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form);
+
+/**
+ * Create a trits polynomial from an array of indices of non-zero coefficients
+ *
+ * @param data array of indices of non-zero coefficients
+ * @param N ring dimension, number of polynomial coefficients
+ * @param q large modulus
+ * @param indices_len_p number of indices for +1 coefficients
+ * @param indices_len_m number of indices for -1 coefficients
+ * @param is_product_form generate multiple polynomials
+ */
+ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form);
+
+#endif /** NTRU_POLY_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
new file mode 100644
index 0000000..f825016
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_trits.h"
+#include "ntru_mgf1.h"
+
+#include "ntru_crypto/ntru_crypto_ntru_convert.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_trits_t private_ntru_trits_t;
+
+/**
+ * Private data of an ntru_trits_t object.
+ */
+struct private_ntru_trits_t {
+
+ /**
+ * Public ntru_trits_t interface.
+ */
+ ntru_trits_t public;
+
+ /**
+ * Size of the trits array
+ */
+ size_t trits_len;
+
+ /**
+ * Array containing a trit per octet
+ */
+ uint8_t *trits;
+
+};
+
+METHOD(ntru_trits_t, get_size, size_t,
+ private_ntru_trits_t *this)
+{
+ return this->trits_len;
+}
+
+METHOD(ntru_trits_t, get_trits, uint8_t*,
+ private_ntru_trits_t *this)
+{
+ return this->trits;
+}
+
+METHOD(ntru_trits_t, destroy, void,
+ private_ntru_trits_t *this)
+{
+ memwipe(this->trits, this->trits_len);
+ free(this->trits);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
+{
+ private_ntru_trits_t *this;
+ uint8_t octets[HASH_SIZE_SHA512], buf[5], *trits;
+ size_t hash_len, octet_count = 0, trits_needed, i;
+ ntru_mgf1_t *mgf1;
+
+ DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
+ mgf1 = ntru_mgf1_create(alg, seed, TRUE);
+ if (!mgf1)
+ {
+ return NULL;
+ }
+ i = hash_len = mgf1->get_hash_size(mgf1);
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_trits = _get_trits,
+ .destroy = _destroy,
+ },
+ .trits_len = len,
+ .trits = malloc(len),
+ );
+
+ trits = this->trits;
+ trits_needed = this->trits_len;
+
+ while (trits_needed > 0)
+ {
+ if (i == hash_len)
+ {
+ /* get another block from MGF1 */
+ if (!mgf1->get_mask(mgf1, hash_len, octets))
+ {
+ mgf1->destroy(mgf1);
+ destroy(this);
+ return NULL;
+ }
+ octet_count += hash_len;
+ i = 0;
+ }
+ if (octets[i] < 243) /* 243 = 3^5 */
+ {
+ ntru_octet_2_trits(octets[i], (trits_needed < 5) ? buf : trits);
+ if (trits_needed < 5)
+ {
+ memcpy(trits, buf, trits_needed);
+ break;
+ }
+ trits += 5;
+ trits_needed -= 5;
+ }
+ i++;
+ }
+ DBG2(DBG_LIB, "MGF1 generates %u octets to extract %u trits",
+ octet_count, len);
+ mgf1->destroy(mgf1);
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h
new file mode 100644
index 0000000..524c51b
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_trits ntru_trits
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_TRITS_H_
+#define NTRU_TRITS_H_
+
+typedef struct ntru_trits_t ntru_trits_t;
+
+#include <library.h>
+
+/**
+ * Implements an array of trinary elements (trits)
+ */
+struct ntru_trits_t {
+
+ /**
+ * Get the size of the trits array
+ *
+ * @return number of trinary elements
+ */
+ size_t (*get_size)(ntru_trits_t *this);
+
+ /**
+ * @return octet array containing a trit per octet
+ */
+ uint8_t* (*get_trits)(ntru_trits_t *this);
+
+ /**
+ * Destroy ntru_trits_t object
+ */
+ void (*destroy)(ntru_trits_t *this);
+};
+
+/**
+ * Create a trits array from a seed using MGF1 with a base hash function
+ *
+ * @param size size of the trits array
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate trits from
+ */
+ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
+
+#endif /** NTRU_TRITS_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 53ff2eb..f073529 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -224,8 +224,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 18aa5ce..cb02c66 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -471,7 +471,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
default:
ok = X509_EXTENSION_get_critical(ext) == 0 ||
!lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE);
+ "%s.x509.enforce_critical", TRUE, lib->ns);
if (!ok)
{
DBG1(DBG_LIB, "found unsupported critical X.509 "
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index c43fe45..b487d59 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
goto error;
}
+ if (!EC_POINT_is_on_curve(group, point, ctx))
+ {
+ goto error;
+ }
+
ret = TRUE;
error:
BN_CTX_end(ctx);
@@ -196,7 +201,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this,
* http://www.rfc-editor.org/errata_search.php?eid=9
*/
x_coordinate_only = lib->settings->get_bool(lib->settings,
- "libstrongswan.ecp_x_coordinate_only", TRUE);
+ "%s.ecp_x_coordinate_only", TRUE, lib->ns);
if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only))
{
goto error;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index ff25086..f4aef82 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -522,7 +522,7 @@ plugin_t *openssl_plugin_create()
int fips_mode;
fips_mode = lib->settings->get_int(lib->settings,
- "libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
+ "%s.plugins.openssl.fips_mode", FIPS_MODE, lib->ns);
#ifdef OPENSSL_FIPS
if (fips_mode)
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 036f53d..10a35c1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -558,7 +558,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
if (!engine_id)
{
engine_id = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.openssl.engine_id", "pkcs11");
+ "%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
}
engine = ENGINE_by_id(engine_id);
if (!engine)
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 24b12d5..7a5b206 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1012,7 +1012,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
default:
ok = X509_EXTENSION_get_critical(ext) == 0 ||
!lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE);
+ "%s.x509.enforce_critical", TRUE, lib->ns);
if (!ok)
{
char buf[80] = "";
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 5c3ce2a..55c0271 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 060799d..22c33b0 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 254b195..62780c3 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -25,7 +25,6 @@
#include <stddef.h>
#include <fcntl.h>
#include <sys/types.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <utils/debug.h>
@@ -418,39 +417,17 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
static void *load_from_file(char *file, credential_type_t type, int subtype,
identification_t *subject, x509_flag_t flags)
{
- void *cred = NULL;
- struct stat sb;
- void *addr;
- int fd;
+ void *cred;
+ chunk_t *chunk;
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ chunk = chunk_map(file, FALSE);
+ if (!chunk)
{
DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return NULL;
}
-
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return NULL;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return NULL;
- }
-
- cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
- subject, flags);
-
- munmap(addr, sb.st_size);
- close(fd);
+ cred = load_from_blob(*chunk, type, subtype, subject, flags);
+ chunk_unmap(chunk);
return cred;
}
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 05319bb..e2491f5 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 2befd09..d3f3fdf 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 186d90a..c8cec37 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index 2e5af95..36cc284 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -135,7 +135,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
};
if (!lib->settings->get_bool(lib->settings,
- "libstrongswan.ecp_x_coordinate_only", TRUE))
+ "%s.ecp_x_coordinate_only", TRUE, lib->ns))
{ /* we only get the x coordinate back */
return;
}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
index 8bda5b6..96c4a18 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -338,7 +338,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
);
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "libstrongswan.plugins.pkcs11.modules");
+ "%s.plugins.pkcs11.modules", lib->ns);
while (enumerator->enumerate(enumerator, &module))
{
INIT(entry,
@@ -346,7 +346,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
);
entry->path = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module);
+ "%s.plugins.pkcs11.modules.%s.path", NULL, lib->ns, module);
if (!entry->path)
{
DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module);
@@ -355,8 +355,8 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
}
entry->lib = pkcs11_library_create(module, entry->path,
lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.os_locking",
- FALSE, module));
+ "%s.plugins.pkcs11.modules.%s.os_locking",
+ FALSE, lib->ns, module));
if (!entry->lib)
{
free(entry);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index 3faa59c..bd2a2c1 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -83,8 +83,8 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
if (add && this->handle_events)
{
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.load_certs",
- TRUE, p11->get_name(p11)))
+ "%s.plugins.pkcs11.modules.%s.load_certs",
+ TRUE, lib->ns, p11->get_name(p11)))
{
creds = pkcs11_creds_create(p11, slot);
if (creds)
@@ -174,8 +174,8 @@ static bool handle_certs(private_pkcs11_plugin_t *this,
METHOD(plugin_t, reload, bool,
private_pkcs11_plugin_t *this)
{
- if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.reload_certs", FALSE))
+ if (lib->settings->get_bool(lib->settings, "%s.plugins.pkcs11.reload_certs",
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens");
handle_certs(this, NULL, FALSE, NULL);
@@ -247,28 +247,28 @@ METHOD(plugin_t, get_features, int,
if (!count)
{ /* initialize only once */
bool use_ecc = lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_ecc", FALSE);
+ "%s.plugins.pkcs11.use_ecc", FALSE, lib->ns);
plugin_features_add(f, f_manager, countof(f_manager), &count);
/* private key handling for EC keys is not disabled by use_ecc */
plugin_features_add(f, f_privkey, countof(f_privkey), &count);
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_pubkey", FALSE))
+ "%s.plugins.pkcs11.use_pubkey", FALSE, lib->ns))
{
plugin_features_add(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1),
&count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
+ "%s.plugins.pkcs11.use_hasher", FALSE, lib->ns))
{
plugin_features_add(f, f_hash, countof(f_hash), &count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_rng", FALSE))
+ "%s.plugins.pkcs11.use_rng", FALSE, lib->ns))
{
plugin_features_add(f, f_rng, countof(f_rng), &count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_dh", FALSE))
+ "%s.plugins.pkcs11.use_dh", FALSE, lib->ns))
{
plugin_features_add(f, f_dh, countof(f_dh), &count);
if (use_ecc)
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 1972f33..67b1f4f 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 3002121..feff6e5 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index e2ccb32..35a5c9a 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 5ed0a9b..08a8442 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -28,6 +28,7 @@
#include <utils/debug.h>
#include <library.h>
#include <collections/hashtable.h>
+#include <collections/array.h>
#include <collections/linked_list.h>
#include <plugins/plugin.h>
#include <utils/integrity_checker.h>
@@ -936,18 +937,146 @@ static bool find_plugin(char *path, char *name, char *buf, char **file)
return FALSE;
}
+/**
+ * Used to sort plugins by priority
+ */
+typedef struct {
+ /* name of the plugin */
+ char *name;
+ /* the plugins priority */
+ int prio;
+ /* default priority */
+ int def;
+} plugin_priority_t;
+
+static void plugin_priority_free(const plugin_priority_t *this, int idx,
+ void *user)
+{
+ free(this->name);
+}
+
+/**
+ * Sort plugins and their priority by name
+ */
+static int plugin_priority_cmp_name(const plugin_priority_t *a,
+ const plugin_priority_t *b)
+{
+ return strcmp(a->name, b->name);
+}
+
+/**
+ * Sort plugins by decreasing priority or default priority then by name
+ */
+static int plugin_priority_cmp(const plugin_priority_t *a,
+ const plugin_priority_t *b, void *user)
+{
+ int diff;
+
+ diff = b->prio - a->prio;
+ if (!diff)
+ { /* the same priority, use default order */
+ diff = b->def - a->def;
+ if (!diff)
+ { /* same default priority (i.e. both were not found in that list) */
+ return strcmp(a->name, b->name);
+ }
+ }
+ return diff;
+}
+
+
+/**
+ * Determine the list of plugins to load via load option in each plugin's
+ * config section.
+ */
+static char *modular_pluginlist(char *list)
+{
+ enumerator_t *enumerator;
+ array_t *given, *final;
+ plugin_priority_t item, *current, found;
+ char *plugin, *plugins = NULL;
+ int i = 0, max_prio;
+
+ if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE,
+ lib->ns))
+ {
+ return list;
+ }
+
+ given = array_create(sizeof(plugin_priority_t), 0);
+ final = array_create(sizeof(plugin_priority_t), 0);
+
+ enumerator = enumerator_create_token(list, " ", " ");
+ while (enumerator->enumerate(enumerator, &plugin))
+ {
+ item.name = strdup(plugin);
+ item.prio = i++;
+ array_insert(given, ARRAY_TAIL, &item);
+ }
+ enumerator->destroy(enumerator);
+ array_sort(given, (void*)plugin_priority_cmp_name, NULL);
+ /* the maximum priority used for plugins not found in this list */
+ max_prio = i + 1;
+
+ enumerator = lib->settings->create_section_enumerator(lib->settings,
+ "%s.plugins", lib->ns);
+ while (enumerator->enumerate(enumerator, &plugin))
+ {
+ item.prio = lib->settings->get_int(lib->settings,
+ "%s.plugins.%s.load", 0, lib->ns, plugin);
+ if (!item.prio)
+ {
+ if (!lib->settings->get_bool(lib->settings,
+ "%s.plugins.%s.load", FALSE, lib->ns, plugin))
+ {
+ continue;
+ }
+ item.prio = 1;
+ }
+ item.name = plugin;
+ item.def = max_prio;
+ if (array_bsearch(given, &item, (void*)plugin_priority_cmp_name,
+ &found) != -1)
+ {
+ item.def = max_prio - found.prio;
+ }
+ array_insert(final, ARRAY_TAIL, &item);
+ }
+ enumerator->destroy(enumerator);
+ array_destroy_function(given, (void*)plugin_priority_free, NULL);
+
+ array_sort(final, (void*)plugin_priority_cmp, NULL);
+
+ enumerator = array_create_enumerator(final);
+ while (enumerator->enumerate(enumerator, ¤t))
+ {
+ char *prev = plugins;
+ if (asprintf(&plugins, "%s %s", plugins ?: "", current->name) < 0)
+ {
+ plugins = prev;
+ break;
+ }
+ free(prev);
+ }
+ enumerator->destroy(enumerator);
+ array_destroy(final);
+ return plugins;
+}
+
METHOD(plugin_loader_t, load_plugins, bool,
private_plugin_loader_t *this, char *list)
{
enumerator_t *enumerator;
- char *default_path = NULL, *token;
+ char *default_path = NULL, *plugins, *token;
bool critical_failed = FALSE;
#ifdef PLUGINDIR
default_path = PLUGINDIR;
#endif /* PLUGINDIR */
- enumerator = enumerator_create_token(list, " ", " ");
+ plugins = modular_pluginlist(list);
+
+ enumerator = enumerator_create_token(plugins, " ", " ");
while (!critical_failed && enumerator->enumerate(enumerator, &token))
{
plugin_entry_t *entry;
@@ -1006,6 +1135,10 @@ METHOD(plugin_loader_t, load_plugins, bool,
free(this->loaded_plugins);
this->loaded_plugins = loaded_plugins_list(this);
}
+ if (plugins != list)
+ {
+ free(plugins);
+ }
return !critical_failed;
}
@@ -1170,3 +1303,22 @@ plugin_loader_t *plugin_loader_create()
return &this->public;
}
+
+/*
+ * See header
+ */
+void plugin_loader_add_plugindirs(char *basedir, char *plugins)
+{
+ enumerator_t *enumerator;
+ char *name, path[PATH_MAX], dir[64];
+
+ enumerator = enumerator_create_token(plugins, " ", "");
+ while (enumerator->enumerate(enumerator, &name))
+ {
+ snprintf(dir, sizeof(dir), "%s", name);
+ translate(dir, "-", "_");
+ snprintf(path, sizeof(path), "%s/%s/.libs", basedir, dir);
+ lib->plugins->add_path(lib->plugins, path);
+ }
+ enumerator->destroy(enumerator);
+}
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index 285b339..fec57ce 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2013 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -67,6 +67,13 @@ struct plugin_loader_t {
* for the plugins first, in the order they were added, then the default
* path follows.
*
+ * If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to
+ * load are determined via a load option in their respective plugin config
+ * section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>.
+ * The oder is determined by the configured priority. If two plugins have
+ * the same priority the order as seen in list is preserved. Plugins not
+ * found in list are loaded first, in alphabetical order.
+ *
* @note Even though this method could be called multiple times this is
* currently not really supported in regards to plugin features and their
* dependencies (in particular soft dependencies).
@@ -146,4 +153,13 @@ struct plugin_loader_t {
*/
plugin_loader_t *plugin_loader_create();
+/**
+ * Convenience function to add plugin directories for the given plugins within
+ * the given base directory according to the conventions in the src/build tree.
+ *
+ * @param basedir base directory
+ * @param plugins space separated list of plugins
+ */
+void plugin_loader_add_plugindirs(char *basedir, char *plugins);
+
#endif /** PLUGIN_LOADER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index c5b3bad..803eeab 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 492bc31..0efe24c 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 24c711a..1f10792 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -51,6 +51,9 @@ static int dev_random = -1;
/** /dev/urandom file descriptor */
static int dev_urandom = -1;
+/** Is strong randomness equivalent to true randomness? */
+static bool strong_equals_true = FALSE;
+
/**
* See header.
*/
@@ -68,6 +71,14 @@ int random_plugin_get_dev_urandom()
}
/**
+ * See header.
+ */
+bool random_plugin_get_strong_equals_true()
+{
+ return strong_equals_true;
+}
+
+/**
* Open a random device file
*/
static bool open_dev(char *file, int *fd)
@@ -131,10 +142,12 @@ plugin_t *random_plugin_create()
},
);
+ strong_equals_true = lib->settings->get_bool(lib->settings,
+ "%s.plugins.random.strong_equals_true", FALSE, lib->ns);
urandom_file = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.random.urandom", DEV_URANDOM);
+ "%s.plugins.random.urandom", DEV_URANDOM, lib->ns);
random_file = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.random.random", DEV_RANDOM);
+ "%s.plugins.random.random", DEV_RANDOM, lib->ns);
if (!open_dev(urandom_file, &dev_urandom) ||
!open_dev(random_file, &dev_random))
{
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index c34fa81..ff79bef 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -49,4 +49,9 @@ int random_plugin_get_dev_random();
*/
int random_plugin_get_dev_urandom();
+/**
+ * Must strong randomness be equivalent to true randomness?
+ */
+bool random_plugin_get_strong_equals_true();
+
#endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 5688448..36d5446 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality)
this->fd = random_plugin_get_dev_random();
break;
case RNG_STRONG:
+ this->fd = random_plugin_get_strong_equals_true() ?
+ random_plugin_get_dev_random() :
+ random_plugin_get_dev_urandom();
+ break;
case RNG_WEAK:
default:
this->fd = random_plugin_get_dev_urandom();
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index e2cdbac..afcbc07 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 0a3063f..88b283e 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
index 4bdfc25..b416c87 100644
--- a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
+++ b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
@@ -77,11 +77,11 @@ static bool have_rdrand()
cpuid(1, &a, &b, &c, &d);
if (c & CPUID_RDRAND)
{
- DBG1(DBG_LIB, "detected RDRAND support on %s CPU", vendor);
+ DBG2(DBG_LIB, "detected RDRAND support on %s CPU", vendor);
return TRUE;
}
}
- DBG1(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor);
+ DBG2(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor);
return FALSE;
}
@@ -102,7 +102,11 @@ METHOD(plugin_t, get_features, int,
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
};
*features = f;
- return countof(f);
+ if (have_rdrand())
+ {
+ return countof(f);
+ }
+ return 0;
}
METHOD(plugin_t, destroy, void,
@@ -122,16 +126,12 @@ plugin_t *rdrand_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
+ .get_features = _get_features,
.reload = (void*)return_false,
.destroy = _destroy,
},
},
);
- if (have_rdrand())
- {
- this->public.plugin.get_features = _get_features;
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index fe9aa16..745ee83 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 2095dbd..e57eb78 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 2eb572f..c044178 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 5483bf9..cc16ef5 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 13c0bf8..c428b88 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index a62d22a..3c9926a 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 569b0b7..6526631 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -13,6 +13,7 @@
* for more details.
*/
+#define _GNU_SOURCE /* for fmemopen() */
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index d4cbde1..a1439f6 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -232,8 +232,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -301,6 +299,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -389,12 +392,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -409,6 +416,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index d798031..961311e 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c
index 42cdbc6..745e59d 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.c
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c
@@ -97,14 +97,14 @@ resolver_t *unbound_resolver_create(void)
char *resolv_conf, *trust_anchors, *dlv_anchors;
resolv_conf = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.resolv_conf",
- RESOLV_CONF_FILE);
+ "%s.plugins.unbound.resolv_conf",
+ RESOLV_CONF_FILE, lib->ns);
trust_anchors = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.trust_anchors",
- TRUST_ANCHOR_FILE);
+ "%s.plugins.unbound.trust_anchors",
+ TRUST_ANCHOR_FILE, lib->ns);
dlv_anchors = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.dlv_anchors",
- NULL);
+ "%s.plugins.unbound.dlv_anchors",
+ NULL, lib->ns);
INIT(this,
.public = {
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 09d3002..74552e0 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 85c4815..ed850e8 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -20,14 +20,14 @@
#define _GNU_SOURCE
-#include "x509_cert.h"
-
#include <sys/stat.h>
#include <time.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
+#include "x509_cert.h"
+
#include <library.h>
#include <utils/debug.h>
#include <asn1/oid.h>
@@ -1446,7 +1446,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
default:
if (critical && lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE))
+ "%s.x509.enforce_critical", TRUE, lib->ns))
{
DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index efb70c9..d6057c3 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -325,7 +325,7 @@ static bool parse(private_x509_crl_t *this)
break;
default:
if (critical && lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE))
+ "%s.x509.enforce_critical", TRUE, lib->ns))
{
DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 59ee483..c8f886c 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c
index adbd956..012b169 100644
--- a/src/libstrongswan/processing/processor.c
+++ b/src/libstrongswan/processing/processor.c
@@ -545,7 +545,7 @@ processor_t *processor_create()
{
this->jobs[i] = linked_list_create();
this->prio_threads[i] = lib->settings->get_int(lib->settings,
- "libstrongswan.processor.priority_threads.%N", 0,
+ "%s.processor.priority_threads.%N", 0, lib->ns,
job_priority_names, i);
}
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index 9773e76..cc3c3a7 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -340,7 +340,7 @@ static job_requeue_t watch(private_watcher_t *this)
}
else
{
- if (!this->pending)
+ if (!this->pending && errno != EINTR)
{ /* complain only if no pending updates */
DBG1(DBG_JOB, "watcher select() error: %s", strerror(errno));
}
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index c3d41a1..331a548 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -1,23 +1,62 @@
-TESTS = test_runner
+check_LTLIBRARIES = libtest.la
+
+libtest_la_SOURCES = \
+ test_suite.c test_suite.h \
+ test_runner.c test_runner.h \
+ utils/test_rng.c utils/test_rng.h
+
+libtest_la_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ @COVERAGE_CFLAGS@
+
+libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
+libtest_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(PTHREADLIB)
+
+
+TESTS = tests
check_PROGRAMS = $(TESTS)
-test_runner_SOURCES = \
- test_runner.c test_runner.h test_suite.h \
- test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \
- test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \
- test_identification.c test_threading.c test_utils.c test_vectors.c \
- test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c
+tests_SOURCES = tests.h tests.c \
+ suites/test_linked_list.c \
+ suites/test_enumerator.c \
+ suites/test_linked_list_enumerator.c \
+ suites/test_bio_reader.c \
+ suites/test_bio_writer.c \
+ suites/test_chunk.c \
+ suites/test_enum.c \
+ suites/test_hashtable.c \
+ suites/test_identification.c \
+ suites/test_threading.c \
+ suites/test_watcher.c \
+ suites/test_stream.c \
+ suites/test_fetch_http.c \
+ suites/test_utils.c \
+ suites/test_settings.c \
+ suites/test_vectors.c \
+ suites/test_array.c \
+ suites/test_ecdsa.c \
+ suites/test_rsa.c \
+ suites/test_host.c \
+ suites/test_hasher.c \
+ suites/test_crypter.c \
+ suites/test_pen.c \
+ suites/test_asn1.c \
+ suites/test_asn1_parser.c \
+ suites/test_printf.c \
+ suites/test_test_rng.c \
+ suites/test_ntru.c
-test_runner_CFLAGS = \
+tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
- @COVERAGE_CFLAGS@ \
- @CHECK_CFLAGS@
+ @COVERAGE_CFLAGS@
-test_runner_LDFLAGS = @COVERAGE_LDFLAGS@
-test_runner_LDADD = \
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) \
- @CHECK_LIBS@
+ libtest.la
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index adeae1a..656be4e 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -77,11 +77,11 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-TESTS = test_runner$(EXEEXT)
+TESTS = tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libstrongswan/tests
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(top_srcdir)/test-driver
+ $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,36 +99,57 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__EXEEXT_1 = test_runner$(EXEEXT)
-am_test_runner_OBJECTS = test_runner-test_runner.$(OBJEXT) \
- test_runner-test_linked_list.$(OBJEXT) \
- test_runner-test_enumerator.$(OBJEXT) \
- test_runner-test_linked_list_enumerator.$(OBJEXT) \
- test_runner-test_bio_reader.$(OBJEXT) \
- test_runner-test_bio_writer.$(OBJEXT) \
- test_runner-test_chunk.$(OBJEXT) \
- test_runner-test_enum.$(OBJEXT) \
- test_runner-test_hashtable.$(OBJEXT) \
- test_runner-test_identification.$(OBJEXT) \
- test_runner-test_threading.$(OBJEXT) \
- test_runner-test_utils.$(OBJEXT) \
- test_runner-test_vectors.$(OBJEXT) \
- test_runner-test_array.$(OBJEXT) \
- test_runner-test_ecdsa.$(OBJEXT) \
- test_runner-test_rsa.$(OBJEXT) test_runner-test_host.$(OBJEXT) \
- test_runner-test_printf.$(OBJEXT)
-test_runner_OBJECTS = $(am_test_runner_OBJECTS)
am__DEPENDENCIES_1 =
-test_runner_DEPENDENCIES = \
+libtest_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libtest_la_OBJECTS = libtest_la-test_suite.lo \
+ libtest_la-test_runner.lo utils/libtest_la-test_rng.lo
+libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-test_runner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_runner_CFLAGS) \
- $(CFLAGS) $(test_runner_LDFLAGS) $(LDFLAGS) -o $@
+libtest_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
+ $(CFLAGS) $(libtest_la_LDFLAGS) $(LDFLAGS) -o $@
+am__EXEEXT_1 = tests$(EXEEXT)
+am_tests_OBJECTS = tests-tests.$(OBJEXT) \
+ suites/tests-test_linked_list.$(OBJEXT) \
+ suites/tests-test_enumerator.$(OBJEXT) \
+ suites/tests-test_linked_list_enumerator.$(OBJEXT) \
+ suites/tests-test_bio_reader.$(OBJEXT) \
+ suites/tests-test_bio_writer.$(OBJEXT) \
+ suites/tests-test_chunk.$(OBJEXT) \
+ suites/tests-test_enum.$(OBJEXT) \
+ suites/tests-test_hashtable.$(OBJEXT) \
+ suites/tests-test_identification.$(OBJEXT) \
+ suites/tests-test_threading.$(OBJEXT) \
+ suites/tests-test_watcher.$(OBJEXT) \
+ suites/tests-test_stream.$(OBJEXT) \
+ suites/tests-test_fetch_http.$(OBJEXT) \
+ suites/tests-test_utils.$(OBJEXT) \
+ suites/tests-test_settings.$(OBJEXT) \
+ suites/tests-test_vectors.$(OBJEXT) \
+ suites/tests-test_array.$(OBJEXT) \
+ suites/tests-test_ecdsa.$(OBJEXT) \
+ suites/tests-test_rsa.$(OBJEXT) \
+ suites/tests-test_host.$(OBJEXT) \
+ suites/tests-test_hasher.$(OBJEXT) \
+ suites/tests-test_crypter.$(OBJEXT) \
+ suites/tests-test_pen.$(OBJEXT) \
+ suites/tests-test_asn1.$(OBJEXT) \
+ suites/tests-test_asn1_parser.$(OBJEXT) \
+ suites/tests-test_printf.$(OBJEXT) \
+ suites/tests-test_test_rng.$(OBJEXT) \
+ suites/tests-test_ntru.$(OBJEXT)
+tests_OBJECTS = $(am_tests_OBJECTS)
+tests_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la libtest.la
+tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \
+ $(tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_ at AM_V@)
am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
am__v_P_0 = false
@@ -163,8 +184,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(test_runner_SOURCES)
-DIST_SOURCES = $(test_runner_SOURCES)
+SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
+DIST_SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -211,188 +232,6 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT at .log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -408,8 +247,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -477,6 +314,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -565,12 +407,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -585,6 +431,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -595,30 +442,67 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-test_runner_SOURCES = \
- test_runner.c test_runner.h test_suite.h \
- test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \
- test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \
- test_identification.c test_threading.c test_utils.c test_vectors.c \
- test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c
-
-test_runner_CFLAGS = \
+check_LTLIBRARIES = libtest.la
+libtest_la_SOURCES = \
+ test_suite.c test_suite.h \
+ test_runner.c test_runner.h \
+ utils/test_rng.c utils/test_rng.h
+
+libtest_la_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ @COVERAGE_CFLAGS@
+
+libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
+libtest_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(PTHREADLIB)
+
+tests_SOURCES = tests.h tests.c \
+ suites/test_linked_list.c \
+ suites/test_enumerator.c \
+ suites/test_linked_list_enumerator.c \
+ suites/test_bio_reader.c \
+ suites/test_bio_writer.c \
+ suites/test_chunk.c \
+ suites/test_enum.c \
+ suites/test_hashtable.c \
+ suites/test_identification.c \
+ suites/test_threading.c \
+ suites/test_watcher.c \
+ suites/test_stream.c \
+ suites/test_fetch_http.c \
+ suites/test_utils.c \
+ suites/test_settings.c \
+ suites/test_vectors.c \
+ suites/test_array.c \
+ suites/test_ecdsa.c \
+ suites/test_rsa.c \
+ suites/test_host.c \
+ suites/test_hasher.c \
+ suites/test_crypter.c \
+ suites/test_pen.c \
+ suites/test_asn1.c \
+ suites/test_asn1_parser.c \
+ suites/test_printf.c \
+ suites/test_test_rng.c \
+ suites/test_ntru.c
+
+tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
- @COVERAGE_CFLAGS@ \
- @CHECK_CFLAGS@
+ @COVERAGE_CFLAGS@
-test_runner_LDFLAGS = @COVERAGE_LDFLAGS@
-test_runner_LDADD = \
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) \
- @CHECK_LIBS@
+ libtest.la
all: all-am
.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -650,6 +534,28 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkLTLIBRARIES:
+ -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES)
+ @list='$(check_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+utils/$(am__dirstamp):
+ @$(MKDIR_P) utils
+ @: > utils/$(am__dirstamp)
+utils/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) utils/$(DEPDIR)
+ @: > utils/$(DEPDIR)/$(am__dirstamp)
+utils/libtest_la-test_rng.lo: utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+
+libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) $(EXTRA_libtest_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libtest_la_LINK) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
+
clean-checkPROGRAMS:
@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
@@ -658,35 +564,114 @@ clean-checkPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
-
-test_runner$(EXEEXT): $(test_runner_OBJECTS) $(test_runner_DEPENDENCIES) $(EXTRA_test_runner_DEPENDENCIES)
- @rm -f test_runner$(EXEEXT)
- $(AM_V_CCLD)$(test_runner_LINK) $(test_runner_OBJECTS) $(test_runner_LDADD) $(LIBS)
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_linked_list.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_enumerator.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_linked_list_enumerator.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_bio_reader.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_bio_writer.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_chunk.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_enum.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_hashtable.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_fetch_http.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_utils.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_settings.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_vectors.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_array.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_ecdsa.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_rsa.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_host.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_hasher.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_asn1_parser.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_printf.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_test_rng.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_ntru.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+
+tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES)
+ @rm -f tests$(EXEEXT)
+ $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
+ -rm -f suites/*.$(OBJEXT)
+ -rm -f utils/*.$(OBJEXT)
+ -rm -f utils/*.lo
distclean-compile:
-rm -f *.tab.c
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_array.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_bio_reader.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_bio_writer.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_chunk.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_ecdsa.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_enum.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_enumerator.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_hashtable.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_host.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_identification.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_linked_list.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_linked_list_enumerator.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_printf.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_rsa.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_runner.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_threading.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_utils.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/test_runner-test_vectors.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libtest_la-test_runner.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libtest_la-test_suite.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tests-tests.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_array.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_asn1.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_asn1_parser.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_bio_reader.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_bio_writer.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_chunk.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_crypter.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_ecdsa.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_enum.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_enumerator.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_fetch_http.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_hasher.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_hashtable.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_host.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_identification.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_linked_list.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_ntru.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_pen.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_printf.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_rsa.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_settings.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_stream.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_test_rng.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_threading.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_utils.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_vectors.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_watcher.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/libtest_la-test_rng.Plo at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -712,263 +697,439 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-test_runner-test_runner.o: test_runner.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.o -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.o' libtool=no @AMDEPBACKSLASH@
+libtest_la-test_suite.lo: test_suite.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_suite.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_suite.Tpo -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_suite.Tpo $(DEPDIR)/libtest_la-test_suite.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_suite.c' object='libtest_la-test_suite.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c
+
+libtest_la-test_runner.lo: test_runner.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_runner.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_runner.Tpo -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_runner.Tpo $(DEPDIR)/libtest_la-test_runner.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='libtest_la-test_runner.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+
+utils/libtest_la-test_rng.lo: utils/test_rng.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT utils/libtest_la-test_rng.lo -MD -MP -MF utils/$(DEPDIR)/libtest_la-test_rng.Tpo -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/libtest_la-test_rng.Tpo utils/$(DEPDIR)/libtest_la-test_rng.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/test_rng.c' object='utils/libtest_la-test_rng.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c
+
+tests-tests.o: tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+
+tests-tests.obj: tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+
+suites/tests-test_linked_list.o: suites/test_linked_list.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+
+suites/tests-test_linked_list.obj: suites/test_linked_list.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+
+suites/tests-test_enumerator.o: suites/test_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+
+suites/tests-test_enumerator.obj: suites/test_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+
+suites/tests-test_linked_list_enumerator.o: suites/test_linked_list_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+
+suites/tests-test_linked_list_enumerator.obj: suites/test_linked_list_enumerator.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+
+suites/tests-test_bio_reader.o: suites/test_bio_reader.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+
+suites/tests-test_bio_reader.obj: suites/test_bio_reader.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+
+suites/tests-test_bio_writer.o: suites/test_bio_writer.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+
+suites/tests-test_bio_writer.obj: suites/test_bio_writer.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+
+suites/tests-test_chunk.o: suites/test_chunk.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.o -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
-test_runner-test_runner.obj: test_runner.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.obj -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_chunk.obj: suites/test_chunk.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
-test_runner-test_linked_list.o: test_linked_list.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_enum.o: suites/test_enum.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
-test_runner-test_linked_list.obj: test_linked_list.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_enum.obj: suites/test_enum.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
-test_runner-test_enumerator.o: test_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hashtable.o: suites/test_hashtable.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
-test_runner-test_enumerator.obj: test_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hashtable.obj: suites/test_hashtable.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
-test_runner-test_linked_list_enumerator.o: test_linked_list_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_identification.o: suites/test_identification.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.o -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
-test_runner-test_linked_list_enumerator.obj: test_linked_list_enumerator.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_identification.obj: suites/test_identification.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
-test_runner-test_bio_reader.o: test_bio_reader.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_threading.o: suites/test_threading.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.o -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
-test_runner-test_bio_reader.obj: test_bio_reader.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_threading.obj: suites/test_threading.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
-test_runner-test_bio_writer.o: test_bio_writer.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_watcher.o: suites/test_watcher.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
-test_runner-test_bio_writer.obj: test_bio_writer.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_watcher.obj: suites/test_watcher.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
-test_runner-test_chunk.o: test_chunk.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.o -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_stream.o: suites/test_stream.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.o -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
-test_runner-test_chunk.obj: test_chunk.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.obj -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_stream.obj: suites/test_stream.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
-test_runner-test_enum.o: test_enum.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.o -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_fetch_http.o: suites/test_fetch_http.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.o -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
-test_runner-test_enum.obj: test_enum.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_fetch_http.obj: suites/test_fetch_http.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
-test_runner-test_hashtable.o: test_hashtable.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.o -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_utils.o: suites/test_utils.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.o -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
-test_runner-test_hashtable.obj: test_hashtable.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.obj -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_utils.obj: suites/test_utils.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
-test_runner-test_identification.o: test_identification.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.o -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_settings.o: suites/test_settings.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.o -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
-test_runner-test_identification.obj: test_identification.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.obj -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_settings.obj: suites/test_settings.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
-test_runner-test_threading.o: test_threading.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.o -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_vectors.o: suites/test_vectors.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
-test_runner-test_threading.obj: test_threading.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.obj -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_vectors.obj: suites/test_vectors.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
-test_runner-test_utils.o: test_utils.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.o -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_array.o: suites/test_array.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.o -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
-test_runner-test_utils.obj: test_utils.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.obj -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_array.obj: suites/test_array.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
-test_runner-test_vectors.o: test_vectors.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.o -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_ecdsa.o: suites/test_ecdsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
-test_runner-test_vectors.obj: test_vectors.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.obj -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_ecdsa.obj: suites/test_ecdsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
-test_runner-test_array.o: test_array.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.o -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_rsa.o: suites/test_rsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
-test_runner-test_array.obj: test_array.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.obj -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_rsa.obj: suites/test_rsa.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
-test_runner-test_ecdsa.o: test_ecdsa.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_host.o: suites/test_host.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.o -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
-test_runner-test_ecdsa.obj: test_ecdsa.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_host.obj: suites/test_host.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
-test_runner-test_rsa.o: test_rsa.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hasher.o: suites/test_hasher.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
-test_runner-test_rsa.obj: test_rsa.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hasher.obj: suites/test_hasher.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
-test_runner-test_host.o: test_host.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.o -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_crypter.o: suites/test_crypter.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.o -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
-test_runner-test_host.obj: test_host.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.obj -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_crypter.obj: suites/test_crypter.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
-test_runner-test_printf.o: test_printf.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.o -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_pen.o: suites/test_pen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
-test_runner-test_printf.obj: test_printf.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.obj -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_pen.obj: suites/test_pen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi`
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+
+suites/tests-test_asn1.o: suites/test_asn1.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+
+suites/tests-test_asn1.obj: suites/test_asn1.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+
+suites/tests-test_asn1_parser.o: suites/test_asn1_parser.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+
+suites/tests-test_asn1_parser.obj: suites/test_asn1_parser.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+
+suites/tests-test_printf.o: suites/test_printf.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.o -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+
+suites/tests-test_printf.obj: suites/test_printf.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+
+suites/tests-test_test_rng.o: suites/test_test_rng.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.o -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+
+suites/tests-test_test_rng.obj: suites/test_test_rng.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+
+suites/tests-test_ntru.o: suites/test_ntru.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+
+suites/tests-test_ntru.obj: suites/test_ntru.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
+ -rm -rf utils/.libs utils/_libs
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -1022,168 +1183,98 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- else \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
else \
- color_start= color_end=; \
+ skipped="($$skip tests were not run)"; \
fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS:
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(check_PROGRAMS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-test_runner.log: test_runner$(EXEEXT)
- @p='test_runner$(EXEEXT)'; \
- b='test_runner'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
- at am__EXEEXT_TRUE@.test$(EXEEXT).log:
- at am__EXEEXT_TRUE@ @p='$<'; \
- at am__EXEEXT_TRUE@ $(am__set_b); \
- at am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- at am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
- at am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- at am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -1216,7 +1307,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) $(check_PROGRAMS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile
@@ -1241,26 +1332,27 @@ install-strip:
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+ -rm -f utils/$(DEPDIR)/$(am__dirstamp)
+ -rm -f utils/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
- mostlyclean-am
+clean-am: clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1306,7 +1398,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1328,18 +1420,18 @@ uninstall-am:
.MAKE: check-am install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
- ctags ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am
+ clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool cscopelist-am ctags ctags-am distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c
new file mode 100644
index 0000000..ba2aff4
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -0,0 +1,532 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <collections/array.h>
+
+START_TEST(test_append_ptr)
+{
+ array_t *array;
+ uintptr_t x;
+ int i;
+
+ array = array_create(0, 0);
+
+ for (i = 0; i < 4; i++)
+ {
+ ck_assert_int_eq(array_count(array), 0);
+
+ array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)3);
+ array_insert(array, ARRAY_TAIL, (void*)(uintptr_t)4);
+ ck_assert_int_eq(array_count(array), 2);
+
+ /* 3, 4 */
+
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_get(array, 1, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(!array_get(array, 3, &x));
+
+ array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)1);
+ array_insert(array, 1, (void*)(uintptr_t)2);
+ ck_assert_int_eq(array_count(array), 4);
+
+ /* 1, 2, 3, 4 */
+
+ array_insert(array, ARRAY_TAIL, (void*)(uintptr_t)5);
+ array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)0);
+ ck_assert_int_eq(array_count(array), 6);
+
+ /* 0, 1, 2, 3, 4, 5 */
+
+ ck_assert(array_remove(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 5);
+ ck_assert(array_remove(array, 4, &x));
+ ck_assert_int_eq(x, 4);
+
+ if (i < 3)
+ {
+ array_compress(array);
+ }
+
+ /* 0, 1, 2, 3 */
+
+ ck_assert(array_remove(array, 1, &x));
+ ck_assert_int_eq(x, 1);
+ ck_assert(array_remove(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 0);
+
+ if (i < 2)
+ {
+ array_compress(array);
+ }
+
+ /* 2, 3 */
+
+ ck_assert(array_remove(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_remove(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 2);
+
+ if (i < 1)
+ {
+ array_compress(array);
+ }
+
+ ck_assert_int_eq(array_count(array), 0);
+
+ ck_assert(array_remove(array, ARRAY_HEAD, NULL) == FALSE);
+ ck_assert(array_remove(array, ARRAY_TAIL, NULL) == FALSE);
+ }
+
+ array_destroy(array);
+}
+END_TEST
+
+START_TEST(test_append_obj)
+{
+ array_t *array;
+ int i, x, y[6] = {0, 1, 2, 3, 4, 5};
+
+ array = array_create(sizeof(y[0]), 0);
+
+ for (i = 0; i < 4; i++)
+ {
+ ck_assert_int_eq(array_count(array), 0);
+
+ array_insert(array, ARRAY_HEAD, &y[3]);
+ array_insert(array, ARRAY_TAIL, &y[4]);
+ ck_assert_int_eq(array_count(array), 2);;
+
+ /* 3, 4 */
+
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_get(array, 1, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(!array_get(array, 3, &x));
+
+ array_insert(array, ARRAY_HEAD, &y[1]);
+ array_insert(array, 1, &y[2]);
+ ck_assert_int_eq(array_count(array), 4);
+
+ /* 1, 2, 3, 4 */
+
+ array_insert(array, ARRAY_TAIL, &y[5]);
+ array_insert(array, ARRAY_HEAD, &y[0]);
+ ck_assert_int_eq(array_count(array), 6);
+
+ /* 0, 1, 2, 3, 4, 5 */
+
+ ck_assert(array_remove(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 5);
+ ck_assert(array_remove(array, 4, &x));
+ ck_assert_int_eq(x, 4);
+
+ if (i < 3)
+ {
+ array_compress(array);
+ }
+
+ /* 0, 1, 2, 3 */
+
+ ck_assert(array_remove(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 0);
+ ck_assert(array_remove(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 1);
+
+ if (i < 2)
+ {
+ array_compress(array);
+ }
+
+ /* 2, 3 */
+
+ ck_assert(array_remove(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_remove(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 2);
+
+ if (i < 1)
+ {
+ array_compress(array);
+ }
+
+ ck_assert_int_eq(array_count(array), 0);
+
+ ck_assert(array_remove(array, ARRAY_HEAD, NULL) == FALSE);
+ ck_assert(array_remove(array, ARRAY_TAIL, NULL) == FALSE);
+ }
+
+ array_destroy(array);
+}
+END_TEST
+
+START_TEST(test_enumerate)
+{
+ array_t *array;
+ int i, *x, y[6] = {0, 1, 2, 3, 4, 5};
+ enumerator_t *enumerator;
+
+ array = array_create(sizeof(y[0]), 0);
+
+ array_insert(array, ARRAY_TAIL, &y[0]);
+ array_insert(array, ARRAY_TAIL, &y[1]);
+ array_insert(array, ARRAY_TAIL, &y[2]);
+ array_insert(array, ARRAY_TAIL, &y[3]);
+ array_insert(array, ARRAY_TAIL, &y[4]);
+ array_insert(array, ARRAY_TAIL, &y[5]);
+
+ ck_assert_int_eq(array_count(array), 6);
+
+ /* 0, 1, 2, 3, 4, 5 */
+
+ i = 0;
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ ck_assert_int_eq(*x, y[i]);
+ i++;
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(i, 6);
+
+ i = 0;
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ ck_assert_int_eq(*x, y[i]);
+ if (i == 0 || i == 3 || i == 5)
+ {
+ array_remove_at(array, enumerator);
+ }
+ i++;
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(i, 6);
+ ck_assert_int_eq(array_count(array), 3);
+
+ /* 1, 2, 4 */
+
+ i = 0;
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ switch (i++)
+ {
+ case 0:
+ ck_assert_int_eq(*x, y[1]);
+ break;
+ case 1:
+ ck_assert_int_eq(*x, y[2]);
+ break;
+ case 2:
+ ck_assert_int_eq(*x, y[4]);
+ break;
+ default:
+ ck_assert(0);
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ array_compress(array);
+
+ i = 0;
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ switch (i++)
+ {
+ case 0:
+ ck_assert_int_eq(*x, y[1]);
+ break;
+ case 1:
+ ck_assert_int_eq(*x, y[2]);
+ break;
+ case 2:
+ ck_assert_int_eq(*x, y[4]);
+ break;
+ default:
+ ck_assert(0);
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ array_destroy(array);
+}
+END_TEST
+
+static int comp_obj(const void *a, const void *b, void *arg)
+{
+ ck_assert_str_eq(arg, "arg");
+ return *(int*)a - *(int*)b;
+}
+
+START_TEST(test_sort_obj)
+{
+ array_t *array;
+ int x[][3] = {
+ {1, 2, 3},
+ {1, 3, 2},
+ {2, 1, 3},
+ {2, 3, 1},
+ {3, 1, 2},
+ {3, 2, 1},
+ };
+ char *arg = "arg";
+ int i, v;
+
+ for (i = 0; i < countof(x); i++)
+ {
+ array = array_create(sizeof(x[i][0]), 0);
+ array_insert(array, ARRAY_TAIL, &x[i][0]);
+ array_insert(array, ARRAY_TAIL, &x[i][1]);
+ array_insert(array, ARRAY_TAIL, &x[i][2]);
+
+ array_sort(array, comp_obj, arg);
+
+ ck_assert(array_get(array, 0, &v));
+ ck_assert_int_eq(v, 1);
+ ck_assert(array_get(array, 1, &v));
+ ck_assert_int_eq(v, 2);
+ ck_assert(array_get(array, 2, &v));
+ ck_assert_int_eq(v, 3);
+
+ array_destroy(array);
+ }
+}
+END_TEST
+
+static int comp_ptr(const void *a, const void *b, void *arg)
+{
+ ck_assert_str_eq(arg, "arg");
+ return strcmp(a, b);
+}
+
+START_TEST(test_sort_ptr)
+{
+ array_t *array;
+ char *x[][3] = {
+ {"a", "b", "c"},
+ {"a", "c", "b"},
+ {"b", "a", "c"},
+ {"b", "c", "a"},
+ {"c", "a", "b"},
+ {"c", "b", "a"},
+ };
+ char *v, *arg = "arg";
+ int i;
+
+ for (i = 0; i < countof(x); i++)
+ {
+ array = array_create(0, 0);
+ array_insert(array, ARRAY_TAIL, x[i][0]);
+ array_insert(array, ARRAY_TAIL, x[i][1]);
+ array_insert(array, ARRAY_TAIL, x[i][2]);
+
+ array_sort(array, comp_ptr, arg);
+
+ ck_assert(array_get(array, 0, &v));
+ ck_assert_str_eq(v, "a");
+ ck_assert(array_get(array, 1, &v));
+ ck_assert_str_eq(v, "b");
+ ck_assert(array_get(array, 2, &v));
+ ck_assert_str_eq(v, "c");
+
+ array_destroy(array);
+ }
+}
+END_TEST
+
+static int comp_search_obj(const void *a, const void *b)
+{
+ return *(int*)a - *(int*)b;
+}
+
+START_TEST(test_bsearch_obj)
+{
+ array_t *array;
+ int x[] = { 3, 2, 1 };
+ int k, v;
+
+ array = array_create(sizeof(x[0]), 0);
+ array_insert(array, ARRAY_TAIL, &x[0]);
+ array_insert(array, ARRAY_TAIL, &x[1]);
+ array_insert(array, ARRAY_TAIL, &x[2]);
+
+ array_sort(array, (void*)comp_search_obj, NULL);
+
+ k = 0;
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1);
+ for (k = 1; k < 4; k++)
+ {
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), k-1);
+ ck_assert_int_eq(v, k);
+ }
+ k = 4;
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1);
+ array_destroy(array);
+}
+END_TEST
+
+static int comp_search_ptr(const void *a, const void *b)
+{
+ return strcmp(a, b);
+}
+
+START_TEST(test_bsearch_ptr)
+{
+ array_t *array;
+ char *x[] = {"c", "b", "a"};
+ char *v;
+
+ array = array_create(0, 0);
+ array_insert(array, ARRAY_TAIL, x[0]);
+ array_insert(array, ARRAY_TAIL, x[1]);
+ array_insert(array, ARRAY_TAIL, x[2]);
+
+ array_sort(array, (void*)comp_search_ptr, NULL);
+
+ ck_assert_int_eq(array_bsearch(array, "abc", comp_search_ptr, &v), -1);
+ ck_assert_int_eq(array_bsearch(array, "a", comp_search_ptr, &v), 0);
+ ck_assert_str_eq(v, "a");
+ ck_assert_int_eq(array_bsearch(array, "b", comp_search_ptr, &v), 1);
+ ck_assert_str_eq(v, "b");
+ ck_assert_int_eq(array_bsearch(array, "c", comp_search_ptr, &v), 2);
+ ck_assert_str_eq(v, "c");
+
+ array_destroy(array);
+}
+END_TEST
+
+static void invoke(void *data, int idx, void *user)
+{
+ int *y = user, *x = data;
+
+ ck_assert(idx < 3);
+
+ ck_assert_int_eq(y[idx], *x);
+ y[idx] = 0;
+}
+
+START_TEST(test_invoke)
+{
+ array_t *array;
+ int y[] = {1, 2, 3};
+
+ array = array_create(sizeof(y[0]), 0);
+
+ array_insert(array, ARRAY_TAIL, &y[0]);
+ array_insert(array, ARRAY_TAIL, &y[1]);
+ array_insert(array, ARRAY_TAIL, &y[2]);
+
+ array_invoke(array, invoke, y);
+
+ ck_assert_int_eq(y[0], 0);
+ ck_assert_int_eq(y[0], 0);
+ ck_assert_int_eq(y[0], 0);
+
+ array_destroy(array);
+}
+END_TEST
+
+typedef struct obj_t obj_t;
+
+struct obj_t {
+ void (*fun)(obj_t *obj);
+ int x;
+ int *counter;
+};
+
+static void fun(obj_t *obj)
+{
+ ck_assert(obj->x == (*obj->counter)++);
+}
+
+START_TEST(test_invoke_offset)
+{
+ array_t *array;
+ obj_t objs[5];
+ int i, counter = 0;
+
+ array = array_create(0, 0);
+
+ for (i = 0; i < countof(objs); i++)
+ {
+ objs[i].x = i;
+ objs[i].counter = &counter;
+ objs[i].fun = fun;
+
+ array_insert(array, ARRAY_TAIL, &objs[i]);
+ }
+
+ ck_assert_int_eq(countof(objs), array_count(array));
+
+ array_invoke_offset(array, offsetof(obj_t, fun));
+
+ ck_assert_int_eq(counter, countof(objs));
+
+ array_destroy(array);
+}
+END_TEST
+
+Suite *array_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("array");
+
+ tc = tcase_create("add/get/remove ptr");
+ tcase_add_test(tc, test_append_ptr);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("add/get/remove obj");
+ tcase_add_test(tc, test_append_obj);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("enumerate");
+ tcase_add_test(tc, test_enumerate);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("sort");
+ tcase_add_test(tc, test_sort_obj);
+ tcase_add_test(tc, test_sort_ptr);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("bsearch");
+ tcase_add_test(tc, test_bsearch_obj);
+ tcase_add_test(tc, test_bsearch_ptr);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("invoke");
+ tcase_add_test(tc, test_invoke);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("invoke offset");
+ tcase_add_test(tc, test_invoke_offset);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c
new file mode 100644
index 0000000..d0cd7e6
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_asn1.c
@@ -0,0 +1,869 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "test_suite.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <utils/chunk.h>
+
+/*******************************************************************************
+ * algorithm_identifier
+ */
+
+START_TEST(test_asn1_algorithmIdentifier)
+{
+ typedef struct {
+ int n;
+ chunk_t algid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_ECDSA_WITH_SHA1, chunk_from_chars(0x30, 0x09, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { OID_SHA1_WITH_RSA, chunk_from_chars(0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00) },
+ };
+
+ chunk_t algid;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ algid = asn1_algorithmIdentifier(test[i].n);
+ ck_assert(chunk_equals(algid, test[i].algid));
+ free(algid.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_algorithm_identifier
+ */
+
+START_TEST(test_asn1_parse_algorithmIdentifier)
+{
+ typedef struct {
+ int alg;
+ bool empty;
+ chunk_t parameters;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_ECDSA_WITH_SHA1, TRUE, chunk_empty },
+ { OID_SHA1_WITH_RSA, TRUE, chunk_from_chars(0x05, 0x00) },
+ { OID_3DES_EDE_CBC, FALSE, chunk_from_chars(0x04, 0x01, 0xaa) },
+ { OID_PBKDF2, FALSE, chunk_from_chars(0x30, 0x01, 0xaa) }
+ };
+
+ chunk_t algid, parameters;
+ int i, alg;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ algid = asn1_wrap(ASN1_SEQUENCE, "mc",
+ asn1_build_known_oid(test[i].alg), test[i].parameters);
+ parameters = chunk_empty;
+ if (i == 2)
+ {
+ alg = asn1_parse_algorithmIdentifier(algid, 0, NULL);
+ }
+ else
+ {
+ alg = asn1_parse_algorithmIdentifier(algid, 0, ¶meters);
+ if (test[i].empty)
+ {
+ ck_assert(parameters.len == 0 && parameters.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(parameters, test[i].parameters));
+ }
+ }
+ ck_assert(alg == test[i].alg);
+ chunk_free(&algid);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * known_oid
+ */
+
+START_TEST(test_asn1_known_oid)
+{
+ typedef struct {
+ int n;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_UNKNOWN, chunk_empty },
+ { OID_UNKNOWN, chunk_from_chars(0x55, 0x04, 0x02) },
+ { OID_COUNTRY, chunk_from_chars(0x55, 0x04, 0x06) },
+ { OID_STRONGSWAN, chunk_from_chars(0x2b, 0x06, 0x01, 0x04, 0x01,
+ 0x82, 0xa0, 0x2a, 0x01) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_known_oid(test[i].oid) == test[i].n);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * build_known_oid
+ */
+
+START_TEST(test_asn1_build_known_oid)
+{
+ typedef struct {
+ int n;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_UNKNOWN, chunk_empty },
+ { OID_MAX, chunk_empty },
+ { OID_COUNTRY, chunk_from_chars(0x06, 0x03, 0x55, 0x04, 0x06) },
+ { OID_STRONGSWAN, chunk_from_chars(0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
+ 0x01, 0x82, 0xa0, 0x2a, 0x01) }
+ };
+
+ int i;
+ chunk_t oid = chunk_empty;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ oid = asn1_build_known_oid(test[i].n);
+ if (test[i].oid.len == 0)
+ {
+ ck_assert(oid.len == 0 && oid.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(oid, test[i].oid));
+ chunk_free(&oid);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * oid_from_string
+ */
+
+START_TEST(test_asn1_oid_from_string)
+{
+ typedef struct {
+ char *string;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { "", chunk_empty },
+ { " ", chunk_empty },
+ { "0.2.262.1", chunk_from_chars(
+ 0x02, 0x82, 0x06, 0x01) },
+ { "1.2.840.10045.4.1", chunk_from_chars(
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { "1.3.6.1.4.1.36906.1", chunk_from_chars(
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) },
+ { "2.16.840.1.101.3.4.2.1", chunk_from_chars(
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) },
+ { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455",
+ chunk_from_chars(0x0a,0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d,
+ 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00,
+ 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) },
+ { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137."
+ "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388."
+ "2097153", chunk_from_chars(
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x81, 0x00, 0x81, 0x01, 0x81, 0x02, 0x81, 0x03, 0x81, 0x04,
+ 0x81, 0x05, 0x81, 0x06, 0x81, 0x07, 0x81, 0x08, 0x81, 0x09,
+ 0x82, 0x00, 0x82, 0x01, 0x82, 0x02, 0x82, 0x03, 0x82, 0x04,
+ 0x82, 0x05, 0x82, 0x06, 0x82, 0x07, 0x82, 0x08, 0x82, 0x09,
+ 0x83, 0x00, 0x83, 0x01, 0x83, 0x02, 0x83, 0x03, 0x83, 0x04,
+ 0x81, 0x80, 0x80, 0x01) },
+ { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137."
+ "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388."
+ "1.2097153", chunk_empty },
+ { "1.a.2.b.3", chunk_empty }
+ };
+
+ int i;
+ chunk_t oid = chunk_empty;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ oid = asn1_oid_from_string(test[i].string);
+ if (test[i].oid.len == 0)
+ {
+ ck_assert(oid.len == 0 && oid.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(oid, test[i].oid));
+ chunk_free(&oid);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * oid_to_string
+ */
+
+START_TEST(test_asn1_oid_to_string)
+{
+ typedef struct {
+ char *string;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { NULL, chunk_empty },
+ { "0.2.262.1", chunk_from_chars(
+ 0x02, 0x82, 0x06, 0x01) },
+ { "1.2.840.10045.4.1", chunk_from_chars(
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { "1.3.6.1.4.1.36906.1", chunk_from_chars(
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) },
+ { "2.16.840.1.101.3.4.2.1", chunk_from_chars(
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) },
+ { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455",
+ chunk_from_chars( 0x0a, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d,
+ 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00,
+ 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) },
+ { NULL, chunk_from_chars(
+ 0x0a, 0x02, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d, 0x20,
+ 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00, 0xaf, 0xd7, 0xc2, 0x00,
+ 0xff, 0xff, 0xff, 0x7f) },
+ { NULL, chunk_from_chars(0x0a, 0x87) }
+ };
+
+ int i;
+ char *string = NULL;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ string = asn1_oid_to_string(test[i].oid);
+ if (test[i].string == NULL)
+ {
+ ck_assert(string == NULL);
+ }
+ else
+ {
+ ck_assert(streq(string, test[i].string));
+ free(string);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * length
+ */
+
+START_TEST(test_asn1_length)
+{
+ chunk_t a;
+
+ a = chunk_empty;
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x00);
+ ck_assert(asn1_length(&a) == 0);
+
+ a = chunk_from_chars(0x04, 0x01);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x01, 0xaa);
+ ck_assert(asn1_length(&a) == 1);
+
+ a = chunk_from_chars(0x04, 0x7f, 0xaa);
+ a.len = 2 + 127;
+ ck_assert(asn1_length(&a) == 127);
+
+ a = chunk_from_chars(0x04, 0x80, 0xaa);
+ a.len = 2 + 128;
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81, 0x00);
+ ck_assert(asn1_length(&a) == 0);
+
+ a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa);
+ a.len = 3 + 128;
+ ck_assert(asn1_length(&a) == 128);
+
+ a = chunk_from_chars(0x04, 0x82, 0x01, 0x02, 0xaa);
+ a.len = 4 + 258;
+ ck_assert(asn1_length(&a) == 258);
+
+ a = chunk_from_chars(0x04, 0x83, 0x01, 0x02, 0x03, 0xaa);
+ a.len = 5 + 66051;
+ ck_assert(asn1_length(&a) == 66051);
+
+ a = chunk_from_chars(0x04, 0x84, 0x01, 0x02, 0x03, 0x04, 0xaa);
+ a.len = 6 + 16909060;
+ ck_assert(asn1_length(&a) == 16909060);
+
+ /* largest chunk on 32 bit system */
+ a = chunk_from_chars(0x04, 0x84, 0xff, 0xff, 0xff, 0xf9, 0xaa);
+ a.len = 4294967295;
+ ck_assert(asn1_length(&a) == 4294967289);
+
+}
+END_TEST
+
+/*******************************************************************************
+ * unwrap
+ */
+
+START_TEST(test_asn1_unwrap)
+{
+ chunk_t c0 = chunk_from_chars(0x30);
+ chunk_t c1 = chunk_from_chars(0x30, 0x01, 0xaa);
+ chunk_t c2 = chunk_from_chars(0x30, 0x80);
+ chunk_t c3 = chunk_from_chars(0x30, 0x81);
+ chunk_t c4 = chunk_from_chars(0x30, 0x81, 0x01, 0xaa);
+ chunk_t c5 = chunk_from_chars(0x30, 0x81, 0x02, 0xaa);
+
+ chunk_t inner;
+ chunk_t inner_ref = chunk_from_chars(0xaa);
+
+ ck_assert(asn1_unwrap(&c0, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c1, &inner) == ASN1_SEQUENCE);
+
+ ck_assert(chunk_equals(inner, inner_ref));
+
+ ck_assert(asn1_unwrap(&c2, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c3, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c4, &inner) == ASN1_SEQUENCE);
+
+ ck_assert(chunk_equals(inner, inner_ref));
+
+ ck_assert(asn1_unwrap(&c5, &inner) == ASN1_INVALID);
+}
+END_TEST
+
+/*******************************************************************************
+ * is_asn1
+ */
+
+START_TEST(test_is_asn1)
+{
+ typedef struct {
+ bool asn1;
+ chunk_t chunk;
+ } testdata_t;
+
+ u_char buf[8];
+ chunk_t chunk_zero = { buf, 0 };
+ chunk_t chunk_mean = { 0, 1 };
+
+ testdata_t test[] = {
+ { FALSE, chunk_zero },
+ { FALSE, chunk_empty },
+ { FALSE, chunk_mean },
+ { TRUE, chunk_from_chars(0x30, 0x00) },
+ { TRUE, chunk_from_chars(0x31, 0x00) },
+ { TRUE, chunk_from_chars(0x04, 0x00) },
+ { FALSE, chunk_from_chars(0x02, 0x00) },
+ { FALSE, chunk_from_chars(0x30, 0x01) },
+ { FALSE, chunk_from_chars(0x30, 0x80) },
+ { TRUE, chunk_from_chars(0x30, 0x01, 0xa1) },
+ { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2) },
+ { TRUE, chunk_from_chars(0x30, 0x01, 0xa1, 0x0a) },
+ { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2, 0x0a) },
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(is_asn1(test[i].chunk) == test[i].asn1);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * is_printablestring
+ */
+
+START_TEST(test_asn1_is_printablestring)
+{
+ typedef struct {
+ bool printable;
+ char *string;
+ } testdata_t;
+
+
+ testdata_t test[] = {
+ { TRUE, "" },
+ { TRUE, "Z" },
+ { FALSE, "Z#" },
+ { FALSE, "&Z" },
+ { FALSE, "Z at z" },
+ { FALSE, "!" }, { FALSE, "*" }, { FALSE, "$" }, { FALSE, "%" },
+ { FALSE, "[" }, { FALSE, "]" }, { FALSE, "{" }, { FALSE, "}" },
+ { FALSE, "|" }, { FALSE, "~" }, { FALSE, "^" }, { FALSE, "_" },
+ { FALSE, "\"" }, { FALSE, "\\" }, { FALSE, "ä" }, { FALSE, "à" },
+ { TRUE, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ "0123456789 '()+,-./:=?" },
+ };
+
+ chunk_t chunk;
+ int i;
+
+ ck_assert(asn1_is_printablestring(chunk_empty));
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk = chunk_from_str(test[i].string);
+ ck_assert(asn1_is_printablestring(chunk) == test[i].printable);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * to_time
+ */
+
+START_TEST(test_asn1_to_time)
+{
+ typedef struct {
+ time_t time;
+ u_int8_t type;
+ char *string;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352980, 0x18, "197001050203Z" },
+ { 352984, 0x18, "19700105020304Z" },
+ { 352980, 0x17, "7001050203Z" },
+ { 347580, 0x17, "7001050203+0130" },
+ { 358380, 0x17, "7001050203-0130" },
+ { 352984, 0x17, "700105020304Z" },
+ { 347584, 0x17, "700105020304+0130" },
+ { 358384, 0x17, "700105020304-0130" },
+ { 0, 0x17, "700105020304+01" },
+ { 0, 0x17, "700105020304-01" },
+ { 0, 0x17, "700105020304" },
+ { 0, 0x17, "70010502Z" },
+ { 0, 0x17, "7001050203xxZ" },
+ { 0, 0x17, "7000050203Z" },
+ { 0, 0x17, "7013050203Z" },
+ { 0, 0x17, "7001004203Z" },
+ { 0, 0x17, "7001320203Z" },
+ { 0, 0x17, "700101-103Z" },
+ { 0, 0x17, "7001016003Z" },
+ { 0, 0x17, "70010102-1Z" },
+ { 0, 0x17, "7001010260Z" },
+ { 0, 0x17, "7001010203-1Z" },
+ { 0, 0x17, "700101020361Z" },
+ { -631152000, 0x17, "500101000000Z" }, /* UTCTime min */
+ { 59, 0x17, "691231235959-0001" },
+ { -1, 0x17, "691231235959Z" },
+ { 0, 0x17, "700101000000Z" },
+ { -60, 0x17, "700101000000+0001" },
+ { 2524607999UL, 0x17, "491231235959Z" }, /* UTCTime max */
+ { 5097600, 0x17, "7003010000Z" },
+ { 68256000, 0x17, "7203010000Z" },
+ { 951868800, 0x17, "0003010000Z" },
+ { 4107542400UL, 0x18, "210003010000Z" }
+ };
+
+ int i;
+ chunk_t chunk;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ if (sizeof(time_t) == 4 && test[i].time < 0)
+ {
+ continue;
+ }
+ chunk = chunk_from_str(test[i].string);
+ ck_assert(asn1_to_time(&chunk, test[i].type) == test[i].time);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * from_time
+ */
+
+START_TEST(test_asn1_from_time)
+{
+ typedef struct {
+ time_t time;
+ u_int8_t type;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352984, 0x18, chunk_from_chars(
+ 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 352984, 0x17, chunk_from_chars(
+ 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 1078099200, 0x17, chunk_from_chars(
+ 0x17, 0x0d, 0x30, 0x34, 0x30, 0x33, 0x30, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) },
+ { 4107542400UL, 0x18, chunk_from_chars(
+ 0x18, 0x0f, 0x32, 0x31, 0x30, 0x30, 0x30, 0x33, 0x30, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) }
+ };
+
+ int i;
+ chunk_t chunk;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ if (sizeof(time_t) == 4 && test[i].time < 0)
+ {
+ continue;
+ }
+ chunk = asn1_from_time(&test[i].time, test[i].type);
+ ck_assert(chunk_equals(chunk, test[i].chunk));
+ free(chunk.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_time
+ */
+
+START_TEST(test_asn1_parse_time)
+{
+ typedef struct {
+ time_t time;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352984, chunk_from_chars(
+ 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 352984, chunk_from_chars(
+ 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 0, chunk_from_chars(0x05, 0x00) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_parse_time(test[i].chunk, 0) == test[i].time);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * build_object
+ */
+
+START_TEST(test_asn1_build_object)
+{
+ typedef struct {
+ size_t len;
+ size_t size;
+ u_char *b;
+ } testdata_t;
+
+ u_char b0[] = { 0x05, 0x00 };
+ u_char b1[] = { 0x04, 0x7f };
+ u_char b2[] = { 0x04, 0x81, 0x80 };
+ u_char b3[] = { 0x04, 0x81, 0xff };
+ u_char b4[] = { 0x04, 0x82, 0x01, 0x00 };
+ u_char b5[] = { 0x04, 0x82, 0xff, 0xff };
+ u_char b6[] = { 0x04, 0x83, 0x01, 0x00, 0x00 };
+
+ testdata_t test[] = {
+ { 0, sizeof(b0), b0 },
+ { 127, sizeof(b1), b1 },
+ { 128, sizeof(b2), b2 },
+ { 255, sizeof(b3), b3 },
+ { 256, sizeof(b4), b4 },
+ { 65535, sizeof(b5), b5 },
+ { 65536, sizeof(b6), b6 }
+ };
+
+ chunk_t a = chunk_empty;
+ u_char *pos;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ pos = asn1_build_object(&a, test[i].b[0], test[i].len);
+ ck_assert(pos == (a.ptr + test[i].size));
+ ck_assert(a.len == test[i].size + test[i].len);
+ ck_assert(memeq(a.ptr, test[i].b, test[i].size));
+ chunk_free(&a);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * simple_object
+ */
+
+START_TEST(test_asn1_simple_object)
+{
+ chunk_t a = chunk_empty;
+ chunk_t b = chunk_from_chars(0x04, 0x05, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5);
+ chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4, 0xa5);
+
+ a = asn1_simple_object(0x04, c);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_simple_object
+ */
+
+START_TEST(test_asn1_parse_simple_object)
+{
+ typedef struct {
+ bool res;
+ int type;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { FALSE, 0x04, chunk_from_chars(0x04) },
+ { FALSE, 0x04, chunk_from_chars(0x02, 0x01, 0x55) },
+ { FALSE, 0x04, chunk_from_chars(0x04, 0x01) },
+ { TRUE, 0x04, chunk_from_chars(0x04, 0x01, 0x55) },
+ { TRUE, 0x06, chunk_from_chars(0x06, 0x02, 0x55, 0x03) },
+ { TRUE, 0x06, chunk_from_chars(0x06, 0x00) },
+ { TRUE, 0x13, chunk_from_chars(0x13, 0x01, 0x55), }
+ };
+
+ int i;
+ bool res;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ res = asn1_parse_simple_object(&test[i].chunk, test[i].type, 0, "test");
+ ck_assert(res == test[i].res);
+ if (res && test[i].chunk.len)
+ {
+ ck_assert(*test[i].chunk.ptr == 0x55);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * bitstring
+ */
+
+START_TEST(test_asn1_bitstring)
+{
+ chunk_t a = chunk_empty;
+ chunk_t b = chunk_from_chars(0x03, 0x05, 0x00, 0xa1, 0xa2, 0xa3, 0xa4);
+ chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4);
+ chunk_t d = chunk_clone(c);
+
+ a = asn1_bitstring("c", c);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+
+ a = asn1_bitstring("m", d);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+}
+END_TEST
+
+/*******************************************************************************
+ * integer
+ */
+
+START_TEST(test_asn1_integer)
+{
+ typedef struct {
+ chunk_t b;
+ chunk_t c;
+ } testdata_t;
+
+ chunk_t b0 = chunk_from_chars(0x02, 0x01, 0x00);
+ chunk_t b1 = chunk_from_chars(0x02, 0x01, 0x7f);
+ chunk_t b2 = chunk_from_chars(0x02, 0x02, 0x00, 0x80);
+
+ chunk_t c0 = chunk_empty;
+ chunk_t c1 = chunk_from_chars(0x7f);
+ chunk_t c2 = chunk_from_chars(0x80);
+ chunk_t c3 = chunk_from_chars(0x00, 0x80);
+
+ testdata_t test[] = {
+ { b0, c0 },
+ { b1, c1 },
+ { b2, c2 },
+ { b2, c3 }
+ };
+
+ chunk_t a = chunk_empty;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ a = asn1_integer("c", test[i].c);
+ ck_assert(chunk_equals(a, test[i].b));
+ chunk_free(&a);
+
+ a = asn1_integer("m", chunk_clone(test[i].c));
+ ck_assert(chunk_equals(a, test[i].b));
+ chunk_free(&a);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_integer_uint64
+ */
+
+START_TEST(test_asn1_parse_integer_uint64)
+{
+ typedef struct {
+ u_int64_t n;
+ chunk_t chunk;
+ } testdata_t;
+
+
+ testdata_t test[] = {
+ { 67305985ULL, chunk_from_chars(
+ 0x04, 0x03, 0x02, 0x01) },
+ { 578437695752307201ULL, chunk_from_chars(
+ 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01) },
+ { 18446744073709551615ULL, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_parse_integer_uint64(test[i].chunk) == test[i].n);
+ }
+}
+END_TEST
+
+Suite *asn1_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("asn1");
+
+ tc = tcase_create("algorithmIdentifier");
+ tcase_add_test(tc, test_asn1_algorithmIdentifier);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_algorithmIdentifier");
+ tcase_add_test(tc, test_asn1_parse_algorithmIdentifier);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("known_oid");
+ tcase_add_test(tc, test_asn1_known_oid);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("build_known_oid");
+ tcase_add_test(tc, test_asn1_build_known_oid);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("oid_from_string");
+ tcase_add_test(tc, test_asn1_oid_from_string);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("oid_to_string");
+ tcase_add_test(tc, test_asn1_oid_to_string);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("length");
+ tcase_add_test(tc, test_asn1_length);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("unwrap");
+ tcase_add_test(tc, test_asn1_unwrap);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_asn1");
+ tcase_add_test(tc, test_is_asn1);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_printablestring");
+ tcase_add_test(tc, test_asn1_is_printablestring);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_time");
+ tcase_add_test(tc, test_asn1_to_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_time");
+ tcase_add_test(tc, test_asn1_from_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_time");
+ tcase_add_test(tc, test_asn1_parse_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("build_object");
+ tcase_add_test(tc, test_asn1_build_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("simple_object");
+ tcase_add_test(tc, test_asn1_simple_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_simple_object");
+ tcase_add_test(tc, test_asn1_parse_simple_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("bitstring");
+ tcase_add_test(tc, test_asn1_bitstring);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("integer");
+ tcase_add_test(tc, test_asn1_integer);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_integer_uint64");
+ tcase_add_test(tc, test_asn1_parse_integer_uint64);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_asn1_parser.c b/src/libstrongswan/tests/suites/test_asn1_parser.c
new file mode 100644
index 0000000..973562b
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_asn1_parser.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <asn1/asn1_parser.h>
+#include <utils/chunk.h>
+
+/*******************************************************************************
+ * utilities
+ */
+
+typedef struct {
+ bool success;
+ int count;
+ chunk_t blob;
+} asn1_test_t;
+
+static void run_parser_test(const asn1Object_t *objects, int id,
+ asn1_test_t *test)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, count = 0;
+ bool success;
+
+ parser = asn1_parser_create(objects, test->blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ if (objectID == id)
+ {
+ count++;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success == test->success && count == test->count);
+}
+
+/*******************************************************************************
+ * length
+ */
+
+static const asn1Object_t octetStringObjects[] = {
+ { 0, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 0 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+asn1_test_t length_tests[] = {
+ { FALSE, 0, { NULL, 0 } },
+ { FALSE, 0, chunk_from_chars(0x04) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x00) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x7f) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x80) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x81) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x00) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x81, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x82, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x82, 0x00, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01, 0xaa) },
+};
+
+START_TEST(test_asn1_parser_length)
+{
+ run_parser_test(octetStringObjects, 0, &length_tests[_i]);
+}
+END_TEST
+
+/*******************************************************************************
+ * loop
+ */
+
+static const asn1Object_t loopObjects[] = {
+ { 0, "loopObjects", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+asn1_test_t loop_tests[] = {
+ { TRUE, 0, chunk_from_chars(0x30, 0x00) },
+ { FALSE, 0, chunk_from_chars(0x30, 0x02, 0x04, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x30, 0x03, 0x04, 0x01, 0xaa) },
+ { TRUE, 2, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x04, 0x00) },
+ { FALSE, 1, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x05, 0x00) },
+ { TRUE, 3, chunk_from_chars(0x30, 0x09, 0x04, 0x01, 0xaa, 0x04, 0x00,
+ 0x04, 0x02, 0xbb, 0xcc) },
+};
+
+START_TEST(test_asn1_parser_loop)
+{
+ run_parser_test(loopObjects, 1, &loop_tests[_i]);
+}
+END_TEST
+
+/*******************************************************************************
+ * default
+ */
+
+typedef struct {
+ int i1, i2, i3;
+ chunk_t blob;
+} default_opt_test_t;
+
+static const asn1Object_t defaultObjects[] = {
+ { 0, "defaultObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "explicit int1", ASN1_CONTEXT_C_1, ASN1_DEF }, /* 1 */
+ { 2, "int1", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "int2", ASN1_INTEGER, ASN1_DEF|ASN1_BODY }, /* 3 */
+ { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_DEF|ASN1_BODY }, /* 4 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+default_opt_test_t default_tests[] = {
+ { -1, -2, -3, chunk_from_chars(0x30, 0x00) },
+ { 1, -2, -3, chunk_from_chars(0x30, 0x05, 0xa1, 0x03, 0x02, 0x01, 0x01) },
+ { -1, 2, -3, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) },
+ { -1, -2, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) },
+ { 1, 2, -3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02) },
+ { 1, -2, 3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x83, 0x01, 0x03) },
+ { -1, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 0, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x04, 0x01, 0xaa,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x05, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x02, 0x03) },
+};
+
+START_TEST(test_asn1_parser_default)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, i1 = 0, i2 = 0, i3 = 0;
+ bool success;
+
+ parser = asn1_parser_create(defaultObjects, default_tests[_i].blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case 2:
+ i1 = object.len ? *object.ptr : -1;
+ break;
+ case 3:
+ i2 = object.len ? *object.ptr : -2;
+ break;
+ case 4:
+ i3 = object.len ? *object.ptr : -3;
+ break;
+ default:
+ break;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success == (default_tests[_i].i1 &&
+ default_tests[_i].i2 &&
+ default_tests[_i].i3));
+
+ ck_assert(i1 == default_tests[_i].i1 &&
+ i2 == default_tests[_i].i2 &&
+ i3 == default_tests[_i].i3);
+}
+END_TEST
+
+/*******************************************************************************
+ * option
+ */
+
+static const asn1Object_t optionObjects[] = {
+ { 0, "optionalObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "sequence int1", ASN1_SEQUENCE, ASN1_OPT }, /* 1 */
+ { 2, "int1", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
+ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "int2", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 5 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
+ { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 7 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 8 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+default_opt_test_t option_tests[] = {
+ { 0, 0, 0, chunk_from_chars(0x30, 0x00) },
+ { 1, 0, 0, chunk_from_chars(0x30, 0x05, 0x30, 0x03, 0x02, 0x01, 0x01) },
+ { 0, 2, 0, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) },
+ { 0, 0, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) },
+ { 1, 2, 0, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02) },
+ { 1, 0, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x83, 0x01, 0x03) },
+ { 0, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 0, 2, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x00,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+};
+
+START_TEST(test_asn1_parser_option)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, i1 = 0, i2 = 0, i3 = 0;
+ bool success;
+
+ parser = asn1_parser_create(optionObjects, option_tests[_i].blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case 2:
+ i1 = *object.ptr;
+ break;
+ case 5:
+ i2 = *object.ptr;
+ break;
+ case 7:
+ i3 = *object.ptr;
+ break;
+ default:
+ break;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success);
+
+ ck_assert(i1 == option_tests[_i].i1 &&
+ i2 == option_tests[_i].i2 &&
+ i3 == option_tests[_i].i3);
+}
+END_TEST
+
+Suite *asn1_parser_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("asn1_parser");
+
+ tc = tcase_create("length");
+ tcase_add_loop_test(tc, test_asn1_parser_length, 0, countof(length_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("loop");
+ tcase_add_loop_test(tc, test_asn1_parser_loop, 0, countof(loop_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("default");
+ tcase_add_loop_test(tc, test_asn1_parser_default, 0, countof(default_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("option");
+ tcase_add_loop_test(tc, test_asn1_parser_option, 0, countof(option_tests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c
new file mode 100644
index 0000000..6a9743d
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_bio_reader.c
@@ -0,0 +1,450 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <bio/bio_reader.h>
+
+/*******************************************************************************
+ * different integer reads
+ */
+
+#define assert_integer_read(data, bits, val) ({ \
+ bio_reader_t *reader = bio_reader_create(data); \
+ typeof(val) i; \
+ for (i = 0; reader->remaining(reader) >= (bits / 8); i++) \
+ { \
+ ck_assert(reader->read_uint##bits(reader, &val)); \
+ ck_assert_int_eq(i, val); \
+ } \
+ ck_assert_int_eq(i, data.len / (bits / 8)); \
+ ck_assert_int_eq(reader->remaining(reader), data.len % (bits / 8)); \
+ ck_assert(!reader->read_uint##bits(reader, &val)); \
+ reader->destroy(reader); \
+})
+
+#define assert_integer_read_uneven(data, bits, val) ({ \
+ int i; \
+ for (i = 0; i <= bits / 8; i++, data.len++) \
+ { \
+ assert_integer_read(data, bits, val); \
+ } \
+})
+
+#define assert_basic_read(bits, val) ({ \
+ chunk_t data; \
+ data = chunk_empty; \
+ assert_integer_read(data, bits, val); \
+ data = chunk_alloca(bits / 8); \
+ memset(data.ptr, 0, data.len); \
+ data.len = 0; \
+ assert_integer_read_uneven(data, bits, val); \
+})
+
+#define assert_extended_read(data, bits, val) ({ \
+ chunk_t extended = chunk_alloca(data.len + bits / 8); \
+ memset(extended.ptr, 0, extended.len); \
+ extended.ptr[extended.len - 1] = data.len / (bits / 8); \
+ memcpy(extended.ptr, data.ptr, data.len); \
+ extended.len = data.len; \
+ assert_integer_read_uneven(extended, bits, val); \
+})
+
+START_TEST(test_read_uint8)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07);
+ u_int8_t val;
+
+ assert_integer_read(data, 8, val);
+ assert_basic_read(8, val);
+ assert_extended_read(data, 8, val);
+}
+END_TEST
+
+START_TEST(test_read_uint16)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03);
+ u_int16_t val;
+
+ assert_integer_read(data, 16, val);
+ assert_basic_read(16, val);
+ assert_extended_read(data, 16, val);
+}
+END_TEST
+
+START_TEST(test_read_uint24)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03);
+ u_int32_t val;
+
+ assert_integer_read(data, 24, val);
+ assert_basic_read(24, val);
+ assert_extended_read(data, 24, val);
+}
+END_TEST
+
+START_TEST(test_read_uint32)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03);
+ u_int32_t val;
+
+ assert_integer_read(data, 32, val);
+ assert_basic_read(32, val);
+ assert_extended_read(data, 32, val);
+}
+END_TEST
+
+START_TEST(test_read_uint64)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03);
+ u_int64_t val;
+
+ assert_integer_read(data, 64, val);
+ assert_basic_read(64, val);
+ assert_extended_read(data, 64, val);
+}
+END_TEST
+
+/*******************************************************************************
+ * different integer reads from the end of a buffer
+ */
+
+#define assert_integer_read_end(data, bits, val) ({ \
+ bio_reader_t *reader = bio_reader_create(data); \
+ typeof(val) i; \
+ for (i = 0; reader->remaining(reader) >= (bits / 8); i++) \
+ { \
+ ck_assert(reader->read_uint##bits##_end(reader, &val)); \
+ ck_assert_int_eq(i, val); \
+ } \
+ ck_assert_int_eq(i, data.len / (bits / 8)); \
+ ck_assert_int_eq(reader->remaining(reader), data.len % (bits / 8)); \
+ ck_assert(!reader->read_uint##bits##_end(reader, &val)); \
+ reader->destroy(reader); \
+})
+
+#define assert_integer_read_end_uneven(data, bits, val) ({ \
+ int i; \
+ data.ptr += bits / 8; \
+ for (i = 0; i <= bits / 8; i++, data.ptr--, data.len++) \
+ { \
+ assert_integer_read_end(data, bits, val); \
+ } \
+})
+
+#define assert_basic_read_end(bits, val) ({ \
+ chunk_t data; \
+ data = chunk_empty; \
+ assert_integer_read_end(data, bits, val); \
+ data = chunk_alloca(bits / 8); \
+ memset(data.ptr, 0, data.len); \
+ data.len = 0; \
+ assert_integer_read_end_uneven(data, bits, val); \
+})
+
+#define assert_extended_read_end(data, bits, val) ({ \
+ chunk_t extended = chunk_alloca(data.len + bits / 8); \
+ memset(extended.ptr, 0, extended.len); \
+ extended.ptr[bits / 8 - 1] = data.len / (bits / 8); \
+ memcpy(extended.ptr + bits / 8, data.ptr, data.len); \
+ extended.len = data.len; \
+ assert_integer_read_end_uneven(extended, bits, val); \
+})
+
+START_TEST(test_read_uint8_end)
+{
+ chunk_t data = chunk_from_chars(0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00);
+ u_int8_t val;
+
+ assert_integer_read_end(data, 8, val);
+ assert_basic_read_end(8, val);
+ assert_extended_read_end(data, 8, val);
+}
+END_TEST
+
+START_TEST(test_read_uint16_end)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x03, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00);
+ u_int16_t val;
+
+ assert_integer_read_end(data, 16, val);
+ assert_basic_read_end(16, val);
+ assert_extended_read_end(data, 16, val);
+}
+END_TEST
+
+START_TEST(test_read_uint24_end)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);
+ u_int32_t val;
+
+ assert_integer_read_end(data, 24, val);
+ assert_basic_read_end(24, val);
+ assert_extended_read_end(data, 24, val);
+}
+END_TEST
+
+START_TEST(test_read_uint32_end)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00);
+ u_int32_t val;
+
+ assert_integer_read_end(data, 32, val);
+ assert_basic_read_end(32, val);
+ assert_extended_read_end(data, 32, val);
+}
+END_TEST
+
+START_TEST(test_read_uint64_end)
+{
+ chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
+ u_int64_t val;
+
+ assert_integer_read_end(data, 64, val);
+ assert_basic_read_end(64, val);
+ assert_extended_read_end(data, 64, val);
+}
+END_TEST
+
+/*******************************************************************************
+ * read data
+ */
+
+static inline void assert_reader_after_read(bio_reader_t *reader, chunk_t data)
+{
+ chunk_t peek;
+
+ ck_assert_int_eq(reader->remaining(reader), data.len);
+ peek = reader->peek(reader);
+ ck_assert_int_eq(reader->remaining(reader), data.len);
+ ck_assert(peek.ptr == data.ptr);
+ data.ptr != NULL ? ck_assert(chunk_equals(peek, data))
+ : ck_assert(peek.ptr == NULL);
+}
+
+START_TEST(test_read_data)
+{
+ chunk_t read, data = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
+ bio_reader_t *reader;
+
+ reader = bio_reader_create(chunk_empty);
+ ck_assert_int_eq(reader->remaining(reader), 0);
+ ck_assert(reader->read_data(reader, 0, &read));
+ ck_assert(!reader->read_data(reader, 1, &read));
+ reader->destroy(reader);
+
+ reader = bio_reader_create(data);
+ ck_assert(reader->read_data(reader, 0, &read));
+ ck_assert_int_eq(read.len, 0);
+ ck_assert(read.ptr == data.ptr);
+ assert_reader_after_read(reader, data);
+
+ ck_assert(reader->read_data(reader, 1, &read));
+ ck_assert_int_eq(read.len, 1);
+ ck_assert(read.ptr == data.ptr);
+ assert_reader_after_read(reader, chunk_skip(data, 1));
+
+ ck_assert(reader->read_data(reader, 2, &read));
+ ck_assert_int_eq(read.len, 2);
+ ck_assert(read.ptr == data.ptr + 1);
+ assert_reader_after_read(reader, chunk_skip(data, 3));
+
+ ck_assert(!reader->read_data(reader, 2, &read));
+ ck_assert(reader->read_data(reader, 1, &read));
+ ck_assert_int_eq(read.len, 1);
+ ck_assert(read.ptr == data.ptr + 3);
+ assert_reader_after_read(reader, chunk_skip(data, 4));
+
+ ck_assert_int_eq(reader->remaining(reader), 0);
+ ck_assert(reader->read_data(reader, 0, &read));
+ ck_assert(!reader->read_data(reader, 1, &read));
+ reader->destroy(reader);
+}
+END_TEST
+
+START_TEST(test_read_data_end)
+{
+ chunk_t read, data = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
+ bio_reader_t *reader;
+
+ reader = bio_reader_create(chunk_empty);
+ ck_assert_int_eq(reader->remaining(reader), 0);
+ ck_assert(reader->read_data_end(reader, 0, &read));
+ ck_assert(!reader->read_data_end(reader, 1, &read));
+ reader->destroy(reader);
+
+ reader = bio_reader_create(data);
+ ck_assert(reader->read_data_end(reader, 0, &read));
+ ck_assert_int_eq(read.len, 0);
+ ck_assert(read.ptr == data.ptr + data.len);
+ assert_reader_after_read(reader, data);
+
+ ck_assert(reader->read_data_end(reader, 1, &read));
+ ck_assert_int_eq(read.len, 1);
+ data.len--;
+ ck_assert(read.ptr == data.ptr + data.len);
+ assert_reader_after_read(reader, data);
+
+ ck_assert(reader->read_data_end(reader, 2, &read));
+ ck_assert_int_eq(read.len, 2);
+ data.len -= 2;
+ ck_assert(read.ptr == data.ptr + data.len);
+ assert_reader_after_read(reader, data);
+
+ ck_assert(!reader->read_data(reader, 2, &read));
+ ck_assert(reader->read_data(reader, 1, &read));
+ ck_assert_int_eq(read.len, 1);
+ ck_assert(read.ptr == data.ptr);
+ assert_reader_after_read(reader, chunk_empty);
+
+ ck_assert_int_eq(reader->remaining(reader), 0);
+ ck_assert(reader->read_data(reader, 0, &read));
+ ck_assert(!reader->read_data(reader, 1, &read));
+ reader->destroy(reader);
+}
+END_TEST
+
+/*******************************************************************************
+ * read length followed by data
+ */
+
+#define assert_read_data_len(bits) ({ \
+ bio_reader_t *reader; \
+ chunk_t read, data; \
+ int i, len = bits / 8; \
+ data = chunk_empty; \
+ reader = bio_reader_create(data); \
+ ck_assert(!reader->read_data##bits(reader, &read)); \
+ reader->destroy(reader); \
+ data = chunk_alloca(len + 8); \
+ memset(data.ptr, 0, data.len); \
+ for (i = 0; i <= 8; i++) \
+ { \
+ data.ptr[len - 1] = i; \
+ data.len = len + i; \
+ reader = bio_reader_create(data); \
+ ck_assert(reader->read_data##bits(reader, &read)); \
+ ck_assert_int_eq(reader->remaining(reader), 0); \
+ ck_assert_int_eq(read.len, i); \
+ ck_assert((!read.ptr && !read.len) || (read.ptr == data.ptr + len)); \
+ reader->destroy(reader); \
+ } \
+ data.ptr[len - 1] = i; \
+ reader = bio_reader_create(data); \
+ ck_assert(!reader->read_data##bits(reader, &read)); \
+ reader->destroy(reader); \
+})
+
+START_TEST(test_read_data8)
+{
+ assert_read_data_len(8);
+}
+END_TEST
+
+START_TEST(test_read_data16)
+{
+ assert_read_data_len(16);
+}
+END_TEST
+
+START_TEST(test_read_data24)
+{
+ assert_read_data_len(24);
+}
+END_TEST
+
+START_TEST(test_read_data32)
+{
+ assert_read_data_len(32);
+}
+END_TEST
+
+/*******************************************************************************
+ * test constructors
+ */
+
+START_TEST(test_create)
+{
+ chunk_t data = chunk_from_str("foobar");
+ bio_reader_t *reader;
+
+ data = chunk_clone(data);
+ reader = bio_reader_create(data);
+ reader->destroy(reader);
+ chunk_free(&data);
+}
+END_TEST
+
+START_TEST(test_create_own)
+{
+ chunk_t data = chunk_from_str("foobar");
+ bio_reader_t *reader;
+
+ data = chunk_clone(data);
+ reader = bio_reader_create_own(data);
+ reader->destroy(reader);
+}
+END_TEST
+
+Suite *bio_reader_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("bio_reader");
+
+ tc = tcase_create("integer reads");
+ tcase_add_test(tc, test_read_uint8);
+ tcase_add_test(tc, test_read_uint16);
+ tcase_add_test(tc, test_read_uint24);
+ tcase_add_test(tc, test_read_uint32);
+ tcase_add_test(tc, test_read_uint64);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("integer reads from end");
+ tcase_add_test(tc, test_read_uint8_end);
+ tcase_add_test(tc, test_read_uint16_end);
+ tcase_add_test(tc, test_read_uint24_end);
+ tcase_add_test(tc, test_read_uint32_end);
+ tcase_add_test(tc, test_read_uint64_end);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("data reads and peek");
+ tcase_add_test(tc, test_read_data);
+ tcase_add_test(tc, test_read_data_end);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("data length reads");
+ tcase_add_test(tc, test_read_data8);
+ tcase_add_test(tc, test_read_data16);
+ tcase_add_test(tc, test_read_data24);
+ tcase_add_test(tc, test_read_data32);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("constructors");
+ tcase_add_test(tc, test_create);
+ tcase_add_test(tc, test_create_own);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_bio_writer.c b/src/libstrongswan/tests/suites/test_bio_writer.c
new file mode 100644
index 0000000..e74288e
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_bio_writer.c
@@ -0,0 +1,392 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <bio/bio_writer.h>
+
+/*******************************************************************************
+ * different integer writes
+ */
+
+static inline void verify_int_buffer(chunk_t data, int bits, int val)
+{
+ size_t i;
+ int len = bits / 8;
+
+ ck_assert_int_eq(data.len, (val + 1) * len);
+ for (i = 0; i < data.len; i++)
+ {
+ if ((i + 1) % len)
+ {
+ ck_assert_int_eq(data.ptr[i], 0);
+ }
+ else
+ {
+ ck_assert_int_eq(data.ptr[i], i / len);
+ }
+ }
+}
+
+#define assert_integer_write(init, bits) ({ \
+ int i; \
+ bio_writer_t *writer = bio_writer_create(init); \
+ for (i = 0; i < 16; i++) \
+ { \
+ writer->write_uint##bits(writer, i); \
+ verify_int_buffer(writer->get_buf(writer), bits, i); \
+ } \
+ writer->destroy(writer); \
+})
+
+START_TEST(test_write_uint8)
+{
+ /* use default buffer (and increase) size */
+ assert_integer_write(0, 8);
+ /* force a resize by the given size */
+ assert_integer_write(1, 8);
+}
+END_TEST
+
+START_TEST(test_write_uint16)
+{
+ assert_integer_write(0, 16);
+ assert_integer_write(1, 16);
+}
+END_TEST
+
+START_TEST(test_write_uint24)
+{
+ assert_integer_write(0, 24);
+ assert_integer_write(1, 24);
+}
+END_TEST
+
+START_TEST(test_write_uint32)
+{
+ assert_integer_write(0, 32);
+ assert_integer_write(1, 32);
+}
+END_TEST
+
+START_TEST(test_write_uint64)
+{
+ assert_integer_write(0, 64);
+ assert_integer_write(1, 64);
+}
+END_TEST
+
+/*******************************************************************************
+ * write data / skip
+ */
+
+static inline void assert_writer_after_write(bio_writer_t *writer, int count)
+{
+ chunk_t buf;
+ size_t i;
+
+ buf = writer->get_buf(writer);
+ ck_assert_int_eq(buf.len, count * 3);
+ for (i = 0; i < buf.len; i++)
+ {
+ ck_assert(buf.ptr[i] == i % 3);
+ }
+}
+
+START_TEST(test_write_data)
+{
+ chunk_t buf, data = chunk_from_chars(0x00, 0x01, 0x02);
+ bio_writer_t *writer;
+
+ /* no allocation, but default buffer size */
+ writer = bio_writer_create(0);
+ buf = writer->get_buf(writer);
+ ck_assert_int_eq(buf.len, 0);
+ ck_assert(buf.ptr == NULL);
+
+ writer->write_data(writer, chunk_empty);
+ buf = writer->get_buf(writer);
+ ck_assert_int_eq(buf.len, 0);
+ ck_assert(buf.ptr == NULL);
+ writer->destroy(writer);
+
+ /* custom buffer size, initial buffer allocated */
+ writer = bio_writer_create(1);
+ buf = writer->get_buf(writer);
+ ck_assert_int_eq(buf.len, 0);
+ ck_assert(buf.ptr != NULL);
+
+ writer->write_data(writer, chunk_empty);
+ buf = writer->get_buf(writer);
+ ck_assert_int_eq(buf.len, 0);
+ ck_assert(buf.ptr != NULL);
+ writer->destroy(writer);
+
+ writer = bio_writer_create(0);
+
+ writer->write_data(writer, data);
+ assert_writer_after_write(writer, 1);
+
+ writer->write_data(writer, data);
+ assert_writer_after_write(writer, 2);
+
+ writer->write_data(writer, data);
+ assert_writer_after_write(writer, 3);
+
+ writer->destroy(writer);
+}
+END_TEST
+
+START_TEST(test_skip)
+{
+ chunk_t skipped, buf, data = chunk_from_chars(0x00, 0x01, 0x02);
+ bio_writer_t *writer;
+
+ writer = bio_writer_create(4);
+ skipped = writer->skip(writer, 3);
+ ck_assert_int_eq(skipped.len, 3);
+ buf = writer->get_buf(writer);
+ ck_assert(skipped.ptr == buf.ptr);
+ memset(skipped.ptr, 0, skipped.len);
+
+ writer->write_data(writer, data);
+ buf = writer->get_buf(writer);
+ ck_assert(chunk_equals(buf, chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x01, 0x02)));
+ writer->destroy(writer);
+
+ writer = bio_writer_create(1);
+ skipped = writer->skip(writer, 3);
+ memcpy(skipped.ptr, data.ptr, data.len);
+
+ writer->write_data(writer, data);
+ assert_writer_after_write(writer, 2);
+ writer->destroy(writer);
+}
+END_TEST
+
+/*******************************************************************************
+ * write length followed by data
+ */
+
+#define assert_write_data_len(init, bits) ({ \
+ bio_writer_t *writer; \
+ chunk_t buf, data; \
+ int i, len = bits / 8; \
+ writer = bio_writer_create(init); \
+ writer->write_data##bits(writer, chunk_empty); \
+ buf = writer->get_buf(writer); \
+ ck_assert_int_eq(buf.len, len); \
+ ck_assert_int_eq(buf.ptr[len - 1], 0); \
+ writer->destroy(writer); \
+ data = chunk_alloca(32); \
+ memset(data.ptr, 0, data.len); \
+ for (i = 0; i < 32; i++) \
+ { \
+ data.ptr[i] = i; \
+ data.len = i; \
+ writer = bio_writer_create(init); \
+ writer->write_data##bits(writer, data); \
+ buf = writer->get_buf(writer); \
+ ck_assert_int_eq(buf.len, len + i); \
+ ck_assert_int_eq(buf.ptr[len - 1], i); \
+ ck_assert(chunk_equals(chunk_create(buf.ptr + len, buf.len - len), data)); \
+ writer->destroy(writer); \
+ } \
+})
+
+START_TEST(test_write_data8)
+{
+ assert_write_data_len(0, 8);
+ assert_write_data_len(1, 8);
+}
+END_TEST
+
+START_TEST(test_write_data16)
+{
+ assert_write_data_len(0, 16);
+ assert_write_data_len(1, 16);
+}
+END_TEST
+
+START_TEST(test_write_data24)
+{
+ assert_write_data_len(0, 24);
+ assert_write_data_len(1, 24);
+}
+END_TEST
+
+START_TEST(test_write_data32)
+{
+ assert_write_data_len(0, 32);
+ assert_write_data_len(1, 32);
+}
+END_TEST
+
+
+/*******************************************************************************
+ * add length header before current data
+ */
+
+#define assert_wrap_data(init, bits) ({ \
+ bio_writer_t *writer; \
+ chunk_t buf, data; \
+ int i, len = bits / 8; \
+ writer = bio_writer_create(init); \
+ writer->wrap##bits(writer); \
+ buf = writer->get_buf(writer); \
+ ck_assert_int_eq(buf.len, len); \
+ ck_assert_int_eq(buf.ptr[len - 1], 0); \
+ writer->destroy(writer); \
+ data = chunk_alloca(32); \
+ memset(data.ptr, 0, data.len); \
+ for (i = 0; i < 32; i++) \
+ { \
+ data.ptr[i] = i; \
+ data.len = i; \
+ writer = bio_writer_create(init); \
+ writer->write_data(writer, data); \
+ writer->wrap##bits(writer); \
+ buf = writer->get_buf(writer); \
+ ck_assert_int_eq(buf.len, len + i); \
+ ck_assert_int_eq(buf.ptr[len - 1], i); \
+ ck_assert(chunk_equals(chunk_create(buf.ptr + len, buf.len - len), data)); \
+ writer->wrap##bits(writer); \
+ buf = writer->get_buf(writer); \
+ ck_assert_int_eq(buf.len, 2 * len + i); \
+ ck_assert_int_eq(buf.ptr[len - 1], len + i); \
+ ck_assert(chunk_equals(chunk_create(buf.ptr + 2 * len, buf.len - 2 * len), data)); \
+ writer->destroy(writer); \
+ } \
+})
+
+START_TEST(test_wrap8)
+{
+ assert_wrap_data(0, 8);
+ assert_wrap_data(1, 8);
+}
+END_TEST
+
+START_TEST(test_wrap16)
+{
+ assert_wrap_data(0, 16);
+ assert_wrap_data(1, 16);
+}
+END_TEST
+
+START_TEST(test_wrap24)
+{
+ assert_wrap_data(0, 24);
+ assert_wrap_data(1, 24);
+}
+END_TEST
+
+START_TEST(test_wrap32)
+{
+ assert_wrap_data(0, 32);
+ assert_wrap_data(1, 32);
+}
+END_TEST
+
+/*******************************************************************************
+ * test data extraction
+ */
+
+START_TEST(test_get_buf)
+{
+ bio_writer_t *writer;
+ chunk_t data1, data2;
+
+ writer = bio_writer_create(0);
+ writer->write_uint8(writer, 1);
+ data1 = writer->get_buf(writer);
+ ck_assert_int_eq(data1.len, 1);
+ ck_assert(data1.ptr[0] == 1);
+
+ data2 = writer->get_buf(writer);
+ ck_assert(chunk_equals(data1, data2));
+ ck_assert(data1.ptr == data2.ptr);
+ writer->destroy(writer);
+}
+END_TEST
+
+START_TEST(test_extract_buf)
+{
+ bio_writer_t *writer;
+ chunk_t data1, data2;
+
+ writer = bio_writer_create(0);
+ writer->write_uint8(writer, 1);
+ data1 = writer->extract_buf(writer);
+ ck_assert_int_eq(data1.len, 1);
+ ck_assert(data1.ptr[0] == 1);
+
+ data2 = writer->get_buf(writer);
+ ck_assert_int_eq(data2.len, 0);
+ ck_assert(data2.ptr == NULL);
+ data2 = writer->extract_buf(writer);
+ ck_assert_int_eq(data2.len, 0);
+ ck_assert(data2.ptr == NULL);
+
+ writer->write_uint8(writer, 1);
+ data2 = writer->get_buf(writer);
+ ck_assert(chunk_equals(data1, data2));
+ ck_assert(data1.ptr != data2.ptr);
+
+ writer->destroy(writer);
+ chunk_free(&data1);
+}
+END_TEST
+
+Suite *bio_writer_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("bio_writer");
+
+ tc = tcase_create("integer writes");
+ tcase_add_test(tc, test_write_uint8);
+ tcase_add_test(tc, test_write_uint16);
+ tcase_add_test(tc, test_write_uint24);
+ tcase_add_test(tc, test_write_uint32);
+ tcase_add_test(tc, test_write_uint64);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("data writes/skip");
+ tcase_add_test(tc, test_write_data);
+ tcase_add_test(tc, test_skip);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("data length writes");
+ tcase_add_test(tc, test_write_data8);
+ tcase_add_test(tc, test_write_data16);
+ tcase_add_test(tc, test_write_data24);
+ tcase_add_test(tc, test_write_data32);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrap writes");
+ tcase_add_test(tc, test_wrap8);
+ tcase_add_test(tc, test_wrap16);
+ tcase_add_test(tc, test_wrap24);
+ tcase_add_test(tc, test_wrap32);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/extract");
+ tcase_add_test(tc, test_get_buf);
+ tcase_add_test(tc, test_extract_buf);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
new file mode 100644
index 0000000..e373fbd
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -0,0 +1,1027 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <utils/chunk.h>
+#include <threading/thread.h>
+
+/*******************************************************************************
+ * utilities
+ */
+
+static void assert_chunk_empty(chunk_t chunk)
+{
+ ck_assert(chunk.len == 0 && chunk.ptr == NULL);
+}
+
+/*******************************************************************************
+ * equals
+ */
+
+START_TEST(test_chunk_equals)
+{
+ chunk_t chunk = chunk_from_str("chunk");
+ chunk_t chunk_a, chunk_b;
+
+ chunk_a = chunk_empty;
+ chunk_b = chunk_empty;
+ ck_assert(!chunk_equals(chunk_a, chunk_b));
+
+ chunk_a = chunk;
+ ck_assert(!chunk_equals(chunk_a, chunk_b));
+ chunk_b = chunk;
+ ck_assert(chunk_equals(chunk_a, chunk_b));
+
+ chunk_b = chunk_from_str("asdf");
+ ck_assert(!chunk_equals(chunk_a, chunk_b));
+
+ chunk_b = chunk_from_str("chunk");
+ ck_assert(chunk_equals(chunk_a, chunk_b));
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_compare test
+ */
+
+static struct {
+ int result;
+ chunk_t a;
+ chunk_t b;
+} compare_data[] = {
+ { 0, { NULL, 0 }, { NULL, 0 }},
+ { 0, chunk_from_chars(0x00), chunk_from_chars(0x00)},
+ {-1, chunk_from_chars(0x00), chunk_from_chars(0x01)},
+ { 1, chunk_from_chars(0x01), chunk_from_chars(0x00)},
+ { 0, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x00)},
+ {-1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x01)},
+ { 1, chunk_from_chars(0x00, 0x01), chunk_from_chars(0x00, 0x00)},
+ {-1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x01, 0x00)},
+ { 1, chunk_from_chars(0x01, 0x00), chunk_from_chars(0x00, 0x00)},
+ {-1, chunk_from_chars(0xff), chunk_from_chars(0x00, 0x00)},
+ { 1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0xff)},
+};
+
+START_TEST(test_compare)
+{
+ int result, expected;
+
+ result = chunk_compare(compare_data[_i].a, compare_data[_i].b);
+ expected = compare_data[_i].result;
+ ck_assert((result == 0 && expected == 0) ||
+ (result < 0 && expected < 0) ||
+ (result > 0 && expected > 0));
+}
+END_TEST
+
+/*******************************************************************************
+ * clear
+ */
+
+START_TEST(test_chunk_clear)
+{
+ chunk_t chunk;
+ u_char *ptr;
+ int i;
+ bool cleared = TRUE;
+
+ chunk = chunk_empty;
+ chunk_clear(&chunk);
+ chunk_free(&chunk);
+
+ chunk = chunk_alloc(64);
+ ptr = chunk.ptr;
+ for (i = 0; i < 64; i++)
+ {
+ chunk.ptr[i] = i;
+ }
+ chunk_clear(&chunk);
+ /* check memory area of freed chunk. We can't use ck_assert() for this
+ * test directly, as it might allocate data at the freed area. */
+ for (i = 0; i < 64; i++)
+ {
+ if (ptr[i] != 0 && ptr[i] == i)
+ {
+ cleared = FALSE;
+ break;
+ }
+ }
+ assert_chunk_empty(chunk);
+ ck_assert(cleared);
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_length
+ */
+
+START_TEST(test_chunk_length)
+{
+ chunk_t a, b, c;
+ size_t len;
+
+ a = chunk_empty;
+ b = chunk_empty;
+ c = chunk_empty;
+ len = chunk_length("ccc", a, b, c);
+ ck_assert_int_eq(len, 0);
+
+ a = chunk_from_str("foo");
+ b = chunk_from_str("bar");
+ len = chunk_length("ccc", a, b, c);
+ ck_assert_int_eq(len, 6);
+
+ len = chunk_length("zcc", a, b, c);
+ ck_assert_int_eq(len, 0);
+
+ len = chunk_length("czc", a, b, c);
+ ck_assert_int_eq(len, 3);
+
+ a = chunk_from_str("foo");
+ b = chunk_from_str("bar");
+ c = chunk_from_str("baz");
+ len = chunk_length("ccc", a, b, c);
+ ck_assert_int_eq(len, 9);
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_create_cat
+ */
+
+START_TEST(test_chunk_create_cat)
+{
+ chunk_t foo, bar;
+ chunk_t a, b, c;
+ u_char *ptra, *ptrb;
+
+ foo = chunk_from_str("foo");
+ bar = chunk_from_str("bar");
+
+ /* to simplify things we use the chunk_cata macro */
+
+ a = chunk_empty;
+ b = chunk_empty;
+ c = chunk_cata("cc", a, b);
+ ck_assert_int_eq(c.len, 0);
+ ck_assert(c.ptr != NULL);
+
+ a = foo;
+ b = bar;
+ c = chunk_cata("cc", a, b);
+ ck_assert_int_eq(c.len, 6);
+ ck_assert(chunk_equals(c, chunk_from_str("foobar")));
+
+ a = chunk_clone(foo);
+ b = chunk_clone(bar);
+ c = chunk_cata("mm", a, b);
+ ck_assert_int_eq(c.len, 6);
+ ck_assert(chunk_equals(c, chunk_from_str("foobar")));
+
+ a = chunk_clone(foo);
+ b = chunk_clone(bar);
+ ptra = a.ptr;
+ ptrb = b.ptr;
+ c = chunk_cata("ss", a, b);
+ ck_assert_int_eq(c.len, 6);
+ ck_assert(chunk_equals(c, chunk_from_str("foobar")));
+ /* check memory area of cleared chunk */
+ ck_assert(!chunk_equals(foo, chunk_create(ptra, 3)));
+ ck_assert(!chunk_equals(bar, chunk_create(ptrb, 3)));
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_split
+ */
+
+static bool mem_in_chunk(u_char *ptr, chunk_t chunk)
+{
+ return ptr >= chunk.ptr && ptr < (chunk.ptr + chunk.len);
+}
+
+START_TEST(test_chunk_split)
+{
+ chunk_t foo, bar, foobar;
+ chunk_t a, b, c;
+ u_char *ptra, *ptrb;
+
+ foo = chunk_from_str("foo");
+ bar = chunk_from_str("bar");
+ foobar = chunk_from_str("foobar");
+
+ chunk_split(foobar, "aa", 3, &a, 3, &b);
+ ck_assert(chunk_equals(a, foo));
+ ck_assert(chunk_equals(b, bar));
+ ck_assert(!mem_in_chunk(a.ptr, foobar));
+ ck_assert(!mem_in_chunk(b.ptr, foobar));
+ chunk_free(&a);
+ chunk_free(&b);
+
+ chunk_split(foobar, "mm", 3, &a, 3, &b);
+ ck_assert(chunk_equals(a, foo));
+ ck_assert(chunk_equals(b, bar));
+ ck_assert(mem_in_chunk(a.ptr, foobar));
+ ck_assert(mem_in_chunk(b.ptr, foobar));
+
+ chunk_split(foobar, "am", 3, &a, 3, &b);
+ ck_assert(chunk_equals(a, foo));
+ ck_assert(chunk_equals(b, bar));
+ ck_assert(!mem_in_chunk(a.ptr, foobar));
+ ck_assert(mem_in_chunk(b.ptr, foobar));
+ chunk_free(&a);
+
+ a = chunk_alloca(3);
+ ptra = a.ptr;
+ b = chunk_alloca(3);
+ ptrb = b.ptr;
+ chunk_split(foobar, "cc", 3, &a, 3, &b);
+ ck_assert(chunk_equals(a, foo));
+ ck_assert(chunk_equals(b, bar));
+ ck_assert(a.ptr == ptra);
+ ck_assert(b.ptr == ptrb);
+
+ chunk_split(foobar, "mm", 1, NULL, 2, &a, 2, NULL, 1, &b);
+ ck_assert(chunk_equals(a, chunk_from_str("oo")));
+ ck_assert(chunk_equals(b, chunk_from_str("r")));
+
+ chunk_split(foobar, "mm", 6, &a, 6, &b);
+ ck_assert(chunk_equals(a, foobar));
+ assert_chunk_empty(b);
+
+ chunk_split(foobar, "mac", 12, &a, 12, &b, 12, &c);
+ ck_assert(chunk_equals(a, foobar));
+ assert_chunk_empty(b);
+ assert_chunk_empty(c);
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_skip[_zero]
+ */
+
+START_TEST(test_chunk_skip)
+{
+ chunk_t foobar, a;
+
+ foobar = chunk_from_str("foobar");
+ a = foobar;
+ a = chunk_skip(a, 0);
+ ck_assert(chunk_equals(a, foobar));
+ a = chunk_skip(a, 1);
+ ck_assert(chunk_equals(a, chunk_from_str("oobar")));
+ a = chunk_skip(a, 2);
+ ck_assert(chunk_equals(a, chunk_from_str("bar")));
+ a = chunk_skip(a, 3);
+ assert_chunk_empty(a);
+
+ a = foobar;
+ a = chunk_skip(a, 6);
+ assert_chunk_empty(a);
+
+ a = foobar;
+ a = chunk_skip(a, 10);
+ assert_chunk_empty(a);
+}
+END_TEST
+
+START_TEST(test_chunk_skip_zero)
+{
+ chunk_t foobar, a;
+
+ a = chunk_empty;
+ a = chunk_skip_zero(a);
+ assert_chunk_empty(a);
+
+ foobar = chunk_from_str("foobar");
+ a = foobar;
+ a = chunk_skip_zero(a);
+ ck_assert(chunk_equals(a, foobar));
+
+ a = chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc);
+ a = chunk_skip_zero(a);
+ ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
+ a = chunk_skip_zero(a);
+ ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
+}
+END_TEST
+
+/*******************************************************************************
+ * BASE16 encoding test
+ */
+
+START_TEST(test_base16)
+{
+ /* test vectors from RFC 4648:
+ *
+ * BASE16("") = ""
+ * BASE16("f") = "66"
+ * BASE16("fo") = "666F"
+ * BASE16("foo") = "666F6F"
+ * BASE16("foob") = "666F6F62"
+ * BASE16("fooba") = "666F6F6261"
+ * BASE16("foobar") = "666F6F626172"
+ */
+ typedef struct {
+ bool upper;
+ char *in;
+ char *out;
+ } testdata_t;
+
+ testdata_t test[] = {
+ {TRUE, "", ""},
+ {TRUE, "f", "66"},
+ {TRUE, "fo", "666F"},
+ {TRUE, "foo", "666F6F"},
+ {TRUE, "foob", "666F6F62"},
+ {TRUE, "fooba", "666F6F6261"},
+ {TRUE, "foobar", "666F6F626172"},
+ {FALSE, "", ""},
+ {FALSE, "f", "66"},
+ {FALSE, "fo", "666f"},
+ {FALSE, "foo", "666f6f"},
+ {FALSE, "foob", "666f6f62"},
+ {FALSE, "fooba", "666f6f6261"},
+ {FALSE, "foobar", "666f6f626172"},
+ };
+ testdata_t test_colon[] = {
+ {TRUE, "", ""},
+ {TRUE, "f", "66"},
+ {TRUE, "fo", "66:6F"},
+ {TRUE, "foo", "66:6F:6F"},
+ {FALSE, "foob", "66:6f:6f:62"},
+ {FALSE, "fooba", "66:6f:6f:62:61"},
+ {FALSE, "foobar", "66:6f:6f:62:61:72"},
+ {FALSE, "foobar", "66:6f6f:6261:72"},
+ };
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk_t out;
+
+ out = chunk_to_hex(chunk_create(test[i].in, strlen(test[i].in)), NULL,
+ test[i].upper);
+ ck_assert_str_eq(out.ptr, test[i].out);
+ free(out.ptr);
+ }
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk_t out;
+
+ out = chunk_from_hex(chunk_create(test[i].out, strlen(test[i].out)), NULL);
+ fail_unless(strneq(out.ptr, test[i].in, out.len),
+ "base16 conversion error - should '%s', is %#B",
+ test[i].in, &out);
+ free(out.ptr);
+ }
+
+ for (i = 0; i < countof(test_colon); i++)
+ {
+ chunk_t out;
+
+ out = chunk_from_hex(chunk_create(test_colon[i].out, strlen(test_colon[i].out)), NULL);
+ fail_unless(strneq(out.ptr, test_colon[i].in, out.len),
+ "base16 conversion error - should '%s', is %#B",
+ test_colon[i].in, &out);
+ free(out.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * BASE64 encoding test
+ */
+
+START_TEST(test_base64)
+{
+ /* test vectors from RFC 4648:
+ *
+ * BASE64("") = ""
+ * BASE64("f") = "Zg=="
+ * BASE64("fo") = "Zm8="
+ * BASE64("foo") = "Zm9v"
+ * BASE64("foob") = "Zm9vYg=="
+ * BASE64("fooba") = "Zm9vYmE="
+ * BASE64("foobar") = "Zm9vYmFy"
+ */
+ typedef struct {
+ char *in;
+ char *out;
+ } testdata_t;
+
+ testdata_t test[] = {
+ {"", ""},
+ {"f", "Zg=="},
+ {"fo", "Zm8="},
+ {"foo", "Zm9v"},
+ {"foob", "Zm9vYg=="},
+ {"fooba", "Zm9vYmE="},
+ {"foobar", "Zm9vYmFy"},
+ };
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk_t out;
+
+ out = chunk_to_base64(chunk_create(test[i].in, strlen(test[i].in)), NULL);
+ ck_assert_str_eq(out.ptr, test[i].out);
+ free(out.ptr);
+ }
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk_t out;
+
+ out = chunk_from_base64(chunk_create(test[i].out, strlen(test[i].out)), NULL);
+ fail_unless(strneq(out.ptr, test[i].in, out.len),
+ "base64 conversion error - should '%s', is %#B",
+ test[i].in, &out);
+ free(out.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * BASE32 encoding test
+ */
+
+START_TEST(test_base32)
+{
+ /* test vectors from RFC 4648:
+ *
+ * BASE32("") = ""
+ * BASE32("f") = "MY======"
+ * BASE32("fo") = "MZXQ===="
+ * BASE32("foo") = "MZXW6==="
+ * BASE32("foob") = "MZXW6YQ="
+ * BASE32("fooba") = "MZXW6YTB"
+ * BASE32("foobar") = "MZXW6YTBOI======"
+ */
+ typedef struct {
+ char *in;
+ char *out;
+ } testdata_t;
+
+ testdata_t test[] = {
+ {"", ""},
+ {"f", "MY======"},
+ {"fo", "MZXQ===="},
+ {"foo", "MZXW6==="},
+ {"foob", "MZXW6YQ="},
+ {"fooba", "MZXW6YTB"},
+ {"foobar", "MZXW6YTBOI======"},
+ };
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk_t out;
+
+ out = chunk_to_base32(chunk_create(test[i].in, strlen(test[i].in)), NULL);
+ ck_assert_str_eq(out.ptr, test[i].out);
+ free(out.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_increment test
+ */
+
+static struct {
+ bool overflow;
+ chunk_t in;
+ chunk_t out;
+} increment_data[] = {
+ {TRUE, { NULL, 0 }, { NULL, 0 }},
+ {FALSE, chunk_from_chars(0x00), chunk_from_chars(0x01)},
+ {FALSE, chunk_from_chars(0xfe), chunk_from_chars(0xff)},
+ {TRUE, chunk_from_chars(0xff), chunk_from_chars(0x00)},
+ {FALSE, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x01)},
+ {FALSE, chunk_from_chars(0x00, 0xff), chunk_from_chars(0x01, 0x00)},
+ {FALSE, chunk_from_chars(0xfe, 0xff), chunk_from_chars(0xff, 0x00)},
+ {TRUE, chunk_from_chars(0xff, 0xff), chunk_from_chars(0x00, 0x00)},
+};
+
+START_TEST(test_increment)
+{
+ chunk_t chunk;
+ bool overflow;
+
+ chunk = chunk_clonea(increment_data[_i].in);
+ overflow = chunk_increment(chunk);
+ ck_assert(overflow == increment_data[_i].overflow);
+ ck_assert(!increment_data[_i].out.ptr ||
+ chunk_equals(chunk, increment_data[_i].out));
+}
+END_TEST
+
+/*******************************************************************************
+ * chunk_printable tests
+ */
+
+static struct {
+ bool printable;
+ chunk_t in;
+ char *out;
+} printable_data[] = {
+ {TRUE, chunk_from_chars(0x31), "1"},
+ {FALSE, chunk_from_chars(0x00), "?"},
+ {FALSE, chunk_from_chars(0x31, 0x00), "1?"},
+ {FALSE, chunk_from_chars(0x00, 0x31), "?1"},
+ {TRUE, chunk_from_chars(0x3f, 0x31), "?1"},
+ {FALSE, chunk_from_chars(0x00, 0x31, 0x00), "?1?"},
+ {FALSE, chunk_from_chars(0x00, 0x31, 0x00, 0x32), "?1?2"},
+};
+
+START_TEST(test_printable)
+{
+ bool printable;
+
+ printable = chunk_printable(printable_data[_i].in, NULL, ' ');
+ ck_assert(printable == printable_data[_i].printable);
+}
+END_TEST
+
+START_TEST(test_printable_sanitize)
+{
+ chunk_t sane, expected;
+ bool printable;
+
+ printable = chunk_printable(printable_data[_i].in, &sane, '?');
+ ck_assert(printable == printable_data[_i].printable);
+ expected = chunk_from_str(printable_data[_i].out);
+ ck_assert(chunk_equals(sane, expected));
+ chunk_free(&sane);
+}
+END_TEST
+
+START_TEST(test_printable_empty)
+{
+ chunk_t sane;
+ bool printable;
+
+ printable = chunk_printable(chunk_empty, NULL, ' ');
+ ck_assert(printable);
+
+ sane.ptr = (void*)1;
+ sane.len = 1;
+ printable = chunk_printable(chunk_empty, &sane, ' ');
+ ck_assert(printable);
+ assert_chunk_empty(sane);
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_mac(), i.e. SipHash-2-4
+ */
+
+/**
+ * SipHash-2-4 output with
+ * k = 00 01 02 ...
+ * and
+ * in = (empty string)
+ * in = 00 (1 byte)
+ * in = 00 01 (2 bytes)
+ * in = 00 01 02 (3 bytes)
+ * ...
+ * in = 00 01 02 ... 3e (63 bytes)
+ */
+static const u_char sip_vectors[64][8] =
+{
+ { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
+ { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
+ { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
+ { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
+ { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
+ { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
+ { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
+ { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
+ { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
+ { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
+ { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
+ { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
+ { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
+ { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
+ { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
+ { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
+ { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
+ { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
+ { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
+ { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
+ { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
+ { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
+ { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
+ { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
+ { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
+ { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
+ { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
+ { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
+ { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
+ { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
+ { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
+ { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
+ { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
+ { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
+ { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
+ { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
+ { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
+ { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
+ { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
+ { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
+ { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
+ { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
+ { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
+ { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
+ { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
+ { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
+ { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
+ { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
+ { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
+ { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
+ { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
+ { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
+ { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
+ { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
+ { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
+ { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
+ { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
+ { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
+ { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
+ { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
+ { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
+ { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
+ { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
+ { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
+};
+
+/**
+ * Our SipHash-2-4 implementation returns the result in host order, which
+ * doesn't matter for practical purposes and even avoids a byte swap. But
+ * because the test vectors are in little-endian we have to account for this
+ * with this custom comparison function.
+ */
+static inline bool sipeq(const void *a, const void *b, size_t n)
+{
+ u_char *ap = (u_char*)a, *bp = (u_char*)b;
+ int i;
+
+ for (i = 0; i < n; i++)
+ {
+#ifdef WORDS_BIGENDIAN
+ if (ap[i] != bp[n - i - 1])
+#else
+ if (ap[i] != bp[i])
+#endif
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+START_TEST(test_chunk_mac)
+{
+ chunk_t in;
+ u_char key[16];
+ u_int64_t out;
+ int i, count;
+
+ count = countof(sip_vectors);
+ in = chunk_alloca(count);
+
+ for (i = 0; i < 16; ++i)
+ {
+ key[i] = i;
+ }
+
+ for (i = 0; i < count; ++i)
+ {
+ in.ptr[i] = i;
+ in.len = i;
+ out = chunk_mac(in, key);
+ fail_unless(sipeq(&out, sip_vectors[i], 8),
+ "test vector failed for %d bytes", i);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_hash[_inc]()
+ */
+
+START_TEST(test_chunk_hash)
+{
+ chunk_t chunk;
+ u_int32_t hash_a, hash_b, hash_c;
+
+ chunk = chunk_from_str("asdf");
+
+ /* output is randomized, so there are no test-vectors we could use */
+ hash_a = chunk_hash(chunk);
+ hash_b = chunk_hash(chunk);
+ ck_assert(hash_a == hash_b);
+ hash_b = chunk_hash_inc(chunk, hash_a);
+ ck_assert(hash_a != hash_b);
+ hash_c = chunk_hash_inc(chunk, hash_a);
+ ck_assert(hash_b == hash_c);
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_hash_static[_inc]()
+ */
+
+START_TEST(test_chunk_hash_static)
+{
+ chunk_t in;
+ u_int32_t out, hash_a, hash_b, hash_inc = 0x7b891a95;
+ int i, count;
+
+ count = countof(sip_vectors);
+ in = chunk_alloca(count);
+
+ for (i = 0; i < count; ++i)
+ {
+ in.ptr[i] = i;
+ in.len = i;
+ /* compared to chunk_mac() we only get half the value back */
+ out = chunk_hash_static(in);
+ fail_unless(sipeq(&out, sip_vectors[i], 4),
+ "test vector failed for %d bytes", i);
+ }
+ hash_a = chunk_hash_static_inc(in, out);
+ ck_assert_int_eq(hash_a, hash_inc);
+ hash_b = chunk_hash_static_inc(in, out);
+ ck_assert_int_eq(hash_a, hash_b);
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_map and friends
+ */
+
+START_TEST(test_chunk_map)
+{
+ chunk_t *map, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ char *path = "/tmp/strongswan-chunk-map-test";
+
+ ck_assert(chunk_write(contents, path, 022, TRUE));
+
+ /* read */
+ map = chunk_map(path, FALSE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ /* altering mapped chunk should not hurt */
+ *map = chunk_empty;
+ ck_assert(chunk_unmap(map));
+
+ /* write */
+ map = chunk_map(path, TRUE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ map->ptr[0] = 0x06;
+ ck_assert(chunk_unmap(map));
+
+ /* verify write */
+ contents.ptr[0] = 0x06;
+ map = chunk_map(path, FALSE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ ck_assert(chunk_unmap(map));
+
+ unlink(path);
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_from_fd
+ */
+
+START_TEST(test_chunk_from_fd_file)
+{
+ chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ char *path = "/tmp/strongswan-chunk-fd-test";
+ int fd;
+
+ ck_assert(chunk_write(contents, path, 022, TRUE));
+
+ fd = open(path, O_RDONLY);
+ ck_assert(fd != -1);
+
+ ck_assert(chunk_from_fd(fd, &in));
+ close(fd);
+ ck_assert_msg(chunk_equals(in, contents), "%B", &in);
+ unlink(path);
+ free(in.ptr);
+}
+END_TEST
+
+START_TEST(test_chunk_from_fd_skt)
+{
+ chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ int s[2];
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0);
+ ck_assert(write(s[1], contents.ptr, contents.len) == contents.len);
+ close(s[1]);
+ ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno));
+ close(s[0]);
+ ck_assert_msg(chunk_equals(in, contents), "%B", &in);
+ free(in.ptr);
+}
+END_TEST
+
+#define FROM_FD_COUNT 8192
+
+void *chunk_from_fd_run(void *data)
+{
+ int i, fd = (uintptr_t)data;
+
+ for (i = 0; i < FROM_FD_COUNT; i++)
+ {
+ ck_assert(write(fd, &i, sizeof(i)) == sizeof(i));
+ }
+ close(fd);
+ return NULL;
+}
+
+START_TEST(test_chunk_from_fd_huge)
+{
+ thread_t *thread;
+ chunk_t in;
+ int s[2], i;
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0);
+
+ thread = thread_create(chunk_from_fd_run, (void*)(uintptr_t)s[1]);
+ ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno));
+ ck_assert_int_eq(in.len, FROM_FD_COUNT * sizeof(i));
+ for (i = 0; i < FROM_FD_COUNT; i++)
+ {
+ ck_assert_int_eq(((int*)in.ptr)[i], i);
+ }
+ thread->join(thread);
+ close(s[0]);
+ free(in.ptr);
+}
+END_TEST
+
+/*******************************************************************************
+ * printf_hook tests
+ */
+
+static struct {
+ chunk_t in;
+ char *out;
+ char *out_plus;
+} printf_hook_data[] = {
+ {chunk_from_chars(), "", ""},
+ {chunk_from_chars(0x00), "00", "00"},
+ {chunk_from_chars(0x00, 0x01), "00:01", "0001"},
+ {chunk_from_chars(0x00, 0x01, 0x02), "00:01:02", "000102"},
+};
+
+START_TEST(test_printf_hook_hash)
+{
+ char buf[16];
+ int len;
+
+ len = snprintf(buf, sizeof(buf), "%#B", &printf_hook_data[_i].in);
+ ck_assert(len >= 0 && len < sizeof(buf));
+ ck_assert_str_eq(buf, printf_hook_data[_i].out);
+}
+END_TEST
+
+START_TEST(test_printf_hook_plus)
+{
+ char buf[16];
+ int len;
+
+ len = snprintf(buf, sizeof(buf), "%+B", &printf_hook_data[_i].in);
+ ck_assert(len >= 0 && len < sizeof(buf));
+ ck_assert_str_eq(buf, printf_hook_data[_i].out_plus);
+}
+END_TEST
+
+START_TEST(test_printf_hook)
+{
+ char buf[128], mem[128];
+ int len;
+
+ /* %B should be the same as %b, which is what we check, comparing the
+ * acutal result could be tricky as %b prints the chunk's memory address */
+ len = snprintf(buf, sizeof(buf), "%B", &printf_hook_data[_i].in);
+ ck_assert(len >= 0 && len < sizeof(buf));
+ len = snprintf(mem, sizeof(mem), "%b", printf_hook_data[_i].in.ptr,
+ (u_int)printf_hook_data[_i].in.len);
+ ck_assert(len >= 0 && len < sizeof(mem));
+ ck_assert_str_eq(buf, mem);
+}
+END_TEST
+
+Suite *chunk_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("chunk");
+
+ tc = tcase_create("equals");
+ tcase_add_test(tc, test_chunk_equals);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_compare");
+ tcase_add_loop_test(tc, test_compare, 0, countof(compare_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("clear");
+ tcase_add_test(tc, test_chunk_clear);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_length");
+ tcase_add_test(tc, test_chunk_length);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_create_cat");
+ tcase_add_test(tc, test_chunk_create_cat);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_split");
+ tcase_add_test(tc, test_chunk_split);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_skip");
+ tcase_add_test(tc, test_chunk_skip);
+ tcase_add_test(tc, test_chunk_skip_zero);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_increment");
+ tcase_add_loop_test(tc, test_increment, 0, countof(increment_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_printable");
+ tcase_add_loop_test(tc, test_printable, 0, countof(printable_data));
+ tcase_add_loop_test(tc, test_printable_sanitize, 0, countof(printable_data));
+ tcase_add_test(tc, test_printable_empty);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("baseXX");
+ tcase_add_test(tc, test_base64);
+ tcase_add_test(tc, test_base32);
+ tcase_add_test(tc, test_base16);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_mac");
+ tcase_add_test(tc, test_chunk_mac);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_hash");
+ tcase_add_test(tc, test_chunk_hash);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_hash_static");
+ tcase_add_test(tc, test_chunk_hash_static);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_map");
+ tcase_add_test(tc, test_chunk_map);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_from_fd");
+ tcase_add_test(tc, test_chunk_from_fd_file);
+ tcase_add_test(tc, test_chunk_from_fd_skt);
+ tcase_add_test(tc, test_chunk_from_fd_huge);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("printf_hook");
+ tcase_add_loop_test(tc, test_printf_hook_hash, 0, countof(printf_hook_data));
+ tcase_add_loop_test(tc, test_printf_hook_plus, 0, countof(printf_hook_data));
+ tcase_add_loop_test(tc, test_printf_hook, 0, countof(printf_hook_data));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_crypter.c b/src/libstrongswan/tests/suites/test_crypter.c
new file mode 100644
index 0000000..4e7550a
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_crypter.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/crypters/crypter.h>
+#include <asn1/oid.h>
+#include <utils/test.h>
+
+typedef struct {
+ int oid;
+ encryption_algorithm_t alg;
+ size_t key_size;
+}crypter_oid_t;
+
+static crypter_oid_t oids[] = {
+ { OID_UNKNOWN, ENCR_AES_CBC, 0 },
+ { OID_UNKNOWN, ENCR_CAMELLIA_CBC, 0 },
+ { OID_UNKNOWN, ENCR_UNDEFINED, 0 },
+ { OID_DES_CBC, ENCR_DES, 0 },
+ { OID_3DES_EDE_CBC, ENCR_3DES, 0 },
+ { OID_AES128_CBC, ENCR_AES_CBC, 128 },
+ { OID_AES192_CBC, ENCR_AES_CBC, 192 },
+ { OID_AES256_CBC, ENCR_AES_CBC, 256 },
+ { OID_CAMELLIA128_CBC, ENCR_CAMELLIA_CBC, 128 },
+ { OID_CAMELLIA192_CBC, ENCR_CAMELLIA_CBC, 192 },
+ { OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 }
+};
+
+START_TEST(test_crypter_from_oid)
+{
+ size_t key_size;
+
+ ck_assert(encryption_algorithm_from_oid(oids[_i].oid, NULL) ==
+ oids[_i].alg);
+ ck_assert(encryption_algorithm_from_oid(oids[_i].oid, &key_size) ==
+ oids[_i].alg);
+ ck_assert(key_size == oids[_i].key_size);
+}
+END_TEST
+
+START_TEST(test_crypter_to_oid)
+{
+ ck_assert(encryption_algorithm_to_oid(oids[_i].alg,
+ oids[_i].key_size) == oids[_i].oid);
+}
+END_TEST
+
+typedef struct {
+ encryption_algorithm_t alg;
+ bool is_aead;
+}crypter_aead_t;
+
+static crypter_aead_t aead[] = {
+ { ENCR_AES_CCM_ICV8, TRUE },
+ { ENCR_AES_CCM_ICV12, TRUE },
+ { ENCR_AES_CCM_ICV16, TRUE },
+ { ENCR_AES_GCM_ICV8, TRUE },
+ { ENCR_AES_GCM_ICV12, TRUE },
+ { ENCR_AES_GCM_ICV16, TRUE },
+ { ENCR_NULL_AUTH_AES_GMAC, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV8, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV12, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV16, TRUE },
+ { ENCR_AES_CBC, FALSE },
+ { ENCR_CAMELLIA_CBC, FALSE }
+};
+
+START_TEST(test_crypter_is_aead)
+{
+ ck_assert(encryption_algorithm_is_aead(aead[_i].alg) == aead[_i].is_aead);
+}
+END_TEST
+
+Suite *crypter_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("crypter");
+
+ tc = tcase_create("from_oid");
+ tcase_add_loop_test(tc, test_crypter_from_oid, 2, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_oid");
+ tcase_add_loop_test(tc, test_crypter_to_oid, 0, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_aead");
+ tcase_add_loop_test(tc, test_crypter_is_aead, 0, countof(aead));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
new file mode 100644
index 0000000..3c84299
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+/**
+ * Signature schemes to test
+ */
+static struct {
+ /* key size for scheme, 0 for any */
+ int key_size;
+ signature_scheme_t scheme;
+} schemes[] = {
+ { 0, SIGN_ECDSA_WITH_SHA1_DER },
+ { 0, SIGN_ECDSA_WITH_SHA256_DER },
+ { 0, SIGN_ECDSA_WITH_SHA384_DER },
+ { 0, SIGN_ECDSA_WITH_SHA512_DER },
+ { 0, SIGN_ECDSA_WITH_NULL },
+ { 256, SIGN_ECDSA_256 },
+ { 384, SIGN_ECDSA_384 },
+ { 521, SIGN_ECDSA_521 },
+};
+
+/**
+ * Perform a signature verification "good" test having a keypair
+ */
+static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
+{
+ chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+ int i;
+
+ for (i = 0; i < countof(schemes); i++)
+ {
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].scheme)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i].scheme)))
+ {
+ continue;
+ }
+ if (schemes[i].key_size != 0 &&
+ schemes[i].scheme != privkey->get_keysize(privkey))
+ {
+ continue;
+ }
+ fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
+ "sign %N", signature_scheme_names, schemes[i].scheme);
+ fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig),
+ "verify %N", signature_scheme_names, schemes[i].scheme);
+ free(sig.ptr);
+ }
+}
+
+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+ chunk_from_chars(),
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+ chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+ int s, i;
+
+ for (s = 0; s < countof(schemes); s++)
+ {
+ if (schemes[s].key_size != 0 &&
+ schemes[s].scheme != pubkey->get_keysize(pubkey))
+ {
+ continue;
+ }
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s].scheme)))
+ {
+ continue;
+ }
+ for (i = 0; i < countof(invalid_sigs); i++)
+ {
+ fail_if(
+ pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+ "bad %N sig accepted %B",
+ signature_scheme_names, schemes[s].scheme,
+ &invalid_sigs[i]);
+ }
+ }
+}
+
+/**
+ * ECDSA key sizes to test
+ */
+static int key_sizes[] = {
+ 256, 384, 521,
+};
+
+START_TEST(test_gen)
+{
+ private_key_t *privkey;
+ public_key_t *pubkey;
+
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
+ ck_assert(privkey != NULL);
+ pubkey = privkey->get_public_key(privkey);
+ ck_assert(pubkey != NULL);
+
+ test_good_sig(privkey, pubkey);
+
+ test_bad_sigs(pubkey);
+
+ pubkey->destroy(pubkey);
+ privkey->destroy(privkey);
+}
+END_TEST
+
+/**
+ * Private keys to load
+ */
+static chunk_t keys[] = {
+ chunk_from_chars( /* ECDSA-256 */
+ 0x30,0x77,0x02,0x01,0x01,0x04,0x20,0x42,0xc6,0x8c,0xff,0x2b,0x8b,0x87,0xa1,0xfb,
+ 0x50,0xf6,0xfe,0xd6,0x88,0xb3,0x0a,0x48,0xb2,0xc5,0x8f,0x50,0xe0,0xcf,0x40,0xfa,
+ 0x57,0xd1,0xc6,0x6c,0x20,0x64,0xc5,0xa0,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
+ 0x03,0x01,0x07,0xa1,0x44,0x03,0x42,0x00,0x04,0x9c,0xb2,0x52,0xcb,0xc0,0x5c,0xcf,
+ 0x97,0xdd,0xd6,0xe7,0x49,0x32,0x47,0x0c,0x8e,0xdb,0x6d,0xbf,0xc8,0x1a,0x0a,0x01,
+ 0xe8,0x5e,0x3f,0x8e,0x64,0x33,0xb4,0x15,0xbb,0x1b,0xa5,0xed,0xf9,0x4b,0xa7,0xe8,
+ 0x5e,0x6f,0x49,0x24,0xf7,0x32,0xf4,0x9b,0x4c,0x47,0xdc,0xf1,0x28,0x44,0x1c,0x37,
+ 0xdb,0xee,0xfb,0xd8,0xbd,0x4e,0x5c,0xeb,0x07),
+ chunk_from_chars( /* ECDSA-384 */
+ 0x30,0x81,0xa4,0x02,0x01,0x01,0x04,0x30,0x4b,0xbf,0x6c,0xf5,0x24,0x78,0x53,0x4b,
+ 0x1a,0x91,0x23,0xae,0x30,0xc8,0xb3,0xc9,0xc2,0x9b,0x23,0x07,0x10,0x6f,0x1b,0x47,
+ 0x7c,0xa0,0xd4,0x79,0x3c,0xc4,0x83,0x10,0xd1,0x44,0x07,0xc2,0x1b,0x66,0xff,0xae,
+ 0x76,0x57,0x72,0x90,0x53,0xc2,0xf5,0x29,0xa0,0x07,0x06,0x05,0x2b,0x81,0x04,0x00,
+ 0x22,0xa1,0x64,0x03,0x62,0x00,0x04,0x1e,0xcf,0x1c,0x85,0x9d,0x06,0xa0,0x54,0xa2,
+ 0x24,0x2f,0xd8,0x63,0x56,0x7b,0x70,0x0b,0x7f,0x81,0x96,0xce,0xb9,0x2e,0x35,0x03,
+ 0x9c,0xf9,0x0a,0x5d,0x3b,0x10,0xf7,0x13,0x7a,0x0d,0xca,0x56,0xda,0x1d,0x44,0x84,
+ 0x07,0x6f,0x58,0xdc,0x34,0x7b,0x1d,0x4c,0xdd,0x28,0x10,0xc0,0xe2,0xae,0xf4,0xd6,
+ 0xda,0xea,0xaf,0xfc,0x7a,0xaf,0x59,0x5f,0xbc,0x91,0x65,0xd3,0x21,0x19,0x61,0xbb,
+ 0xfe,0x3c,0xdb,0x47,0xcb,0x7a,0xe7,0x5d,0xbd,0x28,0xde,0x25,0x64,0x9e,0x3a,0xa9,
+ 0x18,0xed,0x24,0xe1,0x1f,0x73,0xcc),
+ chunk_from_chars( /* ECDSA-521 */
+ 0x30,0x81,0xdc,0x02,0x01,0x01,0x04,0x42,0x01,0xcf,0x38,0xaa,0xa7,0x7a,0x79,0x48,
+ 0xa9,0x60,0x55,0x24,0xa8,0x7e,0xe1,0xbc,0x45,0x35,0x16,0xff,0x18,0xce,0x44,0xa2,
+ 0x0b,0x72,0x6b,0xca,0x0a,0x40,0xb4,0x97,0x13,0x17,0x90,0x50,0x15,0xb9,0xba,0xfc,
+ 0x08,0x0e,0xdb,0xf8,0xfc,0x06,0x35,0x37,0xbf,0xfb,0x25,0x74,0xfe,0x0f,0xe1,0x3c,
+ 0x3a,0xf0,0x0d,0xe0,0x52,0x15,0xa8,0x07,0x6f,0x3e,0xa0,0x07,0x06,0x05,0x2b,0x81,
+ 0x04,0x00,0x23,0xa1,0x81,0x89,0x03,0x81,0x86,0x00,0x04,0x00,0x56,0x81,0x28,0xd6,
+ 0xac,0xe9,0xc8,0x82,0x2c,0xac,0x61,0x6d,0xdd,0x88,0x79,0x00,0xe3,0x7a,0x4d,0x25,
+ 0xc4,0xea,0x05,0x80,0x75,0x48,0xbc,0x75,0x73,0xc4,0xe9,0x76,0x68,0xba,0x51,0xc3,
+ 0x29,0xce,0x7d,0x1b,0xb0,0x8b,0xac,0xc1,0xcc,0x23,0xa7,0x2d,0xa7,0x2c,0x95,0xf6,
+ 0x01,0x40,0x26,0x01,0x1c,0x1c,0x9c,0xe7,0xa7,0xb4,0x0f,0x8e,0xba,0x01,0x07,0xb3,
+ 0xf7,0xbe,0x45,0x20,0xa9,0x9e,0x70,0xf0,0xcf,0x9b,0xa0,0x91,0xe3,0x88,0x8f,0x04,
+ 0x69,0x3d,0x0f,0x2b,0xf3,0xb4,0x03,0x19,0x89,0xcf,0xfa,0x77,0x04,0x15,0xaf,0xdd,
+ 0xf7,0x32,0x76,0x25,0x25,0x05,0x8d,0xfd,0x18,0x8a,0xda,0xd6,0xbc,0x71,0xb8,0x9f,
+ 0x39,0xb0,0xaf,0xcc,0x54,0xb0,0x9c,0x4d,0x54,0xfb,0x46,0x53,0x5f,0xf8,0x45),
+};
+
+START_TEST(test_load)
+{
+ private_key_t *privkey;
+ public_key_t *pubkey;
+
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
+ ck_assert(privkey != NULL);
+ pubkey = privkey->get_public_key(privkey);
+ ck_assert(pubkey != NULL);
+
+ test_good_sig(privkey, pubkey);
+
+ test_bad_sigs(pubkey);
+
+ pubkey->destroy(pubkey);
+ privkey->destroy(privkey);
+}
+END_TEST
+
+Suite *ecdsa_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+ int gen_count = countof(key_sizes);
+
+ s = suite_create("ecdsa");
+
+ if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL)
+ {
+ gen_count = min(1, gen_count);
+ }
+
+ tc = tcase_create("generate");
+ tcase_add_loop_test(tc, test_gen, 0, gen_count);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("load");
+ tcase_add_loop_test(tc, test_load, 0, countof(keys));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_enum.c b/src/libstrongswan/tests/suites/test_enum.c
similarity index 100%
rename from src/libstrongswan/tests/test_enum.c
rename to src/libstrongswan/tests/suites/test_enum.c
diff --git a/src/libstrongswan/tests/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c
similarity index 100%
rename from src/libstrongswan/tests/test_enumerator.c
rename to src/libstrongswan/tests/suites/test_enumerator.c
diff --git a/src/libstrongswan/tests/suites/test_fetch_http.c b/src/libstrongswan/tests/suites/test_fetch_http.c
new file mode 100644
index 0000000..8749ff3
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_fetch_http.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+#include <time.h>
+
+/**
+ * HTTP test definition
+ */
+typedef struct {
+ /* HTTP Method */
+ char *meth;
+ /* HTTP 1.x minor version */
+ int minor;
+ /* host to connect to */
+ char *host;
+ /* HTTP service port */
+ int port;
+ /* path on host to fetch from */
+ char *path;
+ /* request Content-Type, if any */
+ char *type;
+ /* request data, if any */
+ void *req;
+ /* length of request data */
+ int req_len;
+ /* response data, if any */
+ void *res;
+ /* length of response data */
+ int res_len;
+} test_service_t;
+
+static char large[] = {
+ 0x88,0x3e,0xa3,0xe3,0x95,0x67,0x53,0x93,0xc8,0xce,0x5c,0xcd,0x8c,0x03,0x0c,0xa8,
+ 0x94,0xaf,0x49,0xf6,0xc6,0x50,0xad,0xb8,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+};
+
+static bool servicing(void *data, stream_t *stream)
+{
+ test_service_t *test = (test_service_t*)data;
+ char buf[1024], hdr[256], *start, *end = NULL, *body = NULL, *type = NULL;
+ struct tm tm;
+ time_t t;
+ ssize_t len, tot = 0;
+ int nr = 0;
+
+ start = buf;
+
+ /* parse method and headers */
+ while (end != start)
+ {
+ len = stream->read(stream, buf + tot, sizeof(buf) - tot, TRUE);
+ ck_assert(len > 0);
+ tot += len;
+
+ while (TRUE)
+ {
+ end = memchr(start, '\n', tot);
+ if (!end)
+ {
+ break;
+ }
+ *end = '\0';
+ ck_assert(end > buf);
+ ck_assert(*(--end) == '\r');
+ *end = '\0';
+ if (end == start)
+ {
+ body = end + strlen("\r\n");
+ break;
+ }
+ switch (nr++)
+ {
+ case 0:
+ snprintf(hdr, sizeof(hdr), "%s %s HTTP/1.%u",
+ test->meth, test->path, test->minor);
+ ck_assert_str_eq(hdr, start);
+ break;
+ default:
+ if (strcasepfx(start, "Content-Length: "))
+ {
+ ck_assert_int_eq(
+ atoi(start + strlen("Content-Length: ")),
+ test->req_len);
+ }
+ if (strcasepfx(start, "Content-Type: "))
+ {
+ type = start + strlen("Content-Type: ");
+ }
+ break;
+ }
+ start = end + strlen("\r\n");
+ }
+ }
+
+ if (test->type)
+ {
+ ck_assert(type);
+ ck_assert_str_eq(type, test->type);
+ }
+
+ /* request body */
+ if (test->req_len)
+ {
+ ck_assert(stream->read_all(stream, buf + tot,
+ test->req_len - (tot - (body - buf))));
+ ck_assert(memeq(body, test->req, test->req_len));
+ }
+
+ /* response headers */
+ snprintf(buf, sizeof(buf), "HTTP/1.%u 200 OK\r\n", test->minor);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ t = time(NULL);
+ gmtime_r(&t, &tm);
+ strftime(buf, sizeof(buf), "%a, %d %b %Y %T %z", &tm);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Server: strongSwan unit test\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+
+ /* rest of response headers */
+ snprintf(buf, sizeof(buf), "Content-Type: text/plain\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Content-Length: %u\r\n", test->res_len);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Connection: close\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+
+ /* response body */
+ ck_assert(stream->write_all(stream, test->res, test->res_len));
+ return FALSE;
+}
+
+static test_service_t gtests[] = {
+ { "GET", 1, "127.0.0.1", 6543, "/a/test/?b=c", NULL,
+ NULL, 0, "\x12\x34", 2 },
+ { "GET", 0, "localhost", 6543, "/", NULL,
+ NULL, 0, NULL, 0 },
+ { "GET", 0, "127.0.0.1", 6543, "/largefile", NULL,
+ NULL, 0, large, sizeof(large) },
+ { "GET", 1, "[::1]", 6543, "/ipv6-url", NULL,
+ NULL, 0, "\x00\r\n\r\x00testdatablabla", 20 },
+};
+
+START_TEST(test_get)
+{
+ stream_service_t *service;
+ status_t status;
+ chunk_t data, expected;
+ char uri[256];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ snprintf(uri, sizeof(uri), "tcp://%s:%u", gtests[_i].host, gtests[_i].port);
+ service = lib->streams->create_service(lib->streams, uri, 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, >ests[_i], JOB_PRIO_HIGH, 0);
+
+ snprintf(uri, sizeof(uri), "http://%s:%u%s",
+ gtests[_i].host, gtests[_i].port, gtests[_i].path);
+ status = lib->fetcher->fetch(lib->fetcher, uri, &data,
+ !gtests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END,
+ FETCH_END);
+ ck_assert_int_eq(status, SUCCESS);
+ expected = chunk_create(gtests[_i].res, gtests[_i].res_len);
+ ck_assert_msg(chunk_compare(expected, data) == 0,
+ "exp %B\ngot %B\n", &expected, &data);
+ free(data.ptr);
+
+ service->destroy(service);
+}
+END_TEST
+
+
+static test_service_t ptests[] = {
+ { "POST", 1, "127.0.0.1", 6543, "/a/test/?b=c", "application/binary",
+ "\x23\x45", 2, "\x12\x34", 2 },
+ { "POST", 0, "localhost", 6543, "/largefile", "application/x-large",
+ large, sizeof(large), large, sizeof(large) },
+ { "POST", 1, "[::1]", 6543, "/ipv6-url", "text/plain",
+ "\x00\r\n\r\x00testdatablabla", 20, "\x00\r\n\r\x00testdatablabla", 20 },
+};
+
+START_TEST(test_post)
+{
+ stream_service_t *service;
+ status_t status;
+ chunk_t data, expected;
+ char uri[256];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ snprintf(uri, sizeof(uri), "tcp://%s:%u", ptests[_i].host, ptests[_i].port);
+ service = lib->streams->create_service(lib->streams, uri, 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, &ptests[_i], JOB_PRIO_HIGH, 0);
+
+ snprintf(uri, sizeof(uri), "http://%s:%u%s",
+ ptests[_i].host, ptests[_i].port, ptests[_i].path);
+ status = lib->fetcher->fetch(lib->fetcher, uri, &data,
+ FETCH_REQUEST_TYPE, ptests[_i].type,
+ FETCH_REQUEST_DATA,
+ chunk_create(ptests[_i].req, ptests[_i].req_len),
+ !ptests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END,
+ FETCH_END);
+ ck_assert_int_eq(status, SUCCESS);
+ expected = chunk_create(ptests[_i].res, ptests[_i].res_len);
+ ck_assert_msg(chunk_compare(expected, data) == 0,
+ "exp %B\ngot %B\n", &expected, &data);
+ free(data.ptr);
+
+ service->destroy(service);
+}
+END_TEST
+
+Suite *fetch_http_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("http fetcher");
+
+ tc = tcase_create("GET");
+ tcase_add_loop_test(tc, test_get, 0, countof(gtests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("POST");
+ tcase_add_loop_test(tc, test_post, 0, countof(ptests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
new file mode 100644
index 0000000..41a9d64
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/hashers/hasher.h>
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
+#include <asn1/oid.h>
+#include <utils/test.h>
+
+typedef struct {
+ int oid;
+ hash_algorithm_t alg;
+ key_type_t key;
+}hasher_oid_t;
+
+static hasher_oid_t oids[] = {
+ { OID_MD2, HASH_MD2, KEY_ANY },
+ { OID_MD5, HASH_MD5, KEY_ANY },
+ { OID_SHA1, HASH_SHA1, KEY_ANY },
+ { OID_SHA224, HASH_SHA224, KEY_ANY },
+ { OID_SHA256, HASH_SHA256, KEY_ANY },
+ { OID_SHA384, HASH_SHA384, KEY_ANY },
+ { OID_SHA512, HASH_SHA512, KEY_ANY },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },
+ { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },
+ { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },
+ { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },
+ { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },
+ { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },
+ { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },
+ { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },
+ { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }
+};
+
+START_TEST(test_hasher_from_oid)
+{
+ ck_assert(hasher_algorithm_from_oid(oids[_i].oid) == oids[_i].alg);
+}
+END_TEST
+
+START_TEST(test_hasher_to_oid)
+{
+ ck_assert(hasher_algorithm_to_oid(oids[_i].alg) == oids[_i].oid);
+}
+END_TEST
+
+START_TEST(test_hasher_sig_to_oid)
+{
+ ck_assert(hasher_signature_algorithm_to_oid(oids[_i].alg,
+ oids[_i].key) == oids[_i].oid);
+}
+END_TEST
+
+typedef struct {
+ pseudo_random_function_t prf;
+ hash_algorithm_t alg;
+}hasher_prf_t;
+
+static hasher_prf_t prfs[] = {
+ { PRF_HMAC_MD5, HASH_MD5 },
+ { PRF_HMAC_SHA1, HASH_SHA1 },
+ { PRF_FIPS_SHA1_160, HASH_SHA1 },
+ { PRF_KEYED_SHA1, HASH_SHA1 },
+ { PRF_HMAC_SHA2_256, HASH_SHA256 },
+ { PRF_HMAC_SHA2_384, HASH_SHA384 },
+ { PRF_HMAC_SHA2_512, HASH_SHA512 },
+ { PRF_HMAC_TIGER, HASH_UNKNOWN },
+ { PRF_AES128_XCBC, HASH_UNKNOWN },
+ { PRF_AES128_CMAC, HASH_UNKNOWN },
+ { PRF_FIPS_DES, HASH_UNKNOWN },
+ { PRF_CAMELLIA128_XCBC, HASH_UNKNOWN },
+ { PRF_UNDEFINED, HASH_UNKNOWN },
+ { 0, HASH_UNKNOWN }
+};
+
+START_TEST(test_hasher_from_prf)
+{
+ ck_assert(hasher_algorithm_from_prf(prfs[_i].prf) == prfs[_i].alg);
+}
+END_TEST
+
+typedef struct {
+ integrity_algorithm_t auth;
+ hash_algorithm_t alg;
+ size_t length;
+}hasher_auth_t;
+
+static hasher_auth_t auths[] = {
+ { AUTH_UNDEFINED, HASH_MD2, 0 },
+ { AUTH_UNDEFINED, HASH_MD4, 0 },
+ { AUTH_UNDEFINED, HASH_SHA224, 0 },
+ { AUTH_UNDEFINED, 9, 0 },
+ { AUTH_UNDEFINED, HASH_UNKNOWN, 0 },
+ { AUTH_HMAC_MD5_96, HASH_MD5, 12 },
+ { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 },
+ { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 },
+ { AUTH_HMAC_MD5_128, HASH_MD5, 16 },
+ { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 },
+ { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 },
+ { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 },
+ { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 },
+ { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 },
+ { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 },
+ { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 },
+ { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 },
+ { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 },
+ { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 },
+ { AUTH_DES_MAC, HASH_UNKNOWN, 0 },
+ { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 },
+ { 0, HASH_UNKNOWN, 0 }
+};
+
+START_TEST(test_hasher_from_integrity)
+{
+ size_t length;
+
+ length = 0;
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
+ auths[_i].alg);
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
+ auths[_i].alg);
+ ck_assert(length == auths[_i].length);
+}
+END_TEST
+
+START_TEST(test_hasher_to_integrity)
+{
+ ck_assert(hasher_algorithm_to_integrity(
+ auths[_i].alg, auths[_i].length) == auths[_i].auth);
+ ck_assert(hasher_algorithm_to_integrity(
+ auths[_i].alg, 0) == AUTH_UNDEFINED);
+}
+END_TEST
+
+Suite *hasher_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("hasher");
+
+ tc = tcase_create("from_oid");
+ tcase_add_loop_test(tc, test_hasher_from_oid, 0, 15);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_oid");
+ tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("sig_to_oid");
+ tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_prf");
+ tcase_add_loop_test(tc, test_hasher_from_prf, 0, countof(prfs));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_integrity");
+ tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_integrity");
+ tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_hashtable.c b/src/libstrongswan/tests/suites/test_hashtable.c
similarity index 100%
rename from src/libstrongswan/tests/test_hashtable.c
rename to src/libstrongswan/tests/suites/test_hashtable.c
diff --git a/src/libstrongswan/tests/test_host.c b/src/libstrongswan/tests/suites/test_host.c
similarity index 100%
rename from src/libstrongswan/tests/test_host.c
rename to src/libstrongswan/tests/suites/test_host.c
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
new file mode 100644
index 0000000..edf53f0
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -0,0 +1,857 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <utils/identification.h>
+
+/*******************************************************************************
+ * create (_from_encoding, _from_data, _from_string, _from_sockaddr)
+ */
+
+START_TEST(test_from_encoding)
+{
+ identification_t *a;
+ chunk_t expected, encoding;
+
+ /* only ID_ANY is handled differently, for all other types the following
+ * applies. should we perhaps test that this is in fact the case? */
+ expected = chunk_from_str("moon at strongswan.org");
+ a = identification_create_from_encoding(ID_RFC822_ADDR, expected);
+ ck_assert(ID_RFC822_ADDR == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(expected.ptr != encoding.ptr);
+ ck_assert(chunk_equals(expected, encoding));
+ a->destroy(a);
+
+ a = identification_create_from_encoding(ID_ANY, expected);
+ ck_assert(ID_ANY == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(encoding.ptr == NULL);
+ ck_assert(encoding.len == 0);
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_from_data)
+{
+ identification_t *a;
+ chunk_t expected, encoding;
+
+ /* this uses the DN parser (C=CH) */
+ expected = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48);
+ a = identification_create_from_data(expected);
+ ck_assert(ID_DER_ASN1_DN == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(expected.ptr != encoding.ptr);
+ ck_assert(chunk_equals(expected, encoding));
+ a->destroy(a);
+
+ /* everything else is handled by the string parser */
+ expected = chunk_from_str("moon at strongswan.org");
+ a = identification_create_from_data(expected);
+ ck_assert(ID_RFC822_ADDR == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(expected.ptr != encoding.ptr);
+ ck_assert(chunk_equals(expected, encoding));
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_from_sockaddr)
+{
+ identification_t *a;
+ chunk_t expected, encoding;
+ struct sockaddr_in in = {
+ .sin_family = AF_INET,
+ };
+ struct sockaddr_in6 in6 = {
+ .sin6_family = AF_INET6,
+ };
+
+ expected = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01);
+ memcpy(&in.sin_addr, expected.ptr, sizeof(in.sin_addr));
+ a = identification_create_from_sockaddr((sockaddr_t*)&in);
+ ck_assert(ID_IPV4_ADDR == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(chunk_equals(expected, encoding));
+ a->destroy(a);
+
+ expected = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
+ memcpy(&in6.sin6_addr, expected.ptr, sizeof(in6.sin6_addr));
+ a = identification_create_from_sockaddr((sockaddr_t*)&in6);
+ ck_assert(ID_IPV6_ADDR == a->get_type(a));
+ encoding = a->get_encoding(a);
+ ck_assert(chunk_equals(expected, encoding));
+ a->destroy(a);
+
+ in6.sin6_family = AF_UNSPEC;
+ a = identification_create_from_sockaddr((sockaddr_t*)&in6);
+ ck_assert(ID_ANY == a->get_type(a));
+ a->destroy(a);
+}
+END_TEST
+
+static struct {
+ char *id;
+ id_type_t type;
+ struct {
+ enum {
+ ENC_CHUNK,
+ ENC_STRING,
+ ENC_SIMPLE,
+ } type;
+ union {
+ chunk_t c;
+ char *s;
+ } data;
+ } result;
+} string_data[] = {
+ {NULL, ID_ANY, { .type = ENC_CHUNK }},
+ {"", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any6", ID_ANY, { .type = ENC_CHUNK }},
+ {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
+ {"0::0", ID_ANY, { .type = ENC_CHUNK }},
+ {"::", ID_ANY, { .type = ENC_CHUNK }},
+ {"*", ID_ANY, { .type = ENC_CHUNK }},
+ {"any", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"0", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"**", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01) }},
+ {"192.168.",ID_FQDN, { .type = ENC_SIMPLE }},
+ {".", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01) }},
+ {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00) }},
+ {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"alice at strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice at strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"@", ID_FQDN, { .type = ENC_CHUNK }},
+ {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
+ .data.s = "strongswan.org" }},
+ {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xde, 0xad, 0xbe, 0xef) }},
+ {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x0d, 0xea, 0xdb, 0xee) }},
+ {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x30, 0x0b, 0x31, 0x09, 0x30, 0x07, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x00)}},
+ {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
+ {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
+ {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
+ {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
+};
+
+START_TEST(test_from_string)
+{
+ identification_t *a;
+ chunk_t encoding, expected = chunk_empty;
+ char *id;
+
+ id = string_data[_i].id;
+ a = identification_create_from_string(id);
+ fail_unless(a->get_type(a) == string_data[_i].type,
+ "type of id '%s' is %N, %N expected", id,
+ id_type_names, a->get_type(a),
+ id_type_names, string_data[_i].type);
+
+ encoding = a->get_encoding(a);
+ switch (string_data[_i].result.type)
+ {
+ case ENC_SIMPLE:
+ expected = chunk_from_str(string_data[_i].id);
+ break;
+ case ENC_STRING:
+ expected = chunk_from_str(string_data[_i].result.data.s);
+ break;
+ case ENC_CHUNK:
+ expected = string_data[_i].result.data.c;
+ break;
+ default:
+ fail("unexpected result type");
+ }
+
+ ck_assert(!id || (char*)encoding.ptr != id);
+ if (expected.ptr)
+ {
+ fail_unless(chunk_equals(encoding, expected),
+ "parsing '%s' failed\nencoding %B\nexpected %B\n",
+ id, &encoding, &expected);
+ }
+ else
+ {
+ ck_assert(encoding.ptr == NULL);
+ ck_assert(encoding.len == 0);
+ }
+ a->destroy(a);
+}
+END_TEST
+
+/*******************************************************************************
+ * printf_hook
+ */
+
+static void string_equals(char *a_str, char *b_str)
+{
+ identification_t *b;
+ char buf[128];
+
+ b = b_str ? identification_create_from_string(b_str) : NULL;
+ snprintf(buf, sizeof(buf), "%Y", b);
+ DESTROY_IF(b);
+ ck_assert_str_eq(a_str, buf);
+}
+
+static void string_equals_id(char *a_str, identification_t *b)
+{
+ char buf[128];
+
+ snprintf(buf, sizeof(buf), "%Y", b);
+ DESTROY_IF(b);
+ ck_assert_str_eq(a_str, buf);
+}
+
+START_TEST(test_printf_hook)
+{
+ string_equals("(null)", NULL);
+ string_equals("%any", "");
+ string_equals("%any", "%any");
+ string_equals("%any", "*");
+
+ string_equals("192.168.1.1", "192.168.1.1");
+ string_equals_id("(invalid ID_IPV4_ADDR)",
+ identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
+ string_equals("fec0::1", "fec0::1");
+ string_equals("fec0::1", "fec0:0:0::1");
+ string_equals_id("(invalid ID_IPV6_ADDR)",
+ identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
+
+ string_equals_id("(unknown ID type: 255)",
+ identification_create_from_encoding(255, chunk_empty));
+
+ string_equals("moon at strongswan.org", "moon at strongswan.org");
+ string_equals("MOON at STRONGSWAN.ORG", "MOON at STRONGSWAN.ORG");
+ /* non-printable characters */
+ string_equals_id("????@strongswan.org", identification_create_from_encoding(ID_RFC822_ADDR,
+ chunk_from_chars(0xfa, 0xfb, 0xfc, 0xfd, 0x40, 0x73, 0x74, 0x72,
+ 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
+ 0x6f, 0x72, 0x67)));
+
+ /* not a DN => ID_KEY_ID => no normalization */
+ string_equals("C=CH, AsdF=asdf", "C=CH, AsdF=asdf");
+ string_equals_id("moon at strongswan.org", identification_create_from_encoding(ID_KEY_ID,
+ chunk_from_str("moon at strongswan.org")));
+ /* non-printable characters */
+ string_equals_id("de:ad:be:ef", identification_create_from_encoding(ID_KEY_ID,
+ chunk_from_chars(0xde, 0xad, 0xbe, 0xef)));
+ /* printable characters */
+ string_equals_id("ABCDEFGHIJKLMNOPQRS",
+ identification_create_from_encoding(ID_KEY_ID,
+ chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
+ 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+ 0x51, 0x52, 0x53)));
+ /* ABCDEFGHIJKLMNOPQRST is printable but has the length of a SHA1 hash */
+ string_equals_id("41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50:51:52:53:54",
+ identification_create_from_encoding(ID_KEY_ID,
+ chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
+ 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+ 0x51, 0x52, 0x53, 0x54)));
+
+ string_equals_id("", identification_create_from_encoding(ID_DER_ASN1_DN, chunk_empty));
+ string_equals("C=", "C=");
+ string_equals("C=", "C=,");
+ string_equals("C=", "C=, ");
+ string_equals("C=", "C= , ");
+ string_equals("C=, O=strongSwan", "C=, O=strongSwan");
+ string_equals("C=CH, O=", "C=CH, O=");
+ string_equals("C=CH, O=strongSwan, CN=strongswan.org",
+ "C=CH, O=strongSwan, CN=strongswan.org");
+ string_equals("CN=strongswan.org, O=strongSwan, C=CH",
+ "cn=strongswan.org, o=strongSwan, c=CH");
+ string_equals("C=CH, O=strongSwan, CN=strongswan.org",
+ "C=CH,O=strongSwan,CN=strongswan.org");
+ string_equals("C=CH, O=strongSwan, CN=strongswan.org",
+ "/C=CH/O=strongSwan/CN=strongswan.org");
+ string_equals("CN=strongswan.org, O=strongSwan, C=CH",
+ "CN=strongswan.org,O=strongSwan,C=CH");
+
+ string_equals("C=CH, E=moon at strongswan.org, CN=moon",
+ "C=CH, email=moon at strongswan.org, CN=moon");
+ string_equals("C=CH, E=moon at strongswan.org, CN=moon",
+ "C=CH, emailAddress=moon at strongswan.org, CN=moon");
+
+ /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
+ string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN,
+ chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
+ 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
+ 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
+ /* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
+ string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
+ chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
+ 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x11, 0x05,
+ 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x73, 0x74, 0x72,
+ 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e)));
+ /* moon at strongswan.org as GN */
+ string_equals_id("(ASN.1 general name)", identification_create_from_encoding(ID_DER_ASN1_GN,
+ chunk_from_chars(0x81, 0x14, 0x6d, 0x6f, 0x6f, 0x6e, 0x40, 0x73, 0x74,
+ 0x72, 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
+ 0x6f, 0x72, 0x67)));
+}
+END_TEST
+
+START_TEST(test_printf_hook_width)
+{
+ identification_t *a;
+ char buf[128];
+
+ a = identification_create_from_string("moon at strongswan.org");
+ snprintf(buf, sizeof(buf), "%25Y", a);
+ ck_assert_str_eq(" moon at strongswan.org", buf);
+ snprintf(buf, sizeof(buf), "%-*Y", 25, a);
+ ck_assert_str_eq("moon at strongswan.org ", buf);
+ snprintf(buf, sizeof(buf), "%5Y", a);
+ ck_assert_str_eq("moon at strongswan.org", buf);
+ DESTROY_IF(a);
+}
+END_TEST
+
+/*******************************************************************************
+ * equals
+ */
+
+static bool id_equals(identification_t *a, char *b_str)
+{
+ identification_t *b;
+ bool equals;
+
+ b = identification_create_from_string(b_str);
+ equals = a->equals(a, b);
+ ck_assert_int_eq(equals, b->equals(b, a));
+ b->destroy(b);
+ return equals;
+}
+
+START_TEST(test_equals)
+{
+ identification_t *a;
+ chunk_t encoding, fuzzed;
+ int i;
+
+ /* this test also tests identification_create_from_string with DNs */
+ a = identification_create_from_string(
+ "C=CH, E=moon at strongswan.org, CN=moon");
+
+ ck_assert(id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
+ ck_assert(id_equals(a, "C==CH, E==moon at strongswan.org,,, CN==moon"));
+ ck_assert(id_equals(a, " C=CH, E=moon at strongswan.org, CN=moon "));
+ ck_assert(id_equals(a, "C=ch, E=moon at STRONGSWAN.ORG, CN=Moon"));
+ ck_assert(id_equals(a, "/C=CH/E=moon at strongswan.org/CN=moon"));
+ ck_assert(id_equals(a, "C=CH/E=moon at strongswan.org/CN=moon"));
+ ck_assert(id_equals(a, "C=CH/E=moon at strongswan.org,CN=moon"));
+ ck_assert(id_equals(a, "C=CH / E=moon at strongswan.org , CN=moon"));
+
+ ck_assert(!id_equals(a, "C=CH E=moon at strongswan.org CN=moon"));
+ ck_assert(!id_equals(a, "C=CN, E=moon at strongswan.org, CN=moon"));
+ ck_assert(!id_equals(a, "E=moon at strongswan.org, C=CH, CN=moon"));
+ ck_assert(!id_equals(a, "E=moon at strongswan.org, C=CH, CN=moon"));
+
+ encoding = chunk_clone(a->get_encoding(a));
+ a->destroy(a);
+
+ /* simple fuzzing, increment each byte of encoding */
+ for (i = 0; i < encoding.len; i++)
+ {
+ if (i == 11 || i == 30 || i == 60)
+ { /* skip ASN.1 type fields, as equals() handles them graceful */
+ continue;
+ }
+ fuzzed = chunk_clone(encoding);
+ fuzzed.ptr[i]++;
+ a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
+ if (id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"))
+ {
+ printf("%d %B\n%B\n", i, &fuzzed, &encoding);
+ }
+ ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
+ a->destroy(a);
+ free(fuzzed.ptr);
+ }
+
+ /* and decrement each byte of encoding */
+ for (i = 0; i < encoding.len; i++)
+ {
+ if (i == 11 || i == 30 || i == 60)
+ {
+ continue;
+ }
+ fuzzed = chunk_clone(encoding);
+ fuzzed.ptr[i]--;
+ a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
+ ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
+ a->destroy(a);
+ free(fuzzed.ptr);
+ }
+ free(encoding.ptr);
+}
+END_TEST
+
+START_TEST(test_equals_any)
+{
+ identification_t *a, *b;
+
+ a = identification_create_from_string("%any");
+ b = identification_create_from_encoding(ID_ANY, chunk_empty);
+ ck_assert(a->equals(a, b));
+ ck_assert(b->equals(b, a));
+ b->destroy(b);
+
+ b = identification_create_from_string("C=CH, O=strongSwan, CN=strongswan.org");
+ ck_assert(!a->equals(a, b));
+ ck_assert(!b->equals(b, a));
+ a->destroy(a);
+ b->destroy(b);
+}
+END_TEST
+
+START_TEST(test_equals_binary)
+{
+ identification_t *a, *b;
+ chunk_t encoding;
+
+ encoding = chunk_from_str("foobar=");
+ /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
+ a = identification_create_from_string("foobar=");
+ ck_assert(a->get_type(a) == ID_KEY_ID);
+ b = identification_create_from_encoding(ID_KEY_ID, encoding);
+ ck_assert(a->equals(a, b));
+ a->destroy(a);
+ b->destroy(b);
+}
+END_TEST
+
+START_TEST(test_equals_fqdn)
+{
+ identification_t *a;
+
+ a = identification_create_from_string("ipsec.strongswan.org");
+ ck_assert(id_equals(a, "IPSEC.strongswan.org"));
+ ck_assert(id_equals(a, "ipsec.strongSwan.org"));
+ ck_assert(id_equals(a, "ipsec.strongSwan.ORG"));
+ ck_assert(!id_equals(a, "strongswan.org"));
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_equals_empty)
+{
+ identification_t *a;
+
+ a = identification_create_from_encoding(_i, chunk_empty);
+
+ switch (_i)
+ {
+ case ID_ANY:
+ ck_assert(id_equals(a, "%any"));
+ break;
+ case ID_IPV4_ADDR:
+ ck_assert(!id_equals(a, "192.168.1.1"));
+ break;
+ case ID_FQDN:
+ ck_assert(!id_equals(a, "moon.strongswan.org"));
+ break;
+ case ID_USER_FQDN:
+ ck_assert(!id_equals(a, "moon at strongswan.org"));
+ break;
+ case ID_IPV6_ADDR:
+ ck_assert(!id_equals(a, "fec0::1"));
+ break;
+ case ID_DER_ASN1_DN:
+ ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
+ break;
+ case ID_KEY_ID:
+ ck_assert(!id_equals(a, "@#12345678"));
+ break;
+ case ID_DER_ASN1_GN:
+ case ID_IPV4_ADDR_SUBNET:
+ case ID_IPV6_ADDR_SUBNET:
+ case ID_IPV4_ADDR_RANGE:
+ case ID_IPV6_ADDR_RANGE:
+ /* currently not tested */
+ break;
+ }
+
+ a->destroy(a);
+}
+END_TEST
+
+/*******************************************************************************
+ * matches
+ */
+
+static bool id_matches(identification_t *a, char *b_str, id_match_t expected)
+{
+ identification_t *b;
+ id_match_t match;
+
+ b = identification_create_from_string(b_str);
+ match = a->matches(a, b);
+ b->destroy(b);
+ return match == expected;
+}
+
+START_TEST(test_matches)
+{
+ identification_t *a;
+
+ a = identification_create_from_string("C=CH, E=moon at strongswan.org, CN=moon");
+
+ ck_assert(id_matches(a, "C=CH, E=moon at strongswan.org, CN=moon", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 1));
+ ck_assert(id_matches(a, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 2));
+ ck_assert(id_matches(a, "C=*, E=*, CN=*, O=BADInc", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "C=*, E=*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "C=*, E=a at b.c, CN=*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_matches_any)
+{
+ identification_t *a;
+
+ a = identification_create_from_string("%any");
+
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "*", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_NONE));
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_matches_binary)
+{
+ identification_t *a;
+
+ /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
+ a = identification_create_from_string("foo=bar");
+ ck_assert(a->get_type(a) == ID_KEY_ID);
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "foo=bar", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "bar=foo", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*=bar", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo=*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo at bar", ID_MATCH_NONE));
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_matches_string)
+{
+ identification_t *a;
+
+ a = identification_create_from_string("moon at strongswan.org");
+
+ ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "*@strongswan.org", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "*@*.org", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*@*", ID_MATCH_NONE));
+ /* the following two are parsed as ID_FQDN, so no match */
+ ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*.org", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "moon@*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "**", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ a->destroy(a);
+
+ a = identification_create_from_string("vpn.strongswan.org");
+
+ ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "*.strongswan.org", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "*.org", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "*.strongswan.*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*vpn.strongswan.org", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "vpn.strongswan.*", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "**", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "*", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ a->destroy(a);
+}
+END_TEST
+
+START_TEST(test_matches_empty)
+{
+ identification_t *a;
+
+ a = identification_create_from_encoding(_i, chunk_empty);
+
+ switch (_i)
+ {
+ case ID_ANY:
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ break;
+ case ID_IPV4_ADDR:
+ ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_NONE));
+ break;
+ case ID_FQDN:
+ ck_assert(id_matches(a, "moon.strongswan.org", ID_MATCH_NONE));
+ break;
+ case ID_USER_FQDN:
+ ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_NONE));
+ break;
+ case ID_IPV6_ADDR:
+ ck_assert(id_matches(a, "fec0::1", ID_MATCH_NONE));
+ break;
+ case ID_DER_ASN1_DN:
+ ck_assert(id_matches(a, "C=CH, E=moon at strongswan.org, CN=moon",
+ ID_MATCH_NONE));
+ break;
+ case ID_KEY_ID:
+ ck_assert(id_matches(a, "@#12345678", ID_MATCH_NONE));
+ break;
+ case ID_DER_ASN1_GN:
+ case ID_IPV4_ADDR_SUBNET:
+ case ID_IPV6_ADDR_SUBNET:
+ case ID_IPV4_ADDR_RANGE:
+ case ID_IPV6_ADDR_RANGE:
+ /* currently not tested */
+ break;
+ }
+
+ a->destroy(a);
+}
+END_TEST
+
+static bool id_matches_rev(identification_t *a, char *b_str, id_match_t expected)
+{
+ identification_t *b;
+ id_match_t match;
+
+ b = identification_create_from_string(b_str);
+ match = b->matches(b, a);
+ b->destroy(b);
+ return match == expected;
+}
+
+START_TEST(test_matches_empty_reverse)
+{
+ identification_t *a;
+
+ a = identification_create_from_encoding(_i, chunk_empty);
+
+ switch (_i)
+ {
+ case ID_ANY:
+ ck_assert(id_matches_rev(a, "%any", ID_MATCH_ANY));
+ break;
+ case ID_IPV4_ADDR:
+ ck_assert(id_matches_rev(a, "192.168.1.1", ID_MATCH_NONE));
+ break;
+ case ID_FQDN:
+ ck_assert(id_matches_rev(a, "moon.strongswan.org", ID_MATCH_NONE));
+ break;
+ case ID_USER_FQDN:
+ ck_assert(id_matches_rev(a, "moon at strongswan.org", ID_MATCH_NONE));
+ break;
+ case ID_IPV6_ADDR:
+ ck_assert(id_matches_rev(a, "fec0::1", ID_MATCH_NONE));
+ break;
+ case ID_DER_ASN1_DN:
+ ck_assert(id_matches_rev(a, "C=CH, E=moon at strongswan.org, CN=moon",
+ ID_MATCH_NONE));
+ break;
+ case ID_KEY_ID:
+ ck_assert(id_matches_rev(a, "@#12345678", ID_MATCH_NONE));
+ break;
+ case ID_DER_ASN1_GN:
+ case ID_IPV4_ADDR_SUBNET:
+ case ID_IPV6_ADDR_SUBNET:
+ case ID_IPV4_ADDR_RANGE:
+ case ID_IPV6_ADDR_RANGE:
+ /* currently not tested */
+ break;
+ }
+
+ a->destroy(a);
+}
+END_TEST
+
+/*******************************************************************************
+ * identification part enumeration
+ */
+
+START_TEST(test_parts)
+{
+ identification_t *id;
+ enumerator_t *enumerator;
+ id_part_t part;
+ chunk_t data;
+ int i = 0;
+
+ id = identification_create_from_string("C=CH, O=strongSwan, CN=tester");
+
+ enumerator = id->create_part_enumerator(id);
+ while (enumerator->enumerate(enumerator, &part, &data))
+ {
+ switch (i++)
+ {
+ case 0:
+ ck_assert(part == ID_PART_RDN_C &&
+ chunk_equals(data, chunk_create("CH", 2)));
+ break;
+ case 1:
+ ck_assert(part == ID_PART_RDN_O &&
+ chunk_equals(data, chunk_from_str("strongSwan")));
+ break;
+ case 2:
+ ck_assert(part == ID_PART_RDN_CN &&
+ chunk_equals(data, chunk_from_str("tester")));
+ break;
+ default:
+ fail("unexpected identification part %d", part);
+ }
+ }
+ ck_assert_int_eq(i, 3);
+ enumerator->destroy(enumerator);
+ id->destroy(id);
+}
+END_TEST
+
+/*******************************************************************************
+ * wildcards
+ */
+
+static bool id_contains_wildcards(char *string)
+{
+ identification_t *id;
+ bool contains;
+
+ id = identification_create_from_string(string);
+ contains = id->contains_wildcards(id);
+ id->destroy(id);
+ return contains;
+}
+
+START_TEST(test_contains_wildcards)
+{
+ ck_assert(id_contains_wildcards("%any"));
+ ck_assert(id_contains_wildcards("C=*, O=strongSwan, CN=gw"));
+ ck_assert(id_contains_wildcards("C=CH, O=strongSwan, CN=*"));
+ ck_assert(id_contains_wildcards("*@strongswan.org"));
+ ck_assert(id_contains_wildcards("*.strongswan.org"));
+ ck_assert(!id_contains_wildcards("C=**, O=a*, CN=*a"));
+}
+END_TEST
+
+/*******************************************************************************
+ * clone
+ */
+
+START_TEST(test_clone)
+{
+ identification_t *a, *b;
+ chunk_t a_enc, b_enc;
+
+ a = identification_create_from_string("moon at strongswan.org");
+ a_enc = a->get_encoding(a);
+ b = a->clone(a);
+ ck_assert(b != NULL);
+ ck_assert(a != b);
+ b_enc = b->get_encoding(b);
+ ck_assert(a_enc.ptr != b_enc.ptr);
+ ck_assert(chunk_equals(a_enc, b_enc));
+ a->destroy(a);
+ b->destroy(b);
+}
+END_TEST
+
+Suite *identification_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("identification");
+
+ tc = tcase_create("create");
+ tcase_add_test(tc, test_from_encoding);
+ tcase_add_test(tc, test_from_data);
+ tcase_add_test(tc, test_from_sockaddr);
+ tcase_add_loop_test(tc, test_from_string, 0, countof(string_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("printf_hook");
+ tcase_add_test(tc, test_printf_hook);
+ tcase_add_test(tc, test_printf_hook_width);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("equals");
+ tcase_add_test(tc, test_equals);
+ tcase_add_test(tc, test_equals_any);
+ tcase_add_test(tc, test_equals_binary);
+ tcase_add_test(tc, test_equals_fqdn);
+ tcase_add_loop_test(tc, test_equals_empty, ID_ANY, ID_KEY_ID + 1);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("matches");
+ tcase_add_test(tc, test_matches);
+ tcase_add_test(tc, test_matches_any);
+ tcase_add_test(tc, test_matches_binary);
+ tcase_add_test(tc, test_matches_string);
+ tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
+ tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("part enumeration");
+ tcase_add_test(tc, test_parts);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wildcards");
+ tcase_add_test(tc, test_contains_wildcards);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("clone");
+ tcase_add_test(tc, test_clone);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c
new file mode 100644
index 0000000..922f954
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_linked_list.c
@@ -0,0 +1,390 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <collections/linked_list.h>
+
+/*******************************************************************************
+ * test fixture
+ */
+
+static linked_list_t *list;
+
+START_SETUP(setup_list)
+{
+ void *x = NULL;
+
+ list = linked_list_create();
+ ck_assert_int_eq(list->get_count(list), 0);
+ ck_assert(list->get_first(list, &x) == NOT_FOUND);
+ ck_assert(list->get_last(list, &x) == NOT_FOUND);
+}
+END_SETUP
+
+START_TEARDOWN(teardown_list)
+{
+ list->destroy(list);
+}
+END_TEARDOWN
+
+/*******************************************************************************
+ * insert first/last
+ */
+
+START_TEST(test_insert_first)
+{
+ void *a = (void*)1, *b = (void*)2, *x = NULL;
+
+ list->insert_first(list, a);
+ ck_assert_int_eq(list->get_count(list), 1);
+ ck_assert(list->get_first(list, &x) == SUCCESS);
+ ck_assert(x == a);
+ ck_assert(list->get_last(list, &x) == SUCCESS);
+ ck_assert(x == a);
+
+ list->insert_first(list, b);
+ ck_assert_int_eq(list->get_count(list), 2);
+ ck_assert(list->get_first(list, &x) == SUCCESS);
+ ck_assert(x == b);
+ ck_assert(list->get_last(list, &x) == SUCCESS);
+ ck_assert(x == a);
+}
+END_TEST
+
+START_TEST(test_insert_last)
+{
+ void *a = (void*)1, *b = (void*)2, *x = NULL;
+
+ list->insert_last(list, a);
+ ck_assert_int_eq(list->get_count(list), 1);
+ ck_assert(list->get_first(list, &x) == SUCCESS);
+ ck_assert(x == a);
+ ck_assert(list->get_last(list, &x) == SUCCESS);
+ ck_assert(x == a);
+
+ list->insert_last(list, b);
+ ck_assert_int_eq(list->get_count(list), 2);
+ ck_assert(list->get_first(list, &x) == SUCCESS);
+ ck_assert(x == a);
+ ck_assert(list->get_last(list, &x) == SUCCESS);
+ ck_assert(x == b);
+}
+END_TEST
+
+/*******************************************************************************
+ * remove first/last
+ */
+
+START_TEST(test_remove_first)
+{
+ void *a = (void*)1, *b = (void*)2, *x = NULL;
+
+ list->insert_first(list, a);
+ list->insert_first(list, b);
+ ck_assert(list->remove_first(list, &x) == SUCCESS);
+ ck_assert_int_eq(list->get_count(list), 1);
+ ck_assert(x == b);
+ ck_assert(list->remove_first(list, &x) == SUCCESS);
+ ck_assert_int_eq(list->get_count(list), 0);
+ ck_assert(x == a);
+ ck_assert(list->remove_first(list, &x) == NOT_FOUND);
+ ck_assert(list->remove_last(list, &x) == NOT_FOUND);
+}
+END_TEST
+
+START_TEST(test_remove_last)
+{
+ void *a = (void*)1, *b = (void*)2, *x = NULL;
+
+ list->insert_first(list, a);
+ list->insert_first(list, b);
+ ck_assert(list->remove_last(list, &x) == SUCCESS);
+ ck_assert_int_eq(list->get_count(list), 1);
+ ck_assert(x == a);
+ ck_assert(list->remove_last(list, &x) == SUCCESS);
+ ck_assert_int_eq(list->get_count(list), 0);
+ ck_assert(x == b);
+ ck_assert(list->remove_first(list, &x) == NOT_FOUND);
+ ck_assert(list->remove_last(list, &x) == NOT_FOUND);
+}
+END_TEST
+
+/*******************************************************************************
+ * helper function for remove and find tests
+ */
+
+static bool match_a(void *item, void *a)
+{
+ ck_assert(a == (void*)1);
+ return item == a;
+}
+
+static bool match_b(void *item, void *b)
+{
+ ck_assert(b == (void*)2);
+ return item == b;
+}
+
+/*******************************************************************************
+ * remove
+ */
+
+START_TEST(test_remove)
+{
+ void *a = (void*)1, *b = (void*)2;
+
+ list->insert_first(list, a);
+ ck_assert(list->remove(list, a, NULL) == 1);
+ ck_assert_int_eq(list->get_count(list), 0);
+
+ list->insert_last(list, a);
+ list->insert_last(list, a);
+ list->insert_last(list, a);
+ list->insert_last(list, b);
+ ck_assert(list->remove(list, a, NULL) == 3);
+ ck_assert(list->remove(list, a, NULL) == 0);
+ ck_assert_int_eq(list->get_count(list), 1);
+ ck_assert(list->remove(list, b, NULL) == 1);
+ ck_assert(list->remove(list, b, NULL) == 0);
+}
+END_TEST
+
+START_TEST(test_remove_callback)
+{
+ void *a = (void*)1, *b = (void*)2;
+
+ list->insert_last(list, a);
+ list->insert_last(list, b);
+ list->insert_last(list, a);
+ list->insert_last(list, b);
+ ck_assert(list->remove(list, a, match_a) == 2);
+ ck_assert(list->remove(list, a, match_a) == 0);
+ ck_assert_int_eq(list->get_count(list), 2);
+ ck_assert(list->remove(list, b, match_b) == 2);
+ ck_assert(list->remove(list, b, match_b) == 0);
+ ck_assert_int_eq(list->get_count(list), 0);
+}
+END_TEST
+
+/*******************************************************************************
+ * find
+ */
+
+static bool match_a_b(void *item, void *a, void *b)
+{
+ ck_assert(a == (void*)1);
+ ck_assert(b == (void*)2);
+ return item == a || item == b;
+}
+
+START_TEST(test_find)
+{
+ void *a = (void*)1, *b = (void*)2;
+
+ ck_assert(list->find_first(list, NULL, &a) == NOT_FOUND);
+ list->insert_last(list, a);
+ ck_assert(list->find_first(list, NULL, &a) == SUCCESS);
+ ck_assert(list->find_first(list, NULL, &b) == NOT_FOUND);
+ list->insert_last(list, b);
+ ck_assert(list->find_first(list, NULL, &a) == SUCCESS);
+ ck_assert(list->find_first(list, NULL, &b) == SUCCESS);
+
+ ck_assert(list->find_first(list, NULL, NULL) == NOT_FOUND);
+}
+END_TEST
+
+START_TEST(test_find_callback)
+{
+ void *a = (void*)1, *b = (void*)2, *x = NULL;
+
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == NOT_FOUND);
+ list->insert_last(list, a);
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a, NULL, a) == SUCCESS);
+ x = NULL;
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS);
+ ck_assert(a == x);
+ ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == NOT_FOUND);
+ ck_assert(a == x);
+ x = NULL;
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS);
+ ck_assert(a == x);
+
+ list->insert_last(list, b);
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS);
+ ck_assert(a == x);
+ ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == SUCCESS);
+ ck_assert(b == x);
+ x = NULL;
+ ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS);
+ ck_assert(a == x);
+}
+END_TEST
+
+/*******************************************************************************
+ * invoke
+ */
+
+typedef struct invoke_t invoke_t;
+
+struct invoke_t {
+ int val;
+ void (*invoke)(invoke_t *item, void *a, void *b, void *c, void *d, int *sum);
+};
+
+static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum)
+{
+ ck_assert_int_eq((uintptr_t)a, 1);
+ ck_assert_int_eq((uintptr_t)b, 2);
+ ck_assert_int_eq((uintptr_t)c, 3);
+ ck_assert_int_eq((uintptr_t)d, 4);
+ *sum += item;
+}
+
+static void invoke_offset(invoke_t *item, void *a, void *b, void *c, void *d, int *sum)
+{
+ invoke(item->val, a, b, c, d, sum);
+}
+
+START_TEST(test_invoke_function)
+{
+ int sum = 0;
+
+ list->insert_last(list, (void*)1);
+ list->insert_last(list, (void*)2);
+ list->insert_last(list, (void*)3);
+ list->insert_last(list, (void*)4);
+ list->insert_last(list, (void*)5);
+ list->invoke_function(list, (linked_list_invoke_t)invoke,
+ (uintptr_t)1, (uintptr_t)2,
+ (uintptr_t)3, (uintptr_t)4, &sum);
+ ck_assert_int_eq(sum, 15);
+}
+END_TEST
+
+START_TEST(test_invoke_offset)
+{
+ invoke_t items[] = {
+ { .val = 1, .invoke = invoke_offset, },
+ { .val = 2, .invoke = invoke_offset, },
+ { .val = 3, .invoke = invoke_offset, },
+ { .val = 4, .invoke = invoke_offset, },
+ { .val = 5, .invoke = invoke_offset, },
+ };
+ int i, sum = 0;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ list->invoke_offset(list, offsetof(invoke_t, invoke),
+ (uintptr_t)1, (uintptr_t)2,
+ (uintptr_t)3, (uintptr_t)4, &sum);
+ ck_assert_int_eq(sum, 15);
+}
+END_TEST
+
+/*******************************************************************************
+ * clone
+ */
+
+typedef struct clone_t clone_t;
+
+struct clone_t {
+ void *val;
+ void *(*clone)(clone_t *item);
+};
+
+static void *clonefn(clone_t *item)
+{
+ return item->val;
+}
+
+static void test_clone(linked_list_t *list)
+{
+ intptr_t x;
+ int round = 1;
+
+ ck_assert_int_eq(list->get_count(list), 5);
+ while (list->remove_first(list, (void*)&x) == SUCCESS)
+ {
+ ck_assert_int_eq(round, x);
+ round++;
+ }
+ ck_assert_int_eq(round, 6);
+}
+
+START_TEST(test_clone_offset)
+{
+ linked_list_t *other;
+ clone_t items[] = {
+ { .val = (void*)1, .clone = clonefn, },
+ { .val = (void*)2, .clone = clonefn, },
+ { .val = (void*)3, .clone = clonefn, },
+ { .val = (void*)4, .clone = clonefn, },
+ { .val = (void*)5, .clone = clonefn, },
+ };
+ int i;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ other = list->clone_offset(list, offsetof(clone_t, clone));
+ test_clone(other);
+ other->destroy(other);
+}
+END_TEST
+
+Suite *linked_list_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("linked list");
+
+ tc = tcase_create("insert/get");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_insert_first);
+ tcase_add_test(tc, test_insert_last);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("remove");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_remove_first);
+ tcase_add_test(tc, test_remove_last);
+ tcase_add_test(tc, test_remove);
+ tcase_add_test(tc, test_remove_callback);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("find");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_find);
+ tcase_add_test(tc, test_find_callback);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("invoke");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_invoke_function);
+ tcase_add_test(tc, test_invoke_offset);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("clone");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_clone_offset);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
similarity index 100%
rename from src/libstrongswan/tests/test_linked_list_enumerator.c
rename to src/libstrongswan/tests/suites/test_linked_list_enumerator.c
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
new file mode 100644
index 0000000..a46f574
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -0,0 +1,1042 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/test_rng.h>
+#include <plugins/ntru/ntru_drbg.h>
+#include <plugins/ntru/ntru_mgf1.h>
+#include <plugins/ntru/ntru_trits.h>
+#include <plugins/ntru/ntru_poly.h>
+#include <utils/test.h>
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
+ u_int32_t strength, chunk_t pers_str, rng_t *entropy)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*,
+ hash_algorithm_t alg, chunk_t seed, bool hash_seed)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
+ size_t len, hash_algorithm_t alg, chunk_t seed)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
+ hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
+ uint16_t N, uint16_t q, uint32_t indices_len_p,
+ uint32_t indices_len_m, bool is_product_form)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
+ u_int16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p, uint32_t indices_len_m,
+ bool is_product_form)
+
+/**
+ * NTRU parameter sets to test
+ */
+static struct {
+ diffie_hellman_group_t group;
+ char *group_name;
+} params[] = {
+ { NTRU_112_BIT, "NTRU_112" },
+ { NTRU_128_BIT, "NTRU_128" },
+ { NTRU_192_BIT, "NTRU_192" },
+ { NTRU_256_BIT, "NTRU_256" }
+};
+
+/**
+ * NTRU parameter set selection
+ */
+char *parameter_sets[] = {
+ "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
+};
+
+typedef struct {
+ u_int32_t requested;
+ u_int32_t standard;
+}strength_t;
+
+strength_t strengths[] = {
+ { 80, 112 },
+ { 112, 112 },
+ { 120, 128 },
+ { 128, 128 },
+ { 150, 192 },
+ { 192, 192 },
+ { 200, 256 },
+ { 256, 256 },
+ { 512, 0 }
+};
+
+START_TEST(test_ntru_drbg_strength)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+
+ entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ ck_assert(entropy != NULL);
+
+ drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
+ if (strengths[_i].standard)
+ {
+ ck_assert(drbg != NULL);
+ ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
+ drbg->destroy(drbg);
+ }
+ else
+ {
+ ck_assert(drbg == NULL);
+ }
+ entropy->destroy(entropy);
+}
+END_TEST
+
+typedef struct {
+ chunk_t pers_str;
+ chunk_t entropy;
+ chunk_t out;
+} drbg_test_t;
+
+/**
+ * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
+ */
+drbg_test_t drbg_tests[] = {
+ /* SHA-256 test case 1 - count 0 */
+ { { NULL, 0 },
+ chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
+ 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
+ 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
+ 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
+ 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
+ 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
+ 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
+ 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
+ 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
+ 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
+ chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
+ 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
+ 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
+ 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
+ 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
+ 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
+ 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
+ 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
+ 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
+ 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
+ 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
+ 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
+ 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
+ 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
+ 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
+ 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
+ },
+ /* SHA-256 test case 3 - count 0 */
+ { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
+ 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
+ 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
+ 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
+ chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
+ 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
+ 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
+ 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
+ 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
+ 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
+ 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
+ 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
+ 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
+ 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
+ chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
+ 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
+ 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
+ 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
+ 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
+ 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
+ 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
+ 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
+ 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
+ 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
+ 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
+ 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
+ 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
+ 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
+ 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
+ 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
+ },
+ /* SHA-256 test case 5 - count 0 */
+ { { NULL, 0 },
+ chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
+ 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
+ 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
+ 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
+ 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
+ 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
+ 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
+ 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
+ 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
+ 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
+ chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
+ 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
+ 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
+ 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
+ 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
+ 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
+ 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
+ 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
+ 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
+ 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
+ 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
+ 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
+ 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
+ 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
+ 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
+ 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
+ },
+ /* SHA-256 test case 7 - count 0 */
+ { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
+ 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
+ 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
+ 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
+ chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
+ 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
+ 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
+ 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
+ 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
+ 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
+ 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
+ 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
+ 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
+ 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
+ chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
+ 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
+ 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
+ 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
+ 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
+ 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
+ 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
+ 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
+ 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
+ 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
+ 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
+ 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
+ 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
+ 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
+ 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
+ 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
+ }
+};
+
+START_TEST(test_ntru_drbg)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+ chunk_t out;
+
+ out = chunk_alloc(128);
+ entropy = test_rng_create(drbg_tests[_i].entropy);
+ drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
+ ck_assert(drbg != NULL);
+ ck_assert(drbg->reseed(drbg));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(chunk_equals(out, drbg_tests[_i].out));
+ drbg->destroy(drbg);
+ entropy->destroy(entropy);
+ chunk_free(&out);
+}
+END_TEST
+
+START_TEST(test_ntru_drbg_reseed)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+ chunk_t out;
+
+ lib->settings->set_int(lib->settings,
+ "libstrongswan.plugins.ntru.max_drbg_requests", 2);
+ out = chunk_alloc(128);
+ entropy = test_rng_create(drbg_tests[0].entropy);
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+
+ /* bad output parameters */
+ ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
+ ck_assert(!drbg->generate(drbg, 256, 128, NULL));
+
+ /* no reseeding occurs */
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+
+ /* consuming remaining entropy */
+ ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
+
+ /* no entropy available for automatic reseeding */
+ ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
+ drbg->destroy(drbg);
+
+ /* no entropy available for DRBG instantiation */
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+ ck_assert(drbg == NULL);
+ entropy->destroy(entropy);
+
+ /* one automatic reseeding occurs */
+ entropy = test_rng_create(drbg_tests[0].entropy);
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+
+ /* no entropy left */
+ ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
+
+ drbg->destroy(drbg);
+ entropy->destroy(entropy);
+ chunk_free(&out);
+ lib->settings->set_int(lib->settings,
+ "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
+}
+END_TEST
+
+typedef struct {
+ uint8_t c_bits;
+ uint16_t N;
+ uint16_t q;
+ bool is_product_form;
+ uint32_t indices_len;
+ uint32_t indices_size;
+ uint16_t *indices;
+} poly_test_t;
+
+typedef struct {
+ hash_algorithm_t alg;
+ size_t hash_size;
+ size_t ml1, ml2, ml3, seed_len;
+ chunk_t seed;
+ chunk_t hashed_seed;
+ chunk_t mask;
+ chunk_t trits;
+ poly_test_t poly_test[2];
+} mgf1_test_t;
+
+uint16_t indices_ees439ep1[] = {
+ 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
+ 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
+ 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
+};
+
+uint16_t indices_ees613ep1[] = {
+ 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
+ 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
+ 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
+ 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
+ 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
+ 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
+ 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
+ 283, 268, 54, 539, 5
+};
+
+uint16_t indices_ees743ep1[] = {
+ 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
+ 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
+ 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
+ 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
+ 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
+};
+
+uint16_t indices_ees1171ep1[] = {
+ 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
+ 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
+ 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
+ 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
+ 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
+ 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
+ 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
+ 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
+ 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
+ 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
+ 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
+ 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
+ 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
+ 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
+ 536, 191
+};
+
+/**
+ * MGF1 Mask Generation Function Test Vectors
+ */
+mgf1_test_t mgf1_tests[] = {
+ { HASH_SHA1, 20, 60, 20, 15, 24,
+ chunk_from_chars(
+ 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
+ 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
+ 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
+ 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
+ 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
+ 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
+ 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
+ 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
+ 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
+ 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
+ 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
+ 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
+ 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
+ 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
+ chunk_from_chars(
+ 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7,
+ 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0,
+ 0x21, 0xC4, 0x90, 0xB6),
+ chunk_from_chars(
+ 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E,
+ 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1,
+ 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46,
+ 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1,
+ 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16,
+ 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D,
+ 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10,
+ 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29,
+ 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1,
+ 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B,
+ 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66,
+ 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D,
+ 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C,
+ 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92,
+ 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14),
+ chunk_from_chars(
+ 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
+ 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
+ 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
+ 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
+ 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
+ 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
+ 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
+ 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
+ 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
+ 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
+ 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
+ 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
+ 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
+ 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
+ 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
+ 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
+ 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
+ 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
+ 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
+ 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
+ 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
+ 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
+ {
+ { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
+ countof(indices_ees439ep1), indices_ees439ep1
+ },
+ { 11, 613, 2048, FALSE, 55,
+ countof(indices_ees613ep1), indices_ees613ep1
+ }
+ }
+ },
+ { HASH_SHA256, 32, 64, 32, 33, 40,
+ chunk_from_chars(
+ 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
+ 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
+ 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
+ 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
+ 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
+ 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
+ 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
+ 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
+ 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
+ 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
+ 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
+ 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
+ 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
+ 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
+ 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
+ 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
+ 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
+ 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
+ 0x54, 0xEE, 0x20, 0xF0, 0x80),
+ chunk_from_chars(
+ 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D,
+ 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB,
+ 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C,
+ 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28),
+ chunk_from_chars(
+ 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A,
+ 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46,
+ 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F,
+ 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A,
+ 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6,
+ 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5,
+ 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC,
+ 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13,
+ 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B,
+ 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07,
+ 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92,
+ 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08,
+ 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6,
+ 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC,
+ 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA,
+ 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD,
+ 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3,
+ 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6,
+ 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95,
+ 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42),
+ chunk_from_chars(
+ 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
+ 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
+ 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
+ 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
+ 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
+ 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
+ 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
+ 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
+ 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
+ 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
+ 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
+ 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
+ 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
+ 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
+ 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
+ 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
+ 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
+ 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
+ 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
+ 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
+ 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
+ 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
+ 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
+ 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
+ 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
+ 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
+ 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
+ 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
+ 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
+ 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
+ {
+ { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
+ countof(indices_ees743ep1), indices_ees743ep1
+ },
+ { 12, 1171, 2048, FALSE, 106,
+ countof(indices_ees1171ep1), indices_ees1171ep1
+ }
+ }
+ }
+};
+
+START_TEST(test_ntru_mgf1)
+{
+ ntru_mgf1_t *mgf1;
+ chunk_t mask, mask1, mask2, mask3;
+
+ mask1 = mgf1_tests[_i].mask;
+ mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1);
+ mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2);
+ mask1.len = mgf1_tests[_i].ml1;
+ mask2.len = mgf1_tests[_i].ml2;
+ mask3.len = mgf1_tests[_i].ml3;
+
+ mgf1 = ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1 == NULL);
+
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
+ ck_assert(mgf1 == NULL);
+
+ /* return mask in allocated chunk */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1);
+
+ /* check hash size */
+ ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
+
+ /* get zero number of octets */
+ ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
+ ck_assert(mask.len == 0 && mask.ptr == NULL);
+
+ /* get non-zero number of octets */
+ ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
+ ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
+ mgf1->destroy(mgf1);
+
+ /* copy mask to pre-allocated buffer */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1);
+ ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
+ ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
+ mgf1->destroy(mgf1);
+
+ /* get mask in batches without hashing the seed */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
+ ck_assert(mgf1);
+
+ /* first batch */
+ ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
+ mask.len = mask1.len;
+ ck_assert(chunk_equals(mask, mask1));
+
+ /* second batch */
+ ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
+ mask.len = mask2.len;
+ ck_assert(chunk_equals(mask, mask2));
+
+ /* third batch */
+ ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
+ mask.len = mask3.len;
+ ck_assert(chunk_equals(mask, mask3));
+
+ mgf1->destroy(mgf1);
+ chunk_free(&mask);
+}
+END_TEST
+
+START_TEST(test_ntru_trits)
+{
+ ntru_trits_t *mask;
+ chunk_t trits;
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN,
+ mgf1_tests[_i].seed);
+ ck_assert(mask == NULL);
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
+ chunk_empty);
+ ck_assert(mask == NULL);
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
+ mgf1_tests[_i].seed);
+ ck_assert(mask);
+
+ trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
+ ck_assert(chunk_equals(trits, mgf1_tests[_i].trits));
+ mask->destroy(mask);
+
+ /* generate a multiple of 5 trits */
+ mask = ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed);
+ ck_assert(mask);
+
+ trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
+ ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10)));
+ mask->destroy(mask);
+}
+END_TEST
+
+START_TEST(test_ntru_poly)
+{
+ ntru_poly_t *poly;
+ uint16_t *indices;
+ chunk_t seed;
+ poly_test_t *p;
+ int j, n;
+
+ seed = mgf1_tests[_i].seed;
+ seed.len = mgf1_tests[_i].seed_len;
+
+ p = &mgf1_tests[_i].poly_test[0];
+ poly = ntru_poly_create_from_seed(HASH_UNKNOWN, seed, p->c_bits, p->N, p->q,
+ p->indices_len, p->indices_len,
+ p->is_product_form);
+ ck_assert(poly == NULL);
+
+ for (n = 0; n < 2; n++)
+ {
+ p = &mgf1_tests[_i].poly_test[n];
+ poly = ntru_poly_create_from_seed(mgf1_tests[_i].alg, seed, p->c_bits,
+ p->N, p->q, p->indices_len,
+ p->indices_len, p->is_product_form);
+ ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
+
+ indices = poly->get_indices(poly);
+ for (j = 0; j < p->indices_size; j++)
+ {
+ ck_assert(indices[j] == p->indices[j]);
+ }
+ poly->destroy(poly);
+ }
+}
+END_TEST
+
+typedef struct {
+ uint16_t N;
+ uint16_t q;
+ bool is_product_form;
+ uint32_t indices_len_p;
+ uint32_t indices_len_m;
+ uint16_t *indices;
+ uint16_t *a;
+ uint16_t *c;
+} ring_mult_test_t;
+
+uint16_t t1_indices[] = { 1, 6, 5, 3 };
+
+uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
+uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
+
+uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
+uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
+
+uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
+uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
+
+uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
+uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
+
+uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
+uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
+
+uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
+uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
+
+uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
+uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
+
+uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
+uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
+
+uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
+uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
+
+uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
+uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
+
+uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
+uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
+
+uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
+
+uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
+uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
+uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
+uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
+uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
+
+uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
+
+uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
+
+ring_mult_test_t ring_mult_tests[] = {
+ { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
+ { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
+ { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
+ { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
+ { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
+ { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
+ { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
+};
+
+START_TEST(test_ntru_ring_mult)
+{
+ ntru_poly_t *poly;
+ ring_mult_test_t *t;
+ uint16_t *c;
+ int i;
+
+ t = &ring_mult_tests[_i];
+ poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
+ t->indices_len_m, t->is_product_form);
+ ck_assert(poly != NULL);
+
+ c = malloc(t->N * sizeof(uint16_t));
+ poly->ring_mult(poly, t->a, c);
+
+ for (i = 0; i < t->N; i++)
+ {
+ ck_assert(c[i] == t->c[i]);
+ }
+
+ free(c);
+ poly->destroy(poly);
+}
+END_TEST
+
+int array_tests[] = { 0, 11, 12, 16 };
+
+START_TEST(test_ntru_array)
+{
+ ntru_poly_t *poly;
+ ring_mult_test_t *t;
+ uint16_t *c;
+ int i;
+
+ t = &ring_mult_tests[array_tests[_i]];
+
+ poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
+ t->indices_len_m, t->is_product_form);
+ ck_assert(poly != NULL);
+
+ c = malloc(t->N * sizeof(uint16_t));
+ poly->get_array(poly, c);
+
+ for (i = 0; i < t->N; i++)
+ {
+ ck_assert(c[i] == t->c[i]);
+ }
+
+ free(c);
+ poly->destroy(poly);
+}
+END_TEST
+
+START_TEST(test_ntru_ke)
+{
+ chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
+ diffie_hellman_t *i_ntru, *r_ntru;
+ char buf[10];
+ int n, len;
+ status_t status;
+
+ len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
+ params[_i].group);
+ ck_assert(len == 8);
+ ck_assert(streq(buf, params[_i].group_name));
+
+ for (n = 0; n < countof(parameter_sets); n++)
+ {
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ parameter_sets[n]);
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
+ ck_assert(i_ntru != NULL);
+ ck_assert(i_ntru->get_dh_group(i_ntru) == params[_i].group);
+
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+ ck_assert(pub_key.len > 0);
+
+ r_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
+ ck_assert(r_ntru != NULL);
+
+ r_ntru->set_other_public_value(r_ntru, pub_key);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len > 0);
+
+ status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
+ ck_assert(status == SUCCESS);
+ ck_assert(r_shared_secret.len > 0);
+
+ i_ntru->set_other_public_value(i_ntru, cipher_text);
+ status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
+
+ if (status == SUCCESS)
+ {
+ ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
+ }
+ else
+ {
+ ck_assert(i_shared_secret.len == 0);
+ }
+
+ chunk_clear(&i_shared_secret);
+ chunk_clear(&r_shared_secret);
+ chunk_free(&pub_key);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ r_ntru->destroy(r_ntru);
+ }
+}
+END_TEST
+
+START_TEST(test_ntru_retransmission)
+{
+ diffie_hellman_t *i_ntru;
+ chunk_t pub_key1, pub_key2;
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key1);
+ i_ntru->get_my_public_value(i_ntru, &pub_key2);
+ ck_assert(chunk_equals(pub_key1, pub_key2));
+
+ chunk_free(&pub_key1);
+ chunk_free(&pub_key2);
+ i_ntru->destroy(i_ntru);
+}
+END_TEST
+
+chunk_t oid_tests[] = {
+ { NULL, 0 },
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x01),
+ chunk_from_chars(0x02),
+ chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
+};
+
+START_TEST(test_ntru_pubkey_oid)
+{
+ diffie_hellman_t *r_ntru;
+ chunk_t cipher_text;
+
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len == 0);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+START_TEST(test_ntru_wrong_set)
+{
+ diffie_hellman_t *i_ntru, *r_ntru;
+ chunk_t pub_key, cipher_text;
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "x9_98_bandwidth");
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "optimum");
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ r_ntru->set_other_public_value(r_ntru, pub_key);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len == 0);
+
+ chunk_free(&pub_key);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+START_TEST(test_ntru_ciphertext)
+{
+ char buf_00[604], buf_ff[604];
+
+ chunk_t test[] = {
+ chunk_empty,
+ chunk_from_chars(0x00),
+ chunk_create(buf_00, sizeof(buf_00)),
+ chunk_create(buf_ff, sizeof(buf_ff)),
+ };
+
+ diffie_hellman_t *i_ntru;
+ chunk_t pub_key, shared_secret;
+ int i;
+
+ memset(buf_00, 0x00, sizeof(buf_00));
+ memset(buf_ff, 0xff, sizeof(buf_ff));
+
+ for (i = 0; i < countof(test); i++)
+ {
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+ i_ntru->set_other_public_value(i_ntru, test[i]);
+ ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
+ ck_assert(shared_secret.len == 0);
+
+ chunk_free(&pub_key);
+ i_ntru->destroy(i_ntru);
+ }
+}
+END_TEST
+
+START_TEST(test_ntru_wrong_ciphertext)
+{
+ diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
+ chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+
+ i_ntru->get_my_public_value(i_ntru, &pub_key_i);
+ m_ntru->get_my_public_value(m_ntru, &pub_key_m);
+ r_ntru->set_other_public_value(r_ntru, pub_key_m);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ i_ntru->set_other_public_value(i_ntru, cipher_text);
+ ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
+ ck_assert(shared_secret.len == 0);
+
+ chunk_free(&pub_key_i);
+ chunk_free(&pub_key_m);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ m_ntru->destroy(m_ntru);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+Suite *ntru_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ntru");
+
+ tc = tcase_create("drbg_strength");
+ tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("drbg");
+ tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("drgb_reseed");
+ tcase_add_test(tc, test_ntru_drbg_reseed);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("mgf1");
+ tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("trits");
+ tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("poly");
+ tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ring_mult");
+ tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("array");
+ tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ke");
+ tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("retransmission");
+ tcase_add_test(tc, test_ntru_retransmission);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("pubkey_oid");
+ tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrong_set");
+ tcase_add_test(tc, test_ntru_wrong_set);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ciphertext");
+ tcase_add_test(tc, test_ntru_ciphertext);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrong_ciphertext");
+ tcase_add_test(tc, test_ntru_wrong_ciphertext);
+ suite_add_tcase(s, tc);
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_pen.c b/src/libstrongswan/tests/suites/test_pen.c
new file mode 100644
index 0000000..a6cbc9a
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_pen.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "test_suite.h"
+
+#include <pen/pen.h>
+
+/*******************************************************************************
+ * create
+ */
+
+START_TEST(test_pen_type_create)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+
+ ck_assert(ita_1.vendor_id == PEN_ITA);
+ ck_assert(ita_1.type == 100);
+}
+END_TEST
+
+/*******************************************************************************
+ * equals
+ */
+
+START_TEST(test_pen_type_equals)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+ pen_type_t ita_2 = pen_type_create(PEN_ITA, 200);
+ pen_type_t fhh_1 = pen_type_create(PEN_FHH, 100);
+ pen_type_t fhh_2 = pen_type_create(PEN_FHH, 200);
+
+ ck_assert( pen_type_equals(ita_1, ita_1));
+ ck_assert(!pen_type_equals(ita_1, ita_2));
+ ck_assert(!pen_type_equals(ita_1, fhh_1));
+ ck_assert(!pen_type_equals(ita_1, fhh_2));
+}
+END_TEST
+
+/*******************************************************************************
+ * is
+ */
+
+START_TEST(test_pen_type_is)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+
+ ck_assert( pen_type_is(ita_1, PEN_ITA, 100));
+ ck_assert(!pen_type_is(ita_1, PEN_ITA, 200));
+ ck_assert(!pen_type_is(ita_1, PEN_FHH, 100));
+ ck_assert(!pen_type_is(ita_1, PEN_FHH, 200));
+}
+END_TEST
+
+Suite *pen_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("pen");
+
+ tc = tcase_create("create");
+ tcase_add_test(tc, test_pen_type_create);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("equals");
+ tcase_add_test(tc, test_pen_type_equals);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is");
+ tcase_add_test(tc, test_pen_type_is);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c
new file mode 100644
index 0000000..9e40d1f
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_printf.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <errno.h>
+#include <math.h>
+#include <inttypes.h>
+
+static void verify(char *expected, char *format, ...)
+{
+ char buf[128];
+ va_list args;
+
+ va_start(args, format);
+ vsnprintf(buf, sizeof(buf), format, args);
+ ck_assert_str_eq(expected, buf);
+ va_end(args);
+
+#ifdef HAVE_FMEMOPEN
+ {
+ FILE *mem;
+
+ mem = fmemopen(buf, sizeof(buf), "w");
+ va_start(args, format);
+ vfprintf(mem, format, args);
+ va_end(args);
+ fclose(mem);
+ ck_assert_str_eq(expected, buf);
+ }
+#endif /* HAVE_FMEMOPEN */
+}
+
+START_TEST(test_printf_null)
+{
+ char buf[16];
+
+ /* on FreeBSD "(null)" gets printed even when a precision of 0 is used.
+ * because printing of "(null)" for NULL is not standardized we don't verify
+ * the output and just make sure there is no crash */
+ snprintf(buf, sizeof(buf), "%s", NULL);
+}
+END_TEST
+
+START_TEST(test_printf_strings)
+{
+ verify("a bc def", "%s %s %s", "a", "bc", "def");
+ verify("", "%.0s", "asdfg");
+ verify("asd", "%.3s", "asdfg");
+ verify("asdf", "%.*s", (int)4, "asdfg");
+ verify(" asdf", "%6s", "asdf");
+ verify(" asdf", "%+6s", "asdf");
+ verify("asdf ", "%-6s", "asdf");
+}
+END_TEST
+
+START_TEST(test_printf_err)
+{
+ errno = EINVAL;
+ verify((char*)strerror(errno), "%m");
+}
+END_TEST
+
+START_TEST(test_printf_unsigned)
+{
+ verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (u_int64_t)456);
+ verify("65535 255", "%hu %hhu", 0x1ffff, 0x1ff);
+ verify("123456789", "%zu", (size_t)123456789);
+ verify(" 12", "%5u", 12);
+ verify("12 ", "%-5u", 12);
+ verify("0012", "%04u", 12);
+ verify("0012", "%.4u", 12);
+}
+END_TEST
+
+START_TEST(test_printf_signed)
+{
+ verify("-1 -23 -456", "%d %ld %lld", -1, (long)-23, (int64_t)-456);
+ verify("-1 -1", "%hd %hhd", 0x1ffff, 0x1ff);
+ verify("123456789", "%zd", (ssize_t)123456789);
+ verify(" -12", "%5d", -12);
+ verify("-12 ", "%-5d", -12);
+ verify("-012", "%04d", -12);
+ verify("-0012", "%.4d", -12);
+}
+END_TEST
+
+START_TEST(test_printf_hex)
+{
+ verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (u_int64_t)0x456);
+ verify("12abcdef 12ABCDEF", "%x %X", 0x12ABCDEF, 0x12ABCDEF);
+ verify("ffff ff", "%hx %hhx", 0x1ffff, 0x1ff);
+ verify("23456789", "%zx", (size_t)0x23456789);
+ verify(" ab", "%5x", 0xab);
+ verify("ab ", "%-5x", 0xab);
+ verify("00ab", "%04x", 0xab);
+ verify("00ab", "%.4x", 0xab);
+}
+END_TEST
+
+START_TEST(test_printf_float)
+{
+ verify("0.000000", "%f", 0.0);
+ verify("1.000000", "%f", 1.0);
+ verify("12345.1", "%.1f", 12345.123);
+ verify("1", "%.0f", 1.0);
+ verify("1.3", "%.1f", 1.346789);
+ verify("1.23", "%.2f", 1.23456789);
+ verify("1.123", "%.3f", 1.123456789);
+ verify("1.0123", "%.4f", 1.0123456789);
+
+ verify("-1.000000", "%f", -1.0);
+ verify("-12345.1", "%.1f", -12345.123);
+ verify("-1", "%.0f", -1.0);
+ verify("-1.3", "%.1f", -1.3456789);
+ verify("-1.23", "%.2f", -1.23456789);
+ verify("-1.123", "%.3f", -1.123456789);
+ verify("-1.0123", "%.4f", -1.0123456789);
+
+ verify(" 1.2", "%5.1f", 1.234);
+ verify("001.2", "%05.1f", 1.234);
+ verify("1.2 ", "%-5.1f", 1.234);
+
+ verify("12346", "%.0f", 12345.6789);
+ verify("2", "%.0f", 1.5);
+ verify("1", "%.0f", 1.49);
+ verify("1.2", "%.1f", 1.151);
+ verify("1.1", "%.1f", 1.149);
+ verify("1.13", "%.2f", 1.1251);
+ verify("1.12", "%.2f", 1.1249);
+ verify("1.124", "%.3f", 1.12351);
+ verify("1.123", "%.3f", 1.12349);
+
+ verify("-12346", "%.0f", -12345.6789);
+ verify("-2", "%.0f", -1.51);
+ verify("-1", "%.0f", -1.49);
+ verify("-1.2", "%.1f", -1.151);
+ verify("-1.1", "%.1f", -1.149);
+ verify("-1.13", "%.2f", -1.1251);
+ verify("-1.12", "%.2f", -1.1249);
+ verify("-1.124", "%.3f", -1.12351);
+ verify("-1.123", "%.3f", -1.12349);
+
+#ifdef NAN
+ verify("nan", "%.3f", NAN);
+ verify(" nan", "%5.3f", NAN);
+ verify("NAN", "%.3F", NAN);
+ verify("NAN ", "%-5.3F", NAN);
+#endif
+#ifdef INFINITY
+ verify("inf", "%.3f", INFINITY);
+ verify("-inf", "%.4f", -INFINITY);
+ verify("INF", "%.3F", INFINITY);
+ verify("-INF", "%.4F", -INFINITY);
+#endif
+}
+END_TEST
+
+START_TEST(test_printf_pri)
+{
+ verify("255", "%" PRIu8, (u_int8_t)0xFF);
+ verify("65535", "%" PRIu16, (u_int16_t)0xFFFF);
+ verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll);
+ verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll);
+
+ verify("-1", "%" PRId8, (int8_t)-1);
+ verify("-1", "%" PRId16, (int16_t)-1);
+ verify("-1", "%" PRId32, (int32_t)-1);
+ verify("-1", "%" PRId64, (int64_t)-1);
+
+ verify("1", "%" PRIuMAX, (uintmax_t)1);
+ verify("1", "%" PRIuPTR, (uintptr_t)1);
+
+ verify("-1", "%" PRIdMAX, (intmax_t)-1);
+ verify("-1", "%" PRIdPTR, (intptr_t)-1);
+}
+END_TEST
+
+Suite *printf_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("printf");
+
+ tc = tcase_create("strings");
+ tcase_add_test(tc, test_printf_null);
+ tcase_add_test(tc, test_printf_strings);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("err");
+ tcase_add_test(tc, test_printf_err);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("unsiged");
+ tcase_add_test(tc, test_printf_unsigned);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("siged");
+ tcase_add_test(tc, test_printf_signed);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("hex");
+ tcase_add_test(tc, test_printf_hex);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("float");
+ tcase_add_test(tc, test_printf_float);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("PRI*");
+ tcase_add_test(tc, test_printf_pri);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
new file mode 100644
index 0000000..2c1c6fb
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -0,0 +1,399 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+/**
+ * Signature schemes to test
+ */
+static signature_scheme_t schemes[] = {
+ SIGN_RSA_EMSA_PKCS1_NULL,
+ SIGN_RSA_EMSA_PKCS1_MD5,
+ SIGN_RSA_EMSA_PKCS1_SHA1,
+ SIGN_RSA_EMSA_PKCS1_SHA224,
+ SIGN_RSA_EMSA_PKCS1_SHA256,
+ SIGN_RSA_EMSA_PKCS1_SHA384,
+ SIGN_RSA_EMSA_PKCS1_SHA512,
+};
+
+/**
+ * Perform a signature verification "good" test having a keypair
+ */
+static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
+{
+ chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+ int i;
+
+ for (i = 0; i < countof(schemes); i++)
+ {
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i])))
+ {
+ continue;
+ }
+ fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
+ "sign %N", signature_scheme_names, schemes[i]);
+ fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
+ "verify %N", signature_scheme_names, schemes[i]);
+ free(sig.ptr);
+ }
+}
+
+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+ chunk_from_chars(),
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+ chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+ int s, i;
+
+ for (s = 0; s < countof(schemes); s++)
+ {
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
+ {
+ continue;
+ }
+ for (i = 0; i < countof(invalid_sigs); i++)
+ {
+ fail_if(
+ pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
+ "bad %N sig accepted %B", signature_scheme_names, schemes[s],
+ &invalid_sigs[i]);
+ }
+ }
+}
+
+/**
+ * RSA key sizes to test
+ */
+static int key_sizes[] = {
+ 768, 1024, 1536, 2048, 3072, 4096,
+};
+
+START_TEST(test_gen)
+{
+ private_key_t *privkey;
+ public_key_t *pubkey;
+
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
+ ck_assert(privkey != NULL);
+ pubkey = privkey->get_public_key(privkey);
+ ck_assert(pubkey != NULL);
+
+ test_good_sig(privkey, pubkey);
+
+ test_bad_sigs(pubkey);
+
+ pubkey->destroy(pubkey);
+ privkey->destroy(privkey);
+}
+END_TEST
+
+/**
+ * Private keys to load
+ */
+static chunk_t keys[] = {
+ chunk_from_chars( /* RSA-768 */
+ 0x30,0x82,0x01,0xcb,0x02,0x01,0x00,0x02,0x61,0x00,0xd1,0x5d,0x98,0x97,0x95,0x98,
+ 0x19,0x87,0x20,0x3f,0x10,0xb0,0x05,0x36,0x1e,0x1b,0xcd,0xc8,0x93,0x66,0xd7,0x43,
+ 0xed,0x84,0xb0,0x3e,0x96,0xd3,0xe7,0x27,0x0e,0xc0,0xba,0xdf,0x7e,0x32,0x05,0xd3,
+ 0x08,0xd6,0x44,0xd5,0x01,0x2b,0x3e,0x5d,0xc0,0x37,0xae,0x4f,0xe0,0xea,0x8d,0x2c,
+ 0x42,0x4c,0xa9,0xa2,0x42,0xbe,0xdd,0xdb,0xf7,0xd3,0x28,0x07,0x10,0x88,0x53,0x15,
+ 0xb2,0x4f,0xb5,0x9d,0x47,0x9b,0xd6,0xc8,0xfe,0x5b,0xa2,0xd7,0xe1,0x13,0xca,0x0b,
+ 0xce,0x7a,0xed,0xa2,0x3e,0xd5,0x9b,0xb8,0x8b,0x4f,0x02,0x03,0x01,0x00,0x01,0x02,
+ 0x60,0x2d,0x83,0x82,0x53,0x99,0xb2,0xaa,0x02,0x05,0x11,0x90,0xa8,0x23,0x49,0xe3,
+ 0x7b,0xb9,0xdd,0x9b,0xa5,0xa4,0xb0,0x60,0xa7,0x12,0xc5,0x58,0x76,0x92,0x6e,0x9c,
+ 0x37,0x6b,0xa8,0x80,0x3f,0x91,0xa2,0x91,0xee,0x3a,0xa2,0x6f,0x91,0x9e,0x0a,0x35,
+ 0x69,0xc0,0xa7,0xdc,0xd8,0x46,0xe4,0x29,0x1c,0x3d,0x34,0x30,0xa2,0xb9,0x0d,0x34,
+ 0x94,0xa1,0x12,0xa7,0x85,0xd3,0x2c,0x47,0x1b,0xf0,0x78,0xd5,0x22,0xfc,0xa5,0xe0,
+ 0x75,0xac,0x71,0x21,0xe8,0xe8,0x19,0x9f,0xbb,0x98,0x5c,0xa6,0x9d,0x42,0xd7,0x9c,
+ 0x89,0x02,0x31,0x00,0xee,0xaa,0x9e,0x82,0xe1,0xb2,0xdd,0x05,0xbc,0x2e,0x53,0xe9,
+ 0x64,0x4b,0x48,0x06,0x3a,0xfd,0x9e,0x91,0xce,0x1b,0x7f,0x66,0xbc,0xd2,0xc4,0xab,
+ 0xbf,0xc5,0x5d,0x1a,0xbd,0xd6,0xb5,0x9c,0x5c,0x18,0x01,0xe6,0x79,0x19,0xf2,0xc3,
+ 0x1d,0x66,0x88,0x2d,0x02,0x31,0x00,0xe0,0x92,0x34,0x1e,0x09,0xf2,0x1b,0xf9,0xbf,
+ 0x11,0x65,0x3f,0xc8,0x85,0x5a,0xe6,0xc0,0xcf,0x93,0x44,0xb0,0x50,0xe4,0x8b,0x6f,
+ 0x30,0xde,0x42,0x0c,0x8a,0x77,0x0d,0x98,0x7f,0x52,0x59,0x9e,0x87,0xb8,0x6e,0xdc,
+ 0xed,0x15,0x80,0xbd,0xbb,0xf2,0xeb,0x02,0x31,0x00,0xb0,0x6b,0x36,0x98,0x90,0xb5,
+ 0x62,0x63,0xa6,0xe2,0xa7,0xec,0x51,0xd2,0xc3,0xfe,0xb7,0x04,0x5a,0x7e,0x74,0xd8,
+ 0x26,0xa8,0x8e,0xd3,0x4d,0xc5,0x97,0x10,0x10,0xee,0x7f,0x7d,0x82,0xe9,0x7d,0xb9,
+ 0xd1,0x4d,0xc8,0x1e,0xc2,0x30,0x30,0x3f,0x66,0x51,0x02,0x31,0x00,0xaa,0x75,0x2f,
+ 0x4c,0x11,0xbe,0x8d,0x0f,0x8f,0xc1,0x13,0x7a,0x4b,0xa9,0x35,0x6b,0x6b,0xb4,0xe3,
+ 0x92,0xc2,0xc6,0x54,0x03,0xa6,0x5d,0x90,0x86,0xcf,0xe0,0x16,0x27,0xe2,0xb5,0xd9,
+ 0xfb,0x1e,0x82,0xe4,0x32,0x7a,0x4d,0x17,0x02,0x46,0x82,0x30,0x0b,0x02,0x30,0x09,
+ 0xf3,0xce,0x9b,0x02,0xc5,0x53,0xe9,0xa2,0x89,0xe2,0x3b,0x8c,0x8b,0xe9,0xc2,0xba,
+ 0x94,0x76,0x60,0x27,0x2b,0xe9,0x92,0xc1,0x5e,0x3c,0xc3,0x77,0x9b,0xc7,0xce,0xc6,
+ 0x67,0xd5,0x20,0x2c,0x54,0xa1,0x5d,0x2a,0x17,0x16,0x66,0xdf,0x5a,0xe9,0x87,
+ ),
+ chunk_from_chars( /* RSA-1024 */
+ 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xc0,0xbd,0x48,0x83,0xbc,
+ 0xea,0x0b,0x32,0x06,0x4b,0xf5,0x10,0x54,0x1b,0xba,0x88,0xc4,0x10,0x7e,0x47,0xec,
+ 0x0e,0xf9,0xb4,0xcf,0x9a,0x02,0xc6,0xb3,0xaf,0x35,0xc8,0xaf,0x78,0x1a,0xbc,0x37,
+ 0x1a,0x25,0x7a,0x37,0x24,0x73,0x53,0x9a,0xf0,0x44,0x64,0x5b,0x6b,0x64,0x4c,0xfa,
+ 0x83,0x3a,0x0f,0x77,0x5d,0x7b,0x21,0xa2,0x25,0x00,0x11,0xae,0x72,0x36,0x35,0xd9,
+ 0x0d,0xef,0x5a,0xdd,0x98,0x35,0x49,0xaf,0x44,0xa0,0x33,0x29,0xc0,0xca,0xf5,0x6f,
+ 0xfe,0xc1,0x06,0x4c,0x80,0x9a,0x54,0xbe,0x46,0x1a,0x96,0xb1,0xf3,0x29,0xb8,0x9d,
+ 0x07,0x84,0x03,0x68,0x6b,0x9f,0xbf,0xe5,0xd8,0x14,0x2a,0xe0,0xef,0xbd,0x1a,0x61,
+ 0x0d,0x3a,0xc8,0x67,0xcd,0x99,0x90,0xe3,0xe6,0x52,0x83,0x02,0x03,0x01,0x00,0x01,
+ 0x02,0x81,0x80,0x13,0xd2,0xa3,0xe5,0xa0,0xb0,0x0a,0xe2,0x0f,0x3c,0x65,0x57,0xa8,
+ 0xe9,0x87,0xd5,0x79,0xcc,0xc9,0xca,0xc8,0x8a,0xd5,0xc0,0x74,0x90,0x3e,0x1e,0xda,
+ 0x40,0xcd,0x42,0xf7,0x01,0x09,0x9c,0x37,0xfd,0x41,0x6e,0x2b,0x6e,0x5d,0x4a,0x1e,
+ 0x52,0x53,0x1b,0xbb,0x3c,0x9f,0xfe,0x91,0x79,0x48,0xfc,0x69,0x90,0xbc,0xbc,0x3d,
+ 0xcf,0xee,0x62,0x0a,0xbd,0x57,0x6b,0xa9,0x51,0x3e,0xc2,0x7f,0x26,0xb1,0xaa,0x38,
+ 0xeb,0x40,0x91,0x3a,0x3c,0x80,0x1e,0x4e,0xe2,0xff,0xa2,0x8e,0x56,0xbb,0xb3,0xeb,
+ 0x24,0x81,0x4c,0x19,0x2c,0x8f,0x51,0x4c,0x04,0x81,0xaf,0x5e,0xc2,0xa6,0xf9,0xd3,
+ 0x48,0xee,0xe9,0x6d,0x9b,0xe1,0xe5,0x17,0x4f,0x07,0x18,0xea,0x96,0xd3,0x2c,0xce,
+ 0x44,0x71,0x51,0x02,0x41,0x00,0xe9,0xe9,0x46,0x7e,0xe1,0xc2,0x86,0x94,0x65,0x77,
+ 0x9c,0xc7,0x76,0x5d,0xa0,0xd3,0xcc,0x1f,0xa3,0xc7,0xfe,0xbb,0x4e,0x27,0xd6,0x43,
+ 0x6b,0xbd,0x0d,0x05,0x7a,0x10,0xe8,0x48,0x97,0x30,0xaa,0x53,0x61,0x57,0x1f,0x8a,
+ 0xf7,0x39,0x5e,0xa6,0xfe,0xe9,0x2c,0x19,0x5e,0x53,0xea,0xc2,0xb2,0xc2,0x11,0x3c,
+ 0x18,0xab,0xcf,0xc4,0x91,0x1b,0x02,0x41,0x00,0xd2,0xf0,0xb1,0x49,0xa1,0x6f,0xf1,
+ 0x83,0xa3,0xd2,0xa1,0x0e,0xb3,0xb3,0x33,0x01,0xed,0xd0,0x28,0xc1,0x2f,0x88,0x80,
+ 0x9f,0x43,0x7c,0x7e,0x5d,0x4c,0x15,0x05,0x86,0xff,0x75,0x9b,0xf1,0x64,0xde,0x06,
+ 0xbf,0xdd,0x98,0x50,0xd9,0x4a,0x3a,0xd6,0x25,0x1c,0xdd,0xc8,0x56,0x12,0x11,0xb9,
+ 0x02,0x42,0xc7,0x1d,0x86,0xeb,0xd9,0xc2,0xb9,0x02,0x41,0x00,0x80,0x25,0x8c,0xb9,
+ 0x76,0x75,0x5b,0xc5,0x70,0xd1,0x56,0xd2,0xef,0xc5,0xdb,0x96,0x2c,0xfe,0x28,0x7c,
+ 0x28,0xd1,0xf4,0xbf,0x5e,0x63,0x11,0x63,0x40,0xfe,0xff,0x20,0xc4,0x21,0x00,0xb3,
+ 0x68,0x9c,0xc5,0x77,0x35,0x90,0xac,0x60,0x81,0xba,0x7b,0x6c,0xc2,0xfc,0x22,0xf1,
+ 0x56,0x6b,0xd4,0x02,0xfd,0xee,0x2e,0x95,0xf1,0xfd,0x7e,0x81,0x02,0x40,0x47,0xaf,
+ 0x84,0x90,0x81,0x4c,0x89,0xc7,0x32,0xe5,0x61,0xd6,0x9d,0x3b,0x49,0x1a,0x5e,0xb7,
+ 0x5f,0x22,0x48,0x05,0x1b,0xb1,0x04,0x3e,0x4a,0xb3,0x6a,0x27,0xba,0xb9,0x26,0x17,
+ 0xd1,0xe7,0x37,0x60,0x3c,0xea,0xf7,0x63,0xcc,0x16,0x0c,0x23,0xf2,0xa2,0xaa,0x2c,
+ 0xb4,0xe8,0x8b,0x3b,0x7a,0xa4,0x4a,0x0d,0x60,0xfb,0x79,0x2b,0x88,0x01,0x02,0x40,
+ 0x42,0xee,0x12,0x91,0xf9,0x80,0x1e,0x60,0x0b,0xaa,0xbe,0xfd,0x09,0x84,0x93,0x0d,
+ 0x09,0xd3,0x1e,0x37,0x52,0xb0,0xe8,0x51,0x4f,0xd3,0x9e,0xda,0x32,0x38,0x22,0x35,
+ 0xdb,0x25,0x8b,0x9f,0x1a,0xb5,0xf1,0x75,0xfa,0x4d,0x09,0x42,0x01,0x64,0xe6,0xc4,
+ 0x6e,0xba,0x2d,0x88,0x92,0xbe,0xa9,0x1f,0x85,0x38,0x10,0xa3,0x0e,0x1a,0x92,0x54,
+ ),
+ chunk_from_chars( /* RSA-1536 */
+ 0x30,0x82,0x03,0x7d,0x02,0x01,0x00,0x02,0x81,0xc1,0x00,0xba,0xe3,0x37,0x93,0x7e,
+ 0x42,0x13,0x3c,0xba,0x41,0xc1,0x7b,0xf0,0xcc,0x7a,0x44,0xc6,0x54,0xc8,0x77,0x01,
+ 0x70,0x2f,0x6e,0x4a,0xcf,0x2d,0x07,0xab,0x01,0xc0,0x43,0xab,0x8d,0x33,0xb3,0xd4,
+ 0xeb,0xe3,0x90,0xf6,0x01,0x03,0x75,0x03,0x1d,0xe8,0x06,0x40,0x15,0xfa,0x96,0x0b,
+ 0xd5,0x26,0x64,0xea,0x55,0x82,0x16,0x7b,0xd5,0x1e,0xaa,0x08,0xc7,0x30,0x1a,0x59,
+ 0xf8,0xd9,0xe3,0x9e,0x89,0xd9,0x92,0x2c,0x32,0x79,0x0e,0xb3,0x25,0xbc,0x1d,0x7c,
+ 0x59,0xde,0x05,0x47,0x8f,0x61,0x77,0xf5,0x4f,0xed,0x82,0x2c,0xf8,0x2a,0x3e,0x02,
+ 0xf3,0xc0,0x15,0x51,0xde,0x05,0xc4,0xfc,0x80,0x91,0xae,0x06,0x1b,0xd7,0x39,0x8e,
+ 0x9a,0x6d,0xb3,0x2f,0xb0,0xd0,0xc8,0x96,0xa6,0x88,0xb3,0x17,0xca,0x58,0xbe,0x38,
+ 0x2c,0x64,0x35,0x5a,0x29,0xb7,0xf8,0x74,0x3d,0xbb,0xec,0x90,0x01,0x04,0x64,0x3d,
+ 0x38,0x0f,0x87,0xce,0xd7,0xfc,0xd2,0x96,0x93,0x31,0x85,0x0d,0x2d,0xa5,0x91,0xe2,
+ 0xfc,0x7b,0xea,0xb0,0x89,0x24,0xaa,0x00,0x29,0x8c,0x26,0x7c,0x94,0x54,0x74,0xe4,
+ 0x11,0xa8,0x04,0x6f,0x40,0xeb,0xaf,0xed,0xac,0x75,0x33,0x02,0x03,0x01,0x00,0x01,
+ 0x02,0x81,0xc0,0x0a,0x96,0xec,0x63,0xc1,0xa0,0x39,0xd9,0xd3,0x8d,0xfd,0x4a,0x2a,
+ 0x13,0x54,0x0c,0x48,0x96,0xae,0x43,0x3c,0x04,0x20,0xd3,0xe5,0x8e,0x46,0xb5,0x6c,
+ 0x05,0xad,0xe0,0xc7,0xbc,0x39,0x05,0x44,0x17,0xd7,0xad,0xb3,0x9a,0xcc,0x18,0xd9,
+ 0xc3,0xdc,0x8d,0x5a,0x1d,0x44,0xb5,0x32,0xd7,0x71,0x94,0xff,0x48,0x38,0x16,0x51,
+ 0x0e,0xfa,0xed,0x54,0x91,0x00,0xd3,0x45,0x6c,0xd9,0xdf,0xd1,0x70,0x6b,0x31,0x22,
+ 0xaa,0xfb,0x7c,0x0f,0x3f,0xa0,0xa0,0xa5,0x16,0xac,0x83,0x6d,0x12,0x1d,0x4a,0x40,
+ 0x4e,0xb6,0x9c,0xf4,0x67,0xaa,0xa9,0xb0,0xc8,0xb4,0x0a,0xd5,0x3b,0x5c,0x19,0xed,
+ 0x86,0x83,0x5a,0x75,0xbc,0xeb,0x17,0xc8,0x16,0xa0,0x60,0x2e,0xb6,0x25,0xc5,0x4d,
+ 0x59,0xba,0x62,0xcb,0x3d,0x91,0x7c,0x79,0x6a,0x4b,0x4a,0x54,0xbd,0xb7,0xa3,0x89,
+ 0x7f,0xbf,0x0e,0x77,0xe1,0x54,0x29,0x0d,0x45,0x6d,0xa8,0x15,0xa5,0x17,0x8c,0xcf,
+ 0x27,0x9e,0x47,0x4e,0x2a,0x91,0x7e,0x4e,0x14,0x59,0x8c,0x62,0x91,0xa3,0x40,0xa5,
+ 0x9e,0x67,0xbb,0x02,0x97,0xb4,0xe7,0x06,0x04,0xbc,0x16,0x24,0x3d,0x49,0xb1,0xf0,
+ 0xae,0xfc,0x1d,0x02,0x61,0x00,0xde,0x86,0x5d,0x49,0x88,0xeb,0x5c,0xd3,0xe5,0x11,
+ 0x48,0x0b,0x1e,0x52,0x95,0xa9,0x65,0x99,0x89,0xcf,0x51,0xb0,0x08,0xdd,0xb5,0x5b,
+ 0x64,0x1a,0x34,0xd2,0xee,0x4b,0x2d,0x8b,0xc1,0xd5,0xd6,0x1d,0x6c,0x0c,0x7e,0xa5,
+ 0x66,0x12,0xec,0xaf,0x5d,0xe9,0x33,0xd4,0xba,0x18,0x71,0x84,0x97,0xbe,0xc0,0x75,
+ 0x63,0x19,0xae,0xc6,0xc7,0x65,0xf3,0xf6,0xda,0x3f,0x91,0xfa,0x5e,0x87,0xf3,0xbc,
+ 0xd2,0x64,0x8d,0xcf,0xfb,0xdd,0x7f,0x9b,0x6c,0x81,0xba,0x9b,0x4e,0x94,0x5e,0x83,
+ 0xd1,0xcb,0xb9,0xf4,0x39,0x7f,0x02,0x61,0x00,0xd7,0x00,0x6d,0x8e,0x1b,0xa1,0x44,
+ 0xd9,0xff,0xe6,0x42,0x72,0x18,0x55,0x26,0x3e,0x87,0x40,0x71,0xb2,0x67,0x37,0x16,
+ 0xe9,0xbd,0x51,0x7f,0x0e,0x79,0x0e,0x75,0xa9,0x1f,0x0f,0x6b,0xa5,0x7c,0x5f,0xc8,
+ 0xdc,0x17,0xde,0x53,0x88,0x97,0x90,0x88,0xf2,0x4d,0x66,0x5e,0x0e,0x11,0x16,0x92,
+ 0x1e,0x61,0x56,0xe6,0xf0,0x74,0x81,0x58,0x95,0x05,0x29,0x71,0x9b,0xa0,0x69,0xed,
+ 0x14,0x23,0xf6,0x36,0x9b,0x8f,0x06,0x3a,0x76,0xab,0xeb,0xce,0xe8,0xdc,0x79,0xc1,
+ 0x29,0xb9,0xfc,0x49,0x7a,0x26,0x59,0xd6,0x4d,0x02,0x61,0x00,0xaf,0x3c,0xac,0xd6,
+ 0x2d,0xe6,0xfb,0x91,0x3a,0xc1,0x23,0x34,0xee,0x4a,0x26,0xe5,0xe1,0xc6,0xc9,0xc9,
+ 0xe4,0x10,0x76,0xca,0xf1,0xf8,0xe8,0x99,0xe2,0xa3,0x81,0x58,0xde,0xa3,0x42,0xa0,
+ 0x3d,0x1f,0xaa,0x69,0x24,0x8a,0xe8,0x19,0x5b,0x1e,0xb7,0x1b,0xe0,0xdf,0x53,0x35,
+ 0xd0,0x9f,0x94,0x48,0x79,0x93,0x77,0xd9,0x4f,0xd3,0xe6,0x4f,0x19,0x92,0x7a,0x48,
+ 0xb9,0x92,0xab,0x42,0xf0,0xe4,0xef,0xe2,0x93,0xf3,0x07,0xeb,0x64,0x84,0x67,0x2c,
+ 0xba,0x61,0x77,0xbe,0x4b,0xb8,0x0f,0x4d,0x1a,0x41,0x83,0xcd,0x02,0x60,0x56,0xec,
+ 0x55,0x5e,0x9e,0xcd,0x14,0x89,0x0e,0x6c,0x89,0x70,0x97,0x65,0xd5,0x90,0x72,0x1e,
+ 0x1b,0xd9,0x84,0xe1,0x40,0xe2,0x3f,0x28,0x33,0xb6,0x26,0x3b,0x32,0x56,0xad,0xb8,
+ 0x0e,0x4d,0x59,0x7b,0x60,0x39,0x9b,0x6c,0xc7,0x58,0xf1,0xed,0xfd,0x6f,0xf8,0xda,
+ 0xea,0x2b,0xc5,0xbc,0xda,0x56,0x6e,0x04,0x34,0x5a,0x02,0xc0,0x48,0x8f,0xf7,0x06,
+ 0x4a,0x68,0x20,0xf2,0xb2,0x66,0xf2,0x23,0x18,0xf0,0xcb,0x62,0x39,0x40,0xc1,0x41,
+ 0x14,0xe6,0x10,0x3d,0x29,0x5b,0x35,0x56,0x4a,0x5e,0x98,0x22,0xba,0x01,0x02,0x61,
+ 0x00,0xcc,0x80,0xb7,0xb9,0xb9,0x4a,0xaf,0x47,0x00,0x3e,0x21,0x0f,0xb8,0x4e,0x7c,
+ 0xb1,0xe4,0x25,0xd6,0x19,0x26,0x54,0xc6,0x8c,0x30,0x88,0x54,0x70,0xcf,0x1f,0x62,
+ 0x75,0xcb,0x18,0x58,0x6c,0x14,0xb0,0x9b,0x13,0x90,0xa2,0x1a,0x5a,0x79,0xa3,0x82,
+ 0xf0,0x9b,0xba,0xf0,0x90,0xaf,0xa1,0xe8,0xa8,0x70,0xef,0x60,0x6a,0x68,0xed,0x5a,
+ 0x21,0x77,0x69,0x7a,0xf2,0xee,0x3e,0xe5,0x90,0xd2,0x33,0x71,0x3b,0x82,0x88,0x75,
+ 0xdd,0x8e,0x6e,0xbc,0x17,0x83,0xef,0x37,0x82,0x4e,0x83,0x30,0xcb,0x8a,0xbc,0x6c,
+ 0x41,
+ ),
+ chunk_from_chars( /* RSA-2048 */
+ 0x30,0x82,0x04,0xa2,0x02,0x01,0x00,0x02,0x82,0x01,0x01,0x00,0xba,0xbf,0x27,0x0b,
+ 0x22,0x59,0xd8,0x6f,0xff,0x26,0x5d,0x41,0x3d,0xb0,0x94,0x58,0x5d,0xc0,0x46,0xb6,
+ 0x77,0xa9,0x78,0x10,0x6d,0xe9,0xbf,0xca,0x6f,0x04,0xe1,0xda,0x85,0x12,0x1e,0xe0,
+ 0xa6,0xc7,0xa2,0x71,0x04,0x8b,0x6e,0x84,0xf9,0x86,0x2b,0xeb,0x72,0x01,0x72,0xc8,
+ 0x0a,0x83,0xa6,0xf7,0xc0,0xd6,0x76,0x1d,0x28,0x38,0xb5,0x7e,0x6c,0x8c,0x6a,0x13,
+ 0xf4,0xf1,0x7f,0xf2,0x79,0xae,0x73,0xba,0x1a,0x3f,0x30,0x65,0xb6,0x23,0xa7,0x94,
+ 0x34,0x29,0x87,0xce,0x06,0x99,0xee,0x85,0x10,0xce,0x08,0xe2,0x8d,0xd5,0x47,0xf3,
+ 0xc8,0xf0,0x18,0x41,0xc0,0x59,0x66,0x06,0xda,0xb6,0x18,0xd2,0xa3,0xa0,0xbd,0x3a,
+ 0x90,0x7f,0x37,0x39,0xdf,0x98,0x55,0xa2,0x19,0x5e,0x37,0xbc,0x86,0xf3,0x02,0xf8,
+ 0x68,0x49,0x53,0xf2,0x4b,0x3d,0x7a,0xe3,0x1d,0xa4,0x15,0x10,0xa6,0xce,0x8c,0xb8,
+ 0xfd,0x95,0x54,0xa2,0x50,0xa2,0xd9,0x35,0x12,0x56,0xae,0xbc,0x51,0x33,0x6d,0xb8,
+ 0x63,0x7c,0x26,0xab,0x19,0x01,0xa5,0xda,0xfa,0x4b,0xb6,0x57,0xd3,0x4b,0xdd,0xc0,
+ 0x62,0xc5,0x05,0xb7,0xc3,0x2e,0x1f,0x17,0xc8,0x09,0x87,0x12,0x37,0x21,0xd7,0x7a,
+ 0x53,0xb0,0x47,0x60,0xa2,0xb5,0x23,0x3b,0x99,0xdf,0xea,0x8b,0x94,0xea,0x9d,0x53,
+ 0x5d,0x02,0x52,0xf7,0x29,0xfb,0x63,0xb0,0xff,0x27,0x5e,0xde,0x54,0x7d,0x95,0xd6,
+ 0x4e,0x58,0x12,0x06,0x60,0x22,0x33,0xf2,0x19,0x67,0x65,0xdd,0xf3,0x42,0xb5,0x00,
+ 0x51,0x35,0xe5,0x62,0x4d,0x90,0x44,0xfb,0x7f,0x5b,0xb5,0xe5,0x02,0x03,0x01,0x00,
+ 0x01,0x02,0x82,0x01,0x00,0x1c,0xf5,0x66,0xf5,0xce,0x4c,0x1d,0xe8,0xd2,0x29,0x6e,
+ 0x15,0x1f,0x9e,0x9a,0x06,0x70,0xf5,0x4f,0xd1,0xdc,0x51,0x02,0x8e,0x13,0xa9,0x47,
+ 0x85,0x39,0xfd,0x89,0x13,0x74,0x86,0xb8,0x94,0x90,0x30,0x4d,0x73,0x96,0xa7,0x93,
+ 0x8a,0x19,0xd2,0x91,0x4d,0x77,0xb6,0x9b,0x48,0xc3,0x7e,0xa2,0x5d,0xf1,0x80,0xa0,
+ 0x3c,0xc9,0xbf,0xaf,0x7f,0x4d,0x10,0x62,0x23,0xb9,0x9c,0x58,0x81,0xae,0x96,0x5b,
+ 0x9a,0x4c,0x97,0x27,0x67,0x62,0x5c,0xf9,0x8f,0xdd,0x1d,0xe2,0x92,0x13,0x8a,0x7b,
+ 0xc7,0x15,0x31,0xca,0x05,0x6d,0xc6,0x98,0xdb,0x88,0x39,0x99,0x1d,0x5b,0x19,0x51,
+ 0xdd,0xb6,0xbd,0x3d,0xb0,0xae,0x50,0x8e,0xff,0x7d,0xa8,0x48,0x95,0x58,0x23,0xbc,
+ 0x85,0xc0,0x46,0xd0,0xc0,0x0e,0xda,0xdd,0xa4,0x8e,0x8d,0x31,0x8b,0x89,0x0f,0x8b,
+ 0x76,0x9a,0xb5,0x99,0x56,0x5e,0xd3,0x0c,0x88,0x0b,0x03,0xf1,0xc9,0xe3,0x05,0x05,
+ 0x08,0x75,0xce,0x35,0x52,0xa0,0xc0,0xf2,0xf4,0xb9,0x87,0x22,0x21,0x3f,0x61,0xd6,
+ 0x99,0xae,0x0e,0x76,0x5d,0x9c,0x16,0xa3,0xe9,0xde,0x2d,0x2a,0x46,0xf7,0x89,0xbf,
+ 0x0d,0xb1,0x60,0xad,0xbc,0x24,0xe2,0xe5,0xb1,0xc1,0x1c,0x00,0x40,0x1c,0xbd,0xfa,
+ 0x6e,0xc7,0x0d,0xc1,0xda,0x4d,0x54,0x45,0x96,0xac,0xf7,0xfe,0x1b,0xf2,0x47,0x1e,
+ 0xf7,0x8b,0xcf,0x27,0xcc,0xe7,0x08,0xd6,0x43,0x60,0xea,0xda,0x19,0xd7,0x98,0x17,
+ 0x7c,0xab,0x0c,0x90,0x60,0x75,0x9f,0x8b,0xaa,0x13,0x63,0x98,0x9e,0xc6,0x41,0x9f,
+ 0xd4,0x85,0xa3,0xb2,0xb9,0x02,0x81,0x81,0x00,0xe1,0x20,0xf6,0xac,0xa9,0x01,0xbd,
+ 0x31,0xe6,0xb2,0x4e,0xcf,0x66,0xc3,0x11,0x0e,0x5b,0xfe,0x58,0x6b,0xc6,0x2d,0x7a,
+ 0x05,0x30,0x9a,0x6f,0xcc,0xcc,0xdf,0xd2,0x2c,0xe1,0x47,0x39,0x9e,0xf3,0x0c,0x81,
+ 0xd9,0x76,0x00,0xe2,0xb1,0x08,0x91,0xfb,0x12,0x04,0xf6,0x1f,0xea,0xff,0x82,0xe5,
+ 0x64,0x64,0x6f,0x14,0xbe,0x33,0x5f,0x41,0x5f,0x73,0x1f,0xa2,0x32,0xec,0x75,0xb3,
+ 0x98,0x4b,0x88,0x4d,0x1e,0xec,0x78,0xda,0x4c,0x2d,0xf8,0xbb,0xcf,0x0e,0x8f,0x2f,
+ 0x23,0xae,0xcd,0xe0,0x4c,0x13,0x1c,0x1c,0x16,0x8e,0xb9,0x9f,0x02,0x12,0x12,0xa5,
+ 0xf4,0x21,0xfe,0x57,0x08,0x7a,0xe8,0xbe,0x15,0xe9,0xdd,0x2a,0xd1,0x7b,0x39,0xd6,
+ 0x4f,0x70,0x74,0x7d,0xfd,0x39,0x97,0x80,0x8d,0x02,0x81,0x81,0x00,0xd4,0x5a,0xce,
+ 0x05,0x93,0x51,0x15,0x44,0xdd,0x4d,0x79,0x92,0x04,0xe6,0x64,0x7e,0x6c,0xb5,0x61,
+ 0x6b,0xc3,0xb3,0xae,0x4f,0x0a,0x75,0xbf,0x6c,0xec,0x47,0xf2,0xbc,0xea,0x76,0xc4,
+ 0xc2,0xe7,0xd2,0x50,0xc4,0xe0,0xaf,0x56,0x05,0x72,0x3c,0x34,0x8c,0x5b,0xae,0xb8,
+ 0x0e,0xfb,0x83,0x27,0xcf,0x61,0x05,0x44,0x97,0x3f,0x66,0x6d,0x26,0x7d,0xed,0xcd,
+ 0x5a,0x87,0x04,0xbc,0xb3,0x70,0x75,0x15,0x51,0xe9,0x18,0x85,0xf7,0x2a,0x45,0xd5,
+ 0xc7,0x93,0x32,0x07,0x2e,0x26,0x34,0x2d,0x18,0x63,0x45,0x06,0x6f,0xa9,0x75,0x5d,
+ 0x20,0x6b,0x0b,0x13,0x45,0x81,0x7e,0x5c,0xc5,0x48,0x16,0x4b,0x82,0x7c,0xad,0xbe,
+ 0xfd,0xa5,0x0a,0xd6,0xc2,0x21,0xfc,0xa5,0x84,0xaf,0xf3,0x10,0xb9,0x02,0x81,0x80,
+ 0x29,0x20,0x20,0x6f,0xc2,0x1f,0xf3,0x33,0xde,0x74,0xcc,0x38,0xcf,0x08,0xeb,0x60,
+ 0xb8,0x25,0x6a,0x79,0xa5,0xa6,0x41,0x18,0x19,0x9c,0xdc,0xb7,0x88,0xe5,0x8a,0x3b,
+ 0x70,0x9b,0xd6,0x46,0xd7,0x17,0x7d,0xd0,0xff,0xe1,0x81,0x87,0xdd,0x8c,0xed,0x54,
+ 0x89,0x5b,0x7c,0xd1,0x2d,0x03,0xf8,0x6b,0xb2,0x7d,0x28,0x48,0xe6,0x91,0x8c,0x1b,
+ 0xa7,0xa8,0x2b,0xb5,0x29,0xc5,0x06,0x9d,0xd7,0x8e,0x7a,0xa8,0x1f,0x82,0xa4,0x3e,
+ 0x2e,0x57,0xb5,0xd7,0x49,0x4d,0x96,0xca,0xe9,0xef,0xe9,0xfd,0x7b,0xb0,0x32,0xe1,
+ 0x5c,0x09,0x44,0xa6,0xd8,0x2e,0x57,0xea,0x95,0x1b,0x25,0x43,0x03,0x50,0xe9,0x08,
+ 0x8f,0xc4,0x3b,0x42,0x31,0x44,0x8b,0x85,0xcf,0x81,0x38,0x52,0xbd,0xe6,0x93,0x31,
+ 0x02,0x81,0x80,0x18,0x3d,0x79,0x51,0x07,0x9c,0xf4,0xd9,0x94,0x8d,0x78,0x78,0x23,
+ 0x99,0x0d,0x15,0xa5,0x61,0x1b,0x0a,0xcb,0x1f,0x22,0xa1,0xa1,0x27,0x09,0xbf,0xec,
+ 0x44,0xd6,0x3f,0x9c,0x60,0x0c,0x5b,0xd7,0x4c,0x99,0xad,0xaf,0x9c,0x34,0x2c,0x90,
+ 0xfa,0xb0,0x60,0xe9,0x42,0x4b,0x7e,0x62,0x55,0x79,0x60,0xe1,0xc9,0x51,0x28,0x16,
+ 0xb3,0xa1,0x78,0x08,0x5d,0xf1,0xd8,0x08,0x9b,0x90,0xd2,0xc6,0xde,0x86,0x9d,0x80,
+ 0x07,0x2d,0x9b,0xa6,0x36,0xac,0x8d,0x88,0x8e,0xe8,0x64,0xeb,0x35,0x7f,0x84,0x4e,
+ 0x28,0x9d,0xf0,0x77,0x1e,0x8f,0x8f,0xd8,0xc8,0x3d,0xdd,0xec,0x47,0x39,0x5d,0xc7,
+ 0xb9,0xcb,0xca,0xcc,0x62,0xa4,0xef,0x9d,0x3c,0x5c,0x81,0x72,0x91,0xbd,0x6f,0x25,
+ 0x0a,0x90,0xf9,0x02,0x81,0x80,0x51,0x42,0x23,0x64,0x3d,0xbc,0xcb,0xcb,0x77,0xd4,
+ 0x5c,0x6b,0xf4,0x16,0x3a,0x6b,0x05,0x5f,0xd4,0xf8,0x59,0xe6,0x98,0x0c,0x43,0x7e,
+ 0x6b,0x17,0x0d,0x01,0x23,0x6e,0x4c,0xff,0x35,0xe4,0xc5,0xba,0xe8,0x9e,0x12,0x94,
+ 0x34,0x78,0xe4,0x3d,0x35,0xa1,0xd4,0xa9,0xa3,0x7e,0xe4,0x57,0xef,0xa4,0x9a,0x6a,
+ 0x32,0xb3,0x9f,0xf8,0x3a,0xcf,0xea,0xf4,0xc7,0x59,0x92,0xd4,0x2a,0x5b,0x26,0x83,
+ 0x78,0x30,0x5f,0xdf,0x46,0xa6,0xb0,0x28,0x37,0x2b,0x55,0x08,0x4c,0xb6,0x6b,0xb8,
+ 0xa9,0x11,0x7d,0x0b,0xab,0x97,0x4d,0x8c,0xc3,0xbf,0x3b,0xcd,0x3e,0xad,0x80,0xce,
+ 0xe8,0xc6,0x01,0x35,0xd2,0x3e,0x31,0xdc,0x96,0xd7,0xc3,0xab,0x65,0xd1,0xc4,0xa3,
+ 0x47,0x14,0xa9,0xba,0xd0,0x30,
+ ),
+};
+
+START_TEST(test_load)
+{
+ private_key_t *privkey;
+ public_key_t *pubkey;
+
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
+ ck_assert(privkey != NULL);
+ pubkey = privkey->get_public_key(privkey);
+ ck_assert(pubkey != NULL);
+
+ test_good_sig(privkey, pubkey);
+
+ test_bad_sigs(pubkey);
+
+ pubkey->destroy(pubkey);
+ privkey->destroy(privkey);
+}
+END_TEST
+
+Suite *rsa_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+ int gen_count = countof(key_sizes);
+
+ s = suite_create("rsa");
+
+ if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL)
+ {
+ gen_count = min(1, gen_count);
+ }
+
+ tc = tcase_create("generate");
+ tcase_add_loop_test(tc, test_gen, 0, gen_count);
+ tcase_set_timeout(tc, 8);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("load");
+ tcase_add_loop_test(tc, test_load, 0, countof(keys));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
new file mode 100644
index 0000000..0964651
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -0,0 +1,920 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+#include <utils/settings.h>
+#include <utils/chunk.h>
+#include <utils/utils.h>
+#include <collections/linked_list.h>
+
+static char *path = "/tmp/strongswan-settings-test";
+static settings_t *settings;
+
+static void create_settings(chunk_t contents)
+{
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ settings = settings_create(path);
+}
+
+START_SETUP(setup_base_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " # this gets overridden below\n"
+ " key2 = val2\n"
+ " none = \n"
+ " sub1 {\n"
+ " key = value\n"
+ " key2 = value2\n"
+ " subsub {\n"
+ " foo = bar\n"
+ " }\n"
+ " # subsub is a section and a value\n"
+ " subsub = section value\n"
+ " }\n"
+ " sub% {\n"
+ " id = %any\n"
+ " }\n"
+ " key2 = with spaces\n"
+ "}\n"
+ "out = side\n"
+ "other {\n"
+ " key1 = other val\n"
+ " empty {\n"
+ " }\n"
+ "}"));
+}
+END_SETUP
+
+START_TEARDOWN(teardown_config)
+{
+ settings->destroy(settings);
+ unlink(path);
+}
+END_TEARDOWN
+
+#define verify_string(expected, key, ...) \
+ ck_assert_str_eq(expected, settings->get_str(settings, key, NULL, ##__VA_ARGS__))
+#define verify_null(key, ...) \
+ ck_assert(!settings->get_str(settings, key, NULL, ##__VA_ARGS__))
+
+START_TEST(test_get_str)
+{
+ verify_string("val1", "main.key1");
+ verify_string("val1", "main..key1");
+ verify_string("val1", ".main.key1");
+ verify_string("with spaces", "main.key2");
+ verify_string("value", "main.sub1.key");
+ verify_string("value2", "main.sub1.key2");
+ verify_string("bar", "main.sub1.subsub.foo");
+ verify_string("section value", "main.sub1.subsub");
+ verify_string("%any", "main.sub%%.id");
+ verify_string("side", "out");
+ verify_string("other val", "other.key1");
+
+ /* FIXME: should this rather be undefined i.e. return the default value? */
+ verify_string("", "main.none");
+
+ verify_null("main.key3");
+ verify_null("other.sub");
+}
+END_TEST
+
+enum {
+ KEY1,
+ SUB1
+} settings_test_enum;
+
+enum_name_t *test_settings_test_names;
+
+ENUM_BEGIN(test_settings_test_names, KEY1, SUB1,
+ "key1", "sub1");
+ENUM_END(test_settings_test_names, SUB1);
+
+START_TEST(test_get_str_printf)
+{
+ verify_string("val1", "%s.key1", "main");
+ verify_string("val1", "%s.%s", "main", "key1");
+ verify_string("val1", "%s.%N", "main", test_settings_test_names, KEY1);
+ verify_string("val1", "%s.%s%d", "main", "key", 1);
+ verify_string("bar", "%s.sub1.%s.foo", "main", "subsub");
+ verify_string("bar", "%s.%N.%s.foo", "main", test_settings_test_names, SUB1, "subsub");
+ verify_string("bar", "%s.sub%d.%s.foo", "main", 1, "subsub");
+ verify_string("%any", "%s.sub%%.id", "main");
+
+ /* FIXME: this is a bit inconsistent, while this works */
+ verify_string("value2", "main.%s%u.key2", "sub", 1);
+ /* this won't because no argument is consumed for %u so key1 will be tried
+ * granted, we never actually used any other specifiers, but we should
+ * probably document it at least */
+ verify_null("main.%s%u.key%d", "sub", 1, 2);
+
+ verify_null("%s.%s%d", "main", "key", 3);
+}
+END_TEST
+
+START_TEST(test_set_str)
+{
+ settings->set_str(settings, "main.key1", "val");
+ verify_string("val", "main.key1");
+ settings->set_str(settings, "main.key1", "longer value");
+ verify_string("longer value", "main.key1");
+ settings->set_str(settings, "main", "main val");
+ verify_string("main val", "main");
+ settings->set_str(settings, "main.sub1.new", "added");
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.sub2.newsub.foo", "bar");
+ verify_string("bar", "main.sub2.newsub.foo");
+ settings->set_str(settings, "new.newsub.foo", "bar");
+ verify_string("bar", "new.newsub.foo");
+ settings->set_str(settings, "main.key1", NULL);
+ verify_null("main.key1");
+}
+END_TEST
+
+START_TEST(test_set_str_printf)
+{
+ settings->set_str(settings, "%s.key1", "val", "main");
+ verify_string("val", "main.key1");
+ settings->set_str(settings, "main.%N.new", "added", test_settings_test_names, SUB1);
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.%s%d.newsub.%s", "bar", "sub", 2, "foo");
+ verify_string("bar", "main.sub2.newsub.foo");
+}
+END_TEST
+
+START_TEST(test_set_default_str)
+{
+ settings->set_default_str(settings, "main.key1", "default");
+ verify_string("val1", "main.key1");
+ settings->set_default_str(settings, "main.sub1.new", "added");
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.sub1.new", "changed");
+ verify_string("changed", "main.sub1.new");
+}
+END_TEST
+
+START_SETUP(setup_bool_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = yes\n"
+ " key2 = true\n"
+ " key3 = Enabled\n"
+ " key4 = 1\n"
+ " key5 = no\n"
+ " key6 = FALSE\n"
+ " key7 = disabled\n"
+ " key8 = 0\n"
+ " key9 = 5\n"
+ " none = \n"
+ " foo = bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_bool(expected, def, key, ...) \
+ ck_assert(expected == settings->get_bool(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_bool)
+{
+ verify_bool(TRUE, FALSE, "main.key1");
+ verify_bool(TRUE, FALSE, "main.key2");
+ verify_bool(TRUE, FALSE, "main.key3");
+ verify_bool(TRUE, FALSE, "main.key4");
+ verify_bool(FALSE, TRUE, "main.key5");
+ verify_bool(FALSE, TRUE, "main.key6");
+ verify_bool(FALSE, TRUE, "main.key7");
+ verify_bool(FALSE, TRUE, "main.key8");
+
+ verify_bool(FALSE, FALSE, "main.none");
+ verify_bool(TRUE, TRUE, "main.none");
+ verify_bool(FALSE, FALSE, "main.foo");
+ verify_bool(TRUE, TRUE, "main.foo");
+
+ verify_bool(FALSE, FALSE, "main.key9");
+ verify_bool(TRUE, TRUE, "main.key9");
+ verify_bool(FALSE, FALSE, "main");
+ verify_bool(TRUE, TRUE, "main");
+
+}
+END_TEST
+
+START_TEST(test_set_bool)
+{
+ settings->set_str(settings, "main.key1", "no");
+ verify_bool(FALSE, TRUE, "main.key1");
+ settings->set_bool(settings, "main.key2", FALSE);
+ verify_bool(FALSE, TRUE, "main.key2");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_bool(FALSE, FALSE, "main.key3");
+ verify_bool(TRUE, TRUE, "main.key3");
+ settings->set_bool(settings, "main.key5", TRUE);
+ verify_bool(TRUE, FALSE, "main.key5");
+ settings->set_bool(settings, "main.new", TRUE);
+ verify_bool(TRUE, FALSE, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_int_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5\n"
+ " # gets cut off\n"
+ " key2 = 5.5\n"
+ " key3 = -42\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13\n"
+ " foo3 = 13bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_int(expected, def, key, ...) \
+ ck_assert_int_eq(expected, settings->get_int(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_int)
+{
+ verify_int(5, 0, "main.key1");
+ verify_int(5, 0, "main.key2");
+ verify_int(-42, 0, "main.key3");
+
+ /* FIXME: do we want this behavior? */
+ verify_int(0, 11, "main.none");
+ verify_int(0, 11, "main.foo1");
+ verify_int(0, 11, "main.foo2");
+ verify_int(13, 11, "main.foo3");
+
+ verify_int(13, 13, "main.key4");
+ verify_int(-13, -13, "main");
+}
+END_TEST
+
+START_TEST(test_set_int)
+{
+ settings->set_str(settings, "main.key1", "13");
+ verify_int(13, 0, "main.key1");
+ settings->set_int(settings, "main.key2", 6);
+ verify_int(6, 0, "main.key2");
+ settings->set_int(settings, "main.key3", -6);
+ verify_int(-6, 0, "main.key3");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_int(15, 15, "main.key3");
+ settings->set_int(settings, "main.new", 314);
+ verify_int(314, 0, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_double_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5\n"
+ " key2 = 5.5\n"
+ " key3 = -42\n"
+ " key4 = -42.5\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13.5\n"
+ " foo3 = 13.5bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_double(expected, def, key, ...) \
+ ck_assert(expected == settings->get_double(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_double)
+{
+ verify_double(5, 0, "main.key1");
+ verify_double(5.5, 0, "main.key2");
+ verify_double(-42, 0, "main.key3");
+ verify_double(-42.5, 0, "main.key4");
+
+ /* FIXME: do we want this behavior? */
+ verify_double(0, 11.5, "main.none");
+ verify_double(0, 11.5, "main.foo1");
+ verify_double(0, 11.5, "main.foo2");
+ verify_double(13.5, 11.5, "main.foo3");
+
+ verify_double(11.5, 11.5, "main.key5");
+ verify_double(-11.5, -11.5, "main");
+}
+END_TEST
+
+START_TEST(test_set_double)
+{
+ settings->set_str(settings, "main.key1", "5.5");
+ verify_double(5.5, 0, "main.key1");
+ settings->set_double(settings, "main.key2", 13);
+ verify_double(13, 0, "main.key2");
+ settings->set_double(settings, "main.key3", -13.5);
+ verify_double(-13.5, 0, "main.key3");
+ settings->set_double(settings, "main.key4", 11.5);
+ verify_double(11.5, 0, "main.key4");
+ settings->set_str(settings, "main.key4", NULL);
+ verify_double(42.5, 42.5, "main.key4");
+ settings->set_double(settings, "main.new", 3.14);
+ verify_double(3.14, 0, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_time_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5s\n"
+ " key2 = 5m\n"
+ " key3 = 5h\n"
+ " key4 = 5d\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13\n"
+ " foo3 = 13bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_time(expected, def, key, ...) \
+ ck_assert_int_eq(expected, settings->get_time(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_time)
+{
+ verify_time(5, 0, "main.key1");
+ verify_time(300, 0, "main.key2");
+ verify_time(18000, 0, "main.key3");
+ verify_time(432000, 0, "main.key4");
+
+ /* FIXME: do we want this behavior? */
+ verify_time(0, 11, "main.none");
+ verify_time(0, 11, "main.foo1");
+ verify_time(0, 11, "main.foo2");
+ verify_time(13, 11, "main.foo3");
+
+ verify_time(11, 11, "main.key5");
+ verify_time(11, 11, "main");
+}
+END_TEST
+
+START_TEST(test_set_time)
+{
+ settings->set_str(settings, "main.key1", "15m");
+ verify_time(900, 0, "main.key1");
+ settings->set_time(settings, "main.key2", 15);
+ verify_time(15, 0, "main.key2");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_time(300, 300, "main.key3");
+ settings->set_time(settings, "main.new", 314);
+ verify_time(314, 0, "main.new");
+}
+END_TEST
+
+static bool verify_section(linked_list_t *verifier, char *section)
+{
+ enumerator_t *enumerator;
+ char *current;
+ bool result = FALSE;
+
+ enumerator = verifier->create_enumerator(verifier);
+ while (enumerator->enumerate(enumerator, ¤t))
+ {
+ if (streq(current, section))
+ {
+ verifier->remove_at(verifier, enumerator);
+ result = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return result;
+}
+
+static void verify_sections(linked_list_t *verifier, char *parent)
+{
+ enumerator_t *enumerator;
+ char *section;
+
+ enumerator = settings->create_section_enumerator(settings, parent);
+ while (enumerator->enumerate(enumerator, §ion))
+ {
+ ck_assert(verify_section(verifier, section));
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(0, verifier->get_count(verifier));
+ verifier->destroy(verifier);
+}
+
+START_TEST(test_section_enumerator)
+{
+ linked_list_t *verifier;
+
+ verifier = linked_list_create_with_items("sub1", "sub%", NULL);
+ verify_sections(verifier, "main");
+
+ settings->set_str(settings, "main.sub2.new", "added");
+ verifier = linked_list_create_with_items("sub1", "sub%", "sub2", NULL);
+ verify_sections(verifier, "main");
+
+ verifier = linked_list_create_with_items("subsub", NULL);
+ verify_sections(verifier, "main.sub1");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.sub%%");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.key1");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.unknown");
+}
+END_TEST
+
+static bool verify_key_value(linked_list_t *keys, linked_list_t *values,
+ char *key, char *value)
+{
+ enumerator_t *enum_keys, *enum_values;
+ char *current_key, *current_value;
+ bool result = FALSE;
+
+ enum_keys = keys->create_enumerator(keys);
+ enum_values = values->create_enumerator(values);
+ while (enum_keys->enumerate(enum_keys, ¤t_key) &&
+ enum_values->enumerate(enum_values, ¤t_value))
+ {
+ if (streq(current_key, key))
+ {
+ ck_assert_str_eq(current_value, value);
+ keys->remove_at(keys, enum_keys);
+ values->remove_at(values, enum_values);
+ result = TRUE;
+ break;
+ }
+ }
+ enum_keys->destroy(enum_keys);
+ enum_values->destroy(enum_values);
+ return result;
+}
+
+static void verify_key_values(linked_list_t *keys, linked_list_t *values,
+ char *parent)
+{
+ enumerator_t *enumerator;
+ char *key, *value;
+
+ enumerator = settings->create_key_value_enumerator(settings, parent);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ ck_assert(verify_key_value(keys, values, key, value));
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(0, keys->get_count(keys));
+ keys->destroy(keys);
+ values->destroy(values);
+}
+
+START_TEST(test_key_value_enumerator)
+{
+ linked_list_t *keys, *values;
+
+ keys = linked_list_create_with_items("key1", "key2", "none", NULL);
+ values = linked_list_create_with_items("val1", "with spaces", "", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key", "key2", "subsub", NULL);
+ values = linked_list_create_with_items("value", "value2", "section value", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ settings->set_str(settings, "main.sub2.new", "added");
+ keys = linked_list_create_with_items("new", NULL);
+ values = linked_list_create_with_items("added", NULL);
+ verify_key_values(keys, values, "main.sub2");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "other.empty");
+
+ settings->set_str(settings, "other.empty.new", "added");
+ keys = linked_list_create_with_items("new", NULL);
+ values = linked_list_create_with_items("added", NULL);
+ verify_key_values(keys, values, "other.empty");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "main.unknown");
+}
+END_TEST
+
+#define include1 "/tmp/strongswan-settings-test-include1"
+#define include2 "/tmp/strongswan-settings-test-include2"
+
+START_SETUP(setup_include_config)
+{
+ chunk_t inc1 = chunk_from_str(
+ "main {\n"
+ " key1 = n1\n"
+ " key2 = n2\n"
+ " none = \n"
+ " sub1 {\n"
+ " key3 = value\n"
+ " }\n"
+ " sub2 {\n"
+ " sub3 = val3\n"
+ " }\n"
+ " include " include2 "\n"
+ "}");
+ chunk_t inc2 = chunk_from_str(
+ "key2 = v2\n"
+ "sub1 {\n"
+ " key = val\n"
+ "}");
+ ck_assert(chunk_write(inc1, include1, 0022, TRUE));
+ ck_assert(chunk_write(inc2, include2, 0022, TRUE));
+}
+END_SETUP
+
+START_TEARDOWN(teardown_include_config)
+{
+ settings->destroy(settings);
+ unlink(include2);
+ unlink(include1);
+ unlink(path);
+}
+END_TEARDOWN
+
+static void verify_include()
+{
+ verify_string("n1", "main.key1");
+ verify_string("v2", "main.key2");
+ verify_string("", "main.none");
+ verify_string("val", "main.sub1.key");
+ verify_string("v2", "main.sub1.key2");
+ verify_string("val", "main.sub1.sub1.key");
+ verify_string("value", "main.sub1.key3");
+ verify_string("value", "main.sub1.include");
+ verify_string("val3", "main.sub2.sub3");
+}
+
+START_TEST(test_include)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " include " include2 "\n"
+ " }\n"
+ "}\n"
+ "# currently there must be a newline after include statements\n"
+ "include " include1 "\n");
+
+ create_settings(contents);
+ verify_include();
+}
+END_TEST
+
+START_TEST(test_load_files)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = v2\n"
+ " sub1 {\n"
+ " key = val\n"
+ " }\n"
+ " }\n"
+ "}");
+
+ create_settings(contents);
+
+ ck_assert(settings->load_files(settings, include1, TRUE));
+ verify_include();
+
+ ck_assert(settings->load_files(settings, include2, FALSE));
+ verify_null("main.key1");
+ verify_string("v2", "key2");
+ verify_string("val", "sub1.key");
+ verify_null("main.sub1.key3");
+}
+END_TEST
+
+START_TEST(test_load_files_section)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " }\n"
+ "}");
+
+ create_settings(contents);
+
+ ck_assert(settings->load_files_section(settings, include1, TRUE, ""));
+ ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub1"));
+ verify_include();
+
+ /* non existing files are no failure */
+ ck_assert(settings->load_files_section(settings, include1".conf", TRUE, ""));
+ verify_include();
+
+ /* unreadable files are */
+ ck_assert(chunk_write(contents, include1".no", 0444, TRUE));
+ ck_assert(!settings->load_files_section(settings, include1".no", TRUE, ""));
+ unlink(include1".no");
+ verify_include();
+
+ ck_assert(settings->load_files_section(settings, include2, FALSE, "main"));
+ verify_null("main.key1");
+ verify_string("v2", "main.key2");
+ verify_string("val", "main.sub1.key");
+ verify_null("main.sub1.key3");
+ verify_null("main.sub2.sub3");
+
+ ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub2"));
+ verify_string("v2", "main.sub2.key2");
+ verify_string("val", "main.sub2.sub1.key");
+}
+END_TEST
+
+START_SETUP(setup_fallback_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " sub1 {\n"
+ " key1 = val1\n"
+ " }\n"
+ "}\n"
+ "sub {\n"
+ " key1 = subval1\n"
+ " key2 = subval2\n"
+ " subsub {\n"
+ " subkey1 = subsubval1\n"
+ " }\n"
+ "}\n"
+ "base {\n"
+ " key1 = baseval1\n"
+ " key2 = baseval2\n"
+ " sub1 {\n"
+ " key1 = subbase1\n"
+ " key2 = subbase2\n"
+ " key3 = subbase3\n"
+ " subsub {\n"
+ " subkey1 = subsubbaseval1\n"
+ " subkey2 = subsubbaseval2\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " key4 = subbase4\n"
+ " }\n"
+ "}"));
+}
+END_SETUP
+
+START_TEST(test_add_fallback)
+{
+ linked_list_t *keys, *values;
+
+ settings->add_fallback(settings, "main.sub1", "sub");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ /* fallbacks are preserved even if the complete config is replaced */
+ settings->load_files(settings, path, FALSE);
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ keys = linked_list_create_with_items("sub1", NULL);
+ verify_sections(keys, "main");
+ keys = linked_list_create_with_items("subsub", NULL);
+ verify_sections(keys, "main.sub1");
+
+ keys = linked_list_create_with_items("key1", NULL);
+ values = linked_list_create_with_items("val1", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key1", "key2", NULL);
+ values = linked_list_create_with_items("val1", "subval2", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ keys = linked_list_create_with_items("subkey1", NULL);
+ values = linked_list_create_with_items("subsubval1", NULL);
+ verify_key_values(keys, values, "main.sub1.subsub");
+
+ settings->add_fallback(settings, "main", "base");
+ verify_string("val1", "main.key1");
+ verify_string("baseval2", "main.key2");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+ verify_string("subsubbaseval2", "main.sub1.subsub.subkey2");
+ verify_string("subbase3", "main.sub1.key3");
+ verify_string("subbase4", "main.sub2.key4");
+
+
+ keys = linked_list_create_with_items("sub1", "sub2", NULL);
+ verify_sections(keys, "main");
+ keys = linked_list_create_with_items("subsub", NULL);
+ verify_sections(keys, "main.sub1");
+
+ keys = linked_list_create_with_items("key1", "key2", NULL);
+ values = linked_list_create_with_items("val1", "baseval2", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key1", "key2", "key3", NULL);
+ values = linked_list_create_with_items("val1", "subval2", "subbase3", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ keys = linked_list_create_with_items("subkey1", "subkey2", NULL);
+ values = linked_list_create_with_items("subsubval1", "subsubbaseval2", NULL);
+ verify_key_values(keys, values, "main.sub1.subsub");
+
+ settings->set_str(settings, "main.sub1.key2", "val2");
+ verify_string("val2", "main.sub1.key2");
+ settings->set_str(settings, "main.sub1.subsub.subkey2", "val2");
+ verify_string("val2", "main.sub1.subsub.subkey2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+}
+END_TEST
+
+START_TEST(test_add_fallback_printf)
+{
+ settings->add_fallback(settings, "%s.sub1", "sub", "main");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ settings->add_fallback(settings, "%s.%s2", "%s.%s1", "main", "sub");
+ verify_string("val1", "main.sub2.key1");
+ verify_string("subval2", "main.sub2.key2");
+ verify_string("subsubval1", "main.sub2.subsub.subkey1");
+}
+END_TEST
+
+START_SETUP(setup_invalid_config)
+{
+ create_settings(chunk_from_str(
+ "# section without name\n"
+ "{\n"
+ " key1 = val1\n"
+ "}\n"
+ "main {\n"
+ " key2 = val2\n"
+ " # value without key\n"
+ " = val3\n"
+ " key4 = val4\n"
+ " # key without value does not change it\n"
+ " key4\n"
+ " # subsection without name\n"
+ " {\n"
+ " key5 = val5\n"
+ " }\n"
+ " # empty include pattern\n"
+ " include\n"
+ " key6 = val6\n"
+ "}"));
+}
+END_SETUP
+
+START_TEST(test_invalid)
+{
+ linked_list_t *keys, *values;
+ chunk_t contents;
+
+ verify_null("key1");
+ verify_null(".key1");
+ verify_null("%s.key1", "");
+ verify_string("val2", "main.key2");
+ verify_string("val4", "main.key4");
+ verify_null("main..key5");
+ verify_string("val6", "main.key6");
+
+ keys = linked_list_create_with_items("main", NULL);
+ verify_sections(keys, "");
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "main");
+
+ keys = linked_list_create_with_items("key2", "key4", "key6", NULL);
+ values = linked_list_create_with_items("val2", "val4", "val6", NULL);
+ verify_key_values(keys, values, "main");
+
+ /* FIXME: we should probably fix this */
+ contents = chunk_from_str(
+ "requires = newline");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "unterminated {\n"
+ " not = valid\n");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "singleline { not = valid }\n");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+}
+END_TEST
+
+Suite *settings_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("settings");
+
+ tc = tcase_create("get/set_str (basic behavior)");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_get_str);
+ tcase_add_test(tc, test_get_str_printf);
+ tcase_add_test(tc, test_set_str);
+ tcase_add_test(tc, test_set_str_printf);
+ tcase_add_test(tc, test_set_default_str);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_bool");
+ tcase_add_checked_fixture(tc, setup_bool_config, teardown_config);
+ tcase_add_test(tc, test_get_bool);
+ tcase_add_test(tc, test_set_bool);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_int");
+ tcase_add_checked_fixture(tc, setup_int_config, teardown_config);
+ tcase_add_test(tc, test_get_int);
+ tcase_add_test(tc, test_set_int);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_double");
+ tcase_add_checked_fixture(tc, setup_double_config, teardown_config);
+ tcase_add_test(tc, test_get_double);
+ tcase_add_test(tc, test_set_double);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_time");
+ tcase_add_checked_fixture(tc, setup_time_config, teardown_config);
+ tcase_add_test(tc, test_get_time);
+ tcase_add_test(tc, test_set_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("section enumerator");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_section_enumerator);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("key/value enumerator");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_key_value_enumerator);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("include/load_files[_section]");
+ tcase_add_checked_fixture(tc, setup_include_config, teardown_include_config);
+ tcase_add_test(tc, test_include);
+ tcase_add_test(tc, test_load_files);
+ tcase_add_test(tc, test_load_files_section);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("fallback");
+ tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config);
+ tcase_add_test(tc, test_add_fallback);
+ tcase_add_test(tc, test_add_fallback_printf);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("invalid data");
+ tcase_add_checked_fixture(tc, setup_invalid_config, teardown_config);
+ tcase_add_test(tc, test_invalid);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c
new file mode 100644
index 0000000..2d3173d
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_stream.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+static char* services[] = {
+ "unix:///tmp/strongswan-test-service.sck",
+ "tcp://127.0.0.1:7766",
+ "tcp://[::1]:7766",
+};
+
+static char msg[] = "testmessage";
+static int msglen = 12;
+
+static bool servicing(void *data, stream_t *stream)
+{
+ char buf[64];
+ ssize_t len, total;
+
+ ck_assert(streq((char*)data, "test"));
+
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, buf, len, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+
+ return FALSE;
+}
+
+START_TEST(test_sync)
+{
+ char buf[64];
+ stream_service_t *service;
+ stream_t *stream;
+ ssize_t len, total;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 1);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, msg, msglen, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ ck_assert(streq(buf, msg));
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool on_write(void *data, stream_t *stream)
+{
+ ssize_t len, total;
+
+ ck_assert(streq((char*)data, "test-write"));
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, msg, msglen, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ return FALSE;
+}
+
+static bool read_done = FALSE;
+
+static bool on_read(void *data, stream_t *stream)
+{
+ ssize_t len, total;
+ char buf[64];
+
+ ck_assert(streq((char*)data, "test-read"));
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ ck_assert(streq(buf, msg));
+ read_done = TRUE;
+ return FALSE;
+}
+
+START_TEST(test_async)
+{
+ stream_service_t *service;
+ stream_t *stream;
+
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 0);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ read_done = FALSE;
+ stream->on_write(stream, (stream_cb_t)on_write, "test-write");
+ stream->on_read(stream, (stream_cb_t)on_read, "test-read");
+
+ while (!read_done)
+ {
+ usleep(1000);
+ }
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool all(void *data, stream_t *stream)
+{
+ char buf[64], *pos;
+ ssize_t len;
+ int i;
+
+ pos = buf;
+ for (i = 0; i < msglen; i++)
+ {
+ len = stream->read(stream, pos, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ pos += len;
+ }
+ pos = buf;
+ for (i = 0; i < msglen; i++)
+ {
+ len = stream->write(stream, pos, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ pos += len;
+ }
+
+ return FALSE;
+}
+
+START_TEST(test_all)
+{
+ char buf[64];
+ stream_service_t *service;
+ stream_t *stream;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, all, NULL, JOB_PRIO_HIGH, 1);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ ck_assert(stream->write_all(stream, msg, msglen));
+ ck_assert(stream->read_all(stream, buf, msglen));
+ ck_assert(streq(buf, msg));
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool concurrency(void *data, stream_t *stream)
+{
+ static refcount_t refs = 0;
+ u_int current;
+ ssize_t len;
+
+ current = ref_get(&refs);
+ ck_assert(current <= 3);
+ len = stream->write(stream, "x", 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ usleep(1000);
+ ignore_result(ref_put(&refs));
+
+ return FALSE;
+}
+
+START_TEST(test_concurrency)
+{
+ stream_service_t *service;
+ stream_t *streams[10];
+ ssize_t len;
+ char x;
+ int i;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 10);
+ ck_assert(service != NULL);
+ service->on_accept(service, concurrency, NULL, JOB_PRIO_HIGH, 3);
+
+ for (i = 0; i < countof(streams); i++)
+ {
+ streams[i] = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(streams[i] != NULL);
+ }
+ for (i = 0; i < countof(streams); i++)
+ {
+ len = streams[i]->read(streams[i], &x, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ ck_assert_int_eq(x, 'x');
+ }
+ for (i = 0; i < countof(streams); i++)
+ {
+ streams[i]->destroy(streams[i]);
+ }
+ service->destroy(service);
+}
+END_TEST
+
+Suite *stream_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("stream");
+
+ tc = tcase_create("sync");
+ tcase_add_loop_test(tc, test_sync, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("async");
+ tcase_add_loop_test(tc, test_async, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("all");
+ tcase_add_loop_test(tc, test_all, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("concurrency");
+ tcase_add_loop_test(tc, test_concurrency, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_test_rng.c b/src/libstrongswan/tests/suites/test_test_rng.c
new file mode 100644
index 0000000..9a983b6
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_test_rng.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/test_rng.h>
+#include <utils/test.h>
+
+START_TEST(test_test_rng)
+{
+ rng_t *entropy;
+ chunk_t in, in1, in2, out;
+
+ in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06);
+ in2 = chunk_from_chars(0x07, 0x08);
+ in = chunk_cat("cc", in1, in2);
+
+ entropy = test_rng_create(in);
+ ck_assert(entropy->allocate_bytes(entropy, 6, &out));
+ ck_assert(chunk_equals(in1, out));
+ ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
+ ck_assert(memeq(in2.ptr, out.ptr, in2.len));
+ ck_assert(!entropy->get_bytes(entropy, 4, out.ptr));
+ chunk_free(&out);
+ ck_assert(!entropy->allocate_bytes(entropy, 4, &out));
+ entropy->destroy(entropy);
+ chunk_free(&in);
+}
+END_TEST
+
+
+Suite *test_rng_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("test_rng");
+
+ tc = tcase_create("test_rng");
+ tcase_add_test(tc, test_test_rng);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c
new file mode 100644
index 0000000..844959e
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_threading.c
@@ -0,0 +1,1466 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <sched.h>
+#include <unistd.h>
+
+#include <threading/thread.h>
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <threading/rwlock.h>
+#include <threading/rwlock_condvar.h>
+#include <threading/spinlock.h>
+#include <threading/semaphore.h>
+#include <threading/thread_value.h>
+
+/*******************************************************************************
+ * recursive mutex test
+ */
+
+#define THREADS 20
+
+/**
+ * Thread barrier data
+ */
+typedef struct {
+ mutex_t *mutex;
+ condvar_t *cond;
+ int count;
+ int current;
+ bool active;
+} barrier_t;
+
+/**
+ * Create a thread barrier for count threads
+ */
+static barrier_t* barrier_create(int count)
+{
+ barrier_t *this;
+
+ INIT(this,
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .cond = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .count = count,
+ );
+
+ return this;
+}
+
+/**
+ * Destroy a thread barrier
+ */
+static void barrier_destroy(barrier_t *this)
+{
+ this->mutex->destroy(this->mutex);
+ this->cond->destroy(this->cond);
+ free(this);
+}
+
+/**
+ * Wait to have configured number of threads in barrier
+ */
+static bool barrier_wait(barrier_t *this)
+{
+ bool winner = FALSE;
+
+ this->mutex->lock(this->mutex);
+ if (!this->active)
+ { /* first, reset */
+ this->active = TRUE;
+ this->current = 0;
+ }
+
+ this->current++;
+ while (this->current < this->count)
+ {
+ this->cond->wait(this->cond, this->mutex);
+ }
+ if (this->active)
+ { /* first, win */
+ winner = TRUE;
+ this->active = FALSE;
+ }
+ this->mutex->unlock(this->mutex);
+ this->cond->broadcast(this->cond);
+ sched_yield();
+
+ return winner;
+}
+
+/**
+ * Barrier for some tests
+ */
+static barrier_t *barrier;
+
+/**
+ * A mutex for tests requiring one
+ */
+static mutex_t *mutex;
+
+/**
+ * A condvar for tests requiring one
+ */
+static condvar_t *condvar;
+
+/**
+ * A counter for signaling
+ */
+static int sigcount;
+
+static void *mutex_run(void *data)
+{
+ int locked = 0;
+ int i;
+
+ /* wait for all threads before getting in action */
+ barrier_wait(barrier);
+
+ for (i = 0; i < 100; i++)
+ {
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ locked++;
+ sched_yield();
+ if (locked > 1)
+ {
+ fail("two threads locked the mutex concurrently");
+ }
+ locked--;
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ }
+ return NULL;
+}
+
+START_TEST(test_mutex)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ barrier = barrier_create(THREADS);
+ mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
+
+ for (i = 0; i < 10; i++)
+ {
+ mutex->lock(mutex);
+ mutex->unlock(mutex);
+ }
+ for (i = 0; i < 10; i++)
+ {
+ mutex->lock(mutex);
+ }
+ for (i = 0; i < 10; i++)
+ {
+ mutex->unlock(mutex);
+ }
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(mutex_run, NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ barrier_destroy(barrier);
+}
+END_TEST
+
+/**
+ * Spinlock for testing
+ */
+static spinlock_t *spinlock;
+
+static void *spinlock_run(void *data)
+{
+ int i, *locked = (int*)data;
+
+ barrier_wait(barrier);
+
+ for (i = 0; i < 1000; i++)
+ {
+ spinlock->lock(spinlock);
+ (*locked)++;
+ ck_assert_int_eq(*locked, 1);
+ (*locked)--;
+ spinlock->unlock(spinlock);
+ }
+ return NULL;
+}
+
+START_TEST(test_spinlock)
+{
+ thread_t *threads[THREADS];
+ int i, locked = 0;
+
+ barrier = barrier_create(THREADS);
+ spinlock = spinlock_create();
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(spinlock_run, &locked);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ spinlock->destroy(spinlock);
+ barrier_destroy(barrier);
+}
+END_TEST
+
+static void *condvar_run(void *data)
+{
+ mutex->lock(mutex);
+ sigcount++;
+ condvar->signal(condvar);
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_run, NULL);
+ }
+
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_recursive_run(void *data)
+{
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ sigcount++;
+ condvar->signal(condvar);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar_recursive)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_recursive_run, NULL);
+ }
+
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_run_broad(void *data)
+{
+ mutex->lock(mutex);
+ while (sigcount < 0)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar_broad)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_run_broad, NULL);
+ }
+
+ sched_yield();
+
+ mutex->lock(mutex);
+ sigcount = 1;
+ condvar->broadcast(condvar);
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+START_TEST(test_condvar_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ if (condvar->timed_wait(condvar, mutex, diff.tv_usec / 1000))
+ {
+ break;
+ }
+ }
+ time_monotonic(&end);
+ mutex->unlock(mutex);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(condvar_run, NULL);
+
+ mutex->lock(mutex);
+ while (sigcount == 0)
+ {
+ ck_assert(!condvar->timed_wait(condvar, mutex, 1000));
+ }
+ mutex->unlock(mutex);
+
+ thread->join(thread);
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+START_TEST(test_condvar_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ if (condvar->timed_wait_abs(condvar, mutex, abso))
+ {
+ break;
+ }
+ }
+ time_monotonic(&end);
+ mutex->unlock(mutex);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(condvar_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ mutex->lock(mutex);
+ while (sigcount == 0)
+ {
+ ck_assert(!condvar->timed_wait_abs(condvar, mutex, abso));
+ }
+ mutex->unlock(mutex);
+
+ thread->join(thread);
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ mutex->lock(mutex);
+
+ sigcount++;
+ condvar->broadcast(condvar);
+
+ thread_cleanup_push((void*)mutex->unlock, mutex);
+ thread_cancelability(TRUE);
+ while (TRUE)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ thread_cleanup_pop(TRUE);
+
+ return NULL;
+}
+
+START_TEST(test_condvar_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_cancel_run, NULL);
+ }
+
+ /* wait for all threads */
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+/**
+ * RWlock for different tests
+ */
+static rwlock_t *rwlock;
+
+static void *rwlock_run(refcount_t *refs)
+{
+ rwlock->read_lock(rwlock);
+ ref_get(refs);
+ sched_yield();
+ ignore_result(ref_put(refs));
+ rwlock->unlock(rwlock);
+
+ if (rwlock->try_write_lock(rwlock))
+ {
+ ck_assert_int_eq(*refs, 0);
+ sched_yield();
+ rwlock->unlock(rwlock);
+ }
+
+ rwlock->write_lock(rwlock);
+ ck_assert_int_eq(*refs, 0);
+ sched_yield();
+ rwlock->unlock(rwlock);
+
+ rwlock->read_lock(rwlock);
+ rwlock->read_lock(rwlock);
+ ref_get(refs);
+ sched_yield();
+ ignore_result(ref_put(refs));
+ rwlock->unlock(rwlock);
+ rwlock->unlock(rwlock);
+
+ return NULL;
+}
+
+START_TEST(test_rwlock)
+{
+ thread_t *threads[THREADS];
+ refcount_t refs = 0;
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create((void*)rwlock_run, &refs);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+}
+END_TEST
+
+/**
+ * Rwlock condvar
+ */
+static rwlock_condvar_t *rwcond;
+
+static void *rwlock_condvar_run(void *data)
+{
+ rwlock->write_lock(rwlock);
+ sigcount++;
+ rwcond->signal(rwcond);
+ rwlock->unlock(rwlock);
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_run, NULL);
+ }
+
+ rwlock->write_lock(rwlock);
+ while (sigcount < THREADS)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+static void *rwlock_condvar_run_broad(void *data)
+{
+ rwlock->write_lock(rwlock);
+ while (sigcount < 0)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar_broad)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_run_broad, NULL);
+ }
+
+ sched_yield();
+
+ rwlock->write_lock(rwlock);
+ sigcount = 1;
+ rwcond->broadcast(rwcond);
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+START_TEST(test_rwlock_condvar_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ rwlock->write_lock(rwlock);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ if (rwcond->timed_wait(rwcond, rwlock, diff.tv_usec / 1000))
+ {
+ break;
+ }
+ }
+ rwlock->unlock(rwlock);
+ time_monotonic(&end);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(rwlock_condvar_run, NULL);
+
+ rwlock->write_lock(rwlock);
+ while (sigcount == 0)
+ {
+ ck_assert(!rwcond->timed_wait(rwcond, rwlock, 1000));
+ }
+ rwlock->unlock(rwlock);
+
+ thread->join(thread);
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+START_TEST(test_rwlock_condvar_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ rwlock->write_lock(rwlock);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ if (rwcond->timed_wait_abs(rwcond, rwlock, abso))
+ {
+ break;
+ }
+ }
+ rwlock->unlock(rwlock);
+ time_monotonic(&end);
+ ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(rwlock_condvar_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ rwlock->write_lock(rwlock);
+ while (sigcount == 0)
+ {
+ ck_assert(!rwcond->timed_wait_abs(rwcond, rwlock, abso));
+ }
+ rwlock->unlock(rwlock);
+
+ thread->join(thread);
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+static void *rwlock_condvar_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ rwlock->write_lock(rwlock);
+
+ sigcount++;
+ rwcond->broadcast(rwcond);
+
+ thread_cleanup_push((void*)rwlock->unlock, rwlock);
+ thread_cancelability(TRUE);
+ while (TRUE)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ thread_cleanup_pop(TRUE);
+
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_cancel_run, NULL);
+ }
+
+ /* wait for all threads */
+ rwlock->write_lock(rwlock);
+ while (sigcount < THREADS)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+/**
+ * Semaphore for different tests
+ */
+static semaphore_t *semaphore;
+
+static void *semaphore_run(void *data)
+{
+ semaphore->post(semaphore);
+ return NULL;
+}
+
+START_TEST(test_semaphore)
+{
+ thread_t *threads[THREADS];
+ int i, initial = 5;
+
+ semaphore = semaphore_create(initial);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(semaphore_run, NULL);
+ }
+ for (i = 0; i < THREADS + initial; i++)
+ {
+ semaphore->wait(semaphore);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+START_TEST(test_semaphore_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ semaphore = semaphore_create(0);
+
+ time_monotonic(&start);
+ ck_assert(semaphore->timed_wait(semaphore, diff.tv_usec / 1000));
+ time_monotonic(&end);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(semaphore_run, NULL);
+
+ ck_assert(!semaphore->timed_wait(semaphore, 1000));
+
+ thread->join(thread);
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+START_TEST(test_semaphore_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ semaphore = semaphore_create(0);
+
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ ck_assert(semaphore->timed_wait_abs(semaphore, abso));
+ time_monotonic(&end);
+ ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(semaphore_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ ck_assert(!semaphore->timed_wait_abs(semaphore, abso));
+
+ thread->join(thread);
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+static void *semaphore_cancel_run(void *data)
+{
+ refcount_t *ready = (refcount_t*)data;
+
+ thread_cancelability(FALSE);
+ ref_get(ready);
+
+ thread_cancelability(TRUE);
+ semaphore->wait(semaphore);
+
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_semaphore_cancel)
+{
+ thread_t *threads[THREADS];
+ refcount_t ready = 0;
+ int i;
+
+ semaphore = semaphore_create(0);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(semaphore_cancel_run, &ready);
+ }
+ while (ready < THREADS)
+ {
+ sched_yield();
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+static void *join_run(void *data)
+{
+ /* force some context switches */
+ sched_yield();
+ return (void*)((uintptr_t)data + THREADS);
+}
+
+START_TEST(test_join)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(join_run, (void*)(uintptr_t)i);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS);
+ }
+}
+END_TEST
+
+static void *exit_join_run(void *data)
+{
+ sched_yield();
+ thread_exit((void*)((uintptr_t)data + THREADS));
+ /* not reached */
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_join_exit)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(exit_join_run, (void*)(uintptr_t)i);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS);
+ }
+}
+END_TEST
+
+static void *detach_run(void *data)
+{
+ refcount_t *running = (refcount_t*)data;
+
+ ignore_result(ref_put(running));
+ return NULL;
+}
+
+START_TEST(test_detach)
+{
+ thread_t *threads[THREADS];
+ int i;
+ refcount_t running = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ref_get(&running);
+ threads[i] = thread_create(detach_run, &running);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->detach(threads[i]);
+ }
+ while (running > 0)
+ {
+ sched_yield();
+ }
+ /* no checks done here, but we check that thread state gets cleaned
+ * up with leak detective. */
+}
+END_TEST
+
+static void *detach_exit_run(void *data)
+{
+ refcount_t *running = (refcount_t*)data;
+
+ ignore_result(ref_put(running));
+ thread_exit(NULL);
+ /* not reached */
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_detach_exit)
+{
+ thread_t *threads[THREADS];
+ int i;
+ refcount_t running = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ref_get(&running);
+ threads[i] = thread_create(detach_exit_run, &running);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->detach(threads[i]);
+ }
+ while (running > 0)
+ {
+ sched_yield();
+ }
+ /* no checks done here, but we check that thread state gets cleaned
+ * up with leak detective. */
+}
+END_TEST
+
+static void *cancel_run(void *data)
+{
+ /* default cancellability should be TRUE, so don't change it */
+ while (TRUE)
+ {
+ sleep(10);
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(cancel_run, NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+}
+END_TEST
+
+static void *cancel_onoff_run(void *data)
+{
+ bool *cancellable = (bool*)data;
+
+ thread_cancelability(FALSE);
+ *cancellable = FALSE;
+
+ /* we should not get cancelled here */
+ usleep(50000);
+
+ *cancellable = TRUE;
+ thread_cancelability(TRUE);
+
+ /* but here */
+ while (TRUE)
+ {
+ sleep(10);
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel_onoff)
+{
+ thread_t *threads[THREADS];
+ bool cancellable[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ cancellable[i] = TRUE;
+ threads[i] = thread_create(cancel_onoff_run, &cancellable[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ /* wait until thread has cleared its cancellability */
+ while (cancellable[i])
+ {
+ sched_yield();
+ }
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert(cancellable[i]);
+ }
+}
+END_TEST
+
+static void *cancel_point_run(void *data)
+{
+ thread_cancelability(FALSE);
+ while (TRUE)
+ {
+ /* implicitly enables cancellability */
+ thread_cancellation_point();
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel_point)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(cancel_point_run, NULL);
+ }
+ sched_yield();
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+}
+END_TEST
+
+static void cleanup1(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 1);
+ (*value)++;
+}
+
+static void cleanup2(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 2);
+ (*value)++;
+}
+
+static void cleanup3(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 3);
+ (*value)++;
+}
+
+static void *cleanup_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+ return NULL;
+}
+
+START_TEST(test_cleanup)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_exit_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+ thread_exit(NULL);
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_cleanup_exit)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_exit_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+
+ thread_cancelability(TRUE);
+
+ while (TRUE)
+ {
+ sleep(1);
+ }
+ return NULL;
+}
+
+START_TEST(test_cleanup_cancel)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_cancel_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_pop_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_pop(FALSE);
+
+ thread_cleanup_pop(TRUE);
+ return NULL;
+}
+
+START_TEST(test_cleanup_pop)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_pop_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static thread_value_t *tls[10];
+
+static void *tls_run(void *data)
+{
+ uintptr_t value = (uintptr_t)data;
+ int i, j;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ ck_assert(tls[i]->get(tls[i]) == NULL);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], (void*)(value * i));
+ }
+ for (j = 0; j < 1000; j++)
+ {
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], (void*)(value * i));
+ ck_assert(tls[i]->get(tls[i]) == (void*)(value * i));
+ }
+ sched_yield();
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ ck_assert(tls[i]->get(tls[i]) == (void*)(value * i));
+ }
+ return (void*)(value + 1);
+}
+
+START_TEST(test_tls)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i] = thread_value_create(NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(tls_run, (void*)(uintptr_t)i);
+ }
+
+ ck_assert_int_eq((uintptr_t)tls_run((void*)(uintptr_t)(THREADS + 1)),
+ THREADS + 2);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + 1);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->destroy(tls[i]);
+ }
+}
+END_TEST
+
+static void tls_cleanup(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ (*value)--;
+}
+
+static void *tls_cleanup_run(void *data)
+{
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], data);
+ }
+ return NULL;
+}
+
+START_TEST(test_tls_cleanup)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS], main_value = countof(tls);
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i] = thread_value_create(tls_cleanup);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = countof(tls);
+ threads[i] = thread_create(tls_cleanup_run, &values[i]);
+ }
+
+ tls_cleanup_run(&main_value);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 0);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->destroy(tls[i]);
+ }
+ ck_assert_int_eq(main_value, 0);
+}
+END_TEST
+
+Suite *threading_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("threading");
+
+ tc = tcase_create("recursive mutex");
+ tcase_add_test(tc, test_mutex);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("spinlock");
+ tcase_add_test(tc, test_spinlock);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("condvar");
+ tcase_add_test(tc, test_condvar);
+ tcase_add_test(tc, test_condvar_recursive);
+ tcase_add_test(tc, test_condvar_broad);
+ tcase_add_test(tc, test_condvar_timed);
+ tcase_add_test(tc, test_condvar_timed_abs);
+ tcase_add_test(tc, test_condvar_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("rwlock");
+ tcase_add_test(tc, test_rwlock);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("rwlock condvar");
+ tcase_add_test(tc, test_rwlock_condvar);
+ tcase_add_test(tc, test_rwlock_condvar_broad);
+ tcase_add_test(tc, test_rwlock_condvar_timed);
+ tcase_add_test(tc, test_rwlock_condvar_timed_abs);
+ tcase_add_test(tc, test_rwlock_condvar_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("semaphore");
+ tcase_add_test(tc, test_semaphore);
+ tcase_add_test(tc, test_semaphore_timed);
+ tcase_add_test(tc, test_semaphore_timed_abs);
+ tcase_add_test(tc, test_semaphore_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread joining");
+ tcase_add_test(tc, test_join);
+ tcase_add_test(tc, test_join_exit);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread detaching");
+ tcase_add_test(tc, test_detach);
+ tcase_add_test(tc, test_detach_exit);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread cancellation");
+ tcase_add_test(tc, test_cancel);
+ tcase_add_test(tc, test_cancel_onoff);
+ tcase_add_test(tc, test_cancel_point);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread cleanup");
+ tcase_add_test(tc, test_cleanup);
+ tcase_add_test(tc, test_cleanup_exit);
+ tcase_add_test(tc, test_cleanup_cancel);
+ tcase_add_test(tc, test_cleanup_pop);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread local storage");
+ tcase_add_test(tc, test_tls);
+ tcase_add_test(tc, test_tls_cleanup);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
new file mode 100644
index 0000000..0260726
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -0,0 +1,743 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <library.h>
+#include <utils/utils.h>
+#include <ipsec/ipsec_types.h>
+
+#include <time.h>
+
+/*******************************************************************************
+ * object storage on lib
+ */
+
+START_TEST(test_objects)
+{
+ char *k1 = "key1", *k2 = "key2";
+ char *v1 = "val1", *val;
+
+ ck_assert(lib->get(lib, k1) == NULL);
+
+ ck_assert(lib->set(lib, k1, v1));
+ ck_assert(!lib->set(lib, k1, v1));
+
+ val = lib->get(lib, k1);
+ ck_assert(val != NULL);
+ ck_assert(streq(val, v1));
+
+ ck_assert(lib->set(lib, k1, NULL));
+ ck_assert(!lib->set(lib, k2, NULL));
+
+ ck_assert(lib->get(lib, k1) == NULL);
+}
+END_TEST
+
+/*******************************************************************************
+ * test return_... functions
+ */
+
+START_TEST(test_return_functions)
+{
+ ck_assert(return_null() == NULL);
+ ck_assert(return_null("asdf", 5, NULL, 1, "qwer") == NULL);
+
+ ck_assert(return_true() == TRUE);
+ ck_assert(return_true("asdf", 5, NULL, 1, "qwer") == TRUE);
+
+ ck_assert(return_false() == FALSE);
+ ck_assert(return_false("asdf", 5, NULL, 1, "qwer") == FALSE);
+
+ ck_assert(return_failed() == FAILED);
+ ck_assert(return_failed("asdf", 5, NULL, 1, "qwer") == FAILED);
+
+ ck_assert(return_success() == SUCCESS);
+ ck_assert(return_success("asdf", 5, NULL, 1, "qwer") == SUCCESS);
+
+ /* just make sure this works */
+ nop();
+ nop("asdf", 5, NULL, 1, "qwer");
+}
+END_TEST
+
+/*******************************************************************************
+ * timeval_add_ms
+ */
+
+START_TEST(test_timeval_add_ms)
+{
+ timeval_t tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+ timeval_add_ms(&tv, 0);
+ ck_assert_int_eq(tv.tv_sec, 0);
+ ck_assert_int_eq(tv.tv_usec, 0);
+
+ timeval_add_ms(&tv, 1);
+ ck_assert_int_eq(tv.tv_sec, 0);
+ ck_assert_int_eq(tv.tv_usec, 1000);
+
+ timeval_add_ms(&tv, 0);
+ ck_assert_int_eq(tv.tv_sec, 0);
+ ck_assert_int_eq(tv.tv_usec, 1000);
+
+ timeval_add_ms(&tv, 999);
+ ck_assert_int_eq(tv.tv_sec, 1);
+ ck_assert_int_eq(tv.tv_usec, 0);
+
+ timeval_add_ms(&tv, 0);
+ ck_assert_int_eq(tv.tv_sec, 1);
+ ck_assert_int_eq(tv.tv_usec, 0);
+
+ timeval_add_ms(&tv, 1000);
+ ck_assert_int_eq(tv.tv_sec, 2);
+ ck_assert_int_eq(tv.tv_usec, 0);
+
+ timeval_add_ms(&tv, 1500);
+ ck_assert_int_eq(tv.tv_sec, 3);
+ ck_assert_int_eq(tv.tv_usec, 500000);
+}
+END_TEST
+
+/*******************************************************************************
+ * htoun/untoh
+ */
+
+START_TEST(test_htoun)
+{
+ chunk_t net64, expected;
+ u_int16_t host16 = 513;
+ u_int32_t net16 = 0, host32 = 67305985;
+ u_int64_t net32 = 0, host64 = 578437695752307201ULL;
+
+ net64 = chunk_alloca(16);
+ memset(net64.ptr, 0, net64.len);
+
+ expected = chunk_from_chars(0x00, 0x02, 0x01, 0x00);
+ htoun16((char*)&net16 + 1, host16);
+ ck_assert(chunk_equals(expected, chunk_from_thing(net16)));
+
+ expected = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00);
+ htoun32((u_int16_t*)&net32 + 1, host32);
+ ck_assert(chunk_equals(expected, chunk_from_thing(net32)));
+
+ expected = chunk_from_chars(0x00, 0x00, 0x00, 0x00,
+ 0x08, 0x07, 0x06, 0x05,
+ 0x04, 0x03, 0x02, 0x01,
+ 0x00, 0x00, 0x00, 0x00);
+ htoun64((u_int32_t*)net64.ptr + 1, host64);
+ ck_assert(chunk_equals(expected, net64));
+}
+END_TEST
+
+START_TEST(test_untoh)
+{
+ chunk_t net;
+ u_int16_t host16;
+ u_int32_t host32;
+ u_int64_t host64;
+
+ net = chunk_from_chars(0x00, 0x02, 0x01, 0x00);
+ host16 = untoh16(net.ptr + 1);
+ ck_assert(host16 == 513);
+
+ net = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00);
+ host32 = untoh32(net.ptr + 2);
+ ck_assert(host32 == 67305985);
+
+ net = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05,
+ 0x04, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00);
+ host64 = untoh64(net.ptr + 4);
+ ck_assert(host64 == 578437695752307201ULL);
+}
+END_TEST
+
+/*******************************************************************************
+ * pad_len/round_up/down
+ */
+
+START_TEST(test_round)
+{
+ ck_assert_int_eq(pad_len(0, 4), 0);
+ ck_assert_int_eq(pad_len(1, 4), 3);
+ ck_assert_int_eq(pad_len(2, 4), 2);
+ ck_assert_int_eq(pad_len(3, 4), 1);
+ ck_assert_int_eq(pad_len(4, 4), 0);
+ ck_assert_int_eq(pad_len(5, 4), 3);
+
+ ck_assert_int_eq(round_up(0, 4), 0);
+ ck_assert_int_eq(round_up(1, 4), 4);
+ ck_assert_int_eq(round_up(2, 4), 4);
+ ck_assert_int_eq(round_up(3, 4), 4);
+ ck_assert_int_eq(round_up(4, 4), 4);
+ ck_assert_int_eq(round_up(5, 4), 8);
+
+ ck_assert_int_eq(round_down(0, 4), 0);
+ ck_assert_int_eq(round_down(1, 4), 0);
+ ck_assert_int_eq(round_down(2, 4), 0);
+ ck_assert_int_eq(round_down(3, 4), 0);
+ ck_assert_int_eq(round_down(4, 4), 4);
+ ck_assert_int_eq(round_down(5, 4), 4);
+}
+END_TEST
+
+/*******************************************************************************
+ * strpfx
+ */
+
+static struct {
+ char *str;
+ char *pfx;
+ bool prefix;
+ bool case_prefix;
+} strpfx_data[] = {
+ {"", "", TRUE, TRUE},
+ {"abc", "", TRUE, TRUE},
+ {"abc", "a", TRUE, TRUE},
+ {"abc", "ab", TRUE, TRUE},
+ {"abc", "abc", TRUE, TRUE},
+ {"abc", "abcd", FALSE, FALSE},
+ {"abc", "AB", FALSE, TRUE},
+ {"ABC", "ab", FALSE, TRUE},
+ {" abc", "abc", FALSE, FALSE},
+};
+
+START_TEST(test_strpfx)
+{
+ bool prefix;
+
+ prefix = strpfx(strpfx_data[_i].str, strpfx_data[_i].pfx);
+ ck_assert(prefix == strpfx_data[_i].prefix);
+ prefix = strcasepfx(strpfx_data[_i].str, strpfx_data[_i].pfx);
+ ck_assert(prefix == strpfx_data[_i].case_prefix);
+}
+END_TEST
+
+/*******************************************************************************
+ * memxor
+ */
+
+static void do_memxor(chunk_t a, chunk_t b, chunk_t exp)
+{
+ chunk_t dst;
+
+ dst = chunk_clonea(a);
+ dst.len = b.len;
+ memxor(dst.ptr, b.ptr, b.len);
+ ck_assert(chunk_equals(dst, exp));
+}
+
+START_TEST(test_memxor)
+{
+ chunk_t a, b, dst;
+ int i;
+
+ a = chunk_alloca(64);
+ memset(a.ptr, 0, a.len);
+ b = chunk_alloca(64);
+ for (i = 0; i < 64; i++)
+ {
+ b.ptr[i] = i;
+ b.len = i;
+ do_memxor(a, b, b);
+ }
+ b.len = 64;
+ do_memxor(a, b, b);
+
+ dst = chunk_clonea(a);
+ memxor(dst.ptr, b.ptr, b.len);
+ ck_assert(chunk_equals(dst, b));
+
+ memxor(dst.ptr, b.ptr, 0);
+ memxor(dst.ptr, b.ptr, 1);
+ memxor(dst.ptr + 1, b.ptr + 1, 1);
+ memxor(dst.ptr + 2, b.ptr + 2, b.len - 2);
+ ck_assert(chunk_equals(dst, a));
+}
+END_TEST
+
+START_TEST(test_memxor_aligned)
+{
+ u_int64_t a = 0, b = 0;
+ chunk_t ca, cb;
+ int i;
+
+ ca = chunk_from_thing(a);
+ cb = chunk_from_thing(b);
+
+ for (i = 0; i < 8; i++)
+ {
+ cb.ptr[i] = i + 1;
+ }
+
+ /* 64-bit aligned */
+ memxor(ca.ptr, cb.ptr, 8);
+ ck_assert(a == b);
+ /* 32-bit aligned source */
+ a = 0;
+ memxor(ca.ptr, cb.ptr + 4, 4);
+ ck_assert(chunk_equals(ca, chunk_from_chars(0x05, 0x06, 0x07, 0x08,
+ 0x00, 0x00, 0x00, 0x00)));
+ /* 16-bit aligned source */
+ a = 0;
+ memxor(ca.ptr, cb.ptr + 2, 6);
+ ck_assert(chunk_equals(ca, chunk_from_chars(0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x00, 0x00)));
+ /* 8-bit aligned source */
+ a = 0;
+ memxor(ca.ptr, cb.ptr + 1, 7);
+ ck_assert(chunk_equals(ca, chunk_from_chars(0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x00)));
+}
+END_TEST
+
+/*******************************************************************************
+ * memstr
+ */
+
+static struct {
+ char *haystack;
+ char *needle;
+ size_t n;
+ int offset;
+} memstr_data[] = {
+ {NULL, NULL, 0, -1},
+ {NULL, NULL, 3, -1},
+ {NULL, "abc", 0, -1},
+ {NULL, "abc", 3, -1},
+ {"", "", 0, -1},
+ {"abc", NULL, 3, -1},
+ {"abc", "", 3, -1},
+ {"abc", "abc", 3, 0},
+ {" abc", "abc", 4, 1},
+ {" abc", "abc", 3, -1},
+ {"abcabc", "abc", 6, 0},
+ {" abc ", "abc", 5, 1},
+};
+
+START_TEST(test_memstr)
+{
+ char *ret;
+
+ ret = memstr(memstr_data[_i].haystack, memstr_data[_i].needle, memstr_data[_i].n);
+ if (memstr_data[_i].offset >= 0)
+ {
+ ck_assert(ret == memstr_data[_i].haystack + memstr_data[_i].offset);
+ }
+ else
+ {
+ ck_assert(ret == NULL);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * utils_memrchr
+ */
+
+static struct {
+ char *s;
+ int c;
+ size_t n;
+ int offset;
+} memrchr_data[] = {
+ {NULL, 'f', 0, -1},
+ {NULL, 'f', 3, -1},
+ {"", 'f', 0, -1},
+ {"", '\0', 1, 0},
+ {"foo", '\0', 3, -1},
+ {"foo", '\0', 4, 3},
+ {"foo", 'f', 3, 0},
+ {"foo", 'o', 3, 2},
+ {"foo", 'o', 2, 1},
+ {"foo", 'o', 1, -1},
+ {"foo", 'o', 0, -1},
+ {"foo", 'x', 3, -1},
+};
+
+START_TEST(test_utils_memrchr)
+{
+ void *ret;
+
+ ret = utils_memrchr(memrchr_data[_i].s, memrchr_data[_i].c, memrchr_data[_i].n);
+ if (memrchr_data[_i].offset >= 0)
+ {
+ ck_assert(ret == memrchr_data[_i].s + memrchr_data[_i].offset);
+ }
+ else
+ {
+ ck_assert(ret == NULL);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * translate
+ */
+
+static struct {
+ char *in;
+ char *from;
+ char *to;
+ char *out;
+} translate_data[] = {
+ {NULL, "", "", NULL},
+ {"abc", "", "", "abc"},
+ {"abc", "", "x", "abc"},
+ {"abc", "x", "", "abc"},
+ {"abc", "abc", "xyz", "xyz"},
+ {"aabbcc", "abc", "xyz", "xxyyzz"},
+ {"abbaccb", "abc", "xyz", "xyyxzzy"},
+ {"abxyzc", "abc", "xyz", "xyxyzz"},
+ {"abcdef", "abc", "xyz", "xyzdef"},
+ {"aaa", "abc", "xyz", "xxx"},
+ {"abc", "aaa", "xyz", "xbc"},
+ {"abc", "abc", "xxx", "xxx"},
+};
+
+START_TEST(test_translate)
+{
+ char *str, *ret;
+
+ str = strdupnull(translate_data[_i].in);
+ ret = translate(str, translate_data[_i].from, translate_data[_i].to);
+ ck_assert(ret == str);
+ if (ret != translate_data[_i].out)
+ {
+ ck_assert_str_eq(str, translate_data[_i].out);
+ }
+ free(str);
+}
+END_TEST
+
+/*******************************************************************************
+ * strreplace
+ */
+
+static struct {
+ char *in;
+ char *out;
+ char *search;
+ char *replace;
+ bool allocated;
+} strreplace_data[] = {
+ /* invalid arguments */
+ {NULL, NULL, NULL, NULL, FALSE},
+ {"", "", NULL, NULL, FALSE},
+ {"", "", "", NULL, FALSE},
+ {"", "", NULL, "", FALSE},
+ {"", "", "", "", FALSE},
+ {"", "", "", "asdf", FALSE},
+ {"", "", "asdf", "", FALSE},
+ {"asdf", "asdf", NULL, NULL, FALSE},
+ {"asdf", "asdf", "", NULL, FALSE},
+ {"asdf", "asdf", NULL, "", FALSE},
+ {"asdf", "asdf", "", "", FALSE},
+ {"asdf", "asdf", "", "asdf", FALSE},
+ {"asdf", "asdf", "asdf", NULL, FALSE},
+ {"qwer", "qwer", "", "asdf", FALSE},
+ /* replacement shorter */
+ {"asdf", "", "asdf", "", TRUE},
+ {"asdfasdf", "", "asdf", "", TRUE},
+ {"asasdfdf", "asdf", "asdf", "", TRUE},
+ {"asdf", "df", "as", "", TRUE},
+ {"asdf", "as", "df", "", TRUE},
+ {"qwer", "qwer", "asdf", "", FALSE},
+ /* replacement same length */
+ {"a", "b", "a", "b", TRUE},
+ {"aaa", "bbb", "a", "b", TRUE},
+ {"aaa", "bbb", "aaa", "bbb", TRUE},
+ {"asdf", "asdf", "asdf", "asdf", TRUE},
+ {"qwer", "qwer", "asdf", "asdf", FALSE},
+ /* replacement longer */
+ {"asdf", "asdf", "", "asdf", FALSE},
+ {"asdf", "asdfasdf", "asdf", "asdfasdf", TRUE},
+ {"asdf", "asdfsdf", "a", "asdf", TRUE},
+ {"asdf", "asdasdf", "f", "asdf", TRUE},
+ {"aaa", "asdfasdfasdf", "a", "asdf", TRUE},
+ {"qwer", "qwer", "asdf", "asdfasdf", FALSE},
+ /* real examples */
+ {"http://x.org/no/spaces", "http://x.org/no/spaces", " ", "%20", FALSE},
+ {"http://x.org/end ", "http://x.org/end%20", " ", "%20", TRUE},
+ {" http://x.org/start", "%20http://x.org/start", " ", "%20", TRUE},
+ {" http://x.org/both ", "%20http://x.org/both%20", " ", "%20", TRUE},
+ {"http://x.org/ /slash", "http://x.org/%20/slash", " ", "%20", TRUE},
+ {"http://x.org/ /three", "http://x.org/%20%20%20/three", " ", "%20", TRUE},
+ {"http://x.org/ ", "http://x.org/%20%20%20%20%20%20", " ", "%20", TRUE},
+ {"http://x.org/%20/encoded", "http://x.org/%20/encoded", " ", "%20", FALSE},
+};
+
+START_TEST(test_strreplace)
+{
+ char *ret;
+
+ ret = strreplace(strreplace_data[_i].in, strreplace_data[_i].search,
+ strreplace_data[_i].replace);
+ if (ret && strreplace_data[_i].out)
+ {
+ ck_assert_str_eq(ret, strreplace_data[_i].out);
+ }
+ else
+ {
+ ck_assert(ret == strreplace_data[_i].out);
+ }
+ if (strreplace_data[_i].allocated)
+ {
+ ck_assert(ret != strreplace_data[_i].in);
+ free(ret);
+ }
+ else
+ {
+ ck_assert(ret == strreplace_data[_i].in);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * path_dirname/basename
+ */
+
+static struct {
+ char *path;
+ char *dir;
+ char *base;
+} path_data[] = {
+ {NULL, ".", "."},
+ {"", ".", "."},
+ {".", ".", "."},
+ {"..", ".", ".."},
+ {"/", "/", "/"},
+ {"//", "/", "/"},
+ {"foo", ".", "foo"},
+ {"f/", ".", "f"},
+ {"foo/", ".", "foo"},
+ {"foo//", ".", "foo"},
+ {"/f", "/", "f"},
+ {"/f/", "/", "f"},
+ {"/foo", "/", "foo"},
+ {"/foo/", "/", "foo"},
+ {"//foo/", "/", "foo"},
+ {"foo/bar", "foo", "bar"},
+ {"foo//bar", "foo", "bar"},
+ {"/foo/bar", "/foo", "bar"},
+ {"/foo/bar/", "/foo", "bar"},
+ {"/foo/bar/baz", "/foo/bar", "baz"},
+};
+
+START_TEST(test_path_dirname)
+{
+ char *dir;
+
+ dir = path_dirname(path_data[_i].path);
+ ck_assert_str_eq(path_data[_i].dir, dir);
+ free(dir);
+}
+END_TEST
+
+START_TEST(test_path_basename)
+{
+ char *base;
+
+ base = path_basename(path_data[_i].path);
+ ck_assert_str_eq(path_data[_i].base, base);
+ free(base);
+}
+END_TEST
+
+/*******************************************************************************
+ * time_printf_hook
+ */
+
+static struct {
+ time_t in;
+ bool utc;
+ char *out;
+} time_data[] = {
+ {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
+ {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
+ {1, FALSE, "Jan 01 01:00:01 1970"},
+ {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
+ {1341150196, FALSE, "Jul 01 15:43:16 2012"},
+ {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
+};
+
+START_TEST(test_time_printf_hook)
+{
+ char buf[32];
+ int len;
+
+ len = snprintf(buf, sizeof(buf), "%T", &time_data[_i].in, time_data[_i].utc);
+ ck_assert(len >= 0 && len < sizeof(buf));
+ ck_assert_str_eq(buf, time_data[_i].out);
+}
+END_TEST
+
+/*******************************************************************************
+ * time_delta_printf_hook
+ */
+
+static struct {
+ time_t a;
+ time_t b;
+ char *out;
+} time_delta_data[] = {
+ {0, 0, "0 seconds"},
+ {0, 1, "1 second"},
+ {0, -1, "1 second"},
+ {1, 0, "1 second"},
+ {0, 2, "2 seconds"},
+ {2, 0, "2 seconds"},
+ {0, 60, "60 seconds"},
+ {0, 120, "120 seconds"},
+ {0, 121, "2 minutes"},
+ {0, 3600, "60 minutes"},
+ {0, 7200, "120 minutes"},
+ {0, 7201, "2 hours"},
+ {0, 86400, "24 hours"},
+ {0, 172800, "48 hours"},
+ {0, 172801, "2 days"},
+ {172801, 86400, "24 hours"},
+};
+
+START_TEST(test_time_delta_printf_hook)
+{
+ char buf[16];
+ int len;
+
+ len = snprintf(buf, sizeof(buf), "%V", &time_delta_data[_i].a, &time_delta_data[_i].b);
+ ck_assert(len >= 0 && len < sizeof(buf));
+ ck_assert_str_eq(buf, time_delta_data[_i].out);
+}
+END_TEST
+
+/*******************************************************************************
+ * mark_from_string
+ */
+
+static struct {
+ char *s;
+ bool ok;
+ mark_t m;
+} mark_data[] = {
+ {NULL, FALSE, { 0 }},
+ {"", TRUE, { 0, 0xffffffff }},
+ {"/", TRUE, { 0, 0 }},
+ {"42", TRUE, { 42, 0xffffffff }},
+ {"0x42", TRUE, { 0x42, 0xffffffff }},
+ {"x", FALSE, { 0 }},
+ {"42/", TRUE, { 0, 0 }},
+ {"42/0", TRUE, { 0, 0 }},
+ {"42/x", FALSE, { 0 }},
+ {"42/42", TRUE, { 42, 42 }},
+ {"42/0xff", TRUE, { 42, 0xff }},
+ {"0x42/0xff", TRUE, { 0x42, 0xff }},
+ {"/0xff", TRUE, { 0, 0xff }},
+ {"/x", FALSE, { 0 }},
+ {"x/x", FALSE, { 0 }},
+ {"0xffffffff/0x0000ffff", TRUE, { 0x0000ffff, 0x0000ffff }},
+ {"0xffffffff/0xffffffff", TRUE, { 0xffffffff, 0xffffffff }},
+};
+
+START_TEST(test_mark_from_string)
+{
+ mark_t mark;
+
+ if (mark_from_string(mark_data[_i].s, &mark))
+ {
+ ck_assert_int_eq(mark.value, mark_data[_i].m.value);
+ ck_assert_int_eq(mark.mask, mark_data[_i].m.mask);
+ }
+ else
+ {
+ ck_assert(!mark_data[_i].ok);
+ }
+}
+END_TEST
+
+Suite *utils_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ /* force a timezone to match non-UTC conversions */
+ setenv("TZ", "Europe/Zurich", 1);
+ tzset();
+
+ s = suite_create("utils");
+
+ tc = tcase_create("objects");
+ tcase_add_test(tc, test_objects);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("return functions");
+ tcase_add_test(tc, test_return_functions);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("timeval_add_ms");
+ tcase_add_test(tc, test_timeval_add_ms);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("htoun,untoh");
+ tcase_add_test(tc, test_htoun);
+ tcase_add_test(tc, test_untoh);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("round");
+ tcase_add_test(tc, test_round);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("string helper");
+ tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("memxor");
+ tcase_add_test(tc, test_memxor);
+ tcase_add_test(tc, test_memxor_aligned);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("memstr");
+ tcase_add_loop_test(tc, test_memstr, 0, countof(memstr_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("utils_memrchr");
+ tcase_add_loop_test(tc, test_utils_memrchr, 0, countof(memrchr_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("translate");
+ tcase_add_loop_test(tc, test_translate, 0, countof(translate_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("strreplace");
+ tcase_add_loop_test(tc, test_strreplace, 0, countof(strreplace_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("path_dirname/basename");
+ tcase_add_loop_test(tc, test_path_dirname, 0, countof(path_data));
+ tcase_add_loop_test(tc, test_path_basename, 0, countof(path_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("printf_hooks");
+ tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data));
+ tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("mark_from_string");
+ tcase_add_loop_test(tc, test_mark_from_string, 0, countof(mark_data));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c
new file mode 100644
index 0000000..242ac9d
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_vectors.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+/*******************************************************************************
+ * Check if test vectors have been successful during transform registration
+ */
+
+START_TEST(test_vectors)
+{
+ u_int failed = lib->crypto->get_test_vector_failures(lib->crypto);
+ fail_if(failed > 0, "%u test vectors failed", failed);
+}
+END_TEST
+
+
+Suite *vectors_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("vectors");
+
+ tc = tcase_create("failures");
+ tcase_add_test(tc, test_vectors);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c
new file mode 100644
index 0000000..9415bea
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_watcher.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <library.h>
+
+#include <sched.h>
+#include <unistd.h>
+#include <errno.h>
+
+static char testbuf[1] = "";
+
+static bool readcb(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(*(int*)data, fd);
+ ck_assert_int_eq(event, WATCHER_READ);
+
+ if (recv(fd, testbuf, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_read)
+{
+ int fd[2];
+ char c;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1);
+
+ lib->watcher->add(lib->watcher, fd[0], WATCHER_READ, readcb, &fd[0]);
+
+ for (c = 'a'; c <= 'z'; c++)
+ {
+ ck_assert_int_eq(write(fd[1], &c, 1), 1);
+ while (testbuf[0] != c)
+ {
+ sched_yield();
+ }
+ }
+
+ lib->watcher->remove(lib->watcher, fd[0]);
+ close(fd[0]);
+ close(fd[1]);
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool writecb(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_WRITE);
+ if (send(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_write)
+{
+ int fd[2];
+ char in = 'x', out;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1);
+
+ lib->watcher->add(lib->watcher, fd[1], WATCHER_WRITE, writecb, &in);
+
+ ck_assert_int_eq(read(fd[0], &out, 1), 1);
+ ck_assert_int_eq(out, in);
+
+ lib->watcher->remove(lib->watcher, fd[1]);
+ close(fd[1]);
+ close(fd[0]);
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool multiread(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_READ);
+ if (recv(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_multiread)
+{
+ int fd[10][2], i;
+ char in, out[countof(fd)];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1);
+ lib->watcher->add(lib->watcher, fd[i][0],
+ WATCHER_READ, multiread, &out[i]);
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ for (in = 'a'; in <= 'z'; in++)
+ {
+ ck_assert_int_eq(write(fd[i][1], &in, 1), 1);
+ while (out[i] != in)
+ {
+ sched_yield();
+ }
+ }
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ lib->watcher->remove(lib->watcher, fd[i][0]);
+ close(fd[i][1]);
+ close(fd[i][0]);
+ }
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool multiwrite(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_WRITE);
+ if (send(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_multiwrite)
+{
+ int fd[10][2], i, j;
+ u_char out, in[countof(fd)];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1);
+ in[i] = i;
+ lib->watcher->add(lib->watcher, fd[i][1],
+ WATCHER_WRITE, multiwrite, &in[i]);
+ }
+
+ for (j = 0; j < 10; j++)
+ {
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert_int_eq(read(fd[i][0], &out, 1), 1);
+ ck_assert_int_eq(out, i);
+ }
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ lib->watcher->remove(lib->watcher, fd[i][1]);
+ close(fd[i][1]);
+ close(fd[i][0]);
+ }
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+Suite *watcher_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("watcher");
+
+ tc = tcase_create("read");
+ tcase_add_test(tc, test_read);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("write");
+ tcase_add_test(tc, test_write);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("multiread");
+ tcase_add_test(tc, test_multiread);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("multiwrite");
+ tcase_add_test(tc, test_multiwrite);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_array.c b/src/libstrongswan/tests/test_array.c
deleted file mode 100644
index 2220d5a..0000000
--- a/src/libstrongswan/tests/test_array.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
- * Copyright (C) 2013 Martin Willi
- * Copyright (C) 2013 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <collections/array.h>
-
-START_TEST(test_append_ptr)
-{
- array_t *array;
- uintptr_t x;
- int i;
-
- array = array_create(0, 0);
-
- for (i = 0; i < 4; i++)
- {
- ck_assert_int_eq(array_count(array), 0);
-
- array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)3);
- array_insert(array, ARRAY_TAIL, (void*)(uintptr_t)4);
- ck_assert_int_eq(array_count(array), 2);
-
- /* 3, 4 */
-
- array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)1);
- array_insert(array, 1, (void*)(uintptr_t)2);
- ck_assert_int_eq(array_count(array), 4);
-
- /* 1, 2, 3, 4 */
-
- array_insert(array, ARRAY_TAIL, (void*)(uintptr_t)5);
- array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)0);
- ck_assert_int_eq(array_count(array), 6);
-
- /* 0, 1, 2, 3, 4, 5 */
-
- ck_assert(array_remove(array, ARRAY_TAIL, &x));
- ck_assert_int_eq(x, 5);
- ck_assert(array_remove(array, 4, &x));
- ck_assert_int_eq(x, 4);
-
- if (i < 3)
- {
- array_compress(array);
- }
-
- /* 0, 1, 2, 3 */
-
- ck_assert(array_remove(array, 1, &x));
- ck_assert_int_eq(x, 1);
- ck_assert(array_remove(array, ARRAY_HEAD, &x));
- ck_assert_int_eq(x, 0);
-
- if (i < 2)
- {
- array_compress(array);
- }
-
- /* 2, 3 */
-
- ck_assert(array_remove(array, ARRAY_TAIL, &x));
- ck_assert_int_eq(x, 3);
- ck_assert(array_remove(array, ARRAY_TAIL, &x));
- ck_assert_int_eq(x, 2);
-
- if (i < 1)
- {
- array_compress(array);
- }
-
- ck_assert_int_eq(array_count(array), 0);
-
- ck_assert(array_remove(array, ARRAY_HEAD, NULL) == FALSE);
- ck_assert(array_remove(array, ARRAY_TAIL, NULL) == FALSE);
- }
-
- array_destroy(array);
-}
-END_TEST
-
-START_TEST(test_append_obj)
-{
- array_t *array;
- int i, x, y[6] = {0, 1, 2, 3, 4, 5};
-
- array = array_create(sizeof(y[0]), 0);
-
- for (i = 0; i < 4; i++)
- {
- ck_assert_int_eq(array_count(array), 0);
-
- array_insert(array, ARRAY_HEAD, &y[3]);
- array_insert(array, ARRAY_TAIL, &y[4]);
- ck_assert_int_eq(array_count(array), 2);;
-
- /* 3, 4 */
-
- array_insert(array, ARRAY_HEAD, &y[1]);
- array_insert(array, 1, &y[2]);
- ck_assert_int_eq(array_count(array), 4);
-
- /* 1, 2, 3, 4 */
-
- array_insert(array, ARRAY_TAIL, &y[5]);
- array_insert(array, ARRAY_HEAD, &y[0]);
- ck_assert_int_eq(array_count(array), 6);
-
- /* 0, 1, 2, 3, 4, 5 */
-
- ck_assert(array_remove(array, ARRAY_TAIL, &x));
- ck_assert_int_eq(x, 5);
- ck_assert(array_remove(array, 4, &x));
- ck_assert_int_eq(x, 4);
-
- if (i < 3)
- {
- array_compress(array);
- }
-
- /* 0, 1, 2, 3 */
-
- ck_assert(array_remove(array, ARRAY_HEAD, &x));
- ck_assert_int_eq(x, 0);
- ck_assert(array_remove(array, ARRAY_HEAD, &x));
- ck_assert_int_eq(x, 1);
-
- if (i < 2)
- {
- array_compress(array);
- }
-
- /* 2, 3 */
-
- ck_assert(array_remove(array, ARRAY_TAIL, &x));
- ck_assert_int_eq(x, 3);
- ck_assert(array_remove(array, ARRAY_HEAD, &x));
- ck_assert_int_eq(x, 2);
-
- if (i < 1)
- {
- array_compress(array);
- }
-
- ck_assert_int_eq(array_count(array), 0);
-
- ck_assert(array_remove(array, ARRAY_HEAD, NULL) == FALSE);
- ck_assert(array_remove(array, ARRAY_TAIL, NULL) == FALSE);
- }
-
- array_destroy(array);
-}
-END_TEST
-
-START_TEST(test_enumerate)
-{
- array_t *array;
- int i, *x, y[6] = {0, 1, 2, 3, 4, 5};
- enumerator_t *enumerator;
-
- array = array_create(sizeof(y[0]), 0);
-
- array_insert(array, ARRAY_TAIL, &y[0]);
- array_insert(array, ARRAY_TAIL, &y[1]);
- array_insert(array, ARRAY_TAIL, &y[2]);
- array_insert(array, ARRAY_TAIL, &y[3]);
- array_insert(array, ARRAY_TAIL, &y[4]);
- array_insert(array, ARRAY_TAIL, &y[5]);
-
- ck_assert_int_eq(array_count(array), 6);
-
- /* 0, 1, 2, 3, 4, 5 */
-
- i = 0;
- enumerator = array_create_enumerator(array);
- while (enumerator->enumerate(enumerator, &x))
- {
- ck_assert_int_eq(*x, y[i]);
- i++;
- }
- enumerator->destroy(enumerator);
- ck_assert_int_eq(i, 6);
-
- i = 0;
- enumerator = array_create_enumerator(array);
- while (enumerator->enumerate(enumerator, &x))
- {
- ck_assert_int_eq(*x, y[i]);
- if (i == 0 || i == 3 || i == 5)
- {
- array_remove_at(array, enumerator);
- }
- i++;
- }
- enumerator->destroy(enumerator);
- ck_assert_int_eq(i, 6);
- ck_assert_int_eq(array_count(array), 3);
-
- /* 1, 2, 4 */
-
- i = 0;
- enumerator = array_create_enumerator(array);
- while (enumerator->enumerate(enumerator, &x))
- {
- switch (i++)
- {
- case 0:
- ck_assert_int_eq(*x, y[1]);
- break;
- case 1:
- ck_assert_int_eq(*x, y[2]);
- break;
- case 2:
- ck_assert_int_eq(*x, y[4]);
- break;
- default:
- ck_assert(0);
- }
- }
- enumerator->destroy(enumerator);
-
- array_compress(array);
-
- i = 0;
- enumerator = array_create_enumerator(array);
- while (enumerator->enumerate(enumerator, &x))
- {
- switch (i++)
- {
- case 0:
- ck_assert_int_eq(*x, y[1]);
- break;
- case 1:
- ck_assert_int_eq(*x, y[2]);
- break;
- case 2:
- ck_assert_int_eq(*x, y[4]);
- break;
- default:
- ck_assert(0);
- }
- }
- enumerator->destroy(enumerator);
-
- array_destroy(array);
-}
-END_TEST
-
-static void invoke(void *data, int idx, void *user)
-{
- int *y = user, *x = data;
-
- ck_assert(idx < 3);
-
- ck_assert_int_eq(y[idx], *x);
- y[idx] = 0;
-}
-
-START_TEST(test_invoke)
-{
- array_t *array;
- int y[] = {1, 2, 3};
-
- array = array_create(sizeof(y[0]), 0);
-
- array_insert(array, ARRAY_TAIL, &y[0]);
- array_insert(array, ARRAY_TAIL, &y[1]);
- array_insert(array, ARRAY_TAIL, &y[2]);
-
- array_invoke(array, invoke, y);
-
- ck_assert_int_eq(y[0], 0);
- ck_assert_int_eq(y[0], 0);
- ck_assert_int_eq(y[0], 0);
-
- array_destroy(array);
-}
-END_TEST
-
-typedef struct obj_t obj_t;
-
-struct obj_t {
- void (*fun)(obj_t *obj);
- int x;
- int *counter;
-};
-
-static void fun(obj_t *obj)
-{
- ck_assert(obj->x == (*obj->counter)++);
-}
-
-START_TEST(test_invoke_offset)
-{
- array_t *array;
- obj_t objs[5];
- int i, counter = 0;
-
- array = array_create(0, 0);
-
- for (i = 0; i < countof(objs); i++)
- {
- objs[i].x = i;
- objs[i].counter = &counter;
- objs[i].fun = fun;
-
- array_insert(array, ARRAY_TAIL, &objs[i]);
- }
-
- ck_assert_int_eq(countof(objs), array_count(array));
-
- array_invoke_offset(array, offsetof(obj_t, fun));
-
- ck_assert_int_eq(counter, countof(objs));
-
- array_destroy(array);
-}
-END_TEST
-
-Suite *array_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("array");
-
- tc = tcase_create("add/remove ptr");
- tcase_add_test(tc, test_append_ptr);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("add/remove obj");
- tcase_add_test(tc, test_append_obj);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("enumerate");
- tcase_add_test(tc, test_enumerate);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("invoke");
- tcase_add_test(tc, test_invoke);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("invoke offset");
- tcase_add_test(tc, test_invoke_offset);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_bio_reader.c b/src/libstrongswan/tests/test_bio_reader.c
deleted file mode 100644
index 45b20db..0000000
--- a/src/libstrongswan/tests/test_bio_reader.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bio/bio_reader.h>
-
-/*******************************************************************************
- * different integer reads
- */
-
-#define assert_integer_read(data, bits, val) ({ \
- bio_reader_t *reader = bio_reader_create(data); \
- typeof(val) i; \
- for (i = 0; reader->remaining(reader) >= (bits / 8); i++) \
- { \
- ck_assert(reader->read_uint##bits(reader, &val)); \
- ck_assert_int_eq(i, val); \
- } \
- ck_assert_int_eq(i, data.len / (bits / 8)); \
- ck_assert_int_eq(reader->remaining(reader), data.len % (bits / 8)); \
- ck_assert(!reader->read_uint##bits(reader, &val)); \
- reader->destroy(reader); \
-})
-
-#define assert_integer_read_uneven(data, bits, val) ({ \
- int i; \
- for (i = 0; i <= bits / 8; i++, data.len++) \
- { \
- assert_integer_read(data, bits, val); \
- } \
-})
-
-#define assert_basic_read(bits, val) ({ \
- chunk_t data; \
- data = chunk_empty; \
- assert_integer_read(data, bits, val); \
- data = chunk_alloca(bits / 8); \
- memset(data.ptr, 0, data.len); \
- data.len = 0; \
- assert_integer_read_uneven(data, bits, val); \
-})
-
-#define assert_extended_read(data, bits, val) ({ \
- chunk_t extended = chunk_alloca(data.len + bits / 8); \
- memset(extended.ptr, 0, extended.len); \
- extended.ptr[extended.len - 1] = data.len / (bits / 8); \
- memcpy(extended.ptr, data.ptr, data.len); \
- extended.len = data.len; \
- assert_integer_read_uneven(extended, bits, val); \
-})
-
-START_TEST(test_read_uint8)
-{
- chunk_t data = chunk_from_chars(0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07);
- u_int8_t val;
-
- assert_integer_read(data, 8, val);
- assert_basic_read(8, val);
- assert_extended_read(data, 8, val);
-}
-END_TEST
-
-START_TEST(test_read_uint16)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03);
- u_int16_t val;
-
- assert_integer_read(data, 16, val);
- assert_basic_read(16, val);
- assert_extended_read(data, 16, val);
-}
-END_TEST
-
-START_TEST(test_read_uint24)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03);
- u_int32_t val;
-
- assert_integer_read(data, 24, val);
- assert_basic_read(24, val);
- assert_extended_read(data, 24, val);
-}
-END_TEST
-
-START_TEST(test_read_uint32)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03);
- u_int32_t val;
-
- assert_integer_read(data, 32, val);
- assert_basic_read(32, val);
- assert_extended_read(data, 32, val);
-}
-END_TEST
-
-START_TEST(test_read_uint64)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03);
- u_int64_t val;
-
- assert_integer_read(data, 64, val);
- assert_basic_read(64, val);
- assert_extended_read(data, 64, val);
-}
-END_TEST
-
-/*******************************************************************************
- * different integer reads from the end of a buffer
- */
-
-#define assert_integer_read_end(data, bits, val) ({ \
- bio_reader_t *reader = bio_reader_create(data); \
- typeof(val) i; \
- for (i = 0; reader->remaining(reader) >= (bits / 8); i++) \
- { \
- ck_assert(reader->read_uint##bits##_end(reader, &val)); \
- ck_assert_int_eq(i, val); \
- } \
- ck_assert_int_eq(i, data.len / (bits / 8)); \
- ck_assert_int_eq(reader->remaining(reader), data.len % (bits / 8)); \
- ck_assert(!reader->read_uint##bits##_end(reader, &val)); \
- reader->destroy(reader); \
-})
-
-#define assert_integer_read_end_uneven(data, bits, val) ({ \
- int i; \
- data.ptr += bits / 8; \
- for (i = 0; i <= bits / 8; i++, data.ptr--, data.len++) \
- { \
- assert_integer_read_end(data, bits, val); \
- } \
-})
-
-#define assert_basic_read_end(bits, val) ({ \
- chunk_t data; \
- data = chunk_empty; \
- assert_integer_read_end(data, bits, val); \
- data = chunk_alloca(bits / 8); \
- memset(data.ptr, 0, data.len); \
- data.len = 0; \
- assert_integer_read_end_uneven(data, bits, val); \
-})
-
-#define assert_extended_read_end(data, bits, val) ({ \
- chunk_t extended = chunk_alloca(data.len + bits / 8); \
- memset(extended.ptr, 0, extended.len); \
- extended.ptr[bits / 8 - 1] = data.len / (bits / 8); \
- memcpy(extended.ptr + bits / 8, data.ptr, data.len); \
- extended.len = data.len; \
- assert_integer_read_end_uneven(extended, bits, val); \
-})
-
-START_TEST(test_read_uint8_end)
-{
- chunk_t data = chunk_from_chars(0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00);
- u_int8_t val;
-
- assert_integer_read_end(data, 8, val);
- assert_basic_read_end(8, val);
- assert_extended_read_end(data, 8, val);
-}
-END_TEST
-
-START_TEST(test_read_uint16_end)
-{
- chunk_t data = chunk_from_chars(0x00, 0x03, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00);
- u_int16_t val;
-
- assert_integer_read_end(data, 16, val);
- assert_basic_read_end(16, val);
- assert_extended_read_end(data, 16, val);
-}
-END_TEST
-
-START_TEST(test_read_uint24_end)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);
- u_int32_t val;
-
- assert_integer_read_end(data, 24, val);
- assert_basic_read_end(24, val);
- assert_extended_read_end(data, 24, val);
-}
-END_TEST
-
-START_TEST(test_read_uint32_end)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00);
- u_int32_t val;
-
- assert_integer_read_end(data, 32, val);
- assert_basic_read_end(32, val);
- assert_extended_read_end(data, 32, val);
-}
-END_TEST
-
-START_TEST(test_read_uint64_end)
-{
- chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
- u_int64_t val;
-
- assert_integer_read_end(data, 64, val);
- assert_basic_read_end(64, val);
- assert_extended_read_end(data, 64, val);
-}
-END_TEST
-
-/*******************************************************************************
- * read data
- */
-
-static inline void assert_reader_after_read(bio_reader_t *reader, chunk_t data)
-{
- chunk_t peek;
-
- ck_assert_int_eq(reader->remaining(reader), data.len);
- peek = reader->peek(reader);
- ck_assert_int_eq(reader->remaining(reader), data.len);
- ck_assert(peek.ptr == data.ptr);
- data.ptr != NULL ? ck_assert(chunk_equals(peek, data))
- : ck_assert(peek.ptr == NULL);
-}
-
-START_TEST(test_read_data)
-{
- chunk_t read, data = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
- bio_reader_t *reader;
-
- reader = bio_reader_create(chunk_empty);
- ck_assert_int_eq(reader->remaining(reader), 0);
- ck_assert(reader->read_data(reader, 0, &read));
- ck_assert(!reader->read_data(reader, 1, &read));
- reader->destroy(reader);
-
- reader = bio_reader_create(data);
- ck_assert(reader->read_data(reader, 0, &read));
- ck_assert_int_eq(read.len, 0);
- ck_assert(read.ptr == data.ptr);
- assert_reader_after_read(reader, data);
-
- ck_assert(reader->read_data(reader, 1, &read));
- ck_assert_int_eq(read.len, 1);
- ck_assert(read.ptr == data.ptr);
- assert_reader_after_read(reader, chunk_skip(data, 1));
-
- ck_assert(reader->read_data(reader, 2, &read));
- ck_assert_int_eq(read.len, 2);
- ck_assert(read.ptr == data.ptr + 1);
- assert_reader_after_read(reader, chunk_skip(data, 3));
-
- ck_assert(!reader->read_data(reader, 2, &read));
- ck_assert(reader->read_data(reader, 1, &read));
- ck_assert_int_eq(read.len, 1);
- ck_assert(read.ptr == data.ptr + 3);
- assert_reader_after_read(reader, chunk_skip(data, 4));
-
- ck_assert_int_eq(reader->remaining(reader), 0);
- ck_assert(reader->read_data(reader, 0, &read));
- ck_assert(!reader->read_data(reader, 1, &read));
- reader->destroy(reader);
-}
-END_TEST
-
-START_TEST(test_read_data_end)
-{
- chunk_t read, data = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
- bio_reader_t *reader;
-
- reader = bio_reader_create(chunk_empty);
- ck_assert_int_eq(reader->remaining(reader), 0);
- ck_assert(reader->read_data_end(reader, 0, &read));
- ck_assert(!reader->read_data_end(reader, 1, &read));
- reader->destroy(reader);
-
- reader = bio_reader_create(data);
- ck_assert(reader->read_data_end(reader, 0, &read));
- ck_assert_int_eq(read.len, 0);
- ck_assert(read.ptr == data.ptr + data.len);
- assert_reader_after_read(reader, data);
-
- ck_assert(reader->read_data_end(reader, 1, &read));
- ck_assert_int_eq(read.len, 1);
- data.len--;
- ck_assert(read.ptr == data.ptr + data.len);
- assert_reader_after_read(reader, data);
-
- ck_assert(reader->read_data_end(reader, 2, &read));
- ck_assert_int_eq(read.len, 2);
- data.len -= 2;
- ck_assert(read.ptr == data.ptr + data.len);
- assert_reader_after_read(reader, data);
-
- ck_assert(!reader->read_data(reader, 2, &read));
- ck_assert(reader->read_data(reader, 1, &read));
- ck_assert_int_eq(read.len, 1);
- ck_assert(read.ptr == data.ptr);
- assert_reader_after_read(reader, chunk_empty);
-
- ck_assert_int_eq(reader->remaining(reader), 0);
- ck_assert(reader->read_data(reader, 0, &read));
- ck_assert(!reader->read_data(reader, 1, &read));
- reader->destroy(reader);
-}
-END_TEST
-
-/*******************************************************************************
- * read length followed by data
- */
-
-#define assert_read_data_len(bits) ({ \
- bio_reader_t *reader; \
- chunk_t read, data; \
- int i, len = bits / 8; \
- data = chunk_empty; \
- reader = bio_reader_create(data); \
- ck_assert(!reader->read_data##bits(reader, &read)); \
- reader->destroy(reader); \
- data = chunk_alloca(len + 8); \
- memset(data.ptr, 0, data.len); \
- for (i = 0; i <= 8; i++) \
- { \
- data.ptr[len - 1] = i; \
- data.len = len + i; \
- reader = bio_reader_create(data); \
- ck_assert(reader->read_data##bits(reader, &read)); \
- ck_assert_int_eq(reader->remaining(reader), 0); \
- ck_assert_int_eq(read.len, i); \
- ck_assert((!read.ptr && !read.len) || (read.ptr == data.ptr + len)); \
- reader->destroy(reader); \
- } \
- data.ptr[len - 1] = i; \
- reader = bio_reader_create(data); \
- ck_assert(!reader->read_data##bits(reader, &read)); \
- reader->destroy(reader); \
-})
-
-START_TEST(test_read_data8)
-{
- assert_read_data_len(8);
-}
-END_TEST
-
-START_TEST(test_read_data16)
-{
- assert_read_data_len(16);
-}
-END_TEST
-
-START_TEST(test_read_data24)
-{
- assert_read_data_len(24);
-}
-END_TEST
-
-START_TEST(test_read_data32)
-{
- assert_read_data_len(32);
-}
-END_TEST
-
-/*******************************************************************************
- * test constructors
- */
-
-START_TEST(test_create)
-{
- chunk_t data = chunk_from_str("foobar");
- bio_reader_t *reader;
-
- data = chunk_clone(data);
- reader = bio_reader_create(data);
- reader->destroy(reader);
- chunk_free(&data);
-}
-END_TEST
-
-START_TEST(test_create_own)
-{
- chunk_t data = chunk_from_str("foobar");
- bio_reader_t *reader;
-
- data = chunk_clone(data);
- reader = bio_reader_create_own(data);
- reader->destroy(reader);
-}
-END_TEST
-
-Suite *bio_reader_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bio_reader");
-
- tc = tcase_create("integer reads");
- tcase_add_test(tc, test_read_uint8);
- tcase_add_test(tc, test_read_uint16);
- tcase_add_test(tc, test_read_uint24);
- tcase_add_test(tc, test_read_uint32);
- tcase_add_test(tc, test_read_uint64);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("integer reads from end");
- tcase_add_test(tc, test_read_uint8_end);
- tcase_add_test(tc, test_read_uint16_end);
- tcase_add_test(tc, test_read_uint24_end);
- tcase_add_test(tc, test_read_uint32_end);
- tcase_add_test(tc, test_read_uint64_end);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("data reads and peek");
- tcase_add_test(tc, test_read_data);
- tcase_add_test(tc, test_read_data_end);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("data length reads");
- tcase_add_test(tc, test_read_data8);
- tcase_add_test(tc, test_read_data16);
- tcase_add_test(tc, test_read_data24);
- tcase_add_test(tc, test_read_data32);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("constructors");
- tcase_add_test(tc, test_create);
- tcase_add_test(tc, test_create_own);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_bio_writer.c b/src/libstrongswan/tests/test_bio_writer.c
deleted file mode 100644
index 665cd2d..0000000
--- a/src/libstrongswan/tests/test_bio_writer.c
+++ /dev/null
@@ -1,392 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bio/bio_writer.h>
-
-/*******************************************************************************
- * different integer writes
- */
-
-static inline void verify_int_buffer(chunk_t data, int bits, int val)
-{
- size_t i;
- int len = bits / 8;
-
- ck_assert_int_eq(data.len, (val + 1) * len);
- for (i = 0; i < data.len; i++)
- {
- if ((i + 1) % len)
- {
- ck_assert_int_eq(data.ptr[i], 0);
- }
- else
- {
- ck_assert_int_eq(data.ptr[i], i / len);
- }
- }
-}
-
-#define assert_integer_write(init, bits) ({ \
- int i; \
- bio_writer_t *writer = bio_writer_create(init); \
- for (i = 0; i < 16; i++) \
- { \
- writer->write_uint##bits(writer, i); \
- verify_int_buffer(writer->get_buf(writer), bits, i); \
- } \
- writer->destroy(writer); \
-})
-
-START_TEST(test_write_uint8)
-{
- /* use default buffer (and increase) size */
- assert_integer_write(0, 8);
- /* force a resize by the given size */
- assert_integer_write(1, 8);
-}
-END_TEST
-
-START_TEST(test_write_uint16)
-{
- assert_integer_write(0, 16);
- assert_integer_write(1, 16);
-}
-END_TEST
-
-START_TEST(test_write_uint24)
-{
- assert_integer_write(0, 24);
- assert_integer_write(1, 24);
-}
-END_TEST
-
-START_TEST(test_write_uint32)
-{
- assert_integer_write(0, 32);
- assert_integer_write(1, 32);
-}
-END_TEST
-
-START_TEST(test_write_uint64)
-{
- assert_integer_write(0, 64);
- assert_integer_write(1, 64);
-}
-END_TEST
-
-/*******************************************************************************
- * write data / skip
- */
-
-static inline void assert_writer_after_write(bio_writer_t *writer, int count)
-{
- chunk_t buf;
- size_t i;
-
- buf = writer->get_buf(writer);
- ck_assert_int_eq(buf.len, count * 3);
- for (i = 0; i < buf.len; i++)
- {
- ck_assert(buf.ptr[i] == i % 3);
- }
-}
-
-START_TEST(test_write_data)
-{
- chunk_t buf, data = chunk_from_chars(0x00, 0x01, 0x02);
- bio_writer_t *writer;
-
- /* no allocation, but default buffer size */
- writer = bio_writer_create(0);
- buf = writer->get_buf(writer);
- ck_assert_int_eq(buf.len, 0);
- ck_assert(buf.ptr == NULL);
-
- writer->write_data(writer, chunk_empty);
- buf = writer->get_buf(writer);
- ck_assert_int_eq(buf.len, 0);
- ck_assert(buf.ptr == NULL);
- writer->destroy(writer);
-
- /* custom buffer size, initial buffer allocated */
- writer = bio_writer_create(1);
- buf = writer->get_buf(writer);
- ck_assert_int_eq(buf.len, 0);
- ck_assert(buf.ptr != NULL);
-
- writer->write_data(writer, chunk_empty);
- buf = writer->get_buf(writer);
- ck_assert_int_eq(buf.len, 0);
- ck_assert(buf.ptr != NULL);
- writer->destroy(writer);
-
- writer = bio_writer_create(0);
-
- writer->write_data(writer, data);
- assert_writer_after_write(writer, 1);
-
- writer->write_data(writer, data);
- assert_writer_after_write(writer, 2);
-
- writer->write_data(writer, data);
- assert_writer_after_write(writer, 3);
-
- writer->destroy(writer);
-}
-END_TEST
-
-START_TEST(test_skip)
-{
- chunk_t skipped, buf, data = chunk_from_chars(0x00, 0x01, 0x02);
- bio_writer_t *writer;
-
- writer = bio_writer_create(4);
- skipped = writer->skip(writer, 3);
- ck_assert_int_eq(skipped.len, 3);
- buf = writer->get_buf(writer);
- ck_assert(skipped.ptr == buf.ptr);
- memset(skipped.ptr, 0, skipped.len);
-
- writer->write_data(writer, data);
- buf = writer->get_buf(writer);
- ck_assert(chunk_equals(buf, chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x01, 0x02)));
- writer->destroy(writer);
-
- writer = bio_writer_create(1);
- skipped = writer->skip(writer, 3);
- memcpy(skipped.ptr, data.ptr, data.len);
-
- writer->write_data(writer, data);
- assert_writer_after_write(writer, 2);
- writer->destroy(writer);
-}
-END_TEST
-
-/*******************************************************************************
- * write length followed by data
- */
-
-#define assert_write_data_len(init, bits) ({ \
- bio_writer_t *writer; \
- chunk_t buf, data; \
- int i, len = bits / 8; \
- writer = bio_writer_create(init); \
- writer->write_data##bits(writer, chunk_empty); \
- buf = writer->get_buf(writer); \
- ck_assert_int_eq(buf.len, len); \
- ck_assert_int_eq(buf.ptr[len - 1], 0); \
- writer->destroy(writer); \
- data = chunk_alloca(32); \
- memset(data.ptr, 0, data.len); \
- for (i = 0; i < 32; i++) \
- { \
- data.ptr[i] = i; \
- data.len = i; \
- writer = bio_writer_create(init); \
- writer->write_data##bits(writer, data); \
- buf = writer->get_buf(writer); \
- ck_assert_int_eq(buf.len, len + i); \
- ck_assert_int_eq(buf.ptr[len - 1], i); \
- ck_assert(chunk_equals(chunk_create(buf.ptr + len, buf.len - len), data)); \
- writer->destroy(writer); \
- } \
-})
-
-START_TEST(test_write_data8)
-{
- assert_write_data_len(0, 8);
- assert_write_data_len(1, 8);
-}
-END_TEST
-
-START_TEST(test_write_data16)
-{
- assert_write_data_len(0, 16);
- assert_write_data_len(1, 16);
-}
-END_TEST
-
-START_TEST(test_write_data24)
-{
- assert_write_data_len(0, 24);
- assert_write_data_len(1, 24);
-}
-END_TEST
-
-START_TEST(test_write_data32)
-{
- assert_write_data_len(0, 32);
- assert_write_data_len(1, 32);
-}
-END_TEST
-
-
-/*******************************************************************************
- * add length header before current data
- */
-
-#define assert_wrap_data(init, bits) ({ \
- bio_writer_t *writer; \
- chunk_t buf, data; \
- int i, len = bits / 8; \
- writer = bio_writer_create(init); \
- writer->wrap##bits(writer); \
- buf = writer->get_buf(writer); \
- ck_assert_int_eq(buf.len, len); \
- ck_assert_int_eq(buf.ptr[len - 1], 0); \
- writer->destroy(writer); \
- data = chunk_alloca(32); \
- memset(data.ptr, 0, data.len); \
- for (i = 0; i < 32; i++) \
- { \
- data.ptr[i] = i; \
- data.len = i; \
- writer = bio_writer_create(init); \
- writer->write_data(writer, data); \
- writer->wrap##bits(writer); \
- buf = writer->get_buf(writer); \
- ck_assert_int_eq(buf.len, len + i); \
- ck_assert_int_eq(buf.ptr[len - 1], i); \
- ck_assert(chunk_equals(chunk_create(buf.ptr + len, buf.len - len), data)); \
- writer->wrap##bits(writer); \
- buf = writer->get_buf(writer); \
- ck_assert_int_eq(buf.len, 2 * len + i); \
- ck_assert_int_eq(buf.ptr[len - 1], len + i); \
- ck_assert(chunk_equals(chunk_create(buf.ptr + 2 * len, buf.len - 2 * len), data)); \
- writer->destroy(writer); \
- } \
-})
-
-START_TEST(test_wrap8)
-{
- assert_wrap_data(0, 8);
- assert_wrap_data(1, 8);
-}
-END_TEST
-
-START_TEST(test_wrap16)
-{
- assert_wrap_data(0, 16);
- assert_wrap_data(1, 16);
-}
-END_TEST
-
-START_TEST(test_wrap24)
-{
- assert_wrap_data(0, 24);
- assert_wrap_data(1, 24);
-}
-END_TEST
-
-START_TEST(test_wrap32)
-{
- assert_wrap_data(0, 32);
- assert_wrap_data(1, 32);
-}
-END_TEST
-
-/*******************************************************************************
- * test data extraction
- */
-
-START_TEST(test_get_buf)
-{
- bio_writer_t *writer;
- chunk_t data1, data2;
-
- writer = bio_writer_create(0);
- writer->write_uint8(writer, 1);
- data1 = writer->get_buf(writer);
- ck_assert_int_eq(data1.len, 1);
- ck_assert(data1.ptr[0] == 1);
-
- data2 = writer->get_buf(writer);
- ck_assert(chunk_equals(data1, data2));
- ck_assert(data1.ptr == data2.ptr);
- writer->destroy(writer);
-}
-END_TEST
-
-START_TEST(test_extract_buf)
-{
- bio_writer_t *writer;
- chunk_t data1, data2;
-
- writer = bio_writer_create(0);
- writer->write_uint8(writer, 1);
- data1 = writer->extract_buf(writer);
- ck_assert_int_eq(data1.len, 1);
- ck_assert(data1.ptr[0] == 1);
-
- data2 = writer->get_buf(writer);
- ck_assert_int_eq(data2.len, 0);
- ck_assert(data2.ptr == NULL);
- data2 = writer->extract_buf(writer);
- ck_assert_int_eq(data2.len, 0);
- ck_assert(data2.ptr == NULL);
-
- writer->write_uint8(writer, 1);
- data2 = writer->get_buf(writer);
- ck_assert(chunk_equals(data1, data2));
- ck_assert(data1.ptr != data2.ptr);
-
- writer->destroy(writer);
- chunk_free(&data1);
-}
-END_TEST
-
-Suite *bio_writer_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bio_writer");
-
- tc = tcase_create("integer writes");
- tcase_add_test(tc, test_write_uint8);
- tcase_add_test(tc, test_write_uint16);
- tcase_add_test(tc, test_write_uint24);
- tcase_add_test(tc, test_write_uint32);
- tcase_add_test(tc, test_write_uint64);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("data writes/skip");
- tcase_add_test(tc, test_write_data);
- tcase_add_test(tc, test_skip);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("data length writes");
- tcase_add_test(tc, test_write_data8);
- tcase_add_test(tc, test_write_data16);
- tcase_add_test(tc, test_write_data24);
- tcase_add_test(tc, test_write_data32);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("wrap writes");
- tcase_add_test(tc, test_wrap8);
- tcase_add_test(tc, test_wrap16);
- tcase_add_test(tc, test_wrap24);
- tcase_add_test(tc, test_wrap32);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("get/extract");
- tcase_add_test(tc, test_get_buf);
- tcase_add_test(tc, test_extract_buf);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_chunk.c b/src/libstrongswan/tests/test_chunk.c
deleted file mode 100644
index 8e29971..0000000
--- a/src/libstrongswan/tests/test_chunk.c
+++ /dev/null
@@ -1,876 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#include "test_suite.h"
-
-#include <utils/chunk.h>
-
-/*******************************************************************************
- * utilities
- */
-
-static void assert_chunk_empty(chunk_t chunk)
-{
- ck_assert(chunk.len == 0 && chunk.ptr == NULL);
-}
-
-/*******************************************************************************
- * equals
- */
-
-START_TEST(test_chunk_equals)
-{
- chunk_t chunk = chunk_from_str("chunk");
- chunk_t chunk_a, chunk_b;
-
- chunk_a = chunk_empty;
- chunk_b = chunk_empty;
- ck_assert(!chunk_equals(chunk_a, chunk_b));
-
- chunk_a = chunk;
- ck_assert(!chunk_equals(chunk_a, chunk_b));
- chunk_b = chunk;
- ck_assert(chunk_equals(chunk_a, chunk_b));
-
- chunk_b = chunk_from_str("asdf");
- ck_assert(!chunk_equals(chunk_a, chunk_b));
-
- chunk_b = chunk_from_str("chunk");
- ck_assert(chunk_equals(chunk_a, chunk_b));
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_compare test
- */
-
-static struct {
- int result;
- chunk_t a;
- chunk_t b;
-} compare_data[] = {
- { 0, { NULL, 0 }, { NULL, 0 }},
- { 0, chunk_from_chars(0x00), chunk_from_chars(0x00)},
- {-1, chunk_from_chars(0x00), chunk_from_chars(0x01)},
- { 1, chunk_from_chars(0x01), chunk_from_chars(0x00)},
- { 0, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x00)},
- {-1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x01)},
- { 1, chunk_from_chars(0x00, 0x01), chunk_from_chars(0x00, 0x00)},
- {-1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x01, 0x00)},
- { 1, chunk_from_chars(0x01, 0x00), chunk_from_chars(0x00, 0x00)},
- {-1, chunk_from_chars(0xff), chunk_from_chars(0x00, 0x00)},
- { 1, chunk_from_chars(0x00, 0x00), chunk_from_chars(0xff)},
-};
-
-START_TEST(test_compare)
-{
- int result, expected;
-
- result = chunk_compare(compare_data[_i].a, compare_data[_i].b);
- expected = compare_data[_i].result;
- ck_assert((result == 0 && expected == 0) ||
- (result < 0 && expected < 0) ||
- (result > 0 && expected > 0));
-}
-END_TEST
-
-/*******************************************************************************
- * clear
- */
-
-START_TEST(test_chunk_clear)
-{
- chunk_t chunk;
- u_char *ptr;
- int i;
- bool cleared = TRUE;
-
- chunk = chunk_empty;
- chunk_clear(&chunk);
- chunk_free(&chunk);
-
- chunk = chunk_alloc(64);
- ptr = chunk.ptr;
- for (i = 0; i < 64; i++)
- {
- chunk.ptr[i] = i;
- }
- chunk_clear(&chunk);
- /* check memory area of freed chunk. We can't use ck_assert() for this
- * test directly, as it might allocate data at the freed area. */
- for (i = 0; i < 64; i++)
- {
- if (ptr[i] != 0 && ptr[i] == i)
- {
- cleared = FALSE;
- break;
- }
- }
- assert_chunk_empty(chunk);
- ck_assert(cleared);
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_length
- */
-
-START_TEST(test_chunk_length)
-{
- chunk_t a, b, c;
- size_t len;
-
- a = chunk_empty;
- b = chunk_empty;
- c = chunk_empty;
- len = chunk_length("ccc", a, b, c);
- ck_assert_int_eq(len, 0);
-
- a = chunk_from_str("foo");
- b = chunk_from_str("bar");
- len = chunk_length("ccc", a, b, c);
- ck_assert_int_eq(len, 6);
-
- len = chunk_length("zcc", a, b, c);
- ck_assert_int_eq(len, 0);
-
- len = chunk_length("czc", a, b, c);
- ck_assert_int_eq(len, 3);
-
- a = chunk_from_str("foo");
- b = chunk_from_str("bar");
- c = chunk_from_str("baz");
- len = chunk_length("ccc", a, b, c);
- ck_assert_int_eq(len, 9);
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_create_cat
- */
-
-START_TEST(test_chunk_create_cat)
-{
- chunk_t foo, bar;
- chunk_t a, b, c;
- u_char *ptra, *ptrb;
-
- foo = chunk_from_str("foo");
- bar = chunk_from_str("bar");
-
- /* to simplify things we use the chunk_cata macro */
-
- a = chunk_empty;
- b = chunk_empty;
- c = chunk_cata("cc", a, b);
- ck_assert_int_eq(c.len, 0);
- ck_assert(c.ptr != NULL);
-
- a = foo;
- b = bar;
- c = chunk_cata("cc", a, b);
- ck_assert_int_eq(c.len, 6);
- ck_assert(chunk_equals(c, chunk_from_str("foobar")));
-
- a = chunk_clone(foo);
- b = chunk_clone(bar);
- c = chunk_cata("mm", a, b);
- ck_assert_int_eq(c.len, 6);
- ck_assert(chunk_equals(c, chunk_from_str("foobar")));
-
- a = chunk_clone(foo);
- b = chunk_clone(bar);
- ptra = a.ptr;
- ptrb = b.ptr;
- c = chunk_cata("ss", a, b);
- ck_assert_int_eq(c.len, 6);
- ck_assert(chunk_equals(c, chunk_from_str("foobar")));
- /* check memory area of cleared chunk */
- ck_assert(!chunk_equals(foo, chunk_create(ptra, 3)));
- ck_assert(!chunk_equals(bar, chunk_create(ptrb, 3)));
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_split
- */
-
-static bool mem_in_chunk(u_char *ptr, chunk_t chunk)
-{
- return ptr >= chunk.ptr && ptr < (chunk.ptr + chunk.len);
-}
-
-START_TEST(test_chunk_split)
-{
- chunk_t foo, bar, foobar;
- chunk_t a, b, c;
- u_char *ptra, *ptrb;
-
- foo = chunk_from_str("foo");
- bar = chunk_from_str("bar");
- foobar = chunk_from_str("foobar");
-
- chunk_split(foobar, "aa", 3, &a, 3, &b);
- ck_assert(chunk_equals(a, foo));
- ck_assert(chunk_equals(b, bar));
- ck_assert(!mem_in_chunk(a.ptr, foobar));
- ck_assert(!mem_in_chunk(b.ptr, foobar));
- chunk_free(&a);
- chunk_free(&b);
-
- chunk_split(foobar, "mm", 3, &a, 3, &b);
- ck_assert(chunk_equals(a, foo));
- ck_assert(chunk_equals(b, bar));
- ck_assert(mem_in_chunk(a.ptr, foobar));
- ck_assert(mem_in_chunk(b.ptr, foobar));
-
- chunk_split(foobar, "am", 3, &a, 3, &b);
- ck_assert(chunk_equals(a, foo));
- ck_assert(chunk_equals(b, bar));
- ck_assert(!mem_in_chunk(a.ptr, foobar));
- ck_assert(mem_in_chunk(b.ptr, foobar));
- chunk_free(&a);
-
- a = chunk_alloca(3);
- ptra = a.ptr;
- b = chunk_alloca(3);
- ptrb = b.ptr;
- chunk_split(foobar, "cc", 3, &a, 3, &b);
- ck_assert(chunk_equals(a, foo));
- ck_assert(chunk_equals(b, bar));
- ck_assert(a.ptr == ptra);
- ck_assert(b.ptr == ptrb);
-
- chunk_split(foobar, "mm", 1, NULL, 2, &a, 2, NULL, 1, &b);
- ck_assert(chunk_equals(a, chunk_from_str("oo")));
- ck_assert(chunk_equals(b, chunk_from_str("r")));
-
- chunk_split(foobar, "mm", 6, &a, 6, &b);
- ck_assert(chunk_equals(a, foobar));
- assert_chunk_empty(b);
-
- chunk_split(foobar, "mac", 12, &a, 12, &b, 12, &c);
- ck_assert(chunk_equals(a, foobar));
- assert_chunk_empty(b);
- assert_chunk_empty(c);
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_skip[_zero]
- */
-
-START_TEST(test_chunk_skip)
-{
- chunk_t foobar, a;
-
- foobar = chunk_from_str("foobar");
- a = foobar;
- a = chunk_skip(a, 0);
- ck_assert(chunk_equals(a, foobar));
- a = chunk_skip(a, 1);
- ck_assert(chunk_equals(a, chunk_from_str("oobar")));
- a = chunk_skip(a, 2);
- ck_assert(chunk_equals(a, chunk_from_str("bar")));
- a = chunk_skip(a, 3);
- assert_chunk_empty(a);
-
- a = foobar;
- a = chunk_skip(a, 6);
- assert_chunk_empty(a);
-
- a = foobar;
- a = chunk_skip(a, 10);
- assert_chunk_empty(a);
-}
-END_TEST
-
-START_TEST(test_chunk_skip_zero)
-{
- chunk_t foobar, a;
-
- a = chunk_empty;
- a = chunk_skip_zero(a);
- assert_chunk_empty(a);
-
- foobar = chunk_from_str("foobar");
- a = foobar;
- a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, foobar));
-
- a = chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc);
- a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
- a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
-}
-END_TEST
-
-/*******************************************************************************
- * BASE16 encoding test
- */
-
-START_TEST(test_base16)
-{
- /* test vectors from RFC 4648:
- *
- * BASE16("") = ""
- * BASE16("f") = "66"
- * BASE16("fo") = "666F"
- * BASE16("foo") = "666F6F"
- * BASE16("foob") = "666F6F62"
- * BASE16("fooba") = "666F6F6261"
- * BASE16("foobar") = "666F6F626172"
- */
- typedef struct {
- bool upper;
- char *in;
- char *out;
- } testdata_t;
-
- testdata_t test[] = {
- {TRUE, "", ""},
- {TRUE, "f", "66"},
- {TRUE, "fo", "666F"},
- {TRUE, "foo", "666F6F"},
- {TRUE, "foob", "666F6F62"},
- {TRUE, "fooba", "666F6F6261"},
- {TRUE, "foobar", "666F6F626172"},
- {FALSE, "", ""},
- {FALSE, "f", "66"},
- {FALSE, "fo", "666f"},
- {FALSE, "foo", "666f6f"},
- {FALSE, "foob", "666f6f62"},
- {FALSE, "fooba", "666f6f6261"},
- {FALSE, "foobar", "666f6f626172"},
- };
- testdata_t test_colon[] = {
- {TRUE, "", ""},
- {TRUE, "f", "66"},
- {TRUE, "fo", "66:6F"},
- {TRUE, "foo", "66:6F:6F"},
- {FALSE, "foob", "66:6f:6f:62"},
- {FALSE, "fooba", "66:6f:6f:62:61"},
- {FALSE, "foobar", "66:6f:6f:62:61:72"},
- {FALSE, "foobar", "66:6f6f:6261:72"},
- };
- int i;
-
- for (i = 0; i < countof(test); i++)
- {
- chunk_t out;
-
- out = chunk_to_hex(chunk_create(test[i].in, strlen(test[i].in)), NULL,
- test[i].upper);
- ck_assert_str_eq(out.ptr, test[i].out);
- free(out.ptr);
- }
-
- for (i = 0; i < countof(test); i++)
- {
- chunk_t out;
-
- out = chunk_from_hex(chunk_create(test[i].out, strlen(test[i].out)), NULL);
- fail_unless(strneq(out.ptr, test[i].in, out.len),
- "base16 conversion error - should '%s', is %#B",
- test[i].in, &out);
- free(out.ptr);
- }
-
- for (i = 0; i < countof(test_colon); i++)
- {
- chunk_t out;
-
- out = chunk_from_hex(chunk_create(test_colon[i].out, strlen(test_colon[i].out)), NULL);
- fail_unless(strneq(out.ptr, test_colon[i].in, out.len),
- "base16 conversion error - should '%s', is %#B",
- test_colon[i].in, &out);
- free(out.ptr);
- }
-}
-END_TEST
-
-/*******************************************************************************
- * BASE64 encoding test
- */
-
-START_TEST(test_base64)
-{
- /* test vectors from RFC 4648:
- *
- * BASE64("") = ""
- * BASE64("f") = "Zg=="
- * BASE64("fo") = "Zm8="
- * BASE64("foo") = "Zm9v"
- * BASE64("foob") = "Zm9vYg=="
- * BASE64("fooba") = "Zm9vYmE="
- * BASE64("foobar") = "Zm9vYmFy"
- */
- typedef struct {
- char *in;
- char *out;
- } testdata_t;
-
- testdata_t test[] = {
- {"", ""},
- {"f", "Zg=="},
- {"fo", "Zm8="},
- {"foo", "Zm9v"},
- {"foob", "Zm9vYg=="},
- {"fooba", "Zm9vYmE="},
- {"foobar", "Zm9vYmFy"},
- };
- int i;
-
- for (i = 0; i < countof(test); i++)
- {
- chunk_t out;
-
- out = chunk_to_base64(chunk_create(test[i].in, strlen(test[i].in)), NULL);
- ck_assert_str_eq(out.ptr, test[i].out);
- free(out.ptr);
- }
-
- for (i = 0; i < countof(test); i++)
- {
- chunk_t out;
-
- out = chunk_from_base64(chunk_create(test[i].out, strlen(test[i].out)), NULL);
- fail_unless(strneq(out.ptr, test[i].in, out.len),
- "base64 conversion error - should '%s', is %#B",
- test[i].in, &out);
- free(out.ptr);
- }
-}
-END_TEST
-
-/*******************************************************************************
- * BASE32 encoding test
- */
-
-START_TEST(test_base32)
-{
- /* test vectors from RFC 4648:
- *
- * BASE32("") = ""
- * BASE32("f") = "MY======"
- * BASE32("fo") = "MZXQ===="
- * BASE32("foo") = "MZXW6==="
- * BASE32("foob") = "MZXW6YQ="
- * BASE32("fooba") = "MZXW6YTB"
- * BASE32("foobar") = "MZXW6YTBOI======"
- */
- typedef struct {
- char *in;
- char *out;
- } testdata_t;
-
- testdata_t test[] = {
- {"", ""},
- {"f", "MY======"},
- {"fo", "MZXQ===="},
- {"foo", "MZXW6==="},
- {"foob", "MZXW6YQ="},
- {"fooba", "MZXW6YTB"},
- {"foobar", "MZXW6YTBOI======"},
- };
- int i;
-
- for (i = 0; i < countof(test); i++)
- {
- chunk_t out;
-
- out = chunk_to_base32(chunk_create(test[i].in, strlen(test[i].in)), NULL);
- ck_assert_str_eq(out.ptr, test[i].out);
- free(out.ptr);
- }
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_increment test
- */
-
-static struct {
- bool overflow;
- chunk_t in;
- chunk_t out;
-} increment_data[] = {
- {TRUE, { NULL, 0 }, { NULL, 0 }},
- {FALSE, chunk_from_chars(0x00), chunk_from_chars(0x01)},
- {FALSE, chunk_from_chars(0xfe), chunk_from_chars(0xff)},
- {TRUE, chunk_from_chars(0xff), chunk_from_chars(0x00)},
- {FALSE, chunk_from_chars(0x00, 0x00), chunk_from_chars(0x00, 0x01)},
- {FALSE, chunk_from_chars(0x00, 0xff), chunk_from_chars(0x01, 0x00)},
- {FALSE, chunk_from_chars(0xfe, 0xff), chunk_from_chars(0xff, 0x00)},
- {TRUE, chunk_from_chars(0xff, 0xff), chunk_from_chars(0x00, 0x00)},
-};
-
-START_TEST(test_increment)
-{
- chunk_t chunk;
- bool overflow;
-
- chunk = chunk_clonea(increment_data[_i].in);
- overflow = chunk_increment(chunk);
- ck_assert(overflow == increment_data[_i].overflow);
- ck_assert(!increment_data[_i].out.ptr ||
- chunk_equals(chunk, increment_data[_i].out));
-}
-END_TEST
-
-/*******************************************************************************
- * chunk_printable tests
- */
-
-static struct {
- bool printable;
- chunk_t in;
- char *out;
-} printable_data[] = {
- {TRUE, chunk_from_chars(0x31), "1"},
- {FALSE, chunk_from_chars(0x00), "?"},
- {FALSE, chunk_from_chars(0x31, 0x00), "1?"},
- {FALSE, chunk_from_chars(0x00, 0x31), "?1"},
- {TRUE, chunk_from_chars(0x3f, 0x31), "?1"},
- {FALSE, chunk_from_chars(0x00, 0x31, 0x00), "?1?"},
- {FALSE, chunk_from_chars(0x00, 0x31, 0x00, 0x32), "?1?2"},
-};
-
-START_TEST(test_printable)
-{
- bool printable;
-
- printable = chunk_printable(printable_data[_i].in, NULL, ' ');
- ck_assert(printable == printable_data[_i].printable);
-}
-END_TEST
-
-START_TEST(test_printable_sanitize)
-{
- chunk_t sane, expected;
- bool printable;
-
- printable = chunk_printable(printable_data[_i].in, &sane, '?');
- ck_assert(printable == printable_data[_i].printable);
- expected = chunk_from_str(printable_data[_i].out);
- ck_assert(chunk_equals(sane, expected));
- chunk_free(&sane);
-}
-END_TEST
-
-START_TEST(test_printable_empty)
-{
- chunk_t sane;
- bool printable;
-
- printable = chunk_printable(chunk_empty, NULL, ' ');
- ck_assert(printable);
-
- sane.ptr = (void*)1;
- sane.len = 1;
- printable = chunk_printable(chunk_empty, &sane, ' ');
- ck_assert(printable);
- assert_chunk_empty(sane);
-}
-END_TEST
-
-/*******************************************************************************
- * test for chunk_mac(), i.e. SipHash-2-4
- */
-
-/**
- * SipHash-2-4 output with
- * k = 00 01 02 ...
- * and
- * in = (empty string)
- * in = 00 (1 byte)
- * in = 00 01 (2 bytes)
- * in = 00 01 02 (3 bytes)
- * ...
- * in = 00 01 02 ... 3e (63 bytes)
- */
-static const u_char sip_vectors[64][8] =
-{
- { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
- { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
- { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
- { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
- { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
- { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
- { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
- { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
- { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
- { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
- { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
- { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
- { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
- { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
- { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
- { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
- { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
- { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
- { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
- { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
- { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
- { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
- { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
- { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
- { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
- { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
- { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
- { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
- { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
- { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
- { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
- { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
- { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
- { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
- { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
- { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
- { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
- { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
- { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
- { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
- { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
- { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
- { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
- { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
- { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
- { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
- { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
- { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
- { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
- { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
- { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
- { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
- { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
- { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
- { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
- { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
- { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
- { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
- { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
- { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
- { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
- { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
- { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
- { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
-};
-
-START_TEST(test_chunk_mac)
-{
- chunk_t in;
- u_char key[16];
- u_int64_t out;
- int i, count;
-
- count = countof(sip_vectors);
- in = chunk_alloca(count);
-
- for (i = 0; i < 16; ++i)
- {
- key[i] = i;
- }
-
- for (i = 0; i < count; ++i)
- {
- in.ptr[i] = i;
- in.len = i;
- out = chunk_mac(in, key);
- fail_unless(memeq(&out, sip_vectors[i], 8),
- "test vector failed for %d bytes", i);
- }
-}
-END_TEST
-
-/*******************************************************************************
- * test for chunk_hash[_inc]()
- */
-
-START_TEST(test_chunk_hash)
-{
- chunk_t chunk;
- u_int32_t hash_a, hash_b, hash_c;
-
- chunk = chunk_from_str("asdf");
-
- /* output is randomized, so there are no test-vectors we could use */
- hash_a = chunk_hash(chunk);
- hash_b = chunk_hash(chunk);
- ck_assert(hash_a == hash_b);
- hash_b = chunk_hash_inc(chunk, hash_a);
- ck_assert(hash_a != hash_b);
- hash_c = chunk_hash_inc(chunk, hash_a);
- ck_assert(hash_b == hash_c);
-}
-END_TEST
-
-/*******************************************************************************
- * test for chunk_hash_static[_inc]()
- */
-
-START_TEST(test_chunk_hash_static)
-{
- chunk_t in;
- u_int32_t out, hash_a, hash_b, hash_inc = 0x7b891a95;
- int i, count;
-
- count = countof(sip_vectors);
- in = chunk_alloca(count);
-
- for (i = 0; i < count; ++i)
- {
- in.ptr[i] = i;
- in.len = i;
- /* compared to chunk_mac() we only get half the value back */
- out = chunk_hash_static(in);
- fail_unless(memeq(&out, sip_vectors[i], 4),
- "test vector failed for %d bytes", i);
- }
- hash_a = chunk_hash_static_inc(in, out);
- ck_assert_int_eq(hash_a, hash_inc);
- hash_b = chunk_hash_static_inc(in, out);
- ck_assert_int_eq(hash_a, hash_b);
-}
-END_TEST
-
-/*******************************************************************************
- * printf_hook tests
- */
-
-static struct {
- chunk_t in;
- char *out;
- char *out_plus;
-} printf_hook_data[] = {
- {chunk_from_chars(), "", ""},
- {chunk_from_chars(0x00), "00", "00"},
- {chunk_from_chars(0x00, 0x01), "00:01", "0001"},
- {chunk_from_chars(0x00, 0x01, 0x02), "00:01:02", "000102"},
-};
-
-START_TEST(test_printf_hook_hash)
-{
- char buf[16];
- int len;
-
- len = snprintf(buf, sizeof(buf), "%#B", &printf_hook_data[_i].in);
- ck_assert(len >= 0 && len < sizeof(buf));
- ck_assert_str_eq(buf, printf_hook_data[_i].out);
-}
-END_TEST
-
-START_TEST(test_printf_hook_plus)
-{
- char buf[16];
- int len;
-
- len = snprintf(buf, sizeof(buf), "%+B", &printf_hook_data[_i].in);
- ck_assert(len >= 0 && len < sizeof(buf));
- ck_assert_str_eq(buf, printf_hook_data[_i].out_plus);
-}
-END_TEST
-
-START_TEST(test_printf_hook)
-{
- char buf[128], mem[128];
- int len;
-
- /* %B should be the same as %b, which is what we check, comparing the
- * acutal result could be tricky as %b prints the chunk's memory address */
- len = snprintf(buf, sizeof(buf), "%B", &printf_hook_data[_i].in);
- ck_assert(len >= 0 && len < sizeof(buf));
- len = snprintf(mem, sizeof(mem), "%b", printf_hook_data[_i].in.ptr,
- (u_int)printf_hook_data[_i].in.len);
- ck_assert(len >= 0 && len < sizeof(mem));
- ck_assert_str_eq(buf, mem);
-}
-END_TEST
-
-Suite *chunk_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("chunk");
-
- tc = tcase_create("equals");
- tcase_add_test(tc, test_chunk_equals);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_compare");
- tcase_add_loop_test(tc, test_compare, 0, countof(compare_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("clear");
- tcase_add_test(tc, test_chunk_clear);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_length");
- tcase_add_test(tc, test_chunk_length);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_create_cat");
- tcase_add_test(tc, test_chunk_create_cat);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_split");
- tcase_add_test(tc, test_chunk_split);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_skip");
- tcase_add_test(tc, test_chunk_skip);
- tcase_add_test(tc, test_chunk_skip_zero);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_increment");
- tcase_add_loop_test(tc, test_increment, 0, countof(increment_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_printable");
- tcase_add_loop_test(tc, test_printable, 0, countof(printable_data));
- tcase_add_loop_test(tc, test_printable_sanitize, 0, countof(printable_data));
- tcase_add_test(tc, test_printable_empty);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("baseXX");
- tcase_add_test(tc, test_base64);
- tcase_add_test(tc, test_base32);
- tcase_add_test(tc, test_base16);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_mac");
- tcase_add_test(tc, test_chunk_mac);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_hash");
- tcase_add_test(tc, test_chunk_hash);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("chunk_hash_static");
- tcase_add_test(tc, test_chunk_hash_static);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("printf_hook");
- tcase_add_loop_test(tc, test_printf_hook_hash, 0, countof(printf_hook_data));
- tcase_add_loop_test(tc, test_printf_hook_plus, 0, countof(printf_hook_data));
- tcase_add_loop_test(tc, test_printf_hook, 0, countof(printf_hook_data));
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/test_ecdsa.c
deleted file mode 100644
index 2955bae..0000000
--- a/src/libstrongswan/tests/test_ecdsa.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * Copyright (C) 2013 Martin Willi
- * Copyright (C) 2013 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <plugins/plugin_feature.h>
-
-/**
- * Signature schemes to test
- */
-static struct {
- /* key size for scheme, 0 for any */
- int key_size;
- signature_scheme_t scheme;
-} schemes[] = {
- { 0, SIGN_ECDSA_WITH_SHA1_DER },
- { 0, SIGN_ECDSA_WITH_SHA256_DER },
- { 0, SIGN_ECDSA_WITH_SHA384_DER },
- { 0, SIGN_ECDSA_WITH_SHA512_DER },
- { 0, SIGN_ECDSA_WITH_NULL },
- { 256, SIGN_ECDSA_256 },
- { 384, SIGN_ECDSA_384 },
- { 521, SIGN_ECDSA_521 },
-};
-
-/**
- * Perform a signature verification "good" test having a keypair
- */
-static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
-{
- chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
- int i;
-
- for (i = 0; i < countof(schemes); i++)
- {
- if (!lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].scheme)) ||
- !lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i].scheme)))
- {
- continue;
- }
- if (schemes[i].key_size != 0 &&
- schemes[i].scheme != privkey->get_keysize(privkey))
- {
- continue;
- }
- fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
- "sign %N", signature_scheme_names, schemes[i].scheme);
- fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig),
- "verify %N", signature_scheme_names, schemes[i].scheme);
- free(sig.ptr);
- }
-}
-
-/**
- * Some special signatures that should never validate successfully
- */
-static chunk_t invalid_sigs[] = {
- chunk_from_chars(),
- chunk_from_chars(0x00),
- chunk_from_chars(0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
-};
-
-/**
- * Check public key that it properly fails against some crafted sigs
- */
-static void test_bad_sigs(public_key_t *pubkey)
-{
- chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
- int s, i;
-
- for (s = 0; s < countof(schemes); s++)
- {
- if (schemes[s].key_size != 0 &&
- schemes[s].scheme != pubkey->get_keysize(pubkey))
- {
- continue;
- }
- if (!lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s].scheme)))
- {
- continue;
- }
- for (i = 0; i < countof(invalid_sigs); i++)
- {
- fail_if(
- pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
- "bad %N sig accepted %B",
- signature_scheme_names, schemes[s].scheme,
- &invalid_sigs[i]);
- }
- }
-}
-
-/**
- * ECDSA key sizes to test
- */
-static int key_sizes[] = {
- 256, 384, 521,
-};
-
-START_TEST(test_gen)
-{
- private_key_t *privkey;
- public_key_t *pubkey;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
- BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
- ck_assert(privkey != NULL);
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey != NULL);
-
- test_good_sig(privkey, pubkey);
-
- test_bad_sigs(pubkey);
-
- pubkey->destroy(pubkey);
- privkey->destroy(privkey);
-}
-END_TEST
-
-/**
- * Private keys to load
- */
-static chunk_t keys[] = {
- chunk_from_chars( /* ECDSA-256 */
- 0x30,0x77,0x02,0x01,0x01,0x04,0x20,0x42,0xc6,0x8c,0xff,0x2b,0x8b,0x87,0xa1,0xfb,
- 0x50,0xf6,0xfe,0xd6,0x88,0xb3,0x0a,0x48,0xb2,0xc5,0x8f,0x50,0xe0,0xcf,0x40,0xfa,
- 0x57,0xd1,0xc6,0x6c,0x20,0x64,0xc5,0xa0,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
- 0x03,0x01,0x07,0xa1,0x44,0x03,0x42,0x00,0x04,0x9c,0xb2,0x52,0xcb,0xc0,0x5c,0xcf,
- 0x97,0xdd,0xd6,0xe7,0x49,0x32,0x47,0x0c,0x8e,0xdb,0x6d,0xbf,0xc8,0x1a,0x0a,0x01,
- 0xe8,0x5e,0x3f,0x8e,0x64,0x33,0xb4,0x15,0xbb,0x1b,0xa5,0xed,0xf9,0x4b,0xa7,0xe8,
- 0x5e,0x6f,0x49,0x24,0xf7,0x32,0xf4,0x9b,0x4c,0x47,0xdc,0xf1,0x28,0x44,0x1c,0x37,
- 0xdb,0xee,0xfb,0xd8,0xbd,0x4e,0x5c,0xeb,0x07),
- chunk_from_chars( /* ECDSA-384 */
- 0x30,0x81,0xa4,0x02,0x01,0x01,0x04,0x30,0x4b,0xbf,0x6c,0xf5,0x24,0x78,0x53,0x4b,
- 0x1a,0x91,0x23,0xae,0x30,0xc8,0xb3,0xc9,0xc2,0x9b,0x23,0x07,0x10,0x6f,0x1b,0x47,
- 0x7c,0xa0,0xd4,0x79,0x3c,0xc4,0x83,0x10,0xd1,0x44,0x07,0xc2,0x1b,0x66,0xff,0xae,
- 0x76,0x57,0x72,0x90,0x53,0xc2,0xf5,0x29,0xa0,0x07,0x06,0x05,0x2b,0x81,0x04,0x00,
- 0x22,0xa1,0x64,0x03,0x62,0x00,0x04,0x1e,0xcf,0x1c,0x85,0x9d,0x06,0xa0,0x54,0xa2,
- 0x24,0x2f,0xd8,0x63,0x56,0x7b,0x70,0x0b,0x7f,0x81,0x96,0xce,0xb9,0x2e,0x35,0x03,
- 0x9c,0xf9,0x0a,0x5d,0x3b,0x10,0xf7,0x13,0x7a,0x0d,0xca,0x56,0xda,0x1d,0x44,0x84,
- 0x07,0x6f,0x58,0xdc,0x34,0x7b,0x1d,0x4c,0xdd,0x28,0x10,0xc0,0xe2,0xae,0xf4,0xd6,
- 0xda,0xea,0xaf,0xfc,0x7a,0xaf,0x59,0x5f,0xbc,0x91,0x65,0xd3,0x21,0x19,0x61,0xbb,
- 0xfe,0x3c,0xdb,0x47,0xcb,0x7a,0xe7,0x5d,0xbd,0x28,0xde,0x25,0x64,0x9e,0x3a,0xa9,
- 0x18,0xed,0x24,0xe1,0x1f,0x73,0xcc),
- chunk_from_chars( /* ECDSA-521 */
- 0x30,0x81,0xdc,0x02,0x01,0x01,0x04,0x42,0x01,0xcf,0x38,0xaa,0xa7,0x7a,0x79,0x48,
- 0xa9,0x60,0x55,0x24,0xa8,0x7e,0xe1,0xbc,0x45,0x35,0x16,0xff,0x18,0xce,0x44,0xa2,
- 0x0b,0x72,0x6b,0xca,0x0a,0x40,0xb4,0x97,0x13,0x17,0x90,0x50,0x15,0xb9,0xba,0xfc,
- 0x08,0x0e,0xdb,0xf8,0xfc,0x06,0x35,0x37,0xbf,0xfb,0x25,0x74,0xfe,0x0f,0xe1,0x3c,
- 0x3a,0xf0,0x0d,0xe0,0x52,0x15,0xa8,0x07,0x6f,0x3e,0xa0,0x07,0x06,0x05,0x2b,0x81,
- 0x04,0x00,0x23,0xa1,0x81,0x89,0x03,0x81,0x86,0x00,0x04,0x00,0x56,0x81,0x28,0xd6,
- 0xac,0xe9,0xc8,0x82,0x2c,0xac,0x61,0x6d,0xdd,0x88,0x79,0x00,0xe3,0x7a,0x4d,0x25,
- 0xc4,0xea,0x05,0x80,0x75,0x48,0xbc,0x75,0x73,0xc4,0xe9,0x76,0x68,0xba,0x51,0xc3,
- 0x29,0xce,0x7d,0x1b,0xb0,0x8b,0xac,0xc1,0xcc,0x23,0xa7,0x2d,0xa7,0x2c,0x95,0xf6,
- 0x01,0x40,0x26,0x01,0x1c,0x1c,0x9c,0xe7,0xa7,0xb4,0x0f,0x8e,0xba,0x01,0x07,0xb3,
- 0xf7,0xbe,0x45,0x20,0xa9,0x9e,0x70,0xf0,0xcf,0x9b,0xa0,0x91,0xe3,0x88,0x8f,0x04,
- 0x69,0x3d,0x0f,0x2b,0xf3,0xb4,0x03,0x19,0x89,0xcf,0xfa,0x77,0x04,0x15,0xaf,0xdd,
- 0xf7,0x32,0x76,0x25,0x25,0x05,0x8d,0xfd,0x18,0x8a,0xda,0xd6,0xbc,0x71,0xb8,0x9f,
- 0x39,0xb0,0xaf,0xcc,0x54,0xb0,0x9c,0x4d,0x54,0xfb,0x46,0x53,0x5f,0xf8,0x45),
-};
-
-START_TEST(test_load)
-{
- private_key_t *privkey;
- public_key_t *pubkey;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
- BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
- ck_assert(privkey != NULL);
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey != NULL);
-
- test_good_sig(privkey, pubkey);
-
- test_bad_sigs(pubkey);
-
- pubkey->destroy(pubkey);
- privkey->destroy(privkey);
-}
-END_TEST
-
-Suite *ecdsa_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("ecdsa");
-
- tc = tcase_create("generate");
- tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("load");
- tcase_add_loop_test(tc, test_load, 0, countof(keys));
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_identification.c b/src/libstrongswan/tests/test_identification.c
deleted file mode 100644
index 1dc6776..0000000
--- a/src/libstrongswan/tests/test_identification.c
+++ /dev/null
@@ -1,857 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <utils/identification.h>
-
-/*******************************************************************************
- * create (_from_encoding, _from_data, _from_string, _from_sockaddr)
- */
-
-START_TEST(test_from_encoding)
-{
- identification_t *a;
- chunk_t expected, encoding;
-
- /* only ID_ANY is handled differently, for all other types the following
- * applies. should we perhaps test that this is in fact the case? */
- expected = chunk_from_str("moon at strongswan.org");
- a = identification_create_from_encoding(ID_RFC822_ADDR, expected);
- ck_assert(ID_RFC822_ADDR == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(expected.ptr != encoding.ptr);
- ck_assert(chunk_equals(expected, encoding));
- a->destroy(a);
-
- a = identification_create_from_encoding(ID_ANY, expected);
- ck_assert(ID_ANY == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(encoding.ptr == NULL);
- ck_assert(encoding.len == 0);
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_from_data)
-{
- identification_t *a;
- chunk_t expected, encoding;
-
- /* this uses the DN parser (C=CH) */
- expected = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48);
- a = identification_create_from_data(expected);
- ck_assert(ID_DER_ASN1_DN == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(expected.ptr != encoding.ptr);
- ck_assert(chunk_equals(expected, encoding));
- a->destroy(a);
-
- /* everything else is handled by the string parser */
- expected = chunk_from_str("moon at strongswan.org");
- a = identification_create_from_data(expected);
- ck_assert(ID_RFC822_ADDR == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(expected.ptr != encoding.ptr);
- ck_assert(chunk_equals(expected, encoding));
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_from_sockaddr)
-{
- identification_t *a;
- chunk_t expected, encoding;
- struct sockaddr_in in = {
- .sin_family = AF_INET,
- };
- struct sockaddr_in6 in6 = {
- .sin6_family = AF_INET6,
- };
-
- expected = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01);
- memcpy(&in.sin_addr, expected.ptr, sizeof(in.sin_addr));
- a = identification_create_from_sockaddr((sockaddr_t*)&in);
- ck_assert(ID_IPV4_ADDR == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(chunk_equals(expected, encoding));
- a->destroy(a);
-
- expected = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
- memcpy(&in6.sin6_addr, expected.ptr, sizeof(in6.sin6_addr));
- a = identification_create_from_sockaddr((sockaddr_t*)&in6);
- ck_assert(ID_IPV6_ADDR == a->get_type(a));
- encoding = a->get_encoding(a);
- ck_assert(chunk_equals(expected, encoding));
- a->destroy(a);
-
- in6.sin6_family = AF_UNSPEC;
- a = identification_create_from_sockaddr((sockaddr_t*)&in6);
- ck_assert(ID_ANY == a->get_type(a));
- a->destroy(a);
-}
-END_TEST
-
-static struct {
- char *id;
- id_type_t type;
- struct {
- enum {
- ENC_CHUNK,
- ENC_STRING,
- ENC_SIMPLE,
- } type;
- union {
- chunk_t c;
- char *s;
- } data;
- } result;
-} string_data[] = {
- {NULL, ID_ANY, { .type = ENC_CHUNK }},
- {"", ID_ANY, { .type = ENC_CHUNK }},
- {"%any", ID_ANY, { .type = ENC_CHUNK }},
- {"%any6", ID_ANY, { .type = ENC_CHUNK }},
- {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
- {"0::0", ID_ANY, { .type = ENC_CHUNK }},
- {"::", ID_ANY, { .type = ENC_CHUNK }},
- {"*", ID_ANY, { .type = ENC_CHUNK }},
- {"any", ID_FQDN, { .type = ENC_SIMPLE }},
- {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
- {"0", ID_FQDN, { .type = ENC_SIMPLE }},
- {"**", ID_FQDN, { .type = ENC_SIMPLE }},
- {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01) }},
- {"192.168.",ID_FQDN, { .type = ENC_SIMPLE }},
- {".", ID_FQDN, { .type = ENC_SIMPLE }},
- {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01) }},
- {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00) }},
- {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"alice at strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice at strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
- {"@", ID_FQDN, { .type = ENC_CHUNK }},
- {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
- .data.s = "strongswan.org" }},
- {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0xde, 0xad, 0xbe, 0xef) }},
- {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0x0d, 0xea, 0xdb, 0xee) }},
- {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0x30, 0x0b, 0x31, 0x09, 0x30, 0x07, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x00)}},
- {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
- {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
- {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
- .data.c = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48)}},
- {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
-};
-
-START_TEST(test_from_string)
-{
- identification_t *a;
- chunk_t encoding, expected;
- char *id;
-
- id = string_data[_i].id;
- a = identification_create_from_string(id);
- fail_unless(a->get_type(a) == string_data[_i].type,
- "type of id '%s' is %N, %N expected", id,
- id_type_names, a->get_type(a),
- id_type_names, string_data[_i].type);
-
- encoding = a->get_encoding(a);
- switch (string_data[_i].result.type)
- {
- case ENC_SIMPLE:
- expected = chunk_from_str(string_data[_i].id);
- break;
- case ENC_STRING:
- expected = chunk_from_str(string_data[_i].result.data.s);
- break;
- case ENC_CHUNK:
- expected = string_data[_i].result.data.c;
- break;
- default:
- fail("unexpected result type");
- }
-
- ck_assert(!id || (char*)encoding.ptr != id);
- if (expected.ptr)
- {
- fail_unless(chunk_equals(encoding, expected),
- "parsing '%s' failed\nencoding %B\nexpected %B\n",
- id, &encoding, &expected);
- }
- else
- {
- ck_assert(encoding.ptr == NULL);
- ck_assert(encoding.len == 0);
- }
- a->destroy(a);
-}
-END_TEST
-
-/*******************************************************************************
- * printf_hook
- */
-
-static void string_equals(char *a_str, char *b_str)
-{
- identification_t *b;
- char buf[128];
-
- b = b_str ? identification_create_from_string(b_str) : NULL;
- snprintf(buf, sizeof(buf), "%Y", b);
- DESTROY_IF(b);
- ck_assert_str_eq(a_str, buf);
-}
-
-static void string_equals_id(char *a_str, identification_t *b)
-{
- char buf[128];
-
- snprintf(buf, sizeof(buf), "%Y", b);
- DESTROY_IF(b);
- ck_assert_str_eq(a_str, buf);
-}
-
-START_TEST(test_printf_hook)
-{
- string_equals("(null)", NULL);
- string_equals("%any", "");
- string_equals("%any", "%any");
- string_equals("%any", "*");
-
- string_equals("192.168.1.1", "192.168.1.1");
- string_equals_id("(invalid ID_IPV4_ADDR)",
- identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
- string_equals("fec0::1", "fec0::1");
- string_equals("fec0::1", "fec0:0:0::1");
- string_equals_id("(invalid ID_IPV6_ADDR)",
- identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
-
- string_equals_id("(unknown ID type: 255)",
- identification_create_from_encoding(255, chunk_empty));
-
- string_equals("moon at strongswan.org", "moon at strongswan.org");
- string_equals("MOON at STRONGSWAN.ORG", "MOON at STRONGSWAN.ORG");
- /* non-printable characters */
- string_equals_id("????@strongswan.org", identification_create_from_encoding(ID_RFC822_ADDR,
- chunk_from_chars(0xfa, 0xfb, 0xfc, 0xfd, 0x40, 0x73, 0x74, 0x72,
- 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
- 0x6f, 0x72, 0x67)));
-
- /* not a DN => ID_KEY_ID => no normalization */
- string_equals("C=CH, AsdF=asdf", "C=CH, AsdF=asdf");
- string_equals_id("moon at strongswan.org", identification_create_from_encoding(ID_KEY_ID,
- chunk_from_str("moon at strongswan.org")));
- /* non-printable characters */
- string_equals_id("de:ad:be:ef", identification_create_from_encoding(ID_KEY_ID,
- chunk_from_chars(0xde, 0xad, 0xbe, 0xef)));
- /* printable characters */
- string_equals_id("ABCDEFGHIJKLMNOPQRS",
- identification_create_from_encoding(ID_KEY_ID,
- chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
- 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
- 0x51, 0x52, 0x53)));
- /* ABCDEFGHIJKLMNOPQRST is printable but has the length of a SHA1 hash */
- string_equals_id("41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50:51:52:53:54",
- identification_create_from_encoding(ID_KEY_ID,
- chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
- 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
- 0x51, 0x52, 0x53, 0x54)));
-
- string_equals_id("", identification_create_from_encoding(ID_DER_ASN1_DN, chunk_empty));
- string_equals("C=", "C=");
- string_equals("C=", "C=,");
- string_equals("C=", "C=, ");
- string_equals("C=", "C= , ");
- string_equals("C=, O=strongSwan", "C=, O=strongSwan");
- string_equals("C=CH, O=", "C=CH, O=");
- string_equals("C=CH, O=strongSwan, CN=strongswan.org",
- "C=CH, O=strongSwan, CN=strongswan.org");
- string_equals("CN=strongswan.org, O=strongSwan, C=CH",
- "cn=strongswan.org, o=strongSwan, c=CH");
- string_equals("C=CH, O=strongSwan, CN=strongswan.org",
- "C=CH,O=strongSwan,CN=strongswan.org");
- string_equals("C=CH, O=strongSwan, CN=strongswan.org",
- "/C=CH/O=strongSwan/CN=strongswan.org");
- string_equals("CN=strongswan.org, O=strongSwan, C=CH",
- "CN=strongswan.org,O=strongSwan,C=CH");
-
- string_equals("C=CH, E=moon at strongswan.org, CN=moon",
- "C=CH, email=moon at strongswan.org, CN=moon");
- string_equals("C=CH, E=moon at strongswan.org, CN=moon",
- "C=CH, emailAddress=moon at strongswan.org, CN=moon");
-
- /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
- string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN,
- chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
- 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
- 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
- /* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
- string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
- chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
- 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x11, 0x05,
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x73, 0x74, 0x72,
- 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e)));
- /* moon at strongswan.org as GN */
- string_equals_id("(ASN.1 general name)", identification_create_from_encoding(ID_DER_ASN1_GN,
- chunk_from_chars(0x81, 0x14, 0x6d, 0x6f, 0x6f, 0x6e, 0x40, 0x73, 0x74,
- 0x72, 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
- 0x6f, 0x72, 0x67)));
-}
-END_TEST
-
-START_TEST(test_printf_hook_width)
-{
- identification_t *a;
- char buf[128];
-
- a = identification_create_from_string("moon at strongswan.org");
- snprintf(buf, sizeof(buf), "%25Y", a);
- ck_assert_str_eq(" moon at strongswan.org", buf);
- snprintf(buf, sizeof(buf), "%-*Y", 25, a);
- ck_assert_str_eq("moon at strongswan.org ", buf);
- snprintf(buf, sizeof(buf), "%5Y", a);
- ck_assert_str_eq("moon at strongswan.org", buf);
- DESTROY_IF(a);
-}
-END_TEST
-
-/*******************************************************************************
- * equals
- */
-
-static bool id_equals(identification_t *a, char *b_str)
-{
- identification_t *b;
- bool equals;
-
- b = identification_create_from_string(b_str);
- equals = a->equals(a, b);
- ck_assert_int_eq(equals, b->equals(b, a));
- b->destroy(b);
- return equals;
-}
-
-START_TEST(test_equals)
-{
- identification_t *a;
- chunk_t encoding, fuzzed;
- int i;
-
- /* this test also tests identification_create_from_string with DNs */
- a = identification_create_from_string(
- "C=CH, E=moon at strongswan.org, CN=moon");
-
- ck_assert(id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
- ck_assert(id_equals(a, "C==CH, E==moon at strongswan.org,,, CN==moon"));
- ck_assert(id_equals(a, " C=CH, E=moon at strongswan.org, CN=moon "));
- ck_assert(id_equals(a, "C=ch, E=moon at STRONGSWAN.ORG, CN=Moon"));
- ck_assert(id_equals(a, "/C=CH/E=moon at strongswan.org/CN=moon"));
- ck_assert(id_equals(a, "C=CH/E=moon at strongswan.org/CN=moon"));
- ck_assert(id_equals(a, "C=CH/E=moon at strongswan.org,CN=moon"));
- ck_assert(id_equals(a, "C=CH / E=moon at strongswan.org , CN=moon"));
-
- ck_assert(!id_equals(a, "C=CH E=moon at strongswan.org CN=moon"));
- ck_assert(!id_equals(a, "C=CN, E=moon at strongswan.org, CN=moon"));
- ck_assert(!id_equals(a, "E=moon at strongswan.org, C=CH, CN=moon"));
- ck_assert(!id_equals(a, "E=moon at strongswan.org, C=CH, CN=moon"));
-
- encoding = chunk_clone(a->get_encoding(a));
- a->destroy(a);
-
- /* simple fuzzing, increment each byte of encoding */
- for (i = 0; i < encoding.len; i++)
- {
- if (i == 11 || i == 30 || i == 60)
- { /* skip ASN.1 type fields, as equals() handles them graceful */
- continue;
- }
- fuzzed = chunk_clone(encoding);
- fuzzed.ptr[i]++;
- a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
- if (id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"))
- {
- printf("%d %B\n%B\n", i, &fuzzed, &encoding);
- }
- ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
- a->destroy(a);
- free(fuzzed.ptr);
- }
-
- /* and decrement each byte of encoding */
- for (i = 0; i < encoding.len; i++)
- {
- if (i == 11 || i == 30 || i == 60)
- {
- continue;
- }
- fuzzed = chunk_clone(encoding);
- fuzzed.ptr[i]--;
- a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
- ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
- a->destroy(a);
- free(fuzzed.ptr);
- }
- free(encoding.ptr);
-}
-END_TEST
-
-START_TEST(test_equals_any)
-{
- identification_t *a, *b;
-
- a = identification_create_from_string("%any");
- b = identification_create_from_encoding(ID_ANY, chunk_empty);
- ck_assert(a->equals(a, b));
- ck_assert(b->equals(b, a));
- b->destroy(b);
-
- b = identification_create_from_string("C=CH, O=strongSwan, CN=strongswan.org");
- ck_assert(!a->equals(a, b));
- ck_assert(!b->equals(b, a));
- a->destroy(a);
- b->destroy(b);
-}
-END_TEST
-
-START_TEST(test_equals_binary)
-{
- identification_t *a, *b;
- chunk_t encoding;
-
- encoding = chunk_from_str("foobar=");
- /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
- a = identification_create_from_string("foobar=");
- ck_assert(a->get_type(a) == ID_KEY_ID);
- b = identification_create_from_encoding(ID_KEY_ID, encoding);
- ck_assert(a->equals(a, b));
- a->destroy(a);
- b->destroy(b);
-}
-END_TEST
-
-START_TEST(test_equals_fqdn)
-{
- identification_t *a;
-
- a = identification_create_from_string("ipsec.strongswan.org");
- ck_assert(id_equals(a, "IPSEC.strongswan.org"));
- ck_assert(id_equals(a, "ipsec.strongSwan.org"));
- ck_assert(id_equals(a, "ipsec.strongSwan.ORG"));
- ck_assert(!id_equals(a, "strongswan.org"));
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_equals_empty)
-{
- identification_t *a;
-
- a = identification_create_from_encoding(_i, chunk_empty);
-
- switch (_i)
- {
- case ID_ANY:
- ck_assert(id_equals(a, "%any"));
- break;
- case ID_IPV4_ADDR:
- ck_assert(!id_equals(a, "192.168.1.1"));
- break;
- case ID_FQDN:
- ck_assert(!id_equals(a, "moon.strongswan.org"));
- break;
- case ID_USER_FQDN:
- ck_assert(!id_equals(a, "moon at strongswan.org"));
- break;
- case ID_IPV6_ADDR:
- ck_assert(!id_equals(a, "fec0::1"));
- break;
- case ID_DER_ASN1_DN:
- ck_assert(!id_equals(a, "C=CH, E=moon at strongswan.org, CN=moon"));
- break;
- case ID_KEY_ID:
- ck_assert(!id_equals(a, "@#12345678"));
- break;
- case ID_DER_ASN1_GN:
- case ID_IPV4_ADDR_SUBNET:
- case ID_IPV6_ADDR_SUBNET:
- case ID_IPV4_ADDR_RANGE:
- case ID_IPV6_ADDR_RANGE:
- /* currently not tested */
- break;
- }
-
- a->destroy(a);
-}
-END_TEST
-
-/*******************************************************************************
- * matches
- */
-
-static bool id_matches(identification_t *a, char *b_str, id_match_t expected)
-{
- identification_t *b;
- id_match_t match;
-
- b = identification_create_from_string(b_str);
- match = a->matches(a, b);
- b->destroy(b);
- return match == expected;
-}
-
-START_TEST(test_matches)
-{
- identification_t *a;
-
- a = identification_create_from_string("C=CH, E=moon at strongswan.org, CN=moon");
-
- ck_assert(id_matches(a, "C=CH, E=moon at strongswan.org, CN=moon", ID_MATCH_PERFECT));
- ck_assert(id_matches(a, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD));
- ck_assert(id_matches(a, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 1));
- ck_assert(id_matches(a, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 2));
- ck_assert(id_matches(a, "C=*, E=*, CN=*, O=BADInc", ID_MATCH_NONE));
- ck_assert(id_matches(a, "C=*, E=*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "C=*, E=a at b.c, CN=*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
-
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_matches_any)
-{
- identification_t *a;
-
- a = identification_create_from_string("%any");
-
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
- ck_assert(id_matches(a, "", ID_MATCH_ANY));
- ck_assert(id_matches(a, "*", ID_MATCH_ANY));
- ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_NONE));
- ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_NONE));
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_matches_binary)
-{
- identification_t *a;
-
- /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
- a = identification_create_from_string("foo=bar");
- ck_assert(a->get_type(a) == ID_KEY_ID);
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
- ck_assert(id_matches(a, "foo=bar", ID_MATCH_PERFECT));
- ck_assert(id_matches(a, "bar=foo", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*=bar", ID_MATCH_NONE));
- ck_assert(id_matches(a, "foo=*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "foo at bar", ID_MATCH_NONE));
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_matches_string)
-{
- identification_t *a;
-
- a = identification_create_from_string("moon at strongswan.org");
-
- ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_PERFECT));
- ck_assert(id_matches(a, "*@strongswan.org", ID_MATCH_ONE_WILDCARD));
- ck_assert(id_matches(a, "*@*.org", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*@*", ID_MATCH_NONE));
- /* the following two are parsed as ID_FQDN, so no match */
- ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*.org", ID_MATCH_NONE));
- ck_assert(id_matches(a, "moon@*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "**", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*", ID_MATCH_ANY));
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
- a->destroy(a);
-
- a = identification_create_from_string("vpn.strongswan.org");
-
- ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_PERFECT));
- ck_assert(id_matches(a, "*.strongswan.org", ID_MATCH_ONE_WILDCARD));
- ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_ONE_WILDCARD));
- ck_assert(id_matches(a, "*.org", ID_MATCH_ONE_WILDCARD));
- ck_assert(id_matches(a, "*.strongswan.*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*vpn.strongswan.org", ID_MATCH_NONE));
- ck_assert(id_matches(a, "vpn.strongswan.*", ID_MATCH_NONE));
- ck_assert(id_matches(a, "**", ID_MATCH_NONE));
- ck_assert(id_matches(a, "*", ID_MATCH_ANY));
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
- a->destroy(a);
-}
-END_TEST
-
-START_TEST(test_matches_empty)
-{
- identification_t *a;
-
- a = identification_create_from_encoding(_i, chunk_empty);
-
- switch (_i)
- {
- case ID_ANY:
- ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
- break;
- case ID_IPV4_ADDR:
- ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_NONE));
- break;
- case ID_FQDN:
- ck_assert(id_matches(a, "moon.strongswan.org", ID_MATCH_NONE));
- break;
- case ID_USER_FQDN:
- ck_assert(id_matches(a, "moon at strongswan.org", ID_MATCH_NONE));
- break;
- case ID_IPV6_ADDR:
- ck_assert(id_matches(a, "fec0::1", ID_MATCH_NONE));
- break;
- case ID_DER_ASN1_DN:
- ck_assert(id_matches(a, "C=CH, E=moon at strongswan.org, CN=moon",
- ID_MATCH_NONE));
- break;
- case ID_KEY_ID:
- ck_assert(id_matches(a, "@#12345678", ID_MATCH_NONE));
- break;
- case ID_DER_ASN1_GN:
- case ID_IPV4_ADDR_SUBNET:
- case ID_IPV6_ADDR_SUBNET:
- case ID_IPV4_ADDR_RANGE:
- case ID_IPV6_ADDR_RANGE:
- /* currently not tested */
- break;
- }
-
- a->destroy(a);
-}
-END_TEST
-
-static bool id_matches_rev(identification_t *a, char *b_str, id_match_t expected)
-{
- identification_t *b;
- id_match_t match;
-
- b = identification_create_from_string(b_str);
- match = b->matches(b, a);
- b->destroy(b);
- return match == expected;
-}
-
-START_TEST(test_matches_empty_reverse)
-{
- identification_t *a;
-
- a = identification_create_from_encoding(_i, chunk_empty);
-
- switch (_i)
- {
- case ID_ANY:
- ck_assert(id_matches_rev(a, "%any", ID_MATCH_ANY));
- break;
- case ID_IPV4_ADDR:
- ck_assert(id_matches_rev(a, "192.168.1.1", ID_MATCH_NONE));
- break;
- case ID_FQDN:
- ck_assert(id_matches_rev(a, "moon.strongswan.org", ID_MATCH_NONE));
- break;
- case ID_USER_FQDN:
- ck_assert(id_matches_rev(a, "moon at strongswan.org", ID_MATCH_NONE));
- break;
- case ID_IPV6_ADDR:
- ck_assert(id_matches_rev(a, "fec0::1", ID_MATCH_NONE));
- break;
- case ID_DER_ASN1_DN:
- ck_assert(id_matches_rev(a, "C=CH, E=moon at strongswan.org, CN=moon",
- ID_MATCH_NONE));
- break;
- case ID_KEY_ID:
- ck_assert(id_matches_rev(a, "@#12345678", ID_MATCH_NONE));
- break;
- case ID_DER_ASN1_GN:
- case ID_IPV4_ADDR_SUBNET:
- case ID_IPV6_ADDR_SUBNET:
- case ID_IPV4_ADDR_RANGE:
- case ID_IPV6_ADDR_RANGE:
- /* currently not tested */
- break;
- }
-
- a->destroy(a);
-}
-END_TEST
-
-/*******************************************************************************
- * identification part enumeration
- */
-
-START_TEST(test_parts)
-{
- identification_t *id;
- enumerator_t *enumerator;
- id_part_t part;
- chunk_t data;
- int i = 0;
-
- id = identification_create_from_string("C=CH, O=strongSwan, CN=tester");
-
- enumerator = id->create_part_enumerator(id);
- while (enumerator->enumerate(enumerator, &part, &data))
- {
- switch (i++)
- {
- case 0:
- ck_assert(part == ID_PART_RDN_C &&
- chunk_equals(data, chunk_create("CH", 2)));
- break;
- case 1:
- ck_assert(part == ID_PART_RDN_O &&
- chunk_equals(data, chunk_from_str("strongSwan")));
- break;
- case 2:
- ck_assert(part == ID_PART_RDN_CN &&
- chunk_equals(data, chunk_from_str("tester")));
- break;
- default:
- fail("unexpected identification part %d", part);
- }
- }
- ck_assert_int_eq(i, 3);
- enumerator->destroy(enumerator);
- id->destroy(id);
-}
-END_TEST
-
-/*******************************************************************************
- * wildcards
- */
-
-static bool id_contains_wildcards(char *string)
-{
- identification_t *id;
- bool contains;
-
- id = identification_create_from_string(string);
- contains = id->contains_wildcards(id);
- id->destroy(id);
- return contains;
-}
-
-START_TEST(test_contains_wildcards)
-{
- ck_assert(id_contains_wildcards("%any"));
- ck_assert(id_contains_wildcards("C=*, O=strongSwan, CN=gw"));
- ck_assert(id_contains_wildcards("C=CH, O=strongSwan, CN=*"));
- ck_assert(id_contains_wildcards("*@strongswan.org"));
- ck_assert(id_contains_wildcards("*.strongswan.org"));
- ck_assert(!id_contains_wildcards("C=**, O=a*, CN=*a"));
-}
-END_TEST
-
-/*******************************************************************************
- * clone
- */
-
-START_TEST(test_clone)
-{
- identification_t *a, *b;
- chunk_t a_enc, b_enc;
-
- a = identification_create_from_string("moon at strongswan.org");
- a_enc = a->get_encoding(a);
- b = a->clone(a);
- ck_assert(b != NULL);
- ck_assert(a != b);
- b_enc = b->get_encoding(b);
- ck_assert(a_enc.ptr != b_enc.ptr);
- ck_assert(chunk_equals(a_enc, b_enc));
- a->destroy(a);
- b->destroy(b);
-}
-END_TEST
-
-Suite *identification_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("identification");
-
- tc = tcase_create("create");
- tcase_add_test(tc, test_from_encoding);
- tcase_add_test(tc, test_from_data);
- tcase_add_test(tc, test_from_sockaddr);
- tcase_add_loop_test(tc, test_from_string, 0, countof(string_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("printf_hook");
- tcase_add_test(tc, test_printf_hook);
- tcase_add_test(tc, test_printf_hook_width);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("equals");
- tcase_add_test(tc, test_equals);
- tcase_add_test(tc, test_equals_any);
- tcase_add_test(tc, test_equals_binary);
- tcase_add_test(tc, test_equals_fqdn);
- tcase_add_loop_test(tc, test_equals_empty, ID_ANY, ID_KEY_ID + 1);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("matches");
- tcase_add_test(tc, test_matches);
- tcase_add_test(tc, test_matches_any);
- tcase_add_test(tc, test_matches_binary);
- tcase_add_test(tc, test_matches_string);
- tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
- tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("part enumeration");
- tcase_add_test(tc, test_parts);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("wildcards");
- tcase_add_test(tc, test_contains_wildcards);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("clone");
- tcase_add_test(tc, test_clone);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_linked_list.c b/src/libstrongswan/tests/test_linked_list.c
deleted file mode 100644
index 9e85c58..0000000
--- a/src/libstrongswan/tests/test_linked_list.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <collections/linked_list.h>
-
-/*******************************************************************************
- * test fixture
- */
-
-static linked_list_t *list;
-
-START_SETUP(setup_list)
-{
- void *x = NULL;
-
- list = linked_list_create();
- ck_assert_int_eq(list->get_count(list), 0);
- ck_assert(list->get_first(list, &x) == NOT_FOUND);
- ck_assert(list->get_last(list, &x) == NOT_FOUND);
-}
-END_SETUP
-
-START_TEARDOWN(teardown_list)
-{
- list->destroy(list);
-}
-END_TEARDOWN
-
-/*******************************************************************************
- * insert first/last
- */
-
-START_TEST(test_insert_first)
-{
- void *a = (void*)1, *b = (void*)2, *x = NULL;
-
- list->insert_first(list, a);
- ck_assert_int_eq(list->get_count(list), 1);
- ck_assert(list->get_first(list, &x) == SUCCESS);
- ck_assert(x == a);
- ck_assert(list->get_last(list, &x) == SUCCESS);
- ck_assert(x == a);
-
- list->insert_first(list, b);
- ck_assert_int_eq(list->get_count(list), 2);
- ck_assert(list->get_first(list, &x) == SUCCESS);
- ck_assert(x == b);
- ck_assert(list->get_last(list, &x) == SUCCESS);
- ck_assert(x == a);
-}
-END_TEST
-
-START_TEST(test_insert_last)
-{
- void *a = (void*)1, *b = (void*)2, *x = NULL;
-
- list->insert_last(list, a);
- ck_assert_int_eq(list->get_count(list), 1);
- ck_assert(list->get_first(list, &x) == SUCCESS);
- ck_assert(x == a);
- ck_assert(list->get_last(list, &x) == SUCCESS);
- ck_assert(x == a);
-
- list->insert_last(list, b);
- ck_assert_int_eq(list->get_count(list), 2);
- ck_assert(list->get_first(list, &x) == SUCCESS);
- ck_assert(x == a);
- ck_assert(list->get_last(list, &x) == SUCCESS);
- ck_assert(x == b);
-}
-END_TEST
-
-/*******************************************************************************
- * remove first/last
- */
-
-START_TEST(test_remove_first)
-{
- void *a = (void*)1, *b = (void*)2, *x = NULL;
-
- list->insert_first(list, a);
- list->insert_first(list, b);
- ck_assert(list->remove_first(list, &x) == SUCCESS);
- ck_assert_int_eq(list->get_count(list), 1);
- ck_assert(x == b);
- ck_assert(list->remove_first(list, &x) == SUCCESS);
- ck_assert_int_eq(list->get_count(list), 0);
- ck_assert(x == a);
- ck_assert(list->remove_first(list, &x) == NOT_FOUND);
- ck_assert(list->remove_last(list, &x) == NOT_FOUND);
-}
-END_TEST
-
-START_TEST(test_remove_last)
-{
- void *a = (void*)1, *b = (void*)2, *x = NULL;
-
- list->insert_first(list, a);
- list->insert_first(list, b);
- ck_assert(list->remove_last(list, &x) == SUCCESS);
- ck_assert_int_eq(list->get_count(list), 1);
- ck_assert(x == a);
- ck_assert(list->remove_last(list, &x) == SUCCESS);
- ck_assert_int_eq(list->get_count(list), 0);
- ck_assert(x == b);
- ck_assert(list->remove_first(list, &x) == NOT_FOUND);
- ck_assert(list->remove_last(list, &x) == NOT_FOUND);
-}
-END_TEST
-
-/*******************************************************************************
- * helper function for remove and find tests
- */
-
-static bool match_a(void *item, void *a)
-{
- ck_assert(a == (void*)1);
- return item == a;
-}
-
-static bool match_b(void *item, void *b)
-{
- ck_assert(b == (void*)2);
- return item == b;
-}
-
-/*******************************************************************************
- * remove
- */
-
-START_TEST(test_remove)
-{
- void *a = (void*)1, *b = (void*)2;
-
- list->insert_first(list, a);
- ck_assert(list->remove(list, a, NULL) == 1);
- ck_assert_int_eq(list->get_count(list), 0);
-
- list->insert_last(list, a);
- list->insert_last(list, a);
- list->insert_last(list, a);
- list->insert_last(list, b);
- ck_assert(list->remove(list, a, NULL) == 3);
- ck_assert(list->remove(list, a, NULL) == 0);
- ck_assert_int_eq(list->get_count(list), 1);
- ck_assert(list->remove(list, b, NULL) == 1);
- ck_assert(list->remove(list, b, NULL) == 0);
-}
-END_TEST
-
-START_TEST(test_remove_callback)
-{
- void *a = (void*)1, *b = (void*)2;
-
- list->insert_last(list, a);
- list->insert_last(list, b);
- list->insert_last(list, a);
- list->insert_last(list, b);
- ck_assert(list->remove(list, a, match_a) == 2);
- ck_assert(list->remove(list, a, match_a) == 0);
- ck_assert_int_eq(list->get_count(list), 2);
- ck_assert(list->remove(list, b, match_b) == 2);
- ck_assert(list->remove(list, b, match_b) == 0);
- ck_assert_int_eq(list->get_count(list), 0);
-}
-END_TEST
-
-/*******************************************************************************
- * find
- */
-
-static bool match_a_b(void *item, void *a, void *b)
-{
- ck_assert(a == (void*)1);
- ck_assert(b == (void*)2);
- return item == a || item == b;
-}
-
-START_TEST(test_find)
-{
- void *a = (void*)1, *b = (void*)2;
-
- ck_assert(list->find_first(list, NULL, &a) == NOT_FOUND);
- list->insert_last(list, a);
- ck_assert(list->find_first(list, NULL, &a) == SUCCESS);
- ck_assert(list->find_first(list, NULL, &b) == NOT_FOUND);
- list->insert_last(list, b);
- ck_assert(list->find_first(list, NULL, &a) == SUCCESS);
- ck_assert(list->find_first(list, NULL, &b) == SUCCESS);
-
- ck_assert(list->find_first(list, NULL, NULL) == NOT_FOUND);
-}
-END_TEST
-
-START_TEST(test_find_callback)
-{
- void *a = (void*)1, *b = (void*)2, *x = NULL;
-
- ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == NOT_FOUND);
- list->insert_last(list, a);
- ck_assert(list->find_first(list, (linked_list_match_t)match_a, NULL, a) == SUCCESS);
- x = NULL;
- ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS);
- ck_assert(a == x);
- ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == NOT_FOUND);
- ck_assert(a == x);
- x = NULL;
- ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS);
- ck_assert(a == x);
-
- list->insert_last(list, b);
- ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS);
- ck_assert(a == x);
- ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == SUCCESS);
- ck_assert(b == x);
- x = NULL;
- ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS);
- ck_assert(a == x);
-}
-END_TEST
-
-/*******************************************************************************
- * invoke
- */
-
-typedef struct invoke_t invoke_t;
-
-struct invoke_t {
- int val;
- void (*invoke)(invoke_t *item, void *a, void *b, void *c, void *d, int *sum);
-};
-
-static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum)
-{
- ck_assert(a == (void*)1);
- ck_assert(b == (void*)2);
- ck_assert(c == (void*)3);
- ck_assert(d == (void*)4);
- *sum += item;
-}
-
-static void invoke_offset(invoke_t *item, void *a, void *b, void *c, void *d, int *sum)
-{
- invoke(item->val, a, b, c, d, sum);
-}
-
-START_TEST(test_invoke_function)
-{
- int sum = 0;
-
- list->insert_last(list, (void*)1);
- list->insert_last(list, (void*)2);
- list->insert_last(list, (void*)3);
- list->insert_last(list, (void*)4);
- list->insert_last(list, (void*)5);
- list->invoke_function(list, (linked_list_invoke_t)invoke, 1, 2, 3, 4, &sum);
- ck_assert_int_eq(sum, 15);
-}
-END_TEST
-
-START_TEST(test_invoke_offset)
-{
- invoke_t items[] = {
- { .val = 1, .invoke = invoke_offset, },
- { .val = 2, .invoke = invoke_offset, },
- { .val = 3, .invoke = invoke_offset, },
- { .val = 4, .invoke = invoke_offset, },
- { .val = 5, .invoke = invoke_offset, },
- };
- int i, sum = 0;
-
- for (i = 0; i < countof(items); i++)
- {
- list->insert_last(list, &items[i]);
- }
- list->invoke_offset(list, offsetof(invoke_t, invoke), 1, 2, 3, 4, &sum);
- ck_assert_int_eq(sum, 15);
-}
-END_TEST
-
-/*******************************************************************************
- * clone
- */
-
-typedef struct clone_t clone_t;
-
-struct clone_t {
- void *val;
- void *(*clone)(clone_t *item);
-};
-
-static void *clone(clone_t *item)
-{
- return item->val;
-}
-
-static void test_clone(linked_list_t *list)
-{
- intptr_t x;
- int round = 1;
-
- ck_assert_int_eq(list->get_count(list), 5);
- while (list->remove_first(list, (void*)&x) == SUCCESS)
- {
- ck_assert_int_eq(round, x);
- round++;
- }
- ck_assert_int_eq(round, 6);
-}
-
-START_TEST(test_clone_offset)
-{
- linked_list_t *other;
- clone_t items[] = {
- { .val = (void*)1, .clone = clone, },
- { .val = (void*)2, .clone = clone, },
- { .val = (void*)3, .clone = clone, },
- { .val = (void*)4, .clone = clone, },
- { .val = (void*)5, .clone = clone, },
- };
- int i;
-
- for (i = 0; i < countof(items); i++)
- {
- list->insert_last(list, &items[i]);
- }
- other = list->clone_offset(list, offsetof(clone_t, clone));
- test_clone(other);
- other->destroy(other);
-}
-END_TEST
-
-Suite *linked_list_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("linked list");
-
- tc = tcase_create("insert/get");
- tcase_add_checked_fixture(tc, setup_list, teardown_list);
- tcase_add_test(tc, test_insert_first);
- tcase_add_test(tc, test_insert_last);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("remove");
- tcase_add_checked_fixture(tc, setup_list, teardown_list);
- tcase_add_test(tc, test_remove_first);
- tcase_add_test(tc, test_remove_last);
- tcase_add_test(tc, test_remove);
- tcase_add_test(tc, test_remove_callback);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("find");
- tcase_add_checked_fixture(tc, setup_list, teardown_list);
- tcase_add_test(tc, test_find);
- tcase_add_test(tc, test_find_callback);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("invoke");
- tcase_add_checked_fixture(tc, setup_list, teardown_list);
- tcase_add_test(tc, test_invoke_function);
- tcase_add_test(tc, test_invoke_offset);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("clone");
- tcase_add_checked_fixture(tc, setup_list, teardown_list);
- tcase_add_test(tc, test_clone_offset);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_printf.c b/src/libstrongswan/tests/test_printf.c
deleted file mode 100644
index 6c15fbe..0000000
--- a/src/libstrongswan/tests/test_printf.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (C) 2013 Martin Willi
- * Copyright (C) 2013 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <errno.h>
-#include <math.h>
-
-static void verify(char *expected, char *format, ...)
-{
- FILE *mem;
- char buf[128];
- va_list args;
-
- va_start(args, format);
- vsnprintf(buf, sizeof(buf), format, args);
- ck_assert_str_eq(expected, buf);
- va_end(args);
-
- mem = fmemopen(buf, sizeof(buf), "w");
- va_start(args, format);
- vfprintf(mem, format, args);
- va_end(args);
- fclose(mem);
- ck_assert_str_eq(expected, buf);
-}
-
-START_TEST(test_printf_strings)
-{
- verify("a bc def", "%s %s %s", "a", "bc", "def");
- verify("asd", "%.3s", "asdfg");
- verify("asdf", "%.*s", (int)4, "asdfg");
- verify(" asdf", "%6s", "asdf");
- verify(" asdf", "%+6s", "asdf");
- verify("asdf ", "%-6s", "asdf");
-}
-END_TEST
-
-START_TEST(test_printf_err)
-{
- errno = EINVAL;
- verify((char*)strerror(errno), "%m");
-}
-END_TEST
-
-START_TEST(test_printf_unsigned)
-{
- verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (u_int64_t)456);
- verify("65535 255", "%hu %hhu", 0x1ffff, 0x1ff);
- verify("123456789", "%zu", (size_t)123456789);
- verify(" 12", "%5u", 12);
- verify("12 ", "%-5u", 12);
- verify("0012", "%04u", 12);
- verify("0012", "%.4u", 12);
-}
-END_TEST
-
-START_TEST(test_printf_signed)
-{
- verify("-1 -23 -456", "%d %ld %lld", -1, (long)-23, (int64_t)-456);
- verify("-1 -1", "%hd %hhd", 0x1ffff, 0x1ff);
- verify("123456789", "%zd", (ssize_t)123456789);
- verify(" -12", "%5d", -12);
- verify("-12 ", "%-5d", -12);
- verify("-012", "%04d", -12);
- verify("-0012", "%.4d", -12);
-}
-END_TEST
-
-START_TEST(test_printf_hex)
-{
- verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (u_int64_t)0x456);
- verify("12abcdef 12ABCDEF", "%x %X", 0x12ABCDEF, 0x12ABCDEF);
- verify("ffff ff", "%hx %hhx", 0x1ffff, 0x1ff);
- verify("23456789", "%zx", (size_t)0x23456789);
- verify(" ab", "%5x", 0xab);
- verify("ab ", "%-5x", 0xab);
- verify("00ab", "%04x", 0xab);
- verify("00ab", "%.4x", 0xab);
-}
-END_TEST
-
-START_TEST(test_printf_float)
-{
- verify("0.000000", "%f", 0.0);
- verify("1.000000", "%f", 1.0);
- verify("12345.1", "%.1f", 12345.123);
- verify("1", "%.0f", 1.0);
- verify("1.3", "%.1f", 1.346789);
- verify("1.23", "%.2f", 1.23456789);
- verify("1.123", "%.3f", 1.123456789);
- verify("1.0123", "%.4f", 1.0123456789);
-
- verify("-1.000000", "%f", -1.0);
- verify("-12345.1", "%.1f", -12345.123);
- verify("-1", "%.0f", -1.0);
- verify("-1.3", "%.1f", -1.3456789);
- verify("-1.23", "%.2f", -1.23456789);
- verify("-1.123", "%.3f", -1.123456789);
- verify("-1.0123", "%.4f", -1.0123456789);
-
- verify(" 1.2", "%5.1f", 1.234);
- verify("001.2", "%05.1f", 1.234);
- verify("1.2 ", "%-5.1f", 1.234);
-
- verify("12346", "%.0f", 12345.6789);
- verify("2", "%.0f", 1.5);
- verify("1", "%.0f", 1.49);
- verify("1.2", "%.1f", 1.151);
- verify("1.1", "%.1f", 1.149);
- verify("1.13", "%.2f", 1.1251);
- verify("1.12", "%.2f", 1.1249);
- verify("1.124", "%.3f", 1.12351);
- verify("1.123", "%.3f", 1.12349);
-
- verify("-12346", "%.0f", -12345.6789);
- verify("-2", "%.0f", -1.51);
- verify("-1", "%.0f", -1.49);
- verify("-1.2", "%.1f", -1.151);
- verify("-1.1", "%.1f", -1.149);
- verify("-1.13", "%.2f", -1.1251);
- verify("-1.12", "%.2f", -1.1249);
- verify("-1.124", "%.3f", -1.12351);
- verify("-1.123", "%.3f", -1.12349);
-
-#ifdef NAN
- verify("nan", "%.3f", NAN);
- verify(" nan", "%5.3f", NAN);
- verify("NAN", "%.3F", NAN);
- verify("NAN ", "%-5.3F", NAN);
-#endif
-#ifdef INFINITY
- verify("inf", "%.3f", INFINITY);
- verify("-inf", "%.4f", -INFINITY);
- verify("INF", "%.3F", INFINITY);
- verify("-INF", "%.4F", -INFINITY);
-#endif
-}
-END_TEST
-
-Suite *printf_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("printf");
-
- tc = tcase_create("strings");
- tcase_add_test(tc, test_printf_strings);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("err");
- tcase_add_test(tc, test_printf_err);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("unsiged");
- tcase_add_test(tc, test_printf_unsigned);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("siged");
- tcase_add_test(tc, test_printf_signed);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("hex");
- tcase_add_test(tc, test_printf_hex);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("float");
- tcase_add_test(tc, test_printf_float);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_rsa.c b/src/libstrongswan/tests/test_rsa.c
deleted file mode 100644
index 4c75c34..0000000
--- a/src/libstrongswan/tests/test_rsa.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * Copyright (C) 2013 Martin Willi
- * Copyright (C) 2013 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <plugins/plugin_feature.h>
-
-/**
- * Signature schemes to test
- */
-static signature_scheme_t schemes[] = {
- SIGN_RSA_EMSA_PKCS1_NULL,
- SIGN_RSA_EMSA_PKCS1_MD5,
- SIGN_RSA_EMSA_PKCS1_SHA1,
- SIGN_RSA_EMSA_PKCS1_SHA224,
- SIGN_RSA_EMSA_PKCS1_SHA256,
- SIGN_RSA_EMSA_PKCS1_SHA384,
- SIGN_RSA_EMSA_PKCS1_SHA512,
-};
-
-/**
- * Perform a signature verification "good" test having a keypair
- */
-static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
-{
- chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
- int i;
-
- for (i = 0; i < countof(schemes); i++)
- {
- if (!lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) ||
- !lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i])))
- {
- continue;
- }
- fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
- "sign %N", signature_scheme_names, schemes[i]);
- fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
- "verify %N", signature_scheme_names, schemes[i]);
- free(sig.ptr);
- }
-}
-
-/**
- * Some special signatures that should never validate successfully
- */
-static chunk_t invalid_sigs[] = {
- chunk_from_chars(),
- chunk_from_chars(0x00),
- chunk_from_chars(0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
- chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
-};
-
-/**
- * Check public key that it properly fails against some crafted sigs
- */
-static void test_bad_sigs(public_key_t *pubkey)
-{
- chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
- int s, i;
-
- for (s = 0; s < countof(schemes); s++)
- {
- if (!lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
- {
- continue;
- }
- for (i = 0; i < countof(invalid_sigs); i++)
- {
- fail_if(
- pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
- "bad %N sig accepted %B", signature_scheme_names, schemes[s],
- &invalid_sigs[i]);
- }
- }
-}
-
-/**
- * RSA key sizes to test
- */
-static int key_sizes[] = {
- 786, 1024, 1536, 2048, 3072, 4096,
-};
-
-START_TEST(test_gen)
-{
- private_key_t *privkey;
- public_key_t *pubkey;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
- ck_assert(privkey != NULL);
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey != NULL);
-
- test_good_sig(privkey, pubkey);
-
- test_bad_sigs(pubkey);
-
- pubkey->destroy(pubkey);
- privkey->destroy(privkey);
-}
-END_TEST
-
-/**
- * Private keys to load
- */
-static chunk_t keys[] = {
- chunk_from_chars( /* RSA-768 */
- 0x30,0x82,0x01,0xcb,0x02,0x01,0x00,0x02,0x61,0x00,0xd1,0x5d,0x98,0x97,0x95,0x98,
- 0x19,0x87,0x20,0x3f,0x10,0xb0,0x05,0x36,0x1e,0x1b,0xcd,0xc8,0x93,0x66,0xd7,0x43,
- 0xed,0x84,0xb0,0x3e,0x96,0xd3,0xe7,0x27,0x0e,0xc0,0xba,0xdf,0x7e,0x32,0x05,0xd3,
- 0x08,0xd6,0x44,0xd5,0x01,0x2b,0x3e,0x5d,0xc0,0x37,0xae,0x4f,0xe0,0xea,0x8d,0x2c,
- 0x42,0x4c,0xa9,0xa2,0x42,0xbe,0xdd,0xdb,0xf7,0xd3,0x28,0x07,0x10,0x88,0x53,0x15,
- 0xb2,0x4f,0xb5,0x9d,0x47,0x9b,0xd6,0xc8,0xfe,0x5b,0xa2,0xd7,0xe1,0x13,0xca,0x0b,
- 0xce,0x7a,0xed,0xa2,0x3e,0xd5,0x9b,0xb8,0x8b,0x4f,0x02,0x03,0x01,0x00,0x01,0x02,
- 0x60,0x2d,0x83,0x82,0x53,0x99,0xb2,0xaa,0x02,0x05,0x11,0x90,0xa8,0x23,0x49,0xe3,
- 0x7b,0xb9,0xdd,0x9b,0xa5,0xa4,0xb0,0x60,0xa7,0x12,0xc5,0x58,0x76,0x92,0x6e,0x9c,
- 0x37,0x6b,0xa8,0x80,0x3f,0x91,0xa2,0x91,0xee,0x3a,0xa2,0x6f,0x91,0x9e,0x0a,0x35,
- 0x69,0xc0,0xa7,0xdc,0xd8,0x46,0xe4,0x29,0x1c,0x3d,0x34,0x30,0xa2,0xb9,0x0d,0x34,
- 0x94,0xa1,0x12,0xa7,0x85,0xd3,0x2c,0x47,0x1b,0xf0,0x78,0xd5,0x22,0xfc,0xa5,0xe0,
- 0x75,0xac,0x71,0x21,0xe8,0xe8,0x19,0x9f,0xbb,0x98,0x5c,0xa6,0x9d,0x42,0xd7,0x9c,
- 0x89,0x02,0x31,0x00,0xee,0xaa,0x9e,0x82,0xe1,0xb2,0xdd,0x05,0xbc,0x2e,0x53,0xe9,
- 0x64,0x4b,0x48,0x06,0x3a,0xfd,0x9e,0x91,0xce,0x1b,0x7f,0x66,0xbc,0xd2,0xc4,0xab,
- 0xbf,0xc5,0x5d,0x1a,0xbd,0xd6,0xb5,0x9c,0x5c,0x18,0x01,0xe6,0x79,0x19,0xf2,0xc3,
- 0x1d,0x66,0x88,0x2d,0x02,0x31,0x00,0xe0,0x92,0x34,0x1e,0x09,0xf2,0x1b,0xf9,0xbf,
- 0x11,0x65,0x3f,0xc8,0x85,0x5a,0xe6,0xc0,0xcf,0x93,0x44,0xb0,0x50,0xe4,0x8b,0x6f,
- 0x30,0xde,0x42,0x0c,0x8a,0x77,0x0d,0x98,0x7f,0x52,0x59,0x9e,0x87,0xb8,0x6e,0xdc,
- 0xed,0x15,0x80,0xbd,0xbb,0xf2,0xeb,0x02,0x31,0x00,0xb0,0x6b,0x36,0x98,0x90,0xb5,
- 0x62,0x63,0xa6,0xe2,0xa7,0xec,0x51,0xd2,0xc3,0xfe,0xb7,0x04,0x5a,0x7e,0x74,0xd8,
- 0x26,0xa8,0x8e,0xd3,0x4d,0xc5,0x97,0x10,0x10,0xee,0x7f,0x7d,0x82,0xe9,0x7d,0xb9,
- 0xd1,0x4d,0xc8,0x1e,0xc2,0x30,0x30,0x3f,0x66,0x51,0x02,0x31,0x00,0xaa,0x75,0x2f,
- 0x4c,0x11,0xbe,0x8d,0x0f,0x8f,0xc1,0x13,0x7a,0x4b,0xa9,0x35,0x6b,0x6b,0xb4,0xe3,
- 0x92,0xc2,0xc6,0x54,0x03,0xa6,0x5d,0x90,0x86,0xcf,0xe0,0x16,0x27,0xe2,0xb5,0xd9,
- 0xfb,0x1e,0x82,0xe4,0x32,0x7a,0x4d,0x17,0x02,0x46,0x82,0x30,0x0b,0x02,0x30,0x09,
- 0xf3,0xce,0x9b,0x02,0xc5,0x53,0xe9,0xa2,0x89,0xe2,0x3b,0x8c,0x8b,0xe9,0xc2,0xba,
- 0x94,0x76,0x60,0x27,0x2b,0xe9,0x92,0xc1,0x5e,0x3c,0xc3,0x77,0x9b,0xc7,0xce,0xc6,
- 0x67,0xd5,0x20,0x2c,0x54,0xa1,0x5d,0x2a,0x17,0x16,0x66,0xdf,0x5a,0xe9,0x87,
- ),
- chunk_from_chars( /* RSA-1024 */
- 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xc0,0xbd,0x48,0x83,0xbc,
- 0xea,0x0b,0x32,0x06,0x4b,0xf5,0x10,0x54,0x1b,0xba,0x88,0xc4,0x10,0x7e,0x47,0xec,
- 0x0e,0xf9,0xb4,0xcf,0x9a,0x02,0xc6,0xb3,0xaf,0x35,0xc8,0xaf,0x78,0x1a,0xbc,0x37,
- 0x1a,0x25,0x7a,0x37,0x24,0x73,0x53,0x9a,0xf0,0x44,0x64,0x5b,0x6b,0x64,0x4c,0xfa,
- 0x83,0x3a,0x0f,0x77,0x5d,0x7b,0x21,0xa2,0x25,0x00,0x11,0xae,0x72,0x36,0x35,0xd9,
- 0x0d,0xef,0x5a,0xdd,0x98,0x35,0x49,0xaf,0x44,0xa0,0x33,0x29,0xc0,0xca,0xf5,0x6f,
- 0xfe,0xc1,0x06,0x4c,0x80,0x9a,0x54,0xbe,0x46,0x1a,0x96,0xb1,0xf3,0x29,0xb8,0x9d,
- 0x07,0x84,0x03,0x68,0x6b,0x9f,0xbf,0xe5,0xd8,0x14,0x2a,0xe0,0xef,0xbd,0x1a,0x61,
- 0x0d,0x3a,0xc8,0x67,0xcd,0x99,0x90,0xe3,0xe6,0x52,0x83,0x02,0x03,0x01,0x00,0x01,
- 0x02,0x81,0x80,0x13,0xd2,0xa3,0xe5,0xa0,0xb0,0x0a,0xe2,0x0f,0x3c,0x65,0x57,0xa8,
- 0xe9,0x87,0xd5,0x79,0xcc,0xc9,0xca,0xc8,0x8a,0xd5,0xc0,0x74,0x90,0x3e,0x1e,0xda,
- 0x40,0xcd,0x42,0xf7,0x01,0x09,0x9c,0x37,0xfd,0x41,0x6e,0x2b,0x6e,0x5d,0x4a,0x1e,
- 0x52,0x53,0x1b,0xbb,0x3c,0x9f,0xfe,0x91,0x79,0x48,0xfc,0x69,0x90,0xbc,0xbc,0x3d,
- 0xcf,0xee,0x62,0x0a,0xbd,0x57,0x6b,0xa9,0x51,0x3e,0xc2,0x7f,0x26,0xb1,0xaa,0x38,
- 0xeb,0x40,0x91,0x3a,0x3c,0x80,0x1e,0x4e,0xe2,0xff,0xa2,0x8e,0x56,0xbb,0xb3,0xeb,
- 0x24,0x81,0x4c,0x19,0x2c,0x8f,0x51,0x4c,0x04,0x81,0xaf,0x5e,0xc2,0xa6,0xf9,0xd3,
- 0x48,0xee,0xe9,0x6d,0x9b,0xe1,0xe5,0x17,0x4f,0x07,0x18,0xea,0x96,0xd3,0x2c,0xce,
- 0x44,0x71,0x51,0x02,0x41,0x00,0xe9,0xe9,0x46,0x7e,0xe1,0xc2,0x86,0x94,0x65,0x77,
- 0x9c,0xc7,0x76,0x5d,0xa0,0xd3,0xcc,0x1f,0xa3,0xc7,0xfe,0xbb,0x4e,0x27,0xd6,0x43,
- 0x6b,0xbd,0x0d,0x05,0x7a,0x10,0xe8,0x48,0x97,0x30,0xaa,0x53,0x61,0x57,0x1f,0x8a,
- 0xf7,0x39,0x5e,0xa6,0xfe,0xe9,0x2c,0x19,0x5e,0x53,0xea,0xc2,0xb2,0xc2,0x11,0x3c,
- 0x18,0xab,0xcf,0xc4,0x91,0x1b,0x02,0x41,0x00,0xd2,0xf0,0xb1,0x49,0xa1,0x6f,0xf1,
- 0x83,0xa3,0xd2,0xa1,0x0e,0xb3,0xb3,0x33,0x01,0xed,0xd0,0x28,0xc1,0x2f,0x88,0x80,
- 0x9f,0x43,0x7c,0x7e,0x5d,0x4c,0x15,0x05,0x86,0xff,0x75,0x9b,0xf1,0x64,0xde,0x06,
- 0xbf,0xdd,0x98,0x50,0xd9,0x4a,0x3a,0xd6,0x25,0x1c,0xdd,0xc8,0x56,0x12,0x11,0xb9,
- 0x02,0x42,0xc7,0x1d,0x86,0xeb,0xd9,0xc2,0xb9,0x02,0x41,0x00,0x80,0x25,0x8c,0xb9,
- 0x76,0x75,0x5b,0xc5,0x70,0xd1,0x56,0xd2,0xef,0xc5,0xdb,0x96,0x2c,0xfe,0x28,0x7c,
- 0x28,0xd1,0xf4,0xbf,0x5e,0x63,0x11,0x63,0x40,0xfe,0xff,0x20,0xc4,0x21,0x00,0xb3,
- 0x68,0x9c,0xc5,0x77,0x35,0x90,0xac,0x60,0x81,0xba,0x7b,0x6c,0xc2,0xfc,0x22,0xf1,
- 0x56,0x6b,0xd4,0x02,0xfd,0xee,0x2e,0x95,0xf1,0xfd,0x7e,0x81,0x02,0x40,0x47,0xaf,
- 0x84,0x90,0x81,0x4c,0x89,0xc7,0x32,0xe5,0x61,0xd6,0x9d,0x3b,0x49,0x1a,0x5e,0xb7,
- 0x5f,0x22,0x48,0x05,0x1b,0xb1,0x04,0x3e,0x4a,0xb3,0x6a,0x27,0xba,0xb9,0x26,0x17,
- 0xd1,0xe7,0x37,0x60,0x3c,0xea,0xf7,0x63,0xcc,0x16,0x0c,0x23,0xf2,0xa2,0xaa,0x2c,
- 0xb4,0xe8,0x8b,0x3b,0x7a,0xa4,0x4a,0x0d,0x60,0xfb,0x79,0x2b,0x88,0x01,0x02,0x40,
- 0x42,0xee,0x12,0x91,0xf9,0x80,0x1e,0x60,0x0b,0xaa,0xbe,0xfd,0x09,0x84,0x93,0x0d,
- 0x09,0xd3,0x1e,0x37,0x52,0xb0,0xe8,0x51,0x4f,0xd3,0x9e,0xda,0x32,0x38,0x22,0x35,
- 0xdb,0x25,0x8b,0x9f,0x1a,0xb5,0xf1,0x75,0xfa,0x4d,0x09,0x42,0x01,0x64,0xe6,0xc4,
- 0x6e,0xba,0x2d,0x88,0x92,0xbe,0xa9,0x1f,0x85,0x38,0x10,0xa3,0x0e,0x1a,0x92,0x54,
- ),
- chunk_from_chars( /* RSA-1536 */
- 0x30,0x82,0x03,0x7d,0x02,0x01,0x00,0x02,0x81,0xc1,0x00,0xba,0xe3,0x37,0x93,0x7e,
- 0x42,0x13,0x3c,0xba,0x41,0xc1,0x7b,0xf0,0xcc,0x7a,0x44,0xc6,0x54,0xc8,0x77,0x01,
- 0x70,0x2f,0x6e,0x4a,0xcf,0x2d,0x07,0xab,0x01,0xc0,0x43,0xab,0x8d,0x33,0xb3,0xd4,
- 0xeb,0xe3,0x90,0xf6,0x01,0x03,0x75,0x03,0x1d,0xe8,0x06,0x40,0x15,0xfa,0x96,0x0b,
- 0xd5,0x26,0x64,0xea,0x55,0x82,0x16,0x7b,0xd5,0x1e,0xaa,0x08,0xc7,0x30,0x1a,0x59,
- 0xf8,0xd9,0xe3,0x9e,0x89,0xd9,0x92,0x2c,0x32,0x79,0x0e,0xb3,0x25,0xbc,0x1d,0x7c,
- 0x59,0xde,0x05,0x47,0x8f,0x61,0x77,0xf5,0x4f,0xed,0x82,0x2c,0xf8,0x2a,0x3e,0x02,
- 0xf3,0xc0,0x15,0x51,0xde,0x05,0xc4,0xfc,0x80,0x91,0xae,0x06,0x1b,0xd7,0x39,0x8e,
- 0x9a,0x6d,0xb3,0x2f,0xb0,0xd0,0xc8,0x96,0xa6,0x88,0xb3,0x17,0xca,0x58,0xbe,0x38,
- 0x2c,0x64,0x35,0x5a,0x29,0xb7,0xf8,0x74,0x3d,0xbb,0xec,0x90,0x01,0x04,0x64,0x3d,
- 0x38,0x0f,0x87,0xce,0xd7,0xfc,0xd2,0x96,0x93,0x31,0x85,0x0d,0x2d,0xa5,0x91,0xe2,
- 0xfc,0x7b,0xea,0xb0,0x89,0x24,0xaa,0x00,0x29,0x8c,0x26,0x7c,0x94,0x54,0x74,0xe4,
- 0x11,0xa8,0x04,0x6f,0x40,0xeb,0xaf,0xed,0xac,0x75,0x33,0x02,0x03,0x01,0x00,0x01,
- 0x02,0x81,0xc0,0x0a,0x96,0xec,0x63,0xc1,0xa0,0x39,0xd9,0xd3,0x8d,0xfd,0x4a,0x2a,
- 0x13,0x54,0x0c,0x48,0x96,0xae,0x43,0x3c,0x04,0x20,0xd3,0xe5,0x8e,0x46,0xb5,0x6c,
- 0x05,0xad,0xe0,0xc7,0xbc,0x39,0x05,0x44,0x17,0xd7,0xad,0xb3,0x9a,0xcc,0x18,0xd9,
- 0xc3,0xdc,0x8d,0x5a,0x1d,0x44,0xb5,0x32,0xd7,0x71,0x94,0xff,0x48,0x38,0x16,0x51,
- 0x0e,0xfa,0xed,0x54,0x91,0x00,0xd3,0x45,0x6c,0xd9,0xdf,0xd1,0x70,0x6b,0x31,0x22,
- 0xaa,0xfb,0x7c,0x0f,0x3f,0xa0,0xa0,0xa5,0x16,0xac,0x83,0x6d,0x12,0x1d,0x4a,0x40,
- 0x4e,0xb6,0x9c,0xf4,0x67,0xaa,0xa9,0xb0,0xc8,0xb4,0x0a,0xd5,0x3b,0x5c,0x19,0xed,
- 0x86,0x83,0x5a,0x75,0xbc,0xeb,0x17,0xc8,0x16,0xa0,0x60,0x2e,0xb6,0x25,0xc5,0x4d,
- 0x59,0xba,0x62,0xcb,0x3d,0x91,0x7c,0x79,0x6a,0x4b,0x4a,0x54,0xbd,0xb7,0xa3,0x89,
- 0x7f,0xbf,0x0e,0x77,0xe1,0x54,0x29,0x0d,0x45,0x6d,0xa8,0x15,0xa5,0x17,0x8c,0xcf,
- 0x27,0x9e,0x47,0x4e,0x2a,0x91,0x7e,0x4e,0x14,0x59,0x8c,0x62,0x91,0xa3,0x40,0xa5,
- 0x9e,0x67,0xbb,0x02,0x97,0xb4,0xe7,0x06,0x04,0xbc,0x16,0x24,0x3d,0x49,0xb1,0xf0,
- 0xae,0xfc,0x1d,0x02,0x61,0x00,0xde,0x86,0x5d,0x49,0x88,0xeb,0x5c,0xd3,0xe5,0x11,
- 0x48,0x0b,0x1e,0x52,0x95,0xa9,0x65,0x99,0x89,0xcf,0x51,0xb0,0x08,0xdd,0xb5,0x5b,
- 0x64,0x1a,0x34,0xd2,0xee,0x4b,0x2d,0x8b,0xc1,0xd5,0xd6,0x1d,0x6c,0x0c,0x7e,0xa5,
- 0x66,0x12,0xec,0xaf,0x5d,0xe9,0x33,0xd4,0xba,0x18,0x71,0x84,0x97,0xbe,0xc0,0x75,
- 0x63,0x19,0xae,0xc6,0xc7,0x65,0xf3,0xf6,0xda,0x3f,0x91,0xfa,0x5e,0x87,0xf3,0xbc,
- 0xd2,0x64,0x8d,0xcf,0xfb,0xdd,0x7f,0x9b,0x6c,0x81,0xba,0x9b,0x4e,0x94,0x5e,0x83,
- 0xd1,0xcb,0xb9,0xf4,0x39,0x7f,0x02,0x61,0x00,0xd7,0x00,0x6d,0x8e,0x1b,0xa1,0x44,
- 0xd9,0xff,0xe6,0x42,0x72,0x18,0x55,0x26,0x3e,0x87,0x40,0x71,0xb2,0x67,0x37,0x16,
- 0xe9,0xbd,0x51,0x7f,0x0e,0x79,0x0e,0x75,0xa9,0x1f,0x0f,0x6b,0xa5,0x7c,0x5f,0xc8,
- 0xdc,0x17,0xde,0x53,0x88,0x97,0x90,0x88,0xf2,0x4d,0x66,0x5e,0x0e,0x11,0x16,0x92,
- 0x1e,0x61,0x56,0xe6,0xf0,0x74,0x81,0x58,0x95,0x05,0x29,0x71,0x9b,0xa0,0x69,0xed,
- 0x14,0x23,0xf6,0x36,0x9b,0x8f,0x06,0x3a,0x76,0xab,0xeb,0xce,0xe8,0xdc,0x79,0xc1,
- 0x29,0xb9,0xfc,0x49,0x7a,0x26,0x59,0xd6,0x4d,0x02,0x61,0x00,0xaf,0x3c,0xac,0xd6,
- 0x2d,0xe6,0xfb,0x91,0x3a,0xc1,0x23,0x34,0xee,0x4a,0x26,0xe5,0xe1,0xc6,0xc9,0xc9,
- 0xe4,0x10,0x76,0xca,0xf1,0xf8,0xe8,0x99,0xe2,0xa3,0x81,0x58,0xde,0xa3,0x42,0xa0,
- 0x3d,0x1f,0xaa,0x69,0x24,0x8a,0xe8,0x19,0x5b,0x1e,0xb7,0x1b,0xe0,0xdf,0x53,0x35,
- 0xd0,0x9f,0x94,0x48,0x79,0x93,0x77,0xd9,0x4f,0xd3,0xe6,0x4f,0x19,0x92,0x7a,0x48,
- 0xb9,0x92,0xab,0x42,0xf0,0xe4,0xef,0xe2,0x93,0xf3,0x07,0xeb,0x64,0x84,0x67,0x2c,
- 0xba,0x61,0x77,0xbe,0x4b,0xb8,0x0f,0x4d,0x1a,0x41,0x83,0xcd,0x02,0x60,0x56,0xec,
- 0x55,0x5e,0x9e,0xcd,0x14,0x89,0x0e,0x6c,0x89,0x70,0x97,0x65,0xd5,0x90,0x72,0x1e,
- 0x1b,0xd9,0x84,0xe1,0x40,0xe2,0x3f,0x28,0x33,0xb6,0x26,0x3b,0x32,0x56,0xad,0xb8,
- 0x0e,0x4d,0x59,0x7b,0x60,0x39,0x9b,0x6c,0xc7,0x58,0xf1,0xed,0xfd,0x6f,0xf8,0xda,
- 0xea,0x2b,0xc5,0xbc,0xda,0x56,0x6e,0x04,0x34,0x5a,0x02,0xc0,0x48,0x8f,0xf7,0x06,
- 0x4a,0x68,0x20,0xf2,0xb2,0x66,0xf2,0x23,0x18,0xf0,0xcb,0x62,0x39,0x40,0xc1,0x41,
- 0x14,0xe6,0x10,0x3d,0x29,0x5b,0x35,0x56,0x4a,0x5e,0x98,0x22,0xba,0x01,0x02,0x61,
- 0x00,0xcc,0x80,0xb7,0xb9,0xb9,0x4a,0xaf,0x47,0x00,0x3e,0x21,0x0f,0xb8,0x4e,0x7c,
- 0xb1,0xe4,0x25,0xd6,0x19,0x26,0x54,0xc6,0x8c,0x30,0x88,0x54,0x70,0xcf,0x1f,0x62,
- 0x75,0xcb,0x18,0x58,0x6c,0x14,0xb0,0x9b,0x13,0x90,0xa2,0x1a,0x5a,0x79,0xa3,0x82,
- 0xf0,0x9b,0xba,0xf0,0x90,0xaf,0xa1,0xe8,0xa8,0x70,0xef,0x60,0x6a,0x68,0xed,0x5a,
- 0x21,0x77,0x69,0x7a,0xf2,0xee,0x3e,0xe5,0x90,0xd2,0x33,0x71,0x3b,0x82,0x88,0x75,
- 0xdd,0x8e,0x6e,0xbc,0x17,0x83,0xef,0x37,0x82,0x4e,0x83,0x30,0xcb,0x8a,0xbc,0x6c,
- 0x41,
- ),
- chunk_from_chars( /* RSA-2048 */
- 0x30,0x82,0x04,0xa2,0x02,0x01,0x00,0x02,0x82,0x01,0x01,0x00,0xba,0xbf,0x27,0x0b,
- 0x22,0x59,0xd8,0x6f,0xff,0x26,0x5d,0x41,0x3d,0xb0,0x94,0x58,0x5d,0xc0,0x46,0xb6,
- 0x77,0xa9,0x78,0x10,0x6d,0xe9,0xbf,0xca,0x6f,0x04,0xe1,0xda,0x85,0x12,0x1e,0xe0,
- 0xa6,0xc7,0xa2,0x71,0x04,0x8b,0x6e,0x84,0xf9,0x86,0x2b,0xeb,0x72,0x01,0x72,0xc8,
- 0x0a,0x83,0xa6,0xf7,0xc0,0xd6,0x76,0x1d,0x28,0x38,0xb5,0x7e,0x6c,0x8c,0x6a,0x13,
- 0xf4,0xf1,0x7f,0xf2,0x79,0xae,0x73,0xba,0x1a,0x3f,0x30,0x65,0xb6,0x23,0xa7,0x94,
- 0x34,0x29,0x87,0xce,0x06,0x99,0xee,0x85,0x10,0xce,0x08,0xe2,0x8d,0xd5,0x47,0xf3,
- 0xc8,0xf0,0x18,0x41,0xc0,0x59,0x66,0x06,0xda,0xb6,0x18,0xd2,0xa3,0xa0,0xbd,0x3a,
- 0x90,0x7f,0x37,0x39,0xdf,0x98,0x55,0xa2,0x19,0x5e,0x37,0xbc,0x86,0xf3,0x02,0xf8,
- 0x68,0x49,0x53,0xf2,0x4b,0x3d,0x7a,0xe3,0x1d,0xa4,0x15,0x10,0xa6,0xce,0x8c,0xb8,
- 0xfd,0x95,0x54,0xa2,0x50,0xa2,0xd9,0x35,0x12,0x56,0xae,0xbc,0x51,0x33,0x6d,0xb8,
- 0x63,0x7c,0x26,0xab,0x19,0x01,0xa5,0xda,0xfa,0x4b,0xb6,0x57,0xd3,0x4b,0xdd,0xc0,
- 0x62,0xc5,0x05,0xb7,0xc3,0x2e,0x1f,0x17,0xc8,0x09,0x87,0x12,0x37,0x21,0xd7,0x7a,
- 0x53,0xb0,0x47,0x60,0xa2,0xb5,0x23,0x3b,0x99,0xdf,0xea,0x8b,0x94,0xea,0x9d,0x53,
- 0x5d,0x02,0x52,0xf7,0x29,0xfb,0x63,0xb0,0xff,0x27,0x5e,0xde,0x54,0x7d,0x95,0xd6,
- 0x4e,0x58,0x12,0x06,0x60,0x22,0x33,0xf2,0x19,0x67,0x65,0xdd,0xf3,0x42,0xb5,0x00,
- 0x51,0x35,0xe5,0x62,0x4d,0x90,0x44,0xfb,0x7f,0x5b,0xb5,0xe5,0x02,0x03,0x01,0x00,
- 0x01,0x02,0x82,0x01,0x00,0x1c,0xf5,0x66,0xf5,0xce,0x4c,0x1d,0xe8,0xd2,0x29,0x6e,
- 0x15,0x1f,0x9e,0x9a,0x06,0x70,0xf5,0x4f,0xd1,0xdc,0x51,0x02,0x8e,0x13,0xa9,0x47,
- 0x85,0x39,0xfd,0x89,0x13,0x74,0x86,0xb8,0x94,0x90,0x30,0x4d,0x73,0x96,0xa7,0x93,
- 0x8a,0x19,0xd2,0x91,0x4d,0x77,0xb6,0x9b,0x48,0xc3,0x7e,0xa2,0x5d,0xf1,0x80,0xa0,
- 0x3c,0xc9,0xbf,0xaf,0x7f,0x4d,0x10,0x62,0x23,0xb9,0x9c,0x58,0x81,0xae,0x96,0x5b,
- 0x9a,0x4c,0x97,0x27,0x67,0x62,0x5c,0xf9,0x8f,0xdd,0x1d,0xe2,0x92,0x13,0x8a,0x7b,
- 0xc7,0x15,0x31,0xca,0x05,0x6d,0xc6,0x98,0xdb,0x88,0x39,0x99,0x1d,0x5b,0x19,0x51,
- 0xdd,0xb6,0xbd,0x3d,0xb0,0xae,0x50,0x8e,0xff,0x7d,0xa8,0x48,0x95,0x58,0x23,0xbc,
- 0x85,0xc0,0x46,0xd0,0xc0,0x0e,0xda,0xdd,0xa4,0x8e,0x8d,0x31,0x8b,0x89,0x0f,0x8b,
- 0x76,0x9a,0xb5,0x99,0x56,0x5e,0xd3,0x0c,0x88,0x0b,0x03,0xf1,0xc9,0xe3,0x05,0x05,
- 0x08,0x75,0xce,0x35,0x52,0xa0,0xc0,0xf2,0xf4,0xb9,0x87,0x22,0x21,0x3f,0x61,0xd6,
- 0x99,0xae,0x0e,0x76,0x5d,0x9c,0x16,0xa3,0xe9,0xde,0x2d,0x2a,0x46,0xf7,0x89,0xbf,
- 0x0d,0xb1,0x60,0xad,0xbc,0x24,0xe2,0xe5,0xb1,0xc1,0x1c,0x00,0x40,0x1c,0xbd,0xfa,
- 0x6e,0xc7,0x0d,0xc1,0xda,0x4d,0x54,0x45,0x96,0xac,0xf7,0xfe,0x1b,0xf2,0x47,0x1e,
- 0xf7,0x8b,0xcf,0x27,0xcc,0xe7,0x08,0xd6,0x43,0x60,0xea,0xda,0x19,0xd7,0x98,0x17,
- 0x7c,0xab,0x0c,0x90,0x60,0x75,0x9f,0x8b,0xaa,0x13,0x63,0x98,0x9e,0xc6,0x41,0x9f,
- 0xd4,0x85,0xa3,0xb2,0xb9,0x02,0x81,0x81,0x00,0xe1,0x20,0xf6,0xac,0xa9,0x01,0xbd,
- 0x31,0xe6,0xb2,0x4e,0xcf,0x66,0xc3,0x11,0x0e,0x5b,0xfe,0x58,0x6b,0xc6,0x2d,0x7a,
- 0x05,0x30,0x9a,0x6f,0xcc,0xcc,0xdf,0xd2,0x2c,0xe1,0x47,0x39,0x9e,0xf3,0x0c,0x81,
- 0xd9,0x76,0x00,0xe2,0xb1,0x08,0x91,0xfb,0x12,0x04,0xf6,0x1f,0xea,0xff,0x82,0xe5,
- 0x64,0x64,0x6f,0x14,0xbe,0x33,0x5f,0x41,0x5f,0x73,0x1f,0xa2,0x32,0xec,0x75,0xb3,
- 0x98,0x4b,0x88,0x4d,0x1e,0xec,0x78,0xda,0x4c,0x2d,0xf8,0xbb,0xcf,0x0e,0x8f,0x2f,
- 0x23,0xae,0xcd,0xe0,0x4c,0x13,0x1c,0x1c,0x16,0x8e,0xb9,0x9f,0x02,0x12,0x12,0xa5,
- 0xf4,0x21,0xfe,0x57,0x08,0x7a,0xe8,0xbe,0x15,0xe9,0xdd,0x2a,0xd1,0x7b,0x39,0xd6,
- 0x4f,0x70,0x74,0x7d,0xfd,0x39,0x97,0x80,0x8d,0x02,0x81,0x81,0x00,0xd4,0x5a,0xce,
- 0x05,0x93,0x51,0x15,0x44,0xdd,0x4d,0x79,0x92,0x04,0xe6,0x64,0x7e,0x6c,0xb5,0x61,
- 0x6b,0xc3,0xb3,0xae,0x4f,0x0a,0x75,0xbf,0x6c,0xec,0x47,0xf2,0xbc,0xea,0x76,0xc4,
- 0xc2,0xe7,0xd2,0x50,0xc4,0xe0,0xaf,0x56,0x05,0x72,0x3c,0x34,0x8c,0x5b,0xae,0xb8,
- 0x0e,0xfb,0x83,0x27,0xcf,0x61,0x05,0x44,0x97,0x3f,0x66,0x6d,0x26,0x7d,0xed,0xcd,
- 0x5a,0x87,0x04,0xbc,0xb3,0x70,0x75,0x15,0x51,0xe9,0x18,0x85,0xf7,0x2a,0x45,0xd5,
- 0xc7,0x93,0x32,0x07,0x2e,0x26,0x34,0x2d,0x18,0x63,0x45,0x06,0x6f,0xa9,0x75,0x5d,
- 0x20,0x6b,0x0b,0x13,0x45,0x81,0x7e,0x5c,0xc5,0x48,0x16,0x4b,0x82,0x7c,0xad,0xbe,
- 0xfd,0xa5,0x0a,0xd6,0xc2,0x21,0xfc,0xa5,0x84,0xaf,0xf3,0x10,0xb9,0x02,0x81,0x80,
- 0x29,0x20,0x20,0x6f,0xc2,0x1f,0xf3,0x33,0xde,0x74,0xcc,0x38,0xcf,0x08,0xeb,0x60,
- 0xb8,0x25,0x6a,0x79,0xa5,0xa6,0x41,0x18,0x19,0x9c,0xdc,0xb7,0x88,0xe5,0x8a,0x3b,
- 0x70,0x9b,0xd6,0x46,0xd7,0x17,0x7d,0xd0,0xff,0xe1,0x81,0x87,0xdd,0x8c,0xed,0x54,
- 0x89,0x5b,0x7c,0xd1,0x2d,0x03,0xf8,0x6b,0xb2,0x7d,0x28,0x48,0xe6,0x91,0x8c,0x1b,
- 0xa7,0xa8,0x2b,0xb5,0x29,0xc5,0x06,0x9d,0xd7,0x8e,0x7a,0xa8,0x1f,0x82,0xa4,0x3e,
- 0x2e,0x57,0xb5,0xd7,0x49,0x4d,0x96,0xca,0xe9,0xef,0xe9,0xfd,0x7b,0xb0,0x32,0xe1,
- 0x5c,0x09,0x44,0xa6,0xd8,0x2e,0x57,0xea,0x95,0x1b,0x25,0x43,0x03,0x50,0xe9,0x08,
- 0x8f,0xc4,0x3b,0x42,0x31,0x44,0x8b,0x85,0xcf,0x81,0x38,0x52,0xbd,0xe6,0x93,0x31,
- 0x02,0x81,0x80,0x18,0x3d,0x79,0x51,0x07,0x9c,0xf4,0xd9,0x94,0x8d,0x78,0x78,0x23,
- 0x99,0x0d,0x15,0xa5,0x61,0x1b,0x0a,0xcb,0x1f,0x22,0xa1,0xa1,0x27,0x09,0xbf,0xec,
- 0x44,0xd6,0x3f,0x9c,0x60,0x0c,0x5b,0xd7,0x4c,0x99,0xad,0xaf,0x9c,0x34,0x2c,0x90,
- 0xfa,0xb0,0x60,0xe9,0x42,0x4b,0x7e,0x62,0x55,0x79,0x60,0xe1,0xc9,0x51,0x28,0x16,
- 0xb3,0xa1,0x78,0x08,0x5d,0xf1,0xd8,0x08,0x9b,0x90,0xd2,0xc6,0xde,0x86,0x9d,0x80,
- 0x07,0x2d,0x9b,0xa6,0x36,0xac,0x8d,0x88,0x8e,0xe8,0x64,0xeb,0x35,0x7f,0x84,0x4e,
- 0x28,0x9d,0xf0,0x77,0x1e,0x8f,0x8f,0xd8,0xc8,0x3d,0xdd,0xec,0x47,0x39,0x5d,0xc7,
- 0xb9,0xcb,0xca,0xcc,0x62,0xa4,0xef,0x9d,0x3c,0x5c,0x81,0x72,0x91,0xbd,0x6f,0x25,
- 0x0a,0x90,0xf9,0x02,0x81,0x80,0x51,0x42,0x23,0x64,0x3d,0xbc,0xcb,0xcb,0x77,0xd4,
- 0x5c,0x6b,0xf4,0x16,0x3a,0x6b,0x05,0x5f,0xd4,0xf8,0x59,0xe6,0x98,0x0c,0x43,0x7e,
- 0x6b,0x17,0x0d,0x01,0x23,0x6e,0x4c,0xff,0x35,0xe4,0xc5,0xba,0xe8,0x9e,0x12,0x94,
- 0x34,0x78,0xe4,0x3d,0x35,0xa1,0xd4,0xa9,0xa3,0x7e,0xe4,0x57,0xef,0xa4,0x9a,0x6a,
- 0x32,0xb3,0x9f,0xf8,0x3a,0xcf,0xea,0xf4,0xc7,0x59,0x92,0xd4,0x2a,0x5b,0x26,0x83,
- 0x78,0x30,0x5f,0xdf,0x46,0xa6,0xb0,0x28,0x37,0x2b,0x55,0x08,0x4c,0xb6,0x6b,0xb8,
- 0xa9,0x11,0x7d,0x0b,0xab,0x97,0x4d,0x8c,0xc3,0xbf,0x3b,0xcd,0x3e,0xad,0x80,0xce,
- 0xe8,0xc6,0x01,0x35,0xd2,0x3e,0x31,0xdc,0x96,0xd7,0xc3,0xab,0x65,0xd1,0xc4,0xa3,
- 0x47,0x14,0xa9,0xba,0xd0,0x30,
- ),
-};
-
-START_TEST(test_load)
-{
- private_key_t *privkey;
- public_key_t *pubkey;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
- ck_assert(privkey != NULL);
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey != NULL);
-
- test_good_sig(privkey, pubkey);
-
- test_bad_sigs(pubkey);
-
- pubkey->destroy(pubkey);
- privkey->destroy(privkey);
-}
-END_TEST
-
-Suite *rsa_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("rsa");
-
- tc = tcase_create("generate");
- tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
- tcase_set_timeout(tc, 8);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("load");
- tcase_add_loop_test(tc, test_load, 0, countof(keys));
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index f858585..0b26ee1 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,48 +15,170 @@
* for more details.
*/
-#include <unistd.h>
-
#include "test_runner.h"
#include <library.h>
#include <plugins/plugin_feature.h>
+#include <collections/array.h>
+#include <utils/test.h>
#include <dirent.h>
+#include <unistd.h>
+#include <limits.h>
+
+/**
+ * Get a tty color escape character for stderr
+ */
+#define TTY(color) tty_escape_get(2, TTY_FG_##color)
/**
- * Load plugins from builddir
+ * Initialize the lookup table for testable functions (defined in libstrongswan)
*/
-static bool load_plugins()
+static void testable_functions_create() __attribute__ ((constructor(1000)));
+static void testable_functions_create()
{
- enumerator_t *enumerator;
- char *name, path[PATH_MAX], dir[64];
+ testable_functions = hashtable_create(hashtable_hash_str,
+ hashtable_equals_str, 8);
+}
+
+/**
+ * Destroy the lookup table for testable functions
+ */
+static void testable_functions_destroy() __attribute__ ((destructor(1000)));
+static void testable_functions_destroy()
+{
+ testable_functions->destroy(testable_functions);
+ /* if leak detective is enabled plugins are not actually unloaded, which
+ * means their destructor is called AFTER this one when the process
+ * terminates, even though the priority says differently, make sure this
+ * does not crash */
+ testable_functions = NULL;
+}
+
+/**
+ * Load all available test suites
+ */
+static array_t *load_suites(test_configuration_t configs[],
+ test_runner_init_t init)
+{
+ array_t *suites;
+ bool old = FALSE;
+ int i;
- enumerator = enumerator_create_token(PLUGINS, " ", "");
- while (enumerator->enumerate(enumerator, &name))
+ library_init(NULL, "test-runner");
+
+ test_setup_handler();
+
+ if (init && !init(TRUE))
{
- snprintf(dir, sizeof(dir), "%s", name);
- translate(dir, "-", "_");
- snprintf(path, sizeof(path), "%s/%s/.libs", PLUGINDIR, dir);
- lib->plugins->add_path(lib->plugins, path);
+ library_deinit();
+ return NULL;
}
- enumerator->destroy(enumerator);
+ lib->plugins->status(lib->plugins, LEVEL_CTRL);
- return lib->plugins->load(lib->plugins, PLUGINS);
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+
+ suites = array_create(0, 0);
+
+ for (i = 0; configs[i].suite; i++)
+ {
+ if (configs[i].feature.type == 0 ||
+ lib->plugins->has_feature(lib->plugins, configs[i].feature))
+ {
+ array_insert(suites, -1, configs[i].suite());
+ }
+ }
+
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+
+ if (init)
+ {
+ init(FALSE);
+ }
+ library_deinit();
+
+ return suites;
}
-int main()
+/**
+ * Unload and destroy test suites and associated data
+ */
+static void unload_suites(array_t *suites)
{
- SRunner *sr;
- int nf;
+ test_suite_t *suite;
+ test_case_t *tcase;
- /* test cases are forked and there is no cleanup, so disable leak detective.
- * if test_suite.h is included leak detective is enabled in test cases */
- setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
- /* redirect all output to stderr (to redirect make's stdout to /dev/null) */
- dup2(2, 1);
+ while (array_remove(suites, 0, &suite))
+ {
+ while (array_remove(suite->tcases, 0, &tcase))
+ {
+ array_destroy(tcase->functions);
+ array_destroy(tcase->fixtures);
+ }
+ free(suite);
+ }
+ array_destroy(suites);
+}
- library_init(NULL);
+/**
+ * Run a single test function, return FALSE on failure
+ */
+static bool run_test(test_function_t *tfun, int i)
+{
+ if (test_restore_point())
+ {
+ tfun->cb(i);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Invoke fixture setup/teardown
+ */
+static bool call_fixture(test_case_t *tcase, bool up)
+{
+ enumerator_t *enumerator;
+ test_fixture_t *fixture;
+ bool failure = FALSE;
+
+ enumerator = array_create_enumerator(tcase->fixtures);
+ while (enumerator->enumerate(enumerator, &fixture))
+ {
+ if (test_restore_point())
+ {
+ if (up)
+ {
+ fixture->setup();
+ }
+ else
+ {
+ fixture->teardown();
+ }
+ }
+ else
+ {
+ failure = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return !failure;
+}
+
+/**
+ * Test initialization, initializes libstrongswan for the next run
+ */
+static bool pre_test(test_runner_init_t init)
+{
+ library_init(NULL, "test-runner");
/* use non-blocking RNG to generate keys fast */
lib->settings->set_default_str(lib->settings,
@@ -62,45 +186,305 @@ int main()
lib->settings->get_str(lib->settings,
"libstrongswan.plugins.random.urandom", "/dev/urandom"));
- if (!load_plugins())
+ if (lib->leak_detective)
+ {
+ /* disable leak reports during testing */
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ NULL, NULL, NULL);
+ }
+ if (init && !init(TRUE))
{
library_deinit();
- return EXIT_FAILURE;
+ return FALSE;
}
- lib->plugins->status(lib->plugins, LEVEL_CTRL);
+ dbg_default_set_level(LEVEL_SILENT);
+ return TRUE;
+}
+
+/**
+ * Failure description
+ */
+typedef struct {
+ char *name;
+ char msg[512 - sizeof(char*) - 2 * sizeof(int)];
+ const char *file;
+ int line;
+ int i;
+ backtrace_t *bt;
+} failure_t;
+
+/**
+ * Data passed to leak report callbacks
+ */
+typedef struct {
+ array_t *failures;
+ char *name;
+ int i;
+ int leaks;
+} report_data_t;
+
+/**
+ * Leak report callback, build failures from leaks
+ */
+static void report_leaks(report_data_t *data, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ failure_t failure = {
+ .name = data->name,
+ .i = data->i,
+ .bt = bt->clone(bt),
+ };
+
+ snprintf(failure.msg, sizeof(failure.msg),
+ "Leak detected: %d allocations using %zu bytes", count, bytes);
+
+ array_insert(data->failures, -1, &failure);
+}
+
+/**
+ * Leak summary callback, check if any leaks found
+ */
+static void sum_leaks(report_data_t *data, int count, size_t bytes,
+ int whitelisted)
+{
+ data->leaks = count;
+}
+
+/**
+ * Do library cleanup and optionally check for memory leaks
+ */
+static bool post_test(test_runner_init_t init, bool check_leaks,
+ array_t *failures, char *name, int i)
+{
+ report_data_t data = {
+ .failures = failures,
+ .name = name,
+ .i = i,
+ };
- sr = srunner_create(NULL);
- srunner_add_suite(sr, bio_reader_suite_create());
- srunner_add_suite(sr, bio_writer_suite_create());
- srunner_add_suite(sr, chunk_suite_create());
- srunner_add_suite(sr, enum_suite_create());
- srunner_add_suite(sr, enumerator_suite_create());
- srunner_add_suite(sr, linked_list_suite_create());
- srunner_add_suite(sr, linked_list_enumerator_suite_create());
- srunner_add_suite(sr, hashtable_suite_create());
- srunner_add_suite(sr, array_suite_create());
- srunner_add_suite(sr, identification_suite_create());
- srunner_add_suite(sr, threading_suite_create());
- srunner_add_suite(sr, utils_suite_create());
- srunner_add_suite(sr, host_suite_create());
- srunner_add_suite(sr, vectors_suite_create());
- srunner_add_suite(sr, printf_suite_create());
- if (lib->plugins->has_feature(lib->plugins,
- PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_RSA)))
- {
- srunner_add_suite(sr, rsa_suite_create());
- }
- if (lib->plugins->has_feature(lib->plugins,
- PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_ECDSA)))
- {
- srunner_add_suite(sr, ecdsa_suite_create());
- }
-
- srunner_run_all(sr, CK_NORMAL);
- nf = srunner_ntests_failed(sr);
-
- srunner_free(sr);
+ if (init)
+ {
+ init(FALSE);
+ }
+ if (check_leaks && lib->leak_detective)
+ {
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ (leak_detective_report_cb_t)report_leaks,
+ (leak_detective_summary_cb_t)sum_leaks, &data);
+ }
library_deinit();
- return (nf == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+ return data.leaks != 0;
+}
+
+/**
+ * Collect failure information, add failure_t to array
+ */
+static void collect_failure_info(array_t *failures, char *name, int i)
+{
+ failure_t failure = {
+ .name = name,
+ .i = i,
+ .bt = test_failure_backtrace(),
+ };
+
+ failure.line = test_failure_get(failure.msg, sizeof(failure.msg),
+ &failure.file);
+
+ array_insert(failures, -1, &failure);
+}
+
+/**
+ * Print array of collected failure_t to stderr
+ */
+static void print_failures(array_t *failures)
+{
+ failure_t failure;
+
+ backtrace_init();
+
+ while (array_remove(failures, 0, &failure))
+ {
+ fprintf(stderr, " %sFailure in '%s': %s (",
+ TTY(RED), failure.name, failure.msg);
+ if (failure.line)
+ {
+ fprintf(stderr, "%s:%d, ", failure.file, failure.line);
+ }
+ fprintf(stderr, "i = %d)%s\n", failure.i, TTY(DEF));
+ if (failure.bt)
+ {
+ failure.bt->log(failure.bt, stderr, TRUE);
+ failure.bt->destroy(failure.bt);
+ }
+ }
+
+ backtrace_deinit();
+}
+
+/**
+ * Run a single test case with fixtures
+ */
+static bool run_case(test_case_t *tcase, test_runner_init_t init)
+{
+ enumerator_t *enumerator;
+ test_function_t *tfun;
+ int passed = 0;
+ array_t *failures;
+
+ failures = array_create(sizeof(failure_t), 0);
+
+ fprintf(stderr, " Running case '%s': ", tcase->name);
+ fflush(stderr);
+
+ enumerator = array_create_enumerator(tcase->functions);
+ while (enumerator->enumerate(enumerator, &tfun))
+ {
+ int i, rounds = 0;
+
+ for (i = tfun->start; i < tfun->end; i++)
+ {
+ if (pre_test(init))
+ {
+ bool ok = FALSE, leaks = FALSE;
+
+ test_setup_timeout(tcase->timeout);
+
+ if (call_fixture(tcase, TRUE))
+ {
+ if (run_test(tfun, i))
+ {
+ if (call_fixture(tcase, FALSE))
+ {
+ ok = TRUE;
+ }
+ }
+ else
+ {
+ call_fixture(tcase, FALSE);
+ }
+
+ }
+ leaks = post_test(init, ok, failures, tfun->name, i);
+
+ test_setup_timeout(0);
+
+ if (ok)
+ {
+ if (!leaks)
+ {
+ rounds++;
+ fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF));
+ }
+ }
+ else
+ {
+ collect_failure_info(failures, tfun->name, i);
+ }
+ if (!ok || leaks)
+ {
+ fprintf(stderr, "%s-%s", TTY(RED), TTY(DEF));
+ }
+ }
+ else
+ {
+ fprintf(stderr, "!");
+ }
+ }
+ fflush(stderr);
+ if (rounds == tfun->end - tfun->start)
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ fprintf(stderr, "\n");
+
+ print_failures(failures);
+ array_destroy(failures);
+
+ return passed == array_count(tcase->functions);
+}
+
+/**
+ * Run a single test suite
+ */
+static bool run_suite(test_suite_t *suite, test_runner_init_t init)
+{
+ enumerator_t *enumerator;
+ test_case_t *tcase;
+ int passed = 0;
+
+ fprintf(stderr, " Running suite '%s':\n", suite->name);
+
+ enumerator = array_create_enumerator(suite->tcases);
+ while (enumerator->enumerate(enumerator, &tcase))
+ {
+ if (run_case(tcase, init))
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (passed == array_count(suite->tcases))
+ {
+ fprintf(stderr, " %sPassed all %u '%s' test cases%s\n",
+ TTY(GREEN), array_count(suite->tcases), suite->name, TTY(DEF));
+ return TRUE;
+ }
+ fprintf(stderr, " %sPassed %u/%u '%s' test cases%s\n",
+ TTY(RED), passed, array_count(suite->tcases), suite->name, TTY(DEF));
+ return FALSE;
+}
+
+/**
+ * See header.
+ */
+int test_runner_run(const char *name, test_configuration_t configs[],
+ test_runner_init_t init)
+{
+ array_t *suites;
+ test_suite_t *suite;
+ enumerator_t *enumerator;
+ int passed = 0, result;
+
+ /* redirect all output to stderr (to redirect make's stdout to /dev/null) */
+ dup2(2, 1);
+
+ suites = load_suites(configs, init);
+ if (!suites)
+ {
+ return EXIT_FAILURE;
+ }
+
+ fprintf(stderr, "Running %u '%s' test suites:\n", array_count(suites), name);
+
+ enumerator = array_create_enumerator(suites);
+ while (enumerator->enumerate(enumerator, &suite))
+ {
+ if (run_suite(suite, init))
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (passed == array_count(suites))
+ {
+ fprintf(stderr, "%sPassed all %u '%s' suites%s\n",
+ TTY(GREEN), array_count(suites), name, TTY(DEF));
+ result = EXIT_SUCCESS;
+ }
+ else
+ {
+ fprintf(stderr, "%sPassed %u of %u '%s' suites%s\n",
+ TTY(RED), passed, array_count(suites), name, TTY(DEF));
+ result = EXIT_FAILURE;
+ }
+
+ unload_suites(suites);
+
+ return result;
}
diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h
index 6315abb..643b622 100644
--- a/src/libstrongswan/tests/test_runner.h
+++ b/src/libstrongswan/tests/test_runner.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,27 +13,65 @@
* for more details.
*/
+/**
+ * @defgroup libtest libtest
+ *
+ * @defgroup test_utils test_utils
+ * @ingroup libtest
+ *
+ * @defgroup test_runner test_runner
+ * @{ @ingroup libtest
+ */
+
#ifndef TEST_RUNNER_H_
#define TEST_RUNNER_H_
-#include <check.h>
-
-Suite *bio_reader_suite_create();
-Suite *bio_writer_suite_create();
-Suite *chunk_suite_create();
-Suite *enum_suite_create();
-Suite *enumerator_suite_create();
-Suite *linked_list_suite_create();
-Suite *linked_list_enumerator_suite_create();
-Suite *hashtable_suite_create();
-Suite *array_suite_create();
-Suite *identification_suite_create();
-Suite *threading_suite_create();
-Suite *utils_suite_create();
-Suite *vectors_suite_create();
-Suite *ecdsa_suite_create();
-Suite *rsa_suite_create();
-Suite *host_suite_create();
-Suite *printf_suite_create();
-
-#endif /** TEST_RUNNER_H_ */
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+typedef struct test_configuration_t test_configuration_t;
+
+/**
+ * Callback called before and after each test case to de-/initialize the
+ * environment (e.g. to load plugins). It is also called before and after the
+ * test suites are loaded.
+ *
+ * It is called after libstrongswan has been initialized and likewise before it
+ * gets deinitialized.
+ *
+ * @param init TRUE during initialization
+ * @return FALSE if de-/init failed
+ */
+typedef bool (*test_runner_init_t)(bool init);
+
+/**
+ * Test configuration, suite constructor with plugin dependency
+ */
+struct test_configuration_t {
+
+ /**
+ * Constructor function to create suite.
+ */
+ test_suite_t *(*suite)();
+
+ /**
+ * Plugin feature this test suite depends on
+ */
+ plugin_feature_t feature;
+};
+
+/**
+ * Run test configuration.
+ *
+ * The configs array must be terminated with a NULL element.
+ *
+ * @param name name of test runner
+ * @param config test suite constructors with dependencies
+ * @param init_cb init/deinit callback
+ * @return test result, EXIT_SUCCESS if all tests passed
+ */
+int test_runner_run(const char *name, test_configuration_t config[],
+ test_runner_init_t init_cb);
+
+#endif /** TEST_RUNNER_H_ @}*/
diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c
new file mode 100644
index 0000000..0f2e74b
--- /dev/null
+++ b/src/libstrongswan/tests/test_suite.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <signal.h>
+#include <unistd.h>
+
+#include <pthread.h>
+
+/**
+ * Failure message buf
+ */
+static char failure_buf[512];
+
+/**
+ * Source file failure occurred
+ */
+static const char *failure_file;
+
+/**
+ * Line of source file failure occurred
+ */
+static int failure_line;
+
+/**
+ * Backtrace of failure, if any
+ */
+static backtrace_t *failure_backtrace;
+
+/**
+ * Longjump restore point when failing
+ */
+sigjmp_buf test_restore_point_env;
+
+/**
+ * See header.
+ */
+test_suite_t* test_suite_create(const char *name)
+{
+ test_suite_t *suite;
+
+ INIT(suite,
+ .name = name,
+ .tcases = array_create(0, 0),
+ );
+ return suite;
+}
+
+/**
+ * See header.
+ */
+test_case_t* test_case_create(const char *name)
+{
+ test_case_t *tcase;
+
+ INIT(tcase,
+ .name = name,
+ .functions = array_create(sizeof(test_function_t), 0),
+ .fixtures = array_create(sizeof(test_fixture_t), 0),
+ .timeout = TEST_FUNCTION_DEFAULT_TIMEOUT,
+ );
+ return tcase;
+}
+
+/**
+ * See header.
+ */
+void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup,
+ test_fixture_cb_t teardown)
+{
+ test_fixture_t fixture = {
+ .setup = setup,
+ .teardown = teardown,
+ };
+ array_insert(tcase->fixtures, -1, &fixture);
+}
+
+/**
+ * See header.
+ */
+void test_case_add_test_name(test_case_t *tcase, char *name,
+ test_function_cb_t cb, int start, int end)
+{
+ test_function_t fun = {
+ .name = name,
+ .cb = cb,
+ .start = start,
+ .end = end,
+ };
+ array_insert(tcase->functions, -1, &fun);
+}
+
+/**
+ * See header.
+ */
+void test_case_set_timeout(test_case_t *tcase, int s)
+{
+ tcase->timeout = s;
+}
+
+/**
+ * See header.
+ */
+void test_suite_add_case(test_suite_t *suite, test_case_t *tcase)
+{
+ array_insert(suite->tcases, -1, tcase);
+}
+
+/**
+ * Main thread performing tests
+ */
+static pthread_t main_thread;
+
+/**
+ * Let test case fail
+ */
+static inline void test_failure()
+{
+ if (pthread_self() == main_thread)
+ {
+ siglongjmp(test_restore_point_env, 1);
+ }
+ else
+ {
+ pthread_kill(main_thread, SIGUSR1);
+ /* how can we stop just the thread? longjmp to a restore point? */
+ }
+}
+
+/**
+ * See header.
+ */
+void test_fail_vmsg(const char *file, int line, char *fmt, va_list args)
+{
+ vsnprintf(failure_buf, sizeof(failure_buf), fmt, args);
+ failure_line = line;
+ failure_file = file;
+
+ test_failure();
+}
+
+/**
+ * See header.
+ */
+void test_fail_msg(const char *file, int line, char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vsnprintf(failure_buf, sizeof(failure_buf), fmt, args);
+ failure_line = line;
+ failure_file = file;
+ va_end(args);
+
+ test_failure();
+}
+
+/**
+ * Signal handler catching critical and alarm signals
+ */
+static void test_sighandler(int signal)
+{
+ char *signame;
+ bool old = FALSE;
+
+ switch (signal)
+ {
+ case SIGUSR1:
+ /* a different thread failed, abort test */
+ return test_failure();
+ case SIGSEGV:
+ signame = "SIGSEGV";
+ break;
+ case SIGILL:
+ signame = "SIGILL";
+ break;
+ case SIGBUS:
+ signame = "SIGBUS";
+ break;
+ case SIGALRM:
+ signame = "timeout";
+ break;
+ default:
+ signame = "SIG";
+ break;
+ }
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+ failure_backtrace = backtrace_create(3);
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+ test_fail_msg(NULL, 0, "%s(%d)", signame, signal);
+ /* unable to restore a valid context for that thread, terminate */
+ fprintf(stderr, "\n%s(%d) outside of main thread:\n", signame, signal);
+ failure_backtrace->log(failure_backtrace, stderr, TRUE);
+ fprintf(stderr, "terminating...\n");
+ abort();
+}
+
+/**
+ * See header.
+ */
+void test_setup_handler()
+{
+ struct sigaction action = {
+ .sa_handler = test_sighandler,
+ };
+
+ main_thread = pthread_self();
+
+ /* signal handler inherited by all threads */
+ sigaction(SIGSEGV, &action, NULL);
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ /* ignore ALRM/USR1, these are catched by main thread only */
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGALRM, &action, NULL);
+ sigaction(SIGUSR1, &action, NULL);
+}
+
+/**
+ * See header.
+ */
+void test_setup_timeout(int s)
+{
+ struct sigaction action = {
+ .sa_handler = test_sighandler,
+ };
+
+ /* This called by main thread only. Setup handler for timeout and
+ * failure cross-thread signaling. */
+ sigaction(SIGALRM, &action, NULL);
+ sigaction(SIGUSR1, &action, NULL);
+
+ alarm(s);
+}
+
+/**
+ * See header.
+ */
+int test_failure_get(char *msg, int len, const char **file)
+{
+ strncpy(msg, failure_buf, len - 1);
+ msg[len - 1] = 0;
+ *file = failure_file;
+ return failure_line;
+}
+
+/**
+ * See header.
+ */
+backtrace_t *test_failure_backtrace()
+{
+ backtrace_t *bt;
+
+ bt = failure_backtrace;
+ failure_backtrace = NULL;
+
+ return bt;
+}
diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h
index 2a28613..c44f149 100644
--- a/src/libstrongswan/tests/test_suite.h
+++ b/src/libstrongswan/tests/test_suite.h
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,98 +15,318 @@
* for more details.
*/
-#ifndef TEST_UTILS_H_
-#define TEST_UTILS_H_
+/**
+ * @defgroup test_suite test_suite
+ * @{ @ingroup libtest
+ */
+
+#ifndef TEST_SUITE_H_
+#define TEST_SUITE_H_
+
+#define _GNU_SOURCE
+#include <setjmp.h>
-#include <check.h>
#include <library.h>
#include <utils/debug.h>
+#include <utils/backtrace.h>
+#include <collections/array.h>
+
+typedef struct test_suite_t test_suite_t;
+typedef struct test_case_t test_case_t;
+typedef struct test_function_t test_function_t;
+typedef struct test_fixture_t test_fixture_t;
/**
- * Used to mark test cases that use test fixtures.
+ * Default timeout for a single test function
*/
-#define UNIT_TEST_FIXTURE_USED "UNIT_TEST_FIXTURE_USED"
+#define TEST_FUNCTION_DEFAULT_TIMEOUT 2
/**
- * Check for memory leaks and fail if any are encountered.
+ * Test function implementation
*/
-#define CHECK_FOR_LEAKS() do \
-{ \
- if (lib->leak_detective) \
- { \
- if (lib->leak_detective->leaks(lib->leak_detective)) { \
- lib->leak_detective->report(lib->leak_detective, TRUE); \
- } \
- ck_assert_int_eq(lib->leak_detective->leaks(lib->leak_detective), 0); \
- } \
-} \
-while(0)
+typedef void (*test_function_cb_t)(int);
+
+/**
+ * Fixture for a test case.
+ */
+typedef void (*test_fixture_cb_t)(void);
+
+/**
+ * A test suite; a collection of test cases with fixtures
+ */
+struct test_suite_t {
+ /** name of the test suite */
+ const char *name;
+ /** test cases registered, as test_case_t* */
+ array_t *tcases;
+};
/**
- * Extended versions of the START|END_TEST macros that use leak detective.
+ * A test case; multiple test functions using the same fixtures
+ */
+struct test_case_t {
+ /** name of the test case */
+ const char *name;
+ /** tests registered, as test_function_t */
+ array_t *functions;
+ /** fixture for tests, as test_fixture_t */
+ array_t *fixtures;
+ /** timeout for each function, in s */
+ int timeout;
+};
+
+/**
+ * A test function, with optional loop setup
+ */
+struct test_function_t {
+ /** name of test function */
+ char *name;
+ /** tests function registered, test_function_t* */
+ test_function_cb_t cb;
+ /** start for loop test */
+ int start;
+ /** end for loop test */
+ int end;
+};
+
+/**
+ * Registered fixture for a test case
+ */
+struct test_fixture_t {
+ test_fixture_cb_t setup;
+ test_fixture_cb_t teardown;
+};
+
+/**
+ * Create a new test suite
*
- * Since each test case runs in its own fork of the test runner the stuff
- * allocated before the test starts is not freed, so leak detective is disabled
- * by default to prevent false positives. By enabling it right when the test
- * starts we at least capture leaks created by the tested objects/functions and
- * the test case itself. This allows writing test cases for cleanup functions.
+ * @param name name of the test suite
+ * @return test suite
+ */
+test_suite_t* test_suite_create(const char *name);
+
+/**
+ * Create a new test case
*
- * To define test fixture with possibly allocated/destroyed memory that is
- * allocated/freed in a test case use the START|END_SETUP|TEARDOWN macros.
+ * @param name name of test case
+ * @return test case
*/
-#undef START_TEST
-#define START_TEST(name) \
-static void name (int _i CK_ATTRIBUTE_UNUSED) \
-{ \
- tcase_fn_start(""#name, __FILE__, __LINE__); \
- dbg_default_set_level(LEVEL_SILENT); \
- if (lib->leak_detective) \
- { \
- lib->leak_detective->set_state(lib->leak_detective, TRUE); \
- }
+test_case_t* test_case_create(const char *name);
-#undef END_TEST
-#define END_TEST \
- if (!lib->get(lib, UNIT_TEST_FIXTURE_USED)) \
- { \
- CHECK_FOR_LEAKS(); \
- } \
-}
+/**
+ * Add a setup/teardown function to the test case
+ *
+ * @param tcase test case to add a fixture to
+ * @param setup setup function called before each test
+ * @param teardown cleanup function called after each test
+ */
+void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup,
+ test_fixture_cb_t teardown);
+
+/**
+ * Add a test function to a test case, with a name, looped several times
+ *
+ * @param name name of the test case
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ * @param start start of loop counter
+ * @param end end of loop counter
+ */
+void test_case_add_test_name(test_case_t *tcase, char *name,
+ test_function_cb_t cb, int start, int end);
+
+/**
+ * Add a test function to a test case
+ *
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ */
+#define test_case_add_test(tcase, cb) \
+ test_case_add_test_name(tcase, #cb, cb, 0, 1)
+
+/**
+ * Add a test function to a test case, looped several times
+ *
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ * @param start start of loop counter
+ * @param end end of loop counter
+ */
+#define test_case_add_loop_test(tcase, cb, start, end) \
+ test_case_add_test_name(tcase, #cb, cb, start, end)
+
+/**
+ * Set a custom timeout for test functions in a test case
+ *
+ * @param tcase test case to set timeout for
+ * @param s test timeout in s
+ */
+void test_case_set_timeout(test_case_t *tcase, int s);
+
+/**
+ * Add a test function to a test case, looped several times
+ *
+ * @param suite test suite to add test case to
+ * @param tcase test case to add
+ */
+void test_suite_add_case(test_suite_t *suite, test_case_t *tcase);
/**
- * Define a function to setup a test fixture that can be used with the above
- * macros.
+ * sigjmp restore point used by test_restore_point
+ */
+extern sigjmp_buf test_restore_point_env;
+
+/**
+ * Set or return from an execution restore point
+ *
+ * This call sets a restore execution point and returns TRUE after it has
+ * been set up. On test failure, the execution is returned to the restore point
+ * and FALSE is returned to indicate test failure.
+ *
+ * @return TRUE if restore point set, FALSE when restored
*/
-#define START_SETUP(name) \
-static void name() \
-{ \
- lib->set(lib, UNIT_TEST_FIXTURE_USED, (void*)TRUE); \
- if (lib->leak_detective) \
+#define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0)
+
+/**
+ * Set up signal handlers for test cases
+ */
+void test_setup_handler();
+
+/**
+ * Set up a timeout to let a test fail
+ *
+ * @param s timeout, 0 to disable timeout
+ */
+void test_setup_timeout(int s);
+
+/**
+ * Get info about a test failure
+ *
+ * @param msg buffer receiving failure info
+ * @param len size of msg buffer
+ * @param file pointer receiving source code file
+ * @return source code line number
+ */
+int test_failure_get(char *msg, int len, const char **file);
+
+/**
+ * Get a backtrace for a failure.
+ *
+ * @return allocated backtrace of test failure, if any
+ */
+backtrace_t *test_failure_backtrace();
+
+/**
+ * Let a test fail and set a message using vprintf style arguments.
+ *
+ * @param file source code file name
+ * @param line source code line number
+ * @param fmt printf format string
+ * @param args argument list for fmt
+ */
+void test_fail_vmsg(const char *file, int line, char *fmt, va_list args);
+
+/**
+ * Let a test fail and set a message using printf style arguments.
+ *
+ * @param file source code file name
+ * @param line source code line number
+ * @param fmt printf format string
+ * @param ... arguments for fmt
+ */
+void test_fail_msg(const char *file, int line, char *fmt, ...);
+
+/**
+ * Check if two integers equal, fail test if not
+ *
+ * @param a first integer
+ * @param b second integer
+ */
+#define test_int_eq(a, b) \
+({ \
+ typeof(a) _a = a; \
+ typeof(b) _b = b; \
+ if (_a != _b) \
{ \
- lib->leak_detective->set_state(lib->leak_detective, TRUE); \
- }
+ test_fail_msg(__FILE__, __LINE__, #a " != " #b " (%d != %d)", _a, _b); \
+ } \
+})
/**
- * End a setup function
+ * Check if two strings equal, fail test if not
+ *
+ * @param a first string
+ * @param b second string
*/
-#define END_SETUP }
+#define test_str_eq(a, b) \
+({ \
+ char* _a = (char*)a; \
+ char* _b = (char*)b; \
+ if (!_a || !_b || !streq(_a, _b)) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, \
+ #a " != " #b " (\"%s\" != \"%s\")", _a, _b); \
+ } \
+})
/**
- * Define a function to teardown a test fixture that can be used with the above
- * macros.
+ * Check if a statement evaluates to TRUE, fail test if not
+ *
+ * @param x statement to evaluate
*/
-#define START_TEARDOWN(name) \
-static void name() \
-{
+#define test_assert(x) \
+({ \
+ if (!(x)) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, #x); \
+ } \
+})
/**
- * End a teardown function
+ * Check if a statement evaluates to TRUE, fail and print a message if not
+ *
+ * @param x statement to evaluate
+ * @param fmt message format string
+ * @param ... fmt printf arguments
*/
-#define END_TEARDOWN \
- if (lib->get(lib, UNIT_TEST_FIXTURE_USED)) \
+#define test_assert_msg(x, fmt, ...) \
+({ \
+ if (!(x)) \
{ \
- CHECK_FOR_LEAKS(); \
+ test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \
} \
-}
+})
+
+
+
+/* "check unit testing" compatibility */
+#define Suite test_suite_t
+#define TCase test_case_t
+#define ck_assert_int_eq test_int_eq
+#define ck_assert test_assert
+#define ck_assert_msg test_assert_msg
+#define ck_assert_str_eq test_str_eq
+#define fail(fmt, ...) test_fail_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__)
+#define fail_if(x, fmt, ...) \
+({ \
+ if (x) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \
+ } \
+})
+#define fail_unless test_assert_msg
+#define suite_create test_suite_create
+#define tcase_create test_case_create
+#define tcase_add_checked_fixture test_case_add_checked_fixture
+#define tcase_add_test test_case_add_test
+#define tcase_add_loop_test test_case_add_loop_test
+#define tcase_set_timeout test_case_set_timeout
+#define suite_add_tcase test_suite_add_case
+#define START_TEST(name) static void name (int _i) {
+#define END_TEST }
+#define START_SETUP(name) static void name() {
+#define END_SETUP }
+#define START_TEARDOWN(name) static void name() {
+#define END_TEARDOWN }
-#endif /** TEST_UTILS_H_ */
+#endif /** TEST_SUITE_H_ @}*/
diff --git a/src/libstrongswan/tests/test_threading.c b/src/libstrongswan/tests/test_threading.c
deleted file mode 100644
index 0c768b3..0000000
--- a/src/libstrongswan/tests/test_threading.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sched.h>
-#include <pthread.h>
-
-#include "test_suite.h"
-
-#include <threading/mutex.h>
-
-/*******************************************************************************
- * recursive mutex test
- */
-
-#define THREADS 20
-
-static mutex_t *mutex;
-
-static pthread_barrier_t mutex_barrier;
-
-static int mutex_locked = 0;
-
-static void *mutex_run(void *data)
-{
- int i;
-
- /* wait for all threads before getting in action */
- pthread_barrier_wait(&mutex_barrier);
-
- for (i = 0; i < 100; i++)
- {
- mutex->lock(mutex);
- mutex->lock(mutex);
- mutex->lock(mutex);
- mutex_locked++;
- sched_yield();
- if (mutex_locked > 1)
- {
- fail("two threads locked the mutex concurrently");
- }
- mutex_locked--;
- mutex->unlock(mutex);
- mutex->unlock(mutex);
- mutex->unlock(mutex);
- }
- return NULL;
-}
-
-START_TEST(test_mutex)
-{
- pthread_t threads[THREADS];
- int i;
-
- mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
-
- for (i = 0; i < 10; i++)
- {
- mutex->lock(mutex);
- mutex->unlock(mutex);
- }
- for (i = 0; i < 10; i++)
- {
- mutex->lock(mutex);
- }
- for (i = 0; i < 10; i++)
- {
- mutex->unlock(mutex);
- }
-
- pthread_barrier_init(&mutex_barrier, NULL, THREADS);
- for (i = 0; i < THREADS; i++)
- {
- pthread_create(&threads[i], NULL, mutex_run, NULL);
- }
- for (i = 0; i < THREADS; i++)
- {
- pthread_join(threads[i], NULL);
- }
- pthread_barrier_destroy(&mutex_barrier);
-
- mutex->destroy(mutex);
-}
-END_TEST
-
-Suite *threading_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("threading");
-
- tc = tcase_create("recursive mutex");
- tcase_add_test(tc, test_mutex);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_utils.c b/src/libstrongswan/tests/test_utils.c
deleted file mode 100644
index 3ca0412..0000000
--- a/src/libstrongswan/tests/test_utils.c
+++ /dev/null
@@ -1,556 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <library.h>
-#include <utils/utils.h>
-#include <ipsec/ipsec_types.h>
-
-#include <time.h>
-
-/*******************************************************************************
- * object storage on lib
- */
-
-START_TEST(test_objects)
-{
- char *k1 = "key1", *k2 = "key2";
- char *v1 = "val1", *val;
-
- ck_assert(lib->get(lib, k1) == NULL);
-
- ck_assert(lib->set(lib, k1, v1));
- ck_assert(!lib->set(lib, k1, v1));
-
- val = lib->get(lib, k1);
- ck_assert(val != NULL);
- ck_assert(streq(val, v1));
-
- ck_assert(lib->set(lib, k1, NULL));
- ck_assert(!lib->set(lib, k2, NULL));
-
- ck_assert(lib->get(lib, k1) == NULL);
-}
-END_TEST
-
-/*******************************************************************************
- * test return_... functions
- */
-
-START_TEST(test_return_functions)
-{
- ck_assert(return_null() == NULL);
- ck_assert(return_null("asdf", 5, NULL, 1, "qwer") == NULL);
-
- ck_assert(return_true() == TRUE);
- ck_assert(return_true("asdf", 5, NULL, 1, "qwer") == TRUE);
-
- ck_assert(return_false() == FALSE);
- ck_assert(return_false("asdf", 5, NULL, 1, "qwer") == FALSE);
-
- ck_assert(return_failed() == FAILED);
- ck_assert(return_failed("asdf", 5, NULL, 1, "qwer") == FAILED);
-
- ck_assert(return_success() == SUCCESS);
- ck_assert(return_success("asdf", 5, NULL, 1, "qwer") == SUCCESS);
-
- /* just make sure this works */
- nop();
- nop("asdf", 5, NULL, 1, "qwer");
-}
-END_TEST
-
-/*******************************************************************************
- * timeval_add_ms
- */
-
-START_TEST(test_timeval_add_ms)
-{
- timeval_t tv;
-
- tv.tv_sec = 0;
- tv.tv_usec = 0;
- timeval_add_ms(&tv, 0);
- ck_assert_int_eq(tv.tv_sec, 0);
- ck_assert_int_eq(tv.tv_usec, 0);
-
- timeval_add_ms(&tv, 1);
- ck_assert_int_eq(tv.tv_sec, 0);
- ck_assert_int_eq(tv.tv_usec, 1000);
-
- timeval_add_ms(&tv, 0);
- ck_assert_int_eq(tv.tv_sec, 0);
- ck_assert_int_eq(tv.tv_usec, 1000);
-
- timeval_add_ms(&tv, 999);
- ck_assert_int_eq(tv.tv_sec, 1);
- ck_assert_int_eq(tv.tv_usec, 0);
-
- timeval_add_ms(&tv, 0);
- ck_assert_int_eq(tv.tv_sec, 1);
- ck_assert_int_eq(tv.tv_usec, 0);
-
- timeval_add_ms(&tv, 1000);
- ck_assert_int_eq(tv.tv_sec, 2);
- ck_assert_int_eq(tv.tv_usec, 0);
-
- timeval_add_ms(&tv, 1500);
- ck_assert_int_eq(tv.tv_sec, 3);
- ck_assert_int_eq(tv.tv_usec, 500000);
-}
-END_TEST
-
-/*******************************************************************************
- * htoun/untoh
- */
-
-START_TEST(test_htoun)
-{
- chunk_t net64, expected;
- u_int16_t host16 = 513;
- u_int32_t net16 = 0, host32 = 67305985;
- u_int64_t net32 = 0, host64 = 578437695752307201ULL;
-
- net64 = chunk_alloca(16);
- memset(net64.ptr, 0, net64.len);
-
- expected = chunk_from_chars(0x00, 0x02, 0x01, 0x00);
- htoun16((char*)&net16 + 1, host16);
- ck_assert(chunk_equals(expected, chunk_from_thing(net16)));
-
- expected = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00);
- htoun32((u_int16_t*)&net32 + 1, host32);
- ck_assert(chunk_equals(expected, chunk_from_thing(net32)));
-
- expected = chunk_from_chars(0x00, 0x00, 0x00, 0x00,
- 0x08, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01,
- 0x00, 0x00, 0x00, 0x00);
- htoun64((u_int32_t*)net64.ptr + 1, host64);
- ck_assert(chunk_equals(expected, net64));
-}
-END_TEST
-
-START_TEST(test_untoh)
-{
- chunk_t net;
- u_int16_t host16;
- u_int32_t host32;
- u_int64_t host64;
-
- net = chunk_from_chars(0x00, 0x02, 0x01, 0x00);
- host16 = untoh16(net.ptr + 1);
- ck_assert(host16 == 513);
-
- net = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00);
- host32 = untoh32(net.ptr + 2);
- ck_assert(host32 == 67305985);
-
- net = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05,
- 0x04, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00);
- host64 = untoh64(net.ptr + 4);
- ck_assert(host64 == 578437695752307201ULL);
-}
-END_TEST
-
-/*******************************************************************************
- * pad_len/round_up/down
- */
-
-START_TEST(test_round)
-{
- ck_assert_int_eq(pad_len(0, 4), 0);
- ck_assert_int_eq(pad_len(1, 4), 3);
- ck_assert_int_eq(pad_len(2, 4), 2);
- ck_assert_int_eq(pad_len(3, 4), 1);
- ck_assert_int_eq(pad_len(4, 4), 0);
- ck_assert_int_eq(pad_len(5, 4), 3);
-
- ck_assert_int_eq(round_up(0, 4), 0);
- ck_assert_int_eq(round_up(1, 4), 4);
- ck_assert_int_eq(round_up(2, 4), 4);
- ck_assert_int_eq(round_up(3, 4), 4);
- ck_assert_int_eq(round_up(4, 4), 4);
- ck_assert_int_eq(round_up(5, 4), 8);
-
- ck_assert_int_eq(round_down(0, 4), 0);
- ck_assert_int_eq(round_down(1, 4), 0);
- ck_assert_int_eq(round_down(2, 4), 0);
- ck_assert_int_eq(round_down(3, 4), 0);
- ck_assert_int_eq(round_down(4, 4), 4);
- ck_assert_int_eq(round_down(5, 4), 4);
-}
-END_TEST
-
-/*******************************************************************************
- * strpfx
- */
-
-static struct {
- char *str;
- char *pfx;
- bool prefix;
- bool case_prefix;
-} strpfx_data[] = {
- {"", "", TRUE, TRUE},
- {"abc", "", TRUE, TRUE},
- {"abc", "a", TRUE, TRUE},
- {"abc", "ab", TRUE, TRUE},
- {"abc", "abc", TRUE, TRUE},
- {"abc", "abcd", FALSE, FALSE},
- {"abc", "AB", FALSE, TRUE},
- {"ABC", "ab", FALSE, TRUE},
- {" abc", "abc", FALSE, FALSE},
-};
-
-START_TEST(test_strpfx)
-{
- bool prefix;
-
- prefix = strpfx(strpfx_data[_i].str, strpfx_data[_i].pfx);
- ck_assert(prefix == strpfx_data[_i].prefix);
- prefix = strcasepfx(strpfx_data[_i].str, strpfx_data[_i].pfx);
- ck_assert(prefix == strpfx_data[_i].case_prefix);
-}
-END_TEST
-
-/*******************************************************************************
- * memxor
- */
-
-static void do_memxor(chunk_t a, chunk_t b, chunk_t exp)
-{
- chunk_t dst;
-
- dst = chunk_clonea(a);
- dst.len = b.len;
- memxor(dst.ptr, b.ptr, b.len);
- ck_assert(chunk_equals(dst, exp));
-}
-
-START_TEST(test_memxor)
-{
- chunk_t a, b, dst;
- int i;
-
- a = chunk_alloca(64);
- memset(a.ptr, 0, a.len);
- b = chunk_alloca(64);
- for (i = 0; i < 64; i++)
- {
- b.ptr[i] = i;
- b.len = i;
- do_memxor(a, b, b);
- }
- b.len = 64;
- do_memxor(a, b, b);
-
- dst = chunk_clonea(a);
- memxor(dst.ptr, b.ptr, b.len);
- ck_assert(chunk_equals(dst, b));
-
- memxor(dst.ptr, b.ptr, 0);
- memxor(dst.ptr, b.ptr, 1);
- memxor(dst.ptr + 1, b.ptr + 1, 1);
- memxor(dst.ptr + 2, b.ptr + 2, b.len - 2);
- ck_assert(chunk_equals(dst, a));
-}
-END_TEST
-
-START_TEST(test_memxor_aligned)
-{
- u_int64_t a = 0, b = 0;
- chunk_t ca, cb;
- int i;
-
- ca = chunk_from_thing(a);
- cb = chunk_from_thing(b);
-
- for (i = 0; i < 8; i++)
- {
- cb.ptr[i] = i + 1;
- }
-
- /* 64-bit aligned */
- memxor(ca.ptr, cb.ptr, 8);
- ck_assert(a == b);
- /* 32-bit aligned source */
- a = 0;
- memxor(ca.ptr, cb.ptr + 4, 4);
- ck_assert(chunk_equals(ca, chunk_from_chars(0x05, 0x06, 0x07, 0x08,
- 0x00, 0x00, 0x00, 0x00)));
- /* 16-bit aligned source */
- a = 0;
- memxor(ca.ptr, cb.ptr + 2, 6);
- ck_assert(chunk_equals(ca, chunk_from_chars(0x03, 0x04, 0x05, 0x06,
- 0x07, 0x08, 0x00, 0x00)));
- /* 8-bit aligned source */
- a = 0;
- memxor(ca.ptr, cb.ptr + 1, 7);
- ck_assert(chunk_equals(ca, chunk_from_chars(0x02, 0x03, 0x04, 0x05,
- 0x06, 0x07, 0x08, 0x00)));
-}
-END_TEST
-
-/*******************************************************************************
- * memstr
- */
-
-static struct {
- char *haystack;
- char *needle;
- size_t n;
- int offset;
-} memstr_data[] = {
- {NULL, NULL, 0, -1},
- {NULL, NULL, 3, -1},
- {NULL, "abc", 0, -1},
- {NULL, "abc", 3, -1},
- {"", "", 0, -1},
- {"abc", NULL, 3, -1},
- {"abc", "", 3, -1},
- {"abc", "abc", 3, 0},
- {" abc", "abc", 4, 1},
- {" abc", "abc", 3, -1},
- {"abcabc", "abc", 6, 0},
- {" abc ", "abc", 5, 1},
-};
-
-START_TEST(test_memstr)
-{
- char *ret;
-
- ret = memstr(memstr_data[_i].haystack, memstr_data[_i].needle, memstr_data[_i].n);
- if (memstr_data[_i].offset >= 0)
- {
- ck_assert(ret == memstr_data[_i].haystack + memstr_data[_i].offset);
- }
- else
- {
- ck_assert(ret == NULL);
- }
-}
-END_TEST
-
-/*******************************************************************************
- * translate
- */
-
-static struct {
- char *in;
- char *from;
- char *to;
- char *out;
-} translate_data[] = {
- {NULL, "", "", NULL},
- {"abc", "", "", "abc"},
- {"abc", "", "x", "abc"},
- {"abc", "x", "", "abc"},
- {"abc", "abc", "xyz", "xyz"},
- {"aabbcc", "abc", "xyz", "xxyyzz"},
- {"abbaccb", "abc", "xyz", "xyyxzzy"},
- {"abxyzc", "abc", "xyz", "xyxyzz"},
- {"abcdef", "abc", "xyz", "xyzdef"},
- {"aaa", "abc", "xyz", "xxx"},
- {"abc", "aaa", "xyz", "xbc"},
- {"abc", "abc", "xxx", "xxx"},
-};
-
-START_TEST(test_translate)
-{
- char *str, *ret;
-
- str = strdupnull(translate_data[_i].in);
- ret = translate(str, translate_data[_i].from, translate_data[_i].to);
- ck_assert(ret == str);
- if (ret != translate_data[_i].out)
- {
- ck_assert_str_eq(str, translate_data[_i].out);
- }
- free(str);
-}
-END_TEST
-
-/*******************************************************************************
- * time_printf_hook
- */
-
-static struct {
- time_t in;
- bool utc;
- char *out;
-} time_data[] = {
- {UNDEFINED_TIME, FALSE, "--- -- --:--:-- ----"},
- {UNDEFINED_TIME, TRUE , "--- -- --:--:-- UTC ----"},
- {1, FALSE, "Jan 01 01:00:01 1970"},
- {1, TRUE , "Jan 01 00:00:01 UTC 1970"},
- {1341150196, FALSE, "Jul 01 15:43:16 2012"},
- {1341150196, TRUE , "Jul 01 13:43:16 UTC 2012"},
-};
-
-START_TEST(test_time_printf_hook)
-{
- char buf[32];
- int len;
-
- len = snprintf(buf, sizeof(buf), "%T", &time_data[_i].in, time_data[_i].utc);
- ck_assert(len >= 0 && len < sizeof(buf));
- ck_assert_str_eq(buf, time_data[_i].out);
-}
-END_TEST
-
-/*******************************************************************************
- * time_delta_printf_hook
- */
-
-static struct {
- time_t a;
- time_t b;
- char *out;
-} time_delta_data[] = {
- {0, 0, "0 seconds"},
- {0, 1, "1 second"},
- {0, -1, "1 second"},
- {1, 0, "1 second"},
- {0, 2, "2 seconds"},
- {2, 0, "2 seconds"},
- {0, 60, "60 seconds"},
- {0, 120, "120 seconds"},
- {0, 121, "2 minutes"},
- {0, 3600, "60 minutes"},
- {0, 7200, "120 minutes"},
- {0, 7201, "2 hours"},
- {0, 86400, "24 hours"},
- {0, 172800, "48 hours"},
- {0, 172801, "2 days"},
- {172801, 86400, "24 hours"},
-};
-
-START_TEST(test_time_delta_printf_hook)
-{
- char buf[16];
- int len;
-
- len = snprintf(buf, sizeof(buf), "%V", &time_delta_data[_i].a, &time_delta_data[_i].b);
- ck_assert(len >= 0 && len < sizeof(buf));
- ck_assert_str_eq(buf, time_delta_data[_i].out);
-}
-END_TEST
-
-/*******************************************************************************
- * mark_from_string
- */
-
-static struct {
- char *s;
- bool ok;
- mark_t m;
-} mark_data[] = {
- {NULL, FALSE, { 0 }},
- {"", TRUE, { 0, 0xffffffff }},
- {"/", TRUE, { 0, 0 }},
- {"42", TRUE, { 42, 0xffffffff }},
- {"0x42", TRUE, { 0x42, 0xffffffff }},
- {"x", FALSE, { 0 }},
- {"42/", TRUE, { 0, 0 }},
- {"42/0", TRUE, { 0, 0 }},
- {"42/x", FALSE, { 0 }},
- {"42/42", TRUE, { 42, 42 }},
- {"42/0xff", TRUE, { 42, 0xff }},
- {"0x42/0xff", TRUE, { 0x42, 0xff }},
- {"/0xff", TRUE, { 0, 0xff }},
- {"/x", FALSE, { 0 }},
- {"x/x", FALSE, { 0 }},
- {"0xffffffff/0x0000ffff", TRUE, { 0x0000ffff, 0x0000ffff }},
- {"0xffffffff/0xffffffff", TRUE, { 0xffffffff, 0xffffffff }},
-};
-
-START_TEST(test_mark_from_string)
-{
- mark_t mark;
-
- if (mark_from_string(mark_data[_i].s, &mark))
- {
- ck_assert_int_eq(mark.value, mark_data[_i].m.value);
- ck_assert_int_eq(mark.mask, mark_data[_i].m.mask);
- }
- else
- {
- ck_assert(!mark_data[_i].ok);
- }
-}
-END_TEST
-
-Suite *utils_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- /* force a timezone to match non-UTC conversions */
- setenv("TZ", "Europe/Zurich", 1);
- tzset();
-
- s = suite_create("utils");
-
- tc = tcase_create("objects");
- tcase_add_test(tc, test_objects);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("return functions");
- tcase_add_test(tc, test_return_functions);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("timeval_add_ms");
- tcase_add_test(tc, test_timeval_add_ms);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("htoun,untoh");
- tcase_add_test(tc, test_htoun);
- tcase_add_test(tc, test_untoh);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("round");
- tcase_add_test(tc, test_round);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("string helper");
- tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("memxor");
- tcase_add_test(tc, test_memxor);
- tcase_add_test(tc, test_memxor_aligned);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("memstr");
- tcase_add_loop_test(tc, test_memstr, 0, countof(memstr_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("translate");
- tcase_add_loop_test(tc, test_translate, 0, countof(translate_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("printf_hooks");
- tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data));
- tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("mark_from_string");
- tcase_add_loop_test(tc, test_mark_from_string, 0, countof(mark_data));
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/test_vectors.c b/src/libstrongswan/tests/test_vectors.c
deleted file mode 100644
index f2817d3..0000000
--- a/src/libstrongswan/tests/test_vectors.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2013 Martin Willi
- * Copyright (C) 2013 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-/*******************************************************************************
- * Check if test vectors have been successful during transform registration
- */
-
-START_TEST(test_vectors)
-{
- fail_if(lib->crypto->get_test_vector_failures(lib->crypto));
-}
-END_TEST
-
-
-Suite *vectors_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("vectors");
-
- tc = tcase_create("failures");
- tcase_add_test(tc, test_vectors);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/tests.c b/src/libstrongswan/tests/tests.c
new file mode 100644
index 0000000..9f2adfd
--- /dev/null
+++ b/src/libstrongswan/tests/tests.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, args) \
+ { .suite = x, .feature = PLUGIN_DEPENDS(type, args) },
+#include "tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+ if (!lib->plugins->load(lib->plugins, PLUGINS))
+ {
+ return FALSE;
+ }
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ lib->plugins->unload(lib->plugins);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("libstrongswan", tests, test_runner_init);
+}
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
new file mode 100644
index 0000000..82a5137
--- /dev/null
+++ b/src/libstrongswan/tests/tests.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(bio_reader_suite_create)
+TEST_SUITE(bio_writer_suite_create)
+TEST_SUITE(chunk_suite_create)
+TEST_SUITE(enum_suite_create)
+TEST_SUITE(enumerator_suite_create)
+TEST_SUITE(linked_list_suite_create)
+TEST_SUITE(linked_list_enumerator_suite_create)
+TEST_SUITE(hashtable_suite_create)
+TEST_SUITE(array_suite_create)
+TEST_SUITE(identification_suite_create)
+TEST_SUITE(threading_suite_create)
+TEST_SUITE(watcher_suite_create)
+TEST_SUITE(stream_suite_create)
+TEST_SUITE(utils_suite_create)
+TEST_SUITE(settings_suite_create)
+TEST_SUITE(vectors_suite_create)
+TEST_SUITE_DEPEND(ecdsa_suite_create, PRIVKEY_GEN, KEY_ECDSA)
+TEST_SUITE_DEPEND(rsa_suite_create, PRIVKEY_GEN, KEY_RSA)
+TEST_SUITE(host_suite_create)
+TEST_SUITE(printf_suite_create)
+TEST_SUITE(hasher_suite_create)
+TEST_SUITE(crypter_suite_create)
+TEST_SUITE(pen_suite_create)
+TEST_SUITE(asn1_suite_create)
+TEST_SUITE(asn1_parser_suite_create)
+TEST_SUITE(test_rng_suite_create)
+TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
+TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c
new file mode 100644
index 0000000..0156950
--- /dev/null
+++ b/src/libstrongswan/tests/utils/test_rng.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_rng.h"
+
+typedef struct private_rng_t private_rng_t;
+
+/**
+ * Private data.
+ */
+struct private_rng_t {
+
+ /**
+ * Public interface.
+ */
+ rng_t public;
+
+ /**
+ * Entropy string.
+ */
+ chunk_t entropy;
+};
+
+METHOD(rng_t, get_bytes, bool,
+ private_rng_t *this, size_t bytes, u_int8_t *buffer)
+{
+ if (bytes > this->entropy.len)
+ {
+ return FALSE;
+ }
+ memcpy(buffer, this->entropy.ptr, bytes);
+ this->entropy = chunk_skip(this->entropy, bytes);
+ return TRUE;
+}
+
+METHOD(rng_t, allocate_bytes, bool,
+ private_rng_t *this, size_t bytes, chunk_t *chunk)
+{
+ if (bytes > this->entropy.len)
+ {
+ *chunk = chunk_empty;
+ return FALSE;
+ }
+
+ *chunk = chunk_alloc(bytes);
+ memcpy(chunk->ptr, this->entropy.ptr, bytes);
+ this->entropy = chunk_skip(this->entropy, bytes);
+ return TRUE;
+}
+
+METHOD(rng_t, destroy, void,
+ private_rng_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+rng_t *test_rng_create(chunk_t entropy)
+{
+ private_rng_t *this;
+
+ INIT(this,
+ .public = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ .entropy = entropy,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/tests/utils/test_rng.h b/src/libstrongswan/tests/utils/test_rng.h
new file mode 100644
index 0000000..e588f3b
--- /dev/null
+++ b/src/libstrongswan/tests/utils/test_rng.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * rng_t providing NIST SP 800-90A entropy test vectors
+ *
+ * @defgroup test_rng test_rng
+ * @{ @ingroup test_utils
+ */
+
+#ifndef TEST_RNG_H_
+#define TEST_RNG_H_
+
+#include <library.h>
+
+/**
+ * Creates a test_rng_t instance.
+ *
+ * @param entropy entropy test vector
+ * @return created test_rng_t
+ */
+rng_t *test_rng_create(chunk_t entropy);
+
+#endif /** TEST_RNG_H_ @} */
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 31b9e1b..8d3c30e 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -71,7 +71,6 @@ typedef void *(*thread_main_t)(void *arg);
*/
typedef void (*thread_cleanup_t)(void *arg);
-
/**
* Thread wrapper implements simple, portable and advanced thread functions.
*
@@ -110,10 +109,8 @@ struct thread_t {
* a call to exit.
*/
void *(*join)(thread_t *this);
-
};
-
/**
* Create a new thread instance.
*
@@ -168,6 +165,10 @@ bool thread_cancelability(bool enable);
/**
* Force creation of a cancellation point in the calling thread.
+ *
+ * This temporarily enables thread cancelability, tests for a pending
+ * cancellation request and then disables cancelability again if it was
+ * disabled before the call to thread_cancellation_point().
*/
void thread_cancellation_point();
@@ -188,6 +189,4 @@ void threads_init();
*/
void threads_deinit();
-
#endif /** THREADING_THREAD_H_ @} */
-
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index fb2c4d1..f158462 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -314,7 +314,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base)
bool old = FALSE;
bfd_mutex->lock(bfd_mutex);
- if (lib->leak_detective)
+ if (lib && lib->leak_detective)
{
old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
}
@@ -324,7 +324,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base)
data.entry = entry;
bfd_map_over_sections(entry->abfd, (void*)find_addr, &data);
}
- if (lib->leak_detective)
+ if (lib && lib->leak_detective)
{
lib->leak_detective->set_state(lib->leak_detective, old);
}
diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h
index 416f588..16e84c4 100644
--- a/src/libstrongswan/utils/backtrace.h
+++ b/src/libstrongswan/utils/backtrace.h
@@ -21,12 +21,12 @@
#ifndef BACKTRACE_H_
#define BACKTRACE_H_
+typedef struct backtrace_t backtrace_t;
+
#include <stdio.h>
#include <library.h>
-typedef struct backtrace_t backtrace_t;
-
/**
* A backtrace registers the frames on the stack during creation.
*/
diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h
index fe11a4d..20c1855 100644
--- a/src/libstrongswan/utils/capabilities.h
+++ b/src/libstrongswan/utils/capabilities.h
@@ -44,6 +44,9 @@ typedef struct capabilities_t capabilities_t;
#ifndef CAP_NET_RAW
# define CAP_NET_RAW 13
#endif
+#ifndef CAP_DAC_OVERRIDE
+# define CAP_DAC_OVERRIDE 1
+#endif
/**
* POSIX capability dropping abstraction layer.
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index 644b806..4718171 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -18,6 +18,9 @@
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_MMAP
+# include <sys/mman.h>
+#endif
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
@@ -25,7 +28,6 @@
#include <ctype.h>
#include "chunk.h"
-#include "debug.h"
/**
* Empty chunk.
@@ -206,15 +208,16 @@ void chunk_split(chunk_t chunk, const char *mode, ...)
/**
* Described in header.
*/
-bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force)
+bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
{
mode_t oldmask;
FILE *fd;
bool good = FALSE;
+ int tmp = 0;
if (!force && access(path, F_OK) == 0)
{
- DBG1(DBG_LIB, " %s file '%s' already exists", label, path);
+ errno = EEXIST;
return FALSE;
}
oldmask = umask(mask);
@@ -223,58 +226,206 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
{
if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
{
- DBG1(DBG_LIB, " written %s file '%s' (%d bytes)",
- label, path, chunk.len);
good = TRUE;
}
else
{
- DBG1(DBG_LIB, " writing %s file '%s' failed: %s",
- label, path, strerror(errno));
+ tmp = errno;
}
fclose(fd);
}
else
{
- DBG1(DBG_LIB, " could not open %s file '%s': %s", label, path,
- strerror(errno));
+ tmp = errno;
}
umask(oldmask);
+ errno = tmp;
return good;
}
/**
* Described in header.
*/
-chunk_t chunk_from_fd(int fd)
+bool chunk_from_fd(int fd, chunk_t *out)
{
- char buf[8096];
- char *pos = buf;
- ssize_t len, total = 0;
+ struct stat sb;
+ char *buf, *tmp;
+ ssize_t len, total = 0, bufsize;
+
+ if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode))
+ {
+ bufsize = sb.st_size;
+ }
+ else
+ {
+ bufsize = 256;
+ }
+ buf = malloc(bufsize);
+ if (!buf)
+ { /* for huge files */
+ return FALSE;
+ }
while (TRUE)
{
- len = read(fd, pos, buf + sizeof(buf) - pos);
+ len = read(fd, buf + total, bufsize - total);
if (len < 0)
{
- DBG1(DBG_LIB, "reading from file descriptor failed: %s",
- strerror(errno));
- return chunk_empty;
+ free(buf);
+ return FALSE;
}
if (len == 0)
{
break;
}
total += len;
- if (total == sizeof(buf))
+ if (total == bufsize)
+ {
+ bufsize *= 2;
+ tmp = realloc(buf, bufsize);
+ if (!tmp)
+ {
+ free(buf);
+ return FALSE;
+ }
+ buf = tmp;
+ }
+ }
+ if (total == 0)
+ {
+ free(buf);
+ buf = NULL;
+ }
+ else if (total < bufsize)
+ {
+ buf = realloc(buf, total);
+ }
+ *out = chunk_create(buf, total);
+ return TRUE;
+}
+
+/**
+ * Implementation for mmap()ed chunks
+ */
+typedef struct {
+ /* public chunk interface */
+ chunk_t public;
+ /* FD of open file */
+ int fd;
+ /* mmap() address */
+ void *map;
+ /* size of map */
+ size_t len;
+ /* do we write? */
+ bool wr;
+} mmaped_chunk_t;
+
+/**
+ * See header.
+ */
+chunk_t *chunk_map(char *path, bool wr)
+{
+ mmaped_chunk_t *chunk;
+ struct stat sb;
+ int tmp;
+
+ INIT(chunk,
+ .fd = open(path, wr ? O_RDWR : O_RDONLY),
+ .wr = wr,
+ );
+
+ if (chunk->fd == -1)
+ {
+ free(chunk);
+ return NULL;
+ }
+ if (fstat(chunk->fd, &sb) == -1)
+ {
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
+ }
+#ifdef HAVE_MMAP
+ chunk->len = sb.st_size;
+ /* map non-empty files only, as mmap() complains otherwise */
+ if (chunk->len)
+ {
+ /* in read-only mode, we allow writes, but don't sync to disk */
+ chunk->map = mmap(NULL, chunk->len, PROT_READ | PROT_WRITE,
+ wr ? MAP_SHARED : MAP_PRIVATE, chunk->fd, 0);
+ if (chunk->map == MAP_FAILED)
{
- DBG1(DBG_LIB, "buffer too small to read from file descriptor");
- return chunk_empty;
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
}
}
- return chunk_clone(chunk_create(buf, total));
+ chunk->public = chunk_create(chunk->map, chunk->len);
+#else /* !HAVE_MMAP */
+ if (!chunk_from_fd(chunk->fd, &chunk->public))
+ {
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
+ }
+ chunk->map = chunk->public.ptr;
+ chunk->len = chunk->public.len;
+#endif /* !HAVE_MMAP */
+ return &chunk->public;
}
+/**
+ * See header.
+ */
+bool chunk_unmap(chunk_t *public)
+{
+ mmaped_chunk_t *chunk;
+ bool ret = FALSE;
+ int tmp = 0;
+
+ chunk = (mmaped_chunk_t*)public;
+#ifdef HAVE_MMAP
+ if (chunk->map && chunk->map != MAP_FAILED)
+ {
+ ret = munmap(chunk->map, chunk->len) == 0;
+ tmp = errno;
+ }
+#else /* !HAVE_MMAP */
+ if (chunk->wr)
+ {
+ if (lseek(chunk->fd, 0, SEEK_SET) != -1)
+ {
+ int len, total = 0;
+
+ ret = TRUE;
+ while (total < chunk->len)
+ {
+ len = write(chunk->fd, chunk->map + total, chunk->len - total);
+ if (len <= 0)
+ {
+ ret = FALSE;
+ break;
+ }
+ total += len;
+ }
+ }
+ tmp = errno;
+ }
+ else
+ {
+ ret = TRUE;
+ }
+ free(chunk->map);
+#endif /* !HAVE_MMAP */
+ close(chunk->fd);
+ free(chunk);
+ errno = tmp;
+
+ return ret;
+}
/** hex conversion digits */
static char hexdig_upper[] = "0123456789ABCDEF";
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index d3751da..33f66ca 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -90,22 +90,52 @@ void chunk_split(chunk_t chunk, const char *mode, ...);
/**
* Write the binary contents of a chunk_t to a file
*
+ * If the write fails, errno is set appropriately.
+ *
* @param chunk contents to write to file
* @param path path where file is written to
- * @param label label specifying file type
* @param mask file mode creation mask
* @param force overwrite existing file by force
* @return TRUE if write operation was successful
*/
-bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force);
+bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
/**
* Store data read from FD into a chunk
*
+ * On error, errno is set appropriately.
+ *
* @param fd file descriptor to read from
- * @return chunk or chunk_empty on failure
+ * @param chunk chunk receiving allocated buffer
+ * @return TRUE if successful, FALSE on failure
+ */
+bool chunk_from_fd(int fd, chunk_t *chunk);
+
+/**
+ * mmap() a file to a chunk
+ *
+ * The returned chunk structure is allocated from heap, but it must be freed
+ * through chunk_unmap(). A user may alter the chunk ptr or len, but must pass
+ * the chunk pointer returned from chunk_map() to chunk_unmap() after use.
+ *
+ * On error, errno is set appropriately.
+ *
+ * @param path path of file to map
+ * @param wr TRUE to sync writes to disk
+ * @return mapped chunk, NULL on error
+ */
+chunk_t *chunk_map(char *path, bool wr);
+
+/**
+ * munmap() a chunk previously mapped with chunk_map()
+ *
+ * When unmapping a writeable map, the return value should be checked to
+ * ensure changes landed on disk.
+ *
+ * @param chunk pointer returned from chunk_map()
+ * @return TRUE of changes written back to file
*/
-chunk_t chunk_from_fd(int fd);
+bool chunk_unmap(chunk_t *chunk);
/**
* Convert a chunk of data to hex encoding.
@@ -191,17 +221,17 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Initialize a chunk using a char array
*/
-#define chunk_from_chars(...) ((chunk_t){(char[]){__VA_ARGS__}, sizeof((char[]){__VA_ARGS__})})
+#define chunk_from_chars(...) ((chunk_t){(u_char[]){__VA_ARGS__}, sizeof((u_char[]){__VA_ARGS__})})
/**
* Initialize a chunk to point to a thing
*/
-#define chunk_from_thing(thing) chunk_create((char*)&(thing), sizeof(thing))
+#define chunk_from_thing(thing) chunk_create((u_char*)&(thing), sizeof(thing))
/**
* Initialize a chunk from a string, not containing 0-terminator
*/
-#define chunk_from_str(str) ({char *x = (str); chunk_create(x, strlen(x));})
+#define chunk_from_str(str) ({char *x = (str); chunk_create((u_char*)x, strlen(x));})
/**
* Allocate a chunk on the heap
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 9c43ad5..e7eb63b 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -332,8 +332,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
buf += written;
len -= written;
+ written = 0;
chunk_printable(data, &printable, '?');
- written = snprintf(buf, len, "%.*s", (int)printable.len, printable.ptr);
+ if (printable.ptr)
+ {
+ written = snprintf(buf, len, "%.*s", (int)printable.len,
+ printable.ptr);
+ }
chunk_free(&printable);
if (written < 0 || written >= len)
{
diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c
index d59a762..b66df02 100644
--- a/src/libstrongswan/utils/integrity_checker.c
+++ b/src/libstrongswan/utils/integrity_checker.c
@@ -22,7 +22,6 @@
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -61,40 +60,17 @@ METHOD(integrity_checker_t, build_file, u_int32_t,
private_integrity_checker_t *this, char *file, size_t *len)
{
u_int32_t checksum;
- chunk_t contents;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *contents;
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ contents = chunk_map(file, FALSE);
+ if (!contents)
{
DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return 0;
}
-
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return 0;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return 0;
- }
-
- *len = sb.st_size;
- contents = chunk_create(addr, sb.st_size);
- checksum = chunk_hash_static(contents);
-
- munmap(addr, sb.st_size);
- close(fd);
+ *len = contents->len;
+ checksum = chunk_hash_static(*contents);
+ chunk_unmap(contents);
return checksum;
}
@@ -318,4 +294,3 @@ integrity_checker_t *integrity_checker_create(char *checksum_library)
}
return &this->public;
}
-
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 725e04f..82eadcb 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -59,6 +59,21 @@ struct private_leak_detective_t {
* public functions
*/
leak_detective_t public;
+
+ /**
+ * Registered report() function
+ */
+ leak_detective_report_cb_t report_cb;
+
+ /**
+ * Registered report() summary function
+ */
+ leak_detective_summary_cb_t report_scb;
+
+ /**
+ * Registered user data for callbacks
+ */
+ void *report_data;
};
/**
@@ -318,9 +333,16 @@ HOOK(size_t, size, const void *ptr)
*/
static bool register_hooks()
{
+ static bool once = FALSE;
malloc_zone_t *zone;
void *page;
+ if (once)
+ {
+ return TRUE;
+ }
+ once = TRUE;
+
zone = malloc_default_zone();
if (zone->version != MALLOC_ZONE_VERSION)
{
@@ -461,7 +483,7 @@ static void* real_realloc(void *ptr, size_t size)
static bool register_hooks()
{
void *buf = real_malloc(8);
- real_realloc(buf, 16);
+ buf = real_realloc(buf, 16);
real_free(buf);
return TRUE;
}
@@ -477,7 +499,7 @@ static bool register_hooks()
char *whitelist[] = {
/* backtraces, including own */
"backtrace_create",
- "safe_strerror",
+ "strerror_safe",
/* pthread stuff */
"pthread_create",
"pthread_setspecific",
@@ -565,7 +587,12 @@ char *whitelist[] = {
*/
static void init_static_allocations()
{
+ struct tm tm;
+ time_t t = 0;
+
tzset();
+ gmtime_r(&t, &tm);
+ localtime_r(&t, &tm);
}
/**
@@ -599,7 +626,8 @@ static bool equals(backtrace_t *a, backtrace_t *b)
* Summarize and print backtraces
*/
static int print_traces(private_leak_detective_t *this,
- FILE *out, int thresh, int thresh_count,
+ leak_detective_report_cb_t cb, void *user,
+ int thresh, int thresh_count,
bool detailed, int *whitelisted, size_t *sum)
{
int leaks = 0;
@@ -652,16 +680,20 @@ static int print_traces(private_leak_detective_t *this,
leaks++;
}
lock->unlock(lock);
+
enumerator = entries->create_enumerator(entries);
while (enumerator->enumerate(enumerator, NULL, &entry))
{
- if (out &&
- (!thresh || entry->bytes >= thresh) &&
- (!thresh_count || entry->count >= thresh_count))
+ if (cb)
{
- fprintf(out, "%d bytes total, %d allocations, %d bytes average:\n",
- entry->bytes, entry->count, entry->bytes / entry->count);
- entry->backtrace->log(entry->backtrace, out, detailed);
+ if (!thresh || entry->bytes >= thresh)
+ {
+ if (!thresh_count || entry->count >= thresh_count)
+ {
+ this->report_cb(this->report_data, entry->count,
+ entry->bytes, entry->backtrace, detailed);
+ }
+ }
}
entry->backtrace->destroy(entry->backtrace);
free(entry);
@@ -681,38 +713,30 @@ METHOD(leak_detective_t, report, void,
int leaks, whitelisted = 0;
size_t sum = 0;
- leaks = print_traces(this, stderr, 0, 0, detailed, &whitelisted, &sum);
- switch (leaks)
+ leaks = print_traces(this, this->report_cb, this->report_data,
+ 0, 0, detailed, &whitelisted, &sum);
+ if (this->report_scb)
{
- case 0:
- fprintf(stderr, "No leaks detected");
- break;
- case 1:
- fprintf(stderr, "One leak detected");
- break;
- default:
- fprintf(stderr, "%d leaks detected, %zu bytes", leaks, sum);
- break;
+ this->report_scb(this->report_data, leaks, sum, whitelisted);
}
- fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
- }
- else
- {
- fprintf(stderr, "Leak detective disabled\n");
}
}
+METHOD(leak_detective_t, set_report_cb, void,
+ private_leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user)
+{
+ this->report_cb = cb;
+ this->report_scb = scb;
+ this->report_data = user;
+}
+
METHOD(leak_detective_t, leaks, int,
private_leak_detective_t *this)
{
- if (lib->leak_detective)
- {
- int leaks, whitelisted = 0;
+ int whitelisted = 0;
- leaks = print_traces(this, NULL, 0, 0, FALSE, &whitelisted, NULL);
- return leaks;
- }
- return 0;
+ return print_traces(this, NULL, NULL, 0, 0, FALSE, &whitelisted, NULL);
}
METHOD(leak_detective_t, set_state, bool,
@@ -722,22 +746,26 @@ METHOD(leak_detective_t, set_state, bool,
}
METHOD(leak_detective_t, usage, void,
- private_leak_detective_t *this, FILE *out)
+ private_leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user)
{
bool detailed;
- int thresh, thresh_count;
+ int thresh, thresh_count, leaks, whitelisted = 0;
size_t sum = 0;
thresh = lib->settings->get_int(lib->settings,
- "libstrongswan.leak_detective.usage_threshold", 10240);
+ "%s.leak_detective.usage_threshold", 10240, lib->ns);
thresh_count = lib->settings->get_int(lib->settings,
- "libstrongswan.leak_detective.usage_threshold_count", 0);
+ "%s.leak_detective.usage_threshold_count", 0, lib->ns);
detailed = lib->settings->get_bool(lib->settings,
- "libstrongswan.leak_detective.detailed", TRUE);
+ "%s.leak_detective.detailed", TRUE, lib->ns);
- print_traces(this, out, thresh, thresh_count, detailed, NULL, &sum);
-
- fprintf(out, "Total memory usage: %zu\n", sum);
+ leaks = print_traces(this, cb, user, thresh, thresh_count,
+ detailed, &whitelisted, &sum);
+ if (scb)
+ {
+ scb(user, leaks, sum, whitelisted);
+ }
}
/**
@@ -924,6 +952,7 @@ METHOD(leak_detective_t, destroy, void,
lock->destroy(lock);
thread_disabled->destroy(thread_disabled);
free(this);
+ first_header.next = NULL;
}
/*
@@ -936,8 +965,9 @@ leak_detective_t *leak_detective_create()
INIT(this,
.public = {
.report = _report,
- .leaks = _leaks,
+ .set_report_cb = _set_report_cb,
.usage = _usage,
+ .leaks = _leaks,
.set_state = _set_state,
.destroy = _destroy,
},
diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h
index 7a29e81..3fd0b8c 100644
--- a/src/libstrongswan/utils/leak_detective.h
+++ b/src/libstrongswan/utils/leak_detective.h
@@ -24,6 +24,30 @@
typedef struct leak_detective_t leak_detective_t;
#include <library.h>
+#include <utils/backtrace.h>
+
+/**
+ * Callback function to report leak/usage information
+ *
+ * @param user user specific data
+ * @param count number of allocations
+ * @param bytes total size of allocations
+ * @param bt backtrace of allocation
+ * @param detailed TRUE to show a detailed backtrace
+ */
+typedef void (*leak_detective_report_cb_t)(void *user, int count, size_t bytes,
+ backtrace_t *bt, bool detailed);
+
+/**
+ * Callback function to report leak/usage summary information
+ *
+ * @param user user specific data
+ * @param count total number of allocations
+ * @param bytes total size of all reported allocations
+ * @param whitelisted number of allocations suppressed by whitelist
+ */
+typedef void (*leak_detective_summary_cb_t)(void* user, int count, size_t bytes,
+ int whitelisted);
/**
* Leak detective finds leaks and bad frees using malloc hooks.
@@ -36,25 +60,39 @@ typedef struct leak_detective_t leak_detective_t;
struct leak_detective_t {
/**
- * Report leaks to stderr.
+ * Report leaks to the registered callback functions.
*
* @param detailed TRUE to resolve line/filename of leak (slow)
*/
void (*report)(leak_detective_t *this, bool detailed);
/**
- * Number of detected leaks.
+ * Report current memory usage to out.
+ * Set callback functions invoked during a report().
*
- * @return number of leaks
+ * @param cb callback invoked for each detected leak
+ * @param scb summary callback invoked at end of report
+ * @param user user data to supply to callbacks
*/
- int (*leaks)(leak_detective_t *this);
+ void (*set_report_cb)(leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user);
/**
- * Report current memory usage to out.
+ * Report current memory usage using a callbacks.
+ *
+ * @param cb callback invoked for each allocation
+ * @param scb summary callback invoked at end of usage report
+ * @param user user data supplied to callbacks
+ */
+ void (*usage)(leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user);
+
+ /**
+ * Number of detected leaks.
*
- * @param out target to write usage report to
+ * @return number of leaks
*/
- void (*usage)(leak_detective_t *this, FILE *out);
+ int (*leaks)(leak_detective_t *this);
/**
* Enable/disable leak detective hooks for the current thread.
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
index d00abef..c79d4b8 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
@@ -122,10 +122,14 @@ size_t print_in_hook(printf_hook_data_t *data, char *fmt, ...)
if (written > data->n)
{
- written = data->n;
+ data->q += data->n;
+ data->n = 0;
+ }
+ else
+ {
+ data->q += written;
+ data->n -= written;
}
- data->q += written;
- data->n += written;
return written;
}
@@ -725,12 +729,6 @@ int builtin_vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
switch (ch)
{
- case 'P':
- {
- /* Upper case pointer */
- flags |= FL_UPPER;
- /* fall through */
- }
case 'p':
{
/* Pointer */
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
index 8fd1aed..5efe1d9 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
@@ -19,10 +19,10 @@
#include <utils/utils.h>
#include <utils/debug.h>
-#include <printf.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
+#include <printf.h>
typedef struct private_printf_hook_t private_printf_hook_t;
typedef struct printf_hook_handler_t printf_hook_handler_t;
diff --git a/src/libstrongswan/utils/settings.c b/src/libstrongswan/utils/settings.c
index 809ca10..490490a 100644
--- a/src/libstrongswan/utils/settings.c
+++ b/src/libstrongswan/utils/settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -20,7 +20,6 @@
#include <stdio.h>
#include <errno.h>
#include <limits.h>
-#include <libgen.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
@@ -31,6 +30,8 @@
#include "settings.h"
+#include "collections/array.h"
+#include "collections/hashtable.h"
#include "collections/linked_list.h"
#include "threading/rwlock.h"
#include "utils/debug.h"
@@ -78,14 +79,19 @@ struct section_t {
char *name;
/**
+ * fallback sections, as section_t
+ */
+ array_t *fallbacks;
+
+ /**
* subsections, as section_t
*/
- linked_list_t *sections;
+ array_t *sections;
/**
* key value pairs, as kv_t
*/
- linked_list_t *kv;
+ array_t *kv;
};
/**
@@ -134,8 +140,6 @@ static section_t *section_create(char *name)
section_t *this;
INIT(this,
.name = strdupnull(name),
- .sections = linked_list_create(),
- .kv = linked_list_create(),
);
return this;
}
@@ -145,37 +149,73 @@ static section_t *section_create(char *name)
*/
static void section_destroy(section_t *this)
{
- this->kv->destroy_function(this->kv, (void*)kv_destroy);
- this->sections->destroy_function(this->sections, (void*)section_destroy);
+ array_destroy_function(this->sections, (void*)section_destroy, NULL);
+ array_destroy_function(this->kv, (void*)kv_destroy, NULL);
+ array_destroy(this->fallbacks);
free(this->name);
free(this);
}
/**
- * Purge contents of a section
+ * Purge contents of a section, returns if section can be safely removed.
*/
-static void section_purge(section_t *this)
+static bool section_purge(section_t *this)
{
- this->kv->destroy_function(this->kv, (void*)kv_destroy);
- this->kv = linked_list_create();
- this->sections->destroy_function(this->sections, (void*)section_destroy);
- this->sections = linked_list_create();
+ section_t *current;
+ int i;
+
+ array_destroy_function(this->kv, (void*)kv_destroy, NULL);
+ this->kv = NULL;
+ /* we ensure sections used as fallback, or configured with fallbacks (or
+ * having any such subsections) are not removed */
+ for (i = array_count(this->sections) - 1; i >= 0; i--)
+ {
+ array_get(this->sections, i, ¤t);
+ if (section_purge(current))
+ {
+ array_remove(this->sections, i, NULL);
+ section_destroy(current);
+ }
+ }
+ return !this->fallbacks && !array_count(this->sections);
}
/**
* callback to find a section by name
*/
-static bool section_find(section_t *this, char *name)
+static int section_find(const void *a, const void *b)
{
- return streq(this->name, name);
+ const char *key = a;
+ const section_t *item = b;
+ return strcmp(key, item->name);
+}
+
+/**
+ * callback to sort sections by name
+ */
+static int section_sort(const void *a, const void *b, void *user)
+{
+ const section_t *sa = a, *sb = b;
+ return strcmp(sa->name, sb->name);
}
/**
* callback to find a kv pair by key
*/
-static bool kv_find(kv_t *this, char *key)
+static int kv_find(const void *a, const void *b)
+{
+ const char *key = a;
+ const kv_t *item = b;
+ return strcmp(key, item->key);
+}
+
+/**
+ * callback to sort kv pairs by key
+ */
+static int kv_sort(const void *a, const void *b, void *user)
{
- return streq(this->key, key);
+ const kv_t *kva = a, *kvb = b;
+ return strcmp(kva->key, kvb->key);
}
/**
@@ -184,17 +224,16 @@ static bool kv_find(kv_t *this, char *key)
static bool print_key(char *buf, int len, char *start, char *key, va_list args)
{
va_list copy;
+ char *pos = start;
bool res;
- char *pos;
va_copy(copy, args);
- while (start < key)
+ while (TRUE)
{
- pos = strchr(start, '%');
+ pos = memchr(pos, '%', key - pos);
if (!pos)
{
- start += strlen(start) + 1;
- continue;
+ break;
}
pos++;
switch (*pos)
@@ -215,11 +254,7 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args)
DBG1(DBG_CFG, "settings with %%%c not supported!", *pos);
break;
}
- start = pos;
- if (*start)
- {
- start++;
- }
+ pos++;
}
res = vsnprintf(buf, len, key, copy) < len;
va_end(copy);
@@ -251,14 +286,17 @@ static section_t *find_section_buffered(section_t *section,
{
return NULL;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&found, buf) != SUCCESS)
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else if (array_bsearch(section->sections, buf, section_find, &found) == -1)
{
if (ensure)
{
found = section_create(buf);
- section->sections->insert_last(section->sections, found);
+ array_insert_create(§ion->sections, ARRAY_TAIL, found);
+ array_sort(section->sections, section_sort, NULL);
}
}
if (found && pos)
@@ -269,10 +307,74 @@ static section_t *find_section_buffered(section_t *section,
}
/**
- * Find a section by a given key (thread-safe).
+ * Find all sections via a given key considering fallbacks, using buffered key,
+ * reusable buffer.
+ */
+static void find_sections_buffered(section_t *section, char *start, char *key,
+ va_list args, char *buf, int len, array_t **sections)
+{
+ section_t *found = NULL, *fallback;
+ char *pos;
+ int i;
+
+ if (!section)
+ {
+ return;
+ }
+ pos = strchr(key, '.');
+ if (pos)
+ {
+ *pos = '\0';
+ }
+ if (!print_key(buf, len, start, key, args))
+ {
+ return;
+ }
+ if (pos)
+ { /* restore so we can follow fallbacks */
+ *pos = '.';
+ }
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else
+ {
+ array_bsearch(section->sections, buf, section_find, &found);
+ }
+ if (found)
+ {
+ if (pos)
+ {
+ find_sections_buffered(found, start, pos+1, args, buf, len,
+ sections);
+ }
+ else
+ {
+ array_insert_create(sections, ARRAY_TAIL, found);
+ for (i = 0; i < array_count(found->fallbacks); i++)
+ {
+ array_get(found->fallbacks, i, &fallback);
+ array_insert_create(sections, ARRAY_TAIL, fallback);
+ }
+ }
+ }
+ if (section->fallbacks)
+ {
+ for (i = 0; i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &fallback);
+ find_sections_buffered(fallback, start, key, args, buf, len,
+ sections);
+ }
+ }
+}
+
+/**
+ * Ensure that the section with the given key exists (thread-safe).
*/
-static section_t *find_section(private_settings_t *this, section_t *section,
- char *key, va_list args)
+static section_t *ensure_section(private_settings_t *this, section_t *section,
+ const char *key, va_list args)
{
char buf[128], keybuf[512];
section_t *found;
@@ -281,42 +383,101 @@ static section_t *find_section(private_settings_t *this, section_t *section,
{
return NULL;
}
- this->lock->read_lock(this->lock);
+ /* we might have to change the tree */
+ this->lock->write_lock(this->lock);
found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), FALSE);
+ sizeof(buf), TRUE);
this->lock->unlock(this->lock);
return found;
}
/**
- * Ensure that the section with the given key exists (thread-safe).
+ * Find a section by a given key with its fallbacks (not thread-safe!).
+ * Sections are returned in depth-first order (array is allocated). NULL is
+ * returned if no sections are found.
*/
-static section_t *ensure_section(private_settings_t *this, section_t *section,
- char *key, va_list args)
+static array_t *find_sections(private_settings_t *this, section_t *section,
+ char *key, va_list args)
{
char buf[128], keybuf[512];
- section_t *found;
+ array_t *sections = NULL;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- /* we might have to change the tree */
+ find_sections_buffered(section, keybuf, keybuf, args, buf,
+ sizeof(buf), §ions);
+ return sections;
+}
+
+/**
+ * Check if the given fallback section already exists
+ */
+static bool fallback_exists(section_t *section, section_t *fallback)
+{
+ if (section == fallback)
+ {
+ return TRUE;
+ }
+ else if (section->fallbacks)
+ {
+ section_t *existing;
+ int i;
+
+ for (i = 0; i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &existing);
+ if (existing == fallback)
+ {
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+/**
+ * Ensure that the section with the given key exists and add the given fallback
+ * section (thread-safe).
+ */
+static void add_fallback_to_section(private_settings_t *this,
+ section_t *section, const char *key, va_list args,
+ section_t *fallback)
+{
+ char buf[128], keybuf[512];
+ section_t *found;
+
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
+ {
+ return;
+ }
this->lock->write_lock(this->lock);
found = find_section_buffered(section, keybuf, keybuf, args, buf,
sizeof(buf), TRUE);
+ if (!fallback_exists(found, fallback))
+ {
+ /* to ensure sections referred to as fallback are not purged, we create
+ * the array there too */
+ if (!fallback->fallbacks)
+ {
+ fallback->fallbacks = array_create(0, 0);
+ }
+ array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback);
+ }
this->lock->unlock(this->lock);
- return found;
}
/**
* Find the key/value pair for a key, using buffered key, reusable buffer
* If "ensure" is TRUE, the sections (and key/value pair) are created if they
* don't exist.
+ * Fallbacks are only considered if "ensure" is FALSE.
*/
static kv_t *find_value_buffered(section_t *section, char *start, char *key,
va_list args, char *buf, int len, bool ensure)
{
+ int i;
char *pos;
kv_t *kv = NULL;
section_t *found = NULL;
@@ -330,25 +491,40 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
if (pos)
{
*pos = '\0';
- pos++;
-
if (!print_key(buf, len, start, key, args))
{
return NULL;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&found, buf) != SUCCESS)
+ /* restore so we can retry for fallbacks */
+ *pos = '.';
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else if (array_bsearch(section->sections, buf, section_find,
+ &found) == -1)
{
- if (!ensure)
+ if (ensure)
{
- return NULL;
+ found = section_create(buf);
+ array_insert_create(§ion->sections, ARRAY_TAIL, found);
+ array_sort(section->sections, section_sort, NULL);
+ }
+ }
+ if (found)
+ {
+ kv = find_value_buffered(found, start, pos+1, args, buf, len,
+ ensure);
+ }
+ if (!kv && !ensure && section->fallbacks)
+ {
+ for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &found);
+ kv = find_value_buffered(found, start, key, args, buf, len,
+ ensure);
}
- found = section_create(buf);
- section->sections->insert_last(section->sections, found);
}
- return find_value_buffered(found, start, pos, args, buf, len,
- ensure);
}
else
{
@@ -356,13 +532,22 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
{
return NULL;
}
- if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find,
- (void**)&kv, buf) != SUCCESS)
+ if (array_bsearch(section->kv, buf, kv_find, &kv) == -1)
{
if (ensure)
{
kv = kv_create(buf, NULL);
- section->kv->insert_last(section->kv, kv);
+ array_insert_create(§ion->kv, ARRAY_TAIL, kv);
+ array_sort(section->kv, kv_sort, NULL);
+ }
+ else if (section->fallbacks)
+ {
+ for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &found);
+ kv = find_value_buffered(found, start, key, args, buf, len,
+ ensure);
+ }
}
}
}
@@ -429,7 +614,7 @@ static void set_value(private_settings_t *this, section_t *section,
}
METHOD(settings_t, get_str, char*,
- private_settings_t *this, char *key, char *def, ...)
+ private_settings_t *this, char *key, char *def, ...)
{
char *value;
va_list args;
@@ -470,7 +655,7 @@ inline bool settings_value_as_bool(char *value, bool def)
}
METHOD(settings_t, get_bool, bool,
- private_settings_t *this, char *key, bool def, ...)
+ private_settings_t *this, char *key, bool def, ...)
{
char *value;
va_list args;
@@ -500,7 +685,7 @@ inline int settings_value_as_int(char *value, int def)
}
METHOD(settings_t, get_int, int,
- private_settings_t *this, char *key, int def, ...)
+ private_settings_t *this, char *key, int def, ...)
{
char *value;
va_list args;
@@ -530,7 +715,7 @@ inline double settings_value_as_double(char *value, double def)
}
METHOD(settings_t, get_double, double,
- private_settings_t *this, char *key, double def, ...)
+ private_settings_t *this, char *key, double def, ...)
{
char *value;
va_list args;
@@ -576,7 +761,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def)
}
METHOD(settings_t, get_time, u_int32_t,
- private_settings_t *this, char *key, u_int32_t def, ...)
+ private_settings_t *this, char *key, u_int32_t def, ...)
{
char *value;
va_list args;
@@ -588,7 +773,7 @@ METHOD(settings_t, get_time, u_int32_t,
}
METHOD(settings_t, set_str, void,
- private_settings_t *this, char *key, char *value, ...)
+ private_settings_t *this, char *key, char *value, ...)
{
va_list args;
va_start(args, value);
@@ -597,7 +782,7 @@ METHOD(settings_t, set_str, void,
}
METHOD(settings_t, set_bool, void,
- private_settings_t *this, char *key, bool value, ...)
+ private_settings_t *this, char *key, bool value, ...)
{
va_list args;
va_start(args, value);
@@ -606,7 +791,7 @@ METHOD(settings_t, set_bool, void,
}
METHOD(settings_t, set_int, void,
- private_settings_t *this, char *key, int value, ...)
+ private_settings_t *this, char *key, int value, ...)
{
char val[16];
va_list args;
@@ -619,7 +804,7 @@ METHOD(settings_t, set_int, void,
}
METHOD(settings_t, set_double, void,
- private_settings_t *this, char *key, double value, ...)
+ private_settings_t *this, char *key, double value, ...)
{
char val[64];
va_list args;
@@ -632,7 +817,7 @@ METHOD(settings_t, set_double, void,
}
METHOD(settings_t, set_time, void,
- private_settings_t *this, char *key, u_int32_t value, ...)
+ private_settings_t *this, char *key, u_int32_t value, ...)
{
char val[16];
va_list args;
@@ -645,7 +830,7 @@ METHOD(settings_t, set_time, void,
}
METHOD(settings_t, set_default_str, bool,
- private_settings_t *this, char *key, char *value, ...)
+ private_settings_t *this, char *key, char *value, ...)
{
char *old;
va_list args;
@@ -665,63 +850,143 @@ METHOD(settings_t, set_default_str, bool,
}
/**
+ * Data for enumerators
+ */
+typedef struct {
+ /** settings_t instance */
+ private_settings_t *settings;
+ /** sections to enumerate */
+ array_t *sections;
+ /** sections/keys that were already enumerated */
+ hashtable_t *seen;
+} enumerator_data_t;
+
+/**
+ * Destroy enumerator data
+ */
+static void enumerator_destroy(enumerator_data_t *this)
+{
+ this->settings->lock->unlock(this->settings->lock);
+ this->seen->destroy(this->seen);
+ array_destroy(this->sections);
+ free(this);
+}
+
+/**
* Enumerate section names, not sections
*/
-static bool section_filter(void *null, section_t **in, char **out)
+static bool section_filter(hashtable_t *seen, section_t **in, char **out)
{
*out = (*in)->name;
+ if (seen->get(seen, *out))
+ {
+ return FALSE;
+ }
+ seen->put(seen, *out, *out);
return TRUE;
}
+/**
+ * Enumerate sections of the given section
+ */
+static enumerator_t *section_enumerator(section_t *section,
+ enumerator_data_t *data)
+{
+ return enumerator_create_filter(array_create_enumerator(section->sections),
+ (void*)section_filter, data->seen, NULL);
+}
+
METHOD(settings_t, create_section_enumerator, enumerator_t*,
- private_settings_t *this, char *key, ...)
+ private_settings_t *this, char *key, ...)
{
- section_t *section;
+ enumerator_data_t *data;
+ array_t *sections;
va_list args;
+ this->lock->read_lock(this->lock);
va_start(args, key);
- section = find_section(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args);
va_end(args);
- if (!section)
+ if (!sections)
{
+ this->lock->unlock(this->lock);
return enumerator_create_empty();
}
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(
- section->sections->create_enumerator(section->sections),
- (void*)section_filter, this->lock, (void*)this->lock->unlock);
+ INIT(data,
+ .settings = this,
+ .sections = sections,
+ .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8),
+ );
+ return enumerator_create_nested(array_create_enumerator(sections),
+ (void*)section_enumerator, data, (void*)enumerator_destroy);
}
/**
* Enumerate key and values, not kv_t entries
*/
-static bool kv_filter(void *null, kv_t **in, char **key,
+static bool kv_filter(hashtable_t *seen, kv_t **in, char **key,
void *none, char **value)
{
*key = (*in)->key;
+ if (seen->get(seen, *key))
+ {
+ return FALSE;
+ }
*value = (*in)->value;
+ seen->put(seen, *key, *key);
return TRUE;
}
+/**
+ * Enumerate key/value pairs of the given section
+ */
+static enumerator_t *kv_enumerator(section_t *section, enumerator_data_t *data)
+{
+ return enumerator_create_filter(array_create_enumerator(section->kv),
+ (void*)kv_filter, data->seen, NULL);
+}
+
METHOD(settings_t, create_key_value_enumerator, enumerator_t*,
- private_settings_t *this, char *key, ...)
+ private_settings_t *this, char *key, ...)
{
- section_t *section;
+ enumerator_data_t *data;
+ array_t *sections;
va_list args;
+ this->lock->read_lock(this->lock);
va_start(args, key);
- section = find_section(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args);
va_end(args);
- if (!section)
+ if (!sections)
{
+ this->lock->unlock(this->lock);
return enumerator_create_empty();
}
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(
- section->kv->create_enumerator(section->kv),
- (void*)kv_filter, this->lock, (void*)this->lock->unlock);
+ INIT(data,
+ .settings = this,
+ .sections = sections,
+ .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8),
+ );
+ return enumerator_create_nested(array_create_enumerator(sections),
+ (void*)kv_enumerator, data, (void*)enumerator_destroy);
+}
+
+METHOD(settings_t, add_fallback, void,
+ private_settings_t *this, const char *key, const char *fallback, ...)
+{
+ section_t *section;
+ va_list args;
+
+ /* find/create the fallback */
+ va_start(args, fallback);
+ section = ensure_section(this, this->top, fallback, args);
+ va_end(args);
+
+ va_start(args, fallback);
+ add_fallback_to_section(this, this->top, key, args, section);
+ va_end(args);
}
/**
@@ -881,15 +1146,15 @@ static bool parse_section(linked_list_t *contents, char *file, int level,
section->name);
continue;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&sub, key) != SUCCESS)
+ if (array_bsearch(section->sections, key, section_find,
+ &sub) == -1)
{
sub = section_create(key);
if (parse_section(contents, file, level, &inner, sub))
{
- section->sections->insert_last(section->sections,
- sub);
+ array_insert_create(§ion->sections, ARRAY_TAIL,
+ sub);
+ array_sort(section->sections, section_sort, NULL);
continue;
}
section_destroy(sub);
@@ -916,12 +1181,11 @@ static bool parse_section(linked_list_t *contents, char *file, int level,
section->name);
continue;
}
- if (section->kv->find_first(section->kv,
- (linked_list_match_t)kv_find,
- (void**)&kv, key) != SUCCESS)
+ if (array_bsearch(section->kv, key, kv_find, &kv) == -1)
{
kv = kv_create(key, value);
- section->kv->insert_last(section->kv, kv);
+ array_insert_create(§ion->kv, ARRAY_TAIL, kv);
+ array_sort(section->kv, kv_sort, NULL);
}
else
{ /* replace with the most recently read value */
@@ -1037,8 +1301,7 @@ static bool parse_files(linked_list_t *contents, char *file, int level,
}
else
{ /* base relative paths to the directory of the current file */
- char *dir = strdup(file);
- dir = dirname(dir);
+ char *dir = path_dirname(file);
if (snprintf(pat, sizeof(pat), "%s/%s", dir, pattern) >= sizeof(pat))
{
DBG1(DBG_LIB, "include pattern too long, ignored");
@@ -1092,37 +1355,37 @@ static void section_extend(section_t *base, section_t *extension)
section_t *sec;
kv_t *kv;
- enumerator = extension->sections->create_enumerator(extension->sections);
+ enumerator = array_create_enumerator(extension->sections);
while (enumerator->enumerate(enumerator, (void**)&sec))
{
section_t *found;
- if (base->sections->find_first(base->sections,
- (linked_list_match_t)section_find, (void**)&found,
- sec->name) == SUCCESS)
+ if (array_bsearch(base->sections, sec->name, section_find,
+ &found) != -1)
{
section_extend(found, sec);
}
else
{
- extension->sections->remove_at(extension->sections, enumerator);
- base->sections->insert_last(base->sections, sec);
+ array_remove_at(extension->sections, enumerator);
+ array_insert_create(&base->sections, ARRAY_TAIL, sec);
+ array_sort(base->sections, section_sort, NULL);
}
}
enumerator->destroy(enumerator);
- enumerator = extension->kv->create_enumerator(extension->kv);
+ enumerator = array_create_enumerator(extension->kv);
while (enumerator->enumerate(enumerator, (void**)&kv))
{
kv_t *found;
- if (base->kv->find_first(base->kv, (linked_list_match_t)kv_find,
- (void**)&found, kv->key) == SUCCESS)
+ if (array_bsearch(base->kv, kv->key, kv_find, &found) != -1)
{
found->value = kv->value;
}
else
{
- extension->kv->remove_at(extension->kv, enumerator);
- base->kv->insert_last(base->kv, kv);
+ array_remove_at(extension->kv, enumerator);
+ array_insert_create(&base->kv, ARRAY_TAIL, kv);
+ array_sort(base->kv, kv_sort, NULL);
}
}
enumerator->destroy(enumerator);
@@ -1179,13 +1442,13 @@ static bool load_files_internal(private_settings_t *this, section_t *parent,
}
METHOD(settings_t, load_files, bool,
- private_settings_t *this, char *pattern, bool merge)
+ private_settings_t *this, char *pattern, bool merge)
{
return load_files_internal(this, this->top, pattern, merge);
}
METHOD(settings_t, load_files_section, bool,
- private_settings_t *this, char *pattern, bool merge, char *key, ...)
+ private_settings_t *this, char *pattern, bool merge, char *key, ...)
{
section_t *section;
va_list args;
@@ -1202,7 +1465,7 @@ METHOD(settings_t, load_files_section, bool,
}
METHOD(settings_t, destroy, void,
- private_settings_t *this)
+ private_settings_t *this)
{
section_destroy(this->top);
this->contents->destroy_function(this->contents, (void*)free);
@@ -1232,6 +1495,7 @@ settings_t *settings_create(char *file)
.set_default_str = _set_default_str,
.create_section_enumerator = _create_section_enumerator,
.create_key_value_enumerator = _create_key_value_enumerator,
+ .add_fallback = _add_fallback,
.load_files = _load_files,
.load_files_section = _load_files_section,
.destroy = _destroy,
diff --git a/src/libstrongswan/utils/settings.h b/src/libstrongswan/utils/settings.h
index df0c534..46403c4 100644
--- a/src/libstrongswan/utils/settings.h
+++ b/src/libstrongswan/utils/settings.h
@@ -269,6 +269,31 @@ struct settings_t {
char *section, ...);
/**
+ * Add a fallback for the given section.
+ *
+ * Example: When the fallback 'section-two' is configured for
+ * 'section-one.two' any failed lookup for a section or key in
+ * 'section-one.two' will result in a lookup for the same section/key
+ * in 'section-two'.
+ *
+ * @note Lookups are depth-first and currently strictly top-down.
+ * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as
+ * fallback the keys/sections in lib2.sec would not be considered. But if
+ * app had lib3 as fallback the contents of lib3.sec would (as app is passed
+ * during the initial lookup). In the last example the order during
+ * enumerations would be app.sec, lib1.sec, lib3.sec.
+ *
+ * @note Additional arguments will be applied to both section format
+ * strings so they must be compatible.
+ *
+ * @param section section for which a fallback is configured, printf style
+ * @param fallback fallback section, printf style
+ * @param ... argument list for section and fallback
+ */
+ void (*add_fallback)(settings_t *this, const char *section,
+ const char *fallback, ...);
+
+ /**
* Load settings from the files matching the given pattern.
*
* If merge is TRUE, existing sections are extended, existing values
diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c
new file mode 100644
index 0000000..7de5a76
--- /dev/null
+++ b/src/libstrongswan/utils/test.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test.h"
+
+#include <library.h>
+
+/**
+ * A collection of testable functions
+ */
+hashtable_t *testable_functions;
+
+/*
+ * Described in header.
+ */
+void testable_function_register(char *name, void *fn)
+{
+ if (testable_functions)
+ {
+ bool old = FALSE;
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+ if (fn)
+ {
+ testable_functions->put(testable_functions, name, fn);
+ }
+ else
+ {
+ testable_functions->remove(testable_functions, name);
+ }
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+ }
+}
diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h
new file mode 100644
index 0000000..5b72892
--- /dev/null
+++ b/src/libstrongswan/utils/test.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup test test
+ * @{ @ingroup utils
+ */
+
+#ifndef TEST_H_
+#define TEST_H_
+
+#include "collections/hashtable.h"
+
+/**
+ * Collection of testable functions.
+ *
+ * @note Is initialized only if libtest is loaded.
+ */
+extern hashtable_t *testable_functions;
+
+/**
+ * Register a (possibly static) function so that it can be called from tests.
+ *
+ * @param name name (namespace/function)
+ * @param fn function to register (set to NULL to unregister)
+ */
+void testable_function_register(char *name, void *fn);
+
+/**
+ * Macro to automatically register/unregister a function that can be called
+ * from tests.
+ *
+ * @note The constructor has a priority set so that it runs after the
+ * constructor that creates the hashtable. The destructor, on the other hand,
+ * does not have a priority set, as test coverage would report that function as
+ * untested otherwise.
+ *
+ * @param ns namespace
+ * @param fn function to register
+ */
+#define EXPORT_FUNCTION_FOR_TESTS(ns, fn) \
+static void testable_function_register_##fn() __attribute__ ((constructor(2000))); \
+static void testable_function_register_##fn() \
+{ \
+ testable_function_register(#ns "/" #fn, fn); \
+} \
+static void testable_function_unregister_##fn() __attribute__ ((destructor)); \
+static void testable_function_unregister_##fn() \
+{ \
+ testable_function_register(#ns "/" #fn, NULL); \
+}
+
+/**
+ * Import a registered function so that it can be called from tests.
+ *
+ * @note If the imported function is static (or no conflicting header files
+ * are included) ret can be prefixed with static to declare the function static.
+ *
+ * @note We allocate an arbitrary amount of stack space, hopefully enough for
+ * all arguments.
+ *
+ * @param ns namespace of the function
+ * @param name name of the function
+ * @param ret return type of the function
+ * @param ... arguments of the function
+ */
+#define IMPORT_FUNCTION_FOR_TESTS(ns, name, ret, ...) \
+ret name(__VA_ARGS__) \
+{ \
+ void (*fn)() = NULL; \
+ if (testable_functions) \
+ { \
+ fn = testable_functions->get(testable_functions, #ns "/" #name); \
+ } \
+ if (fn) \
+ { \
+ void *args = __builtin_apply_args(); \
+ __builtin_return(__builtin_apply(fn, args, 16*sizeof(void*))); \
+ } \
+ test_fail_msg(__FILE__, __LINE__, "function " #name " (" #ns ") not found"); \
+ __builtin_return(NULL); \
+}
+
+#endif /** TEST_H_ @}*/
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 266fb43..fe80edb 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -14,8 +14,7 @@
* for more details.
*/
-#include "utils.h"
-
+#define _GNU_SOURCE /* for memrchr */
#include <sys/stat.h>
#include <string.h>
#include <stdio.h>
@@ -27,6 +26,8 @@
#include <time.h>
#include <pthread.h>
+#include "utils.h"
+
#include "collections/enumerator.h"
#include "utils/debug.h"
#include "utils/chunk.h"
@@ -102,7 +103,7 @@ void memwipe_noinline(void *ptr, size_t n)
*/
void *memstr(const void *haystack, const char *needle, size_t n)
{
- unsigned const char *pos = haystack;
+ const u_char *pos = haystack;
size_t l;
if (!haystack || !needle || (l = strlen(needle)) == 0)
@@ -122,6 +123,28 @@ void *memstr(const void *haystack, const char *needle, size_t n)
/**
* Described in header.
*/
+void *utils_memrchr(const void *s, int c, size_t n)
+{
+ const u_char *pos;
+
+ if (!s || !n)
+ {
+ return NULL;
+ }
+
+ for (pos = s + n - 1; pos >= (u_char*)s; pos--)
+ {
+ if (*pos == (u_char)c)
+ {
+ return (void*)pos;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Described in header.
+ */
char* translate(char *str, const char *from, const char *to)
{
char *pos = str;
@@ -144,6 +167,115 @@ char* translate(char *str, const char *from, const char *to)
/**
* Described in header.
*/
+char* strreplace(const char *str, const char *search, const char *replace)
+{
+ size_t len, slen, rlen, count = 0;
+ char *res, *pos, *found, *dst;
+
+ if (!str || !*str || !search || !*search || !replace)
+ {
+ return (char*)str;
+ }
+ slen = strlen(search);
+ rlen = strlen(replace);
+ if (slen != rlen)
+ {
+ for (pos = (char*)str; (pos = strstr(pos, search)); pos += slen)
+ {
+ found = pos;
+ count++;
+ }
+ if (!count)
+ {
+ return (char*)str;
+ }
+ len = (found - str) + strlen(found) + count * (rlen - slen);
+ }
+ else
+ {
+ len = strlen(str);
+ }
+ found = strstr(str, search);
+ if (!found)
+ {
+ return (char*)str;
+ }
+ dst = res = malloc(len + 1);
+ pos = (char*)str;
+ do
+ {
+ len = found - pos;
+ memcpy(dst, pos, len);
+ dst += len;
+ memcpy(dst, replace, rlen);
+ dst += rlen;
+ pos = found + slen;
+ }
+ while ((found = strstr(pos, search)));
+ strcpy(dst, pos);
+ return res;
+}
+
+/**
+ * Described in header.
+ */
+char* path_dirname(const char *path)
+{
+ char *pos;
+
+ pos = path ? strrchr(path, '/') : NULL;
+
+ if (pos && !pos[1])
+ { /* if path ends with slashes we have to look beyond them */
+ while (pos > path && *pos == '/')
+ { /* skip trailing slashes */
+ pos--;
+ }
+ pos = memrchr(path, '/', pos - path + 1);
+ }
+ if (!pos)
+ {
+ return strdup(".");
+ }
+ while (pos > path && *pos == '/')
+ { /* skip superfluous slashes */
+ pos--;
+ }
+ return strndup(path, pos - path + 1);
+}
+
+/**
+ * Described in header.
+ */
+char* path_basename(const char *path)
+{
+ char *pos, *trail = NULL;
+
+ if (!path || !*path)
+ {
+ return strdup(".");
+ }
+ pos = strrchr(path, '/');
+ if (pos && !pos[1])
+ { /* if path ends with slashes we have to look beyond them */
+ while (pos > path && *pos == '/')
+ { /* skip trailing slashes */
+ pos--;
+ }
+ if (pos == path && *pos == '/')
+ { /* contains only slashes */
+ return strdup("/");
+ }
+ trail = pos + 1;
+ pos = memrchr(path, '/', trail - path);
+ }
+ pos = pos ? pos + 1 : (char*)path;
+ return trail ? strndup(pos, trail - pos) : strdup(pos);
+}
+
+/**
+ * Described in header.
+ */
bool mkdir_p(const char *path, mode_t mode)
{
int len;
@@ -251,84 +383,6 @@ char* tty_escape_get(int fd, tty_escape_t escape)
return "";
}
-/**
- * The size of the thread-specific error buffer
- */
-#define STRERROR_BUF_LEN 256
-
-/**
- * Key to store thread-specific error buffer
- */
-static pthread_key_t strerror_buf_key;
-
-/**
- * Only initialize the key above once
- */
-static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT;
-
-/**
- * Create the key used for the thread-specific error buffer
- */
-static void create_strerror_buf_key()
-{
- pthread_key_create(&strerror_buf_key, free);
-}
-
-/**
- * Retrieve the error buffer assigned to the current thread (or create it)
- */
-static inline char *get_strerror_buf()
-{
- char *buf;
-
- pthread_once(&strerror_buf_key_once, create_strerror_buf_key);
- buf = pthread_getspecific(strerror_buf_key);
- if (!buf)
- {
- buf = malloc(STRERROR_BUF_LEN);
- pthread_setspecific(strerror_buf_key, buf);
- }
- return buf;
-}
-
-#ifdef HAVE_STRERROR_R
-/*
- * Described in header.
- */
-const char *safe_strerror(int errnum)
-{
- char *buf = get_strerror_buf(), *msg;
-
-#ifdef STRERROR_R_CHAR_P
- /* char* version which may or may not return the original buffer */
- msg = strerror_r(errnum, buf, STRERROR_BUF_LEN);
-#else
- /* int version returns 0 on success */
- msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf;
-#endif
- return msg;
-}
-#else /* HAVE_STRERROR_R */
-/* we actually wan't to call strerror(3) below */
-#undef strerror
-/*
- * Described in header.
- */
-const char *safe_strerror(int errnum)
-{
- static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
- char *buf = get_strerror_buf();
-
- /* use a mutex to ensure calling strerror(3) is thread-safe */
- pthread_mutex_lock(&mutex);
- strncpy(buf, strerror(errnum), STRERROR_BUF_LEN);
- pthread_mutex_unlock(&mutex);
- buf[STRERROR_BUF_LEN - 1] = '\0';
- return buf;
-}
-#endif /* HAVE_STRERROR_R */
-
-
#ifndef HAVE_CLOSEFROM
/**
* Described in header.
@@ -570,7 +624,7 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
time_t *time = *((time_t**)(args[0]));
- bool utc = *((bool*)(args[1]));;
+ bool utc = *((int*)(args[1]));
struct tm t;
if (*time == UNDEFINED_TIME)
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index cda7edf..a55e7d8 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -30,6 +30,7 @@
#include <string.h>
#include "enum.h"
+#include "utils/strerror.h"
/**
* strongSwan program return codes
@@ -464,6 +465,20 @@ static inline void memwipe(void *ptr, size_t n)
void *memstr(const void *haystack, const char *needle, size_t n);
/**
+ * Replacement for memrchr(3) if it is not provided by the C library.
+ *
+ * @param s start of the memory area to search
+ * @param c character to search
+ * @param n length of memory area to search
+ * @return pointer to the found character or NULL
+ */
+void *utils_memrchr(const void *s, int c, size_t n);
+
+#ifndef HAVE_MEMRCHR
+#define memrchr(s,c,n) utils_memrchr(s,c,n)
+#endif
+
+/**
* Translates the characters in the given string, searching for characters
* in 'from' and mapping them to characters in 'to'.
* The two characters sets 'from' and 'to' must contain the same number of
@@ -472,36 +487,59 @@ void *memstr(const void *haystack, const char *needle, size_t n);
char *translate(char *str, const char *from, const char *to);
/**
- * Creates a directory and all required parent directories.
+ * Replaces all occurrences of search in the given string with replace.
*
- * @param path path to the new directory
- * @param mode permissions of the new directory/directories
- * @return TRUE on success
+ * Allocates memory only if anything is replaced in the string. The original
+ * string is also returned if any of the arguments are invalid (e.g. if search
+ * is empty or any of them are NULL).
+ *
+ * @param str original string
+ * @param search string to search for and replace
+ * @param replace string to replace found occurrences with
+ * @return allocated string, if anything got replaced, str otherwise
*/
-bool mkdir_p(const char *path, mode_t mode);
+char *strreplace(const char *str, const char *search, const char *replace);
/**
- * Thread-safe wrapper around strerror and strerror_r.
+ * Like dirname(3) returns the directory part of the given null-terminated
+ * pathname, up to but not including the final '/' (or '.' if no '/' is found).
+ * Trailing '/' are not counted as part of the pathname.
*
- * This is required because the first is not thread-safe (on some platforms)
- * and the second uses two different signatures (POSIX/GNU) and is impractical
- * to use anyway.
+ * The difference is that it does this in a thread-safe manner (i.e. it does not
+ * use static buffers) and does not modify the original path.
*
- * @param errnum error code (i.e. errno)
- * @return error message
+ * @param path original pathname
+ * @return allocated directory component
*/
-const char *safe_strerror(int errnum);
+char *path_dirname(const char *path);
/**
- * Replace usages of strerror(3) with thread-safe variant.
+ * Like basename(3) returns the filename part of the given null-terminated path,
+ * i.e. the part following the final '/' (or '.' if path is empty or NULL).
+ * Trailing '/' are not counted as part of the pathname.
+ *
+ * The difference is that it does this in a thread-safe manner (i.e. it does not
+ * use static buffers) and does not modify the original path.
+ *
+ * @param path original pathname
+ * @return allocated filename component
*/
-#define strerror(errnum) safe_strerror(errnum)
+char *path_basename(const char *path);
+
+/**
+ * Creates a directory and all required parent directories.
+ *
+ * @param path path to the new directory
+ * @param mode permissions of the new directory/directories
+ * @return TRUE on success
+ */
+bool mkdir_p(const char *path, mode_t mode);
#ifndef HAVE_CLOSEFROM
/**
* Close open file descriptors greater than or equal to lowfd.
*
- * @param lowfd start closing file descriptoros from here
+ * @param lowfd start closing file descriptors from here
*/
void closefrom(int lowfd);
#endif
diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c
new file mode 100644
index 0000000..95e463f
--- /dev/null
+++ b/src/libstrongswan/utils/utils/strerror.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2012-2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <pthread.h>
+
+#include "strerror.h"
+
+/**
+ * The size of the thread-specific error buffer
+ */
+#define STRERROR_BUF_LEN 256
+
+/**
+ * Key to store thread-specific error buffer
+ */
+static pthread_key_t strerror_buf_key;
+
+/**
+ * Only initialize the key above once
+ */
+static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT;
+
+/**
+ * Create the key used for the thread-specific error buffer
+ */
+static void create_strerror_buf_key()
+{
+ pthread_key_create(&strerror_buf_key, free);
+}
+
+/**
+ * Retrieve the error buffer assigned to the current thread (or create it)
+ */
+static inline char *get_strerror_buf()
+{
+ char *buf;
+
+ pthread_once(&strerror_buf_key_once, create_strerror_buf_key);
+ buf = pthread_getspecific(strerror_buf_key);
+ if (!buf)
+ {
+ buf = malloc(STRERROR_BUF_LEN);
+ pthread_setspecific(strerror_buf_key, buf);
+ }
+ return buf;
+}
+
+#ifdef HAVE_STRERROR_R
+/*
+ * Described in header.
+ */
+const char *strerror_safe(int errnum)
+{
+ char *buf = get_strerror_buf(), *msg;
+
+#ifdef STRERROR_R_CHAR_P
+ /* char* version which may or may not return the original buffer */
+ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN);
+#else
+ /* int version returns 0 on success */
+ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf;
+#endif
+ return msg;
+}
+#else /* HAVE_STRERROR_R */
+/* we actually wan't to call strerror(3) below */
+#undef strerror
+/*
+ * Described in header.
+ */
+const char *strerror_safe(int errnum)
+{
+ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+ char *buf = get_strerror_buf();
+
+ /* use a mutex to ensure calling strerror(3) is thread-safe */
+ pthread_mutex_lock(&mutex);
+ strncpy(buf, strerror(errnum), STRERROR_BUF_LEN);
+ pthread_mutex_unlock(&mutex);
+ buf[STRERROR_BUF_LEN - 1] = '\0';
+ return buf;
+}
+#endif /* HAVE_STRERROR_R */
diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h
new file mode 100644
index 0000000..2cb76f1
--- /dev/null
+++ b/src/libstrongswan/utils/utils/strerror.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2012-2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @{ @ingroup utils
+ */
+
+#ifndef STRERROR_H_
+#define STRERROR_H_
+
+/**
+ * Thread-safe wrapper around strerror and strerror_r.
+ *
+ * This is required because the first is not thread-safe (on some platforms)
+ * and the second uses two different signatures (POSIX/GNU) and is impractical
+ * to use anyway.
+ *
+ * @param errnum error code (i.e. errno)
+ * @return error message
+ */
+const char *strerror_safe(int errnum);
+
+/**
+ * Replace usages of strerror(3) with thread-safe variant.
+ */
+#define strerror(errnum) strerror_safe(errnum)
+
+#endif /** STRERROR_H_ @}*/
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 5e8660a..87ae2a6 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 6d33d84..6b51e75 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
.application = application,
.purpose = purpose,
);
+ lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns);
this->crypto = tls_crypto_create(&this->public, cache);
this->alert = tls_alert_create();
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 12aa049..cc73eba 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.mac", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this,
int i, remaining = 0, suite;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.suites", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
diff --git a/src/libtnccs/Android.mk b/src/libtnccs/Android.mk
index 4d2803a..68f85c2 100644
--- a/src/libtnccs/Android.mk
+++ b/src/libtnccs/Android.mk
@@ -35,7 +35,6 @@ endif
# build libtncif ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libtls \
$(strongswan_PATH)/src/libtncif \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index bacea43..745850a 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -270,8 +270,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -339,6 +337,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -427,12 +430,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -447,6 +454,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 79f91f7..1f83985 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
index 7c52ab3..2d556d9 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
@@ -302,7 +302,7 @@ METHOD(imc_t, destroy, void,
private_tnc_imc_t *this)
{
if (this->handle && lib->settings->get_bool(lib->settings,
- "libtnccs.plugins.tnc-imc.dlclose", TRUE))
+ "%s.plugins.tnc-imc.dlclose", TRUE, lib->ns))
{
dlclose(this->handle);
}
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
index 311598f..459b6d7 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
@@ -224,7 +224,7 @@ METHOD(imc_manager_t, get_preferred_language, char*,
private_tnc_imc_manager_t *this)
{
return lib->settings->get_str(lib->settings,
- "libtnccs.plugins.tnc-imc.preferred_language", "en");
+ "%s.plugins.tnc-imc.preferred_language", "en", lib->ns);
}
METHOD(imc_manager_t, notify_connection_change, void,
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 20087a7..45c3569 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
index ebf9045..ab2e552 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
@@ -298,7 +298,7 @@ METHOD(imv_t, destroy, void,
private_tnc_imv_t *this)
{
if (this->handle && lib->settings->get_bool(lib->settings,
- "libtnccs.plugins.tnc-imv.dlclose", TRUE))
+ "%s.plugins.tnc-imv.dlclose", TRUE, lib->ns))
{
dlclose(this->handle);
}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
index b4f131b..5624501 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
@@ -21,7 +21,6 @@
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
@@ -461,7 +460,8 @@ imv_manager_t* tnc_imv_manager_create(void)
policy = enum_from_name(recommendation_policy_names,
lib->settings->get_str(lib->settings,
- "libtnccs.plugins.tnc-imv.recommendation_policy", "default"));
+ "%s.plugins.tnc-imv.recommendation_policy",
+ "default", lib->ns));
this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
recommendation_policy_names, this->policy);
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index 7764690..21ed94d 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 76b453a..7b4d53e 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -230,8 +230,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -299,6 +297,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -387,12 +390,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -407,6 +414,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
index 91854b5..28c5e52 100644
--- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c
+++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
@@ -662,7 +662,7 @@ tnccs_t* tnccs_11_create(bool is_server,
.callback = cb,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_msg_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-11.max_message_size", 45000),
+ "%s.plugins.tnccs-11.max_message_size", 45000, lib->ns),
.ref = 1,
);
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 0bb3c73..63010c3 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -231,8 +231,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index b631ef5..f78b85a 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -1063,9 +1063,9 @@ tnccs_t* tnccs_20_create(bool is_server,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),
.max_batch_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-20.max_batch_size", 65522),
+ "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns),
.max_msg_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-20.max_message_size", 65490),
+ "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns),
.ref = 1,
);
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index d38aa13..6a99188 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c
index 3a5b845..e002b10 100644
--- a/src/libtnccs/tnc/tnc.c
+++ b/src/libtnccs/tnc/tnc.c
@@ -13,14 +13,15 @@
* for more details.
*/
-#include "tnc.h"
-
+#define _GNU_SOURCE /* for stdndup() */
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
+#include <string.h>
+
+#include "tnc.h"
#include <utils/lexparser.h>
#include <utils/debug.h>
@@ -71,8 +72,10 @@ void libtnccs_init(void)
},
.ref = 1,
);
-
tnc = &this->public;
+ lib->settings->add_fallback(lib->settings, "%s.tnc", "libtnccs", lib->ns);
+ lib->settings->add_fallback(lib->settings, "%s.plugins", "libtnccs.plugins",
+ lib->ns);
}
/**
@@ -94,10 +97,8 @@ void libtnccs_deinit(void)
static bool load_imcvs_from_config(char *filename, bool is_imc)
{
bool success = FALSE;
- int fd, line_nr = 0;
- chunk_t src, line;
- struct stat sb;
- void *addr;
+ int line_nr = 0;
+ chunk_t *src, line;
char *label;
if (!filename || !*filename)
@@ -108,30 +109,15 @@ static bool load_imcvs_from_config(char *filename, bool is_imc)
label = is_imc ? "IMC" : "IMV";
DBG1(DBG_TNC, "loading %ss from '%s'", label, filename);
- fd = open(filename, O_RDONLY);
- if (fd == -1)
+ src = chunk_map(filename, FALSE);
+ if (!src)
{
DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
strerror(errno));
return FALSE;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
- strerror(errno));
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
- close(fd);
- return FALSE;
- }
- src = chunk_create(addr, sb.st_size);
- while (fetchline(&src, &line))
+ while (fetchline(src, &line))
{
char *name, *path;
chunk_t token;
@@ -201,8 +187,7 @@ static bool load_imcvs_from_config(char *filename, bool is_imc)
break;
}
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(src);
return success;
}
@@ -266,10 +251,9 @@ bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
{
load_imcvs_from_config(
lib->settings->get_str(lib->settings,
- "libtnccs.tnc_config", "/etc/tnc_config"),
+ "%s.tnc.tnc_config", "/etc/tnc_config", lib->ns),
is_imc);
}
}
return TRUE;
}
-
diff --git a/src/libtncif/Android.mk b/src/libtncif/Android.mk
index 13ce6e1..36d3f4c 100644
--- a/src/libtncif/Android.mk
+++ b/src/libtncif/Android.mk
@@ -13,7 +13,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libtncif_la_SOURCES))
# build libtncif ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index b8c8349..66ac311 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -182,8 +182,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -251,6 +249,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -339,12 +342,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -359,6 +366,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 244df09..08033c4 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -234,8 +234,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -303,6 +301,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -391,12 +394,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -411,6 +418,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/manager/main.c b/src/manager/main.c
index 5c845b1..b616908 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -34,7 +34,7 @@ int main (int arc, char *argv[])
bool debug;
int threads, timeout;
- library_init(NULL);
+ library_init(NULL, "manager");
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "manager.load", PLUGINS)))
{
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 385bb8e..5452a41 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -223,8 +223,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/medsrv/main.c b/src/medsrv/main.c
index 6f08b97..745fcc3 100644
--- a/src/medsrv/main.c
+++ b/src/medsrv/main.c
@@ -33,7 +33,7 @@ int main(int arc, char *argv[])
char *uri;
int timeout, threads;
- library_init(NULL);
+ library_init(NULL, "medsrv");
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "medsrv.load", PLUGINS)))
{
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index e9023b8..b5e00be 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 7074d44..8862e9a 100644
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -29,6 +29,7 @@
#include <getopt.h>
#include <ctype.h>
#include <time.h>
+#include <errno.h>
#include <library.h>
#include <utils/debug.h>
@@ -228,7 +229,7 @@ int main(int argc, char **argv)
/* initialize library */
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "openac"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -515,11 +516,18 @@ int main(int argc, char **argv)
/* write the attribute certificate to file */
if (attr_cert->get_encoding(attr_cert, CERT_ASN1_DER, &attr_chunk))
{
- if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE))
+ if (chunk_write(attr_chunk, outfile, 0022, TRUE))
{
+ DBG1(DBG_APP, " written attribute cert file '%s' (%d bytes)",
+ outfile, attr_chunk.len);
write_serial(serial);
status = 0;
}
+ else
+ {
+ DBG1(DBG_APP, " writing attribute cert file '%s' failed: %s",
+ outfile, strerror(errno));
+ }
}
}
else
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 1101366..461d958 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -231,8 +231,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pki/command.c b/src/pki/command.c
index 984da59..b6966ee 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -29,7 +29,7 @@
/**
* Registered commands.
*/
-command_t cmds[MAX_COMMANDS];
+static command_t cmds[MAX_COMMANDS];
/**
* active command.
@@ -55,12 +55,12 @@ static options_t *options;
/**
* Global options used by all subcommands
*/
-static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS];
+static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS];
/**
* Global optstring used by all subcommands
*/
-static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS) * 3];
+static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS) * 3];
/**
* Build command_opts/command_optstr for the active command
@@ -140,23 +140,37 @@ void command_register(command_t command)
{
int i;
+ if (registered == MAX_COMMANDS)
+ {
+ fprintf(stderr, "unable to register command, please increase "
+ "MAX_COMMANDS\n");
+ return;
+ }
+
cmds[registered] = command;
/* append default options, but not to --help */
if (!active)
{
for (i = 0; i < countof(cmds[registered].options) - 1; i++)
{
- if (cmds[registered].options[i].name)
+ if (!cmds[registered].options[i].name)
{
- continue;
+ break;
}
+ }
+ if (i > countof(cmds[registered].options) - 3)
+ {
+ fprintf(stderr, "command '%s' registered too many options, please "
+ "increase MAX_OPTIONS\n", command.cmd);
+ }
+ else
+ {
cmds[registered].options[i++] = (command_option_t) {
"debug", 'v', 1, "set debug level, default: 1"
};
cmds[registered].options[i++] = (command_option_t) {
"options", '+', 1, "read command line options from file"
};
- break;
}
}
registered++;
@@ -260,4 +274,3 @@ int command_dispatch(int c, char *v[])
}
return command_usage(c > 1 ? "invalid operation" : NULL);
}
-
diff --git a/src/pki/command.h b/src/pki/command.h
index 1a884fb..737f465 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -22,12 +22,12 @@
#define COMMAND_H_
/**
- * Maximum number of commands.
+ * Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 10
+#define MAX_COMMANDS 11
/**
- * Maximum number of options in a command (+1)
+ * Maximum number of options in a command (+3)
*/
#define MAX_OPTIONS 32
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 000f63d..d5c33b8 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -14,6 +14,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -382,7 +383,12 @@ static int issue()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading certificate request failed";
+ goto end;
+ }
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
BUILD_BLOB, chunk, BUILD_END);
@@ -425,7 +431,12 @@ static int issue()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading public key failed";
+ goto end;
+ }
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -562,4 +573,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 353670e..64bb3cc 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -89,7 +91,11 @@ static int keyid()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -165,4 +171,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 2261e44..077c1ef 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -22,6 +22,7 @@
#include <selectors/traffic_selector.h>
#include <time.h>
+#include <errno.h>
/**
* Print public key information
@@ -510,7 +511,11 @@ static int print()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 7f88055..260044c 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -108,7 +110,11 @@ static int pub()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -186,4 +192,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 628463e..5b2c128 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -16,6 +16,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -118,7 +119,12 @@ static int req()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading private key failed: %s\n", strerror(errno));
+ error = "";
+ goto end;
+ }
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 6bf0b13..c28c9c2 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -14,6 +14,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -273,7 +274,12 @@ static int self()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading private key failed";
+ goto end;
+ }
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 96b2b50..f30dda9 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -57,7 +59,11 @@ static int verify()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading certificate failed: %s\n", strerror(errno));
+ return 1;
+ }
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index ecba4a9..edbde85 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -170,8 +170,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -239,6 +237,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -327,12 +330,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -347,6 +354,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
index 9effd9b..3fad1ae 100644
--- a/src/pki/man/pki---issue.1.in
+++ b/src/pki/man/pki---issue.1.in
@@ -1,4 +1,4 @@
-.TH "PKI \-\-ISSUE" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-ISSUE" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
diff --git a/src/pki/pki.c b/src/pki/pki.c
index ecc0702..eb614dd 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -168,7 +168,7 @@ static void remove_callback()
int main(int argc, char *argv[])
{
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "pki"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
diff --git a/src/pool/Makefile.am b/src/pool/Makefile.am
index 8b429a4..b8d662e 100644
--- a/src/pool/Makefile.am
+++ b/src/pool/Makefile.am
@@ -1,3 +1,5 @@
+if USE_ATTR_SQL
+
ipsec_PROGRAMS = pool
pool_SOURCES = \
@@ -14,3 +16,8 @@ AM_CPPFLAGS = \
pool_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libhydra/libhydra.la
+
+endif USE_ATTR_SQL
+
+templatesdir = $(pkgdatadir)/templates/database/sql
+dist_templates_DATA = mysql.sql sqlite.sql
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index f8db9ae..6348903 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -14,6 +14,7 @@
@SET_MAKE@
+
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -78,10 +79,10 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-ipsec_PROGRAMS = pool$(EXEEXT)
+ at USE_ATTR_SQL_TRUE@ipsec_PROGRAMS = pool$(EXEEXT)
subdir = src/pool
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+ $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,14 +100,16 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"
PROGRAMS = $(ipsec_PROGRAMS)
-am_pool_OBJECTS = pool.$(OBJEXT) pool_attributes.$(OBJEXT) \
- pool_usage.$(OBJEXT)
+am__pool_SOURCES_DIST = pool.c pool_attributes.c pool_attributes.h \
+ pool_usage.h pool_usage.c
+ at USE_ATTR_SQL_TRUE@am_pool_OBJECTS = pool.$(OBJEXT) \
+ at USE_ATTR_SQL_TRUE@ pool_attributes.$(OBJEXT) \
+ at USE_ATTR_SQL_TRUE@ pool_usage.$(OBJEXT)
pool_OBJECTS = $(am_pool_OBJECTS)
-pool_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libhydra/libhydra.la
+ at USE_ATTR_SQL_TRUE@pool_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ at USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -146,12 +149,40 @@ am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(pool_SOURCES)
-DIST_SOURCES = $(pool_SOURCES)
+DIST_SOURCES = $(am__pool_SOURCES_DIST)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+DATA = $(dist_templates_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -186,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -255,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -343,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -363,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -373,19 +412,21 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-pool_SOURCES = \
- pool.c pool_attributes.c pool_attributes.h \
- pool_usage.h pool_usage.c
+ at USE_ATTR_SQL_TRUE@pool_SOURCES = \
+ at USE_ATTR_SQL_TRUE@ pool.c pool_attributes.c pool_attributes.h \
+ at USE_ATTR_SQL_TRUE@ pool_usage.h pool_usage.c
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
- -DPLUGINS=\""${pool_plugins}\""
+ at USE_ATTR_SQL_TRUE@AM_CPPFLAGS = \
+ at USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libstrongswan \
+ at USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libhydra \
+ at USE_ATTR_SQL_TRUE@ -DPLUGINS=\""${pool_plugins}\""
-pool_LDADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libhydra/libhydra.la
+ at USE_ATTR_SQL_TRUE@pool_LDADD = \
+ at USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ at USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la
+templatesdir = $(pkgdatadir)/templates/database/sql
+dist_templates_DATA = mysql.sql sqlite.sql
all: all-am
.SUFFIXES:
@@ -513,6 +554,27 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+install-dist_templatesDATA: $(dist_templates_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+ done
+
+uninstall-dist_templatesDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -598,9 +660,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -656,7 +718,7 @@ info: info-am
info-am:
-install-data-am: install-ipsecPROGRAMS
+install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS
install-dvi: install-dvi-am
@@ -702,7 +764,7 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
.MAKE: install-am install-strip
@@ -711,17 +773,19 @@ uninstall-am: uninstall-ipsecPROGRAMS
distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
+ install-data-am install-dist_templatesDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+ tags tags-am uninstall uninstall-am \
+ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
-pool.o : $(top_builddir)/config.status
+ at USE_ATTR_SQL_TRUE@pool.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pool/mysql.sql b/src/pool/mysql.sql
new file mode 100644
index 0000000..1b43759
--- /dev/null
+++ b/src/pool/mysql.sql
@@ -0,0 +1,281 @@
+
+DROP TABLE IF EXISTS `identities`;
+CREATE TABLE `identities` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(4) unsigned NOT NULL,
+ `data` varbinary(64) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE (`type`, `data`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_configs`;
+CREATE TABLE `child_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) collate utf8_unicode_ci NOT NULL,
+ `lifetime` mediumint(8) unsigned NOT NULL default '1500',
+ `rekeytime` mediumint(8) unsigned NOT NULL default '1200',
+ `jitter` mediumint(8) unsigned NOT NULL default '60',
+ `updown` varchar(128) collate utf8_unicode_ci default NULL,
+ `hostaccess` tinyint(1) unsigned NOT NULL default '0',
+ `mode` tinyint(4) unsigned NOT NULL default '2',
+ `start_action` tinyint(4) unsigned NOT NULL default '0',
+ `dpd_action` tinyint(4) unsigned NOT NULL default '0',
+ `close_action` tinyint(4) unsigned NOT NULL default '0',
+ `ipcomp` tinyint(4) unsigned NOT NULL default '0',
+ `reqid` mediumint(8) unsigned NOT NULL default '0',
+ PRIMARY KEY (`id`),
+ INDEX (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_config_traffic_selector`;
+CREATE TABLE `child_config_traffic_selector` (
+ `child_cfg` int(10) unsigned NOT NULL,
+ `traffic_selector` int(10) unsigned NOT NULL,
+ `kind` tinyint(3) unsigned NOT NULL,
+ INDEX (`child_cfg`, `traffic_selector`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `proposals`;
+CREATE TABLE `proposals` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `proposal` varchar(128) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_config_proposal`;
+CREATE TABLE `child_config_proposal` (
+ `child_cfg` int(10) unsigned NOT NULL,
+ `prio` smallint(5) unsigned NOT NULL,
+ `prop` int(10) unsigned NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `ike_configs`;
+CREATE TABLE `ike_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `certreq` tinyint(3) unsigned NOT NULL default '1',
+ `force_encap` tinyint(1) NOT NULL default '0',
+ `local` varchar(128) collate utf8_unicode_ci NOT NULL,
+ `remote` varchar(128) collate utf8_unicode_ci NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `ike_config_proposal`;
+CREATE TABLE `ike_config_proposal` (
+ `ike_cfg` int(10) unsigned NOT NULL,
+ `prio` smallint(5) unsigned NOT NULL,
+ `prop` int(10) unsigned NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `peer_configs`;
+CREATE TABLE `peer_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) collate utf8_unicode_ci NOT NULL,
+ `ike_version` tinyint(3) unsigned NOT NULL default '2',
+ `ike_cfg` int(10) unsigned NOT NULL,
+ `local_id` varchar(64) collate utf8_unicode_ci NOT NULL,
+ `remote_id` varchar(64) collate utf8_unicode_ci NOT NULL,
+ `cert_policy` tinyint(3) unsigned NOT NULL default '1',
+ `uniqueid` tinyint(3) unsigned NOT NULL default '0',
+ `auth_method` tinyint(3) unsigned NOT NULL default '1',
+ `eap_type` tinyint(3) unsigned NOT NULL default '0',
+ `eap_vendor` smallint(5) unsigned NOT NULL default '0',
+ `keyingtries` tinyint(3) unsigned NOT NULL default '3',
+ `rekeytime` mediumint(8) unsigned NOT NULL default '7200',
+ `reauthtime` mediumint(8) unsigned NOT NULL default '0',
+ `jitter` mediumint(8) unsigned NOT NULL default '180',
+ `overtime` mediumint(8) unsigned NOT NULL default '300',
+ `mobike` tinyint(1) NOT NULL default '1',
+ `dpd_delay` mediumint(8) unsigned NOT NULL default '120',
+ `virtual` varchar(40) default NULL,
+ `pool` varchar(32) default NULL,
+ `mediation` tinyint(1) NOT NULL default '0',
+ `mediated_by` int(10) unsigned NOT NULL default '0',
+ `peer_id` int(10) unsigned NOT NULL default '0',
+ PRIMARY KEY (`id`),
+ INDEX (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `peer_config_child_config`;
+CREATE TABLE `peer_config_child_config` (
+ `peer_cfg` int(10) unsigned NOT NULL,
+ `child_cfg` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`peer_cfg`, `child_cfg`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `traffic_selectors`;
+CREATE TABLE `traffic_selectors` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL default '7',
+ `protocol` smallint(5) unsigned NOT NULL default '0',
+ `start_addr` varbinary(16) default NULL,
+ `end_addr` varbinary(16) default NULL,
+ `start_port` smallint(5) unsigned NOT NULL default '0',
+ `end_port` smallint(5) unsigned NOT NULL default '65535',
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `keytype` tinyint(3) unsigned NOT NULL,
+ `data` BLOB NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_identity;
+CREATE TABLE certificate_identity (
+ `certificate` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`certificate`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `data` BLOB NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS private_key_identity;
+CREATE TABLE private_key_identity (
+ `private_key` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`private_key`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `data` varbinary(256) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS shared_secret_identity;
+CREATE TABLE shared_secret_identity (
+ `shared_secret` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`shared_secret`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_authorities;
+CREATE TABLE certificate_authorities (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `certificate` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_distribution_points;
+CREATE TABLE certificate_distribution_points (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `ca` int(10) unsigned NOT NULL,
+ `type` tinyint(3) unsigned NOT NULL,
+ `uri` varchar(256) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS pools;
+CREATE TABLE pools (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) NOT NULL,
+ `start` varbinary(16) NOT NULL,
+ `end` varbinary(16) NOT NULL,
+ `timeout` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS addresses;
+CREATE TABLE addresses (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `pool` int(10) unsigned NOT NULL,
+ `address` varbinary(16) NOT NULL,
+ `identity` int(10) unsigned NOT NULL DEFAULT 0,
+ `acquired` int(10) unsigned NOT NULL DEFAULT 0,
+ `released` int(10) unsigned NOT NULL DEFAULT 1,
+ PRIMARY KEY (`id`),
+ INDEX (`pool`),
+ INDEX (`identity`),
+ INDEX (`address`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS leases;
+CREATE TABLE leases (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `address` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ `acquired` int(10) unsigned NOT NULL,
+ `released` int(10) unsigned DEFAULT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS attribute_pools;
+CREATE TABLE attribute_pools (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS attributes;
+CREATE TABLE attributes (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `identity` int(10) unsigned NOT NULL default '0',
+ `pool` int(10) unsigned NOT NULL default '0',
+ `type` int(10) unsigned NOT NULL,
+ `value` varbinary(16) NOT NULL,
+ PRIMARY KEY (`id`),
+ INDEX (`identity`),
+ INDEX (`pool`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS ike_sas;
+CREATE TABLE ike_sas (
+ `local_spi` varbinary(8) NOT NULL,
+ `remote_spi` varbinary(8) NOT NULL,
+ `id` int(10) unsigned NOT NULL,
+ `initiator` tinyint(1) NOT NULL,
+ `local_id_type` tinyint(3) NOT NULL,
+ `local_id_data` varbinary(64) DEFAULT NULL,
+ `remote_id_type` tinyint(3) NOT NULL,
+ `remote_id_data` varbinary(64) DEFAULT NULL,
+ `host_family` tinyint(3) NOT NULL,
+ `local_host_data` varbinary(16) NOT NULL,
+ `remote_host_data` varbinary(16) NOT NULL,
+ `lastuse` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (`local_spi`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS logs;
+CREATE TABLE logs (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `local_spi` varbinary(8) NOT NULL,
+ `signal` tinyint(3) NOT NULL,
+ `level` tinyint(3) NOT NULL,
+ `msg` varchar(256) NOT NULL,
+ `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
diff --git a/src/pool/pool.c b/src/pool/pool.c
index 05043cd..2659748 100644
--- a/src/pool/pool.c
+++ b/src/pool/pool.c
@@ -1212,7 +1212,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "pool"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -1227,11 +1227,16 @@ int main(int argc, char *argv[])
{
exit(SS_RC_INITIALIZATION_FAILED);
}
-
- uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
+ /* TODO: make database URI or setting key configurable via command line */
+ uri = lib->settings->get_str(lib->settings,
+ "pool.database",
+ lib->settings->get_str(lib->settings,
+ "charon.plugins.attr-sql.database",
+ lib->settings->get_str(lib->settings,
+ "libhydra.plugins.attr-sql.database", NULL)));
if (!uri)
{
- fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n");
+ fprintf(stderr, "database URI pool.database not set.\n");
exit(SS_RC_INITIALIZATION_FAILED);
}
db = lib->db->create(lib->db, uri);
diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql
new file mode 100644
index 0000000..7801263
--- /dev/null
+++ b/src/pool/sqlite.sql
@@ -0,0 +1,283 @@
+
+
+DROP TABLE IF EXISTS identities;
+CREATE TABLE identities (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL,
+ UNIQUE (type, data)
+);
+
+
+DROP TABLE IF EXISTS child_configs;
+CREATE TABLE child_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL,
+ lifetime INTEGER NOT NULL DEFAULT '1500',
+ rekeytime INTEGER NOT NULL DEFAULT '1200',
+ jitter INTEGER NOT NULL DEFAULT '60',
+ updown TEXT DEFAULT NULL,
+ hostaccess INTEGER NOT NULL DEFAULT '0',
+ mode INTEGER NOT NULL DEFAULT '2',
+ start_action INTEGER NOT NULL DEFAULT '0',
+ dpd_action INTEGER NOT NULL DEFAULT '0',
+ close_action INTEGER NOT NULL DEFAULT '0',
+ ipcomp INTEGER NOT NULL DEFAULT '0',
+ reqid INTEGER NOT NULL DEFAULT '0'
+);
+DROP INDEX IF EXISTS child_configs_name;
+CREATE INDEX child_configs_name ON child_configs (
+ name
+);
+
+
+DROP TABLE IF EXISTS child_config_traffic_selector;
+CREATE TABLE child_config_traffic_selector (
+ child_cfg INTEGER NOT NULL,
+ traffic_selector INTEGER NOT NULL,
+ kind INTEGER NOT NULL
+);
+DROP INDEX IF EXISTS child_config_traffic_selector;
+CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector (
+ child_cfg, traffic_selector
+);
+
+DROP TABLE IF EXISTS proposals;
+CREATE TABLE proposals (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ proposal TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS child_config_proposal;
+CREATE TABLE child_config_proposal (
+ child_cfg INTEGER NOT NULL,
+ prio INTEGER NOT NULL,
+ prop INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS ike_configs;
+CREATE TABLE ike_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ certreq INTEGER NOT NULL DEFAULT '1',
+ force_encap INTEGER NOT NULL DEFAULT '0',
+ local TEXT NOT NULL,
+ remote TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS ike_config_proposal;
+CREATE TABLE ike_config_proposal (
+ ike_cfg INTEGER NOT NULL,
+ prio INTEGER NOT NULL,
+ prop INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS peer_configs;
+CREATE TABLE peer_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL,
+ ike_version INTEGER NOT NULL DEFAULT '2',
+ ike_cfg INTEGER NOT NULL,
+ local_id TEXT NOT NULL,
+ remote_id TEXT NOT NULL,
+ cert_policy INTEGER NOT NULL DEFAULT '1',
+ uniqueid INTEGER NOT NULL DEFAULT '0',
+ auth_method INTEGER NOT NULL DEFAULT '1',
+ eap_type INTEGER NOT NULL DEFAULT '0',
+ eap_vendor INTEGER NOT NULL DEFAULT '0',
+ keyingtries INTEGER NOT NULL DEFAULT '3',
+ rekeytime INTEGER NOT NULL DEFAULT '7200',
+ reauthtime INTEGER NOT NULL DEFAULT '0',
+ jitter INTEGER NOT NULL DEFAULT '180',
+ overtime INTEGER NOT NULL DEFAULT '300',
+ mobike INTEGER NOT NULL DEFAULT '1',
+ dpd_delay INTEGER NOT NULL DEFAULT '120',
+ virtual TEXT DEFAULT NULL,
+ pool TEXT DEFAULT NULL,
+ mediation INTEGER NOT NULL DEFAULT '0',
+ mediated_by INTEGER NOT NULL DEFAULT '0',
+ peer_id INTEGER NOT NULL DEFAULT '0'
+);
+DROP INDEX IF EXISTS peer_configs_name;
+CREATE INDEX peer_configs_name ON peer_configs (
+ name
+);
+
+
+DROP TABLE IF EXISTS peer_config_child_config;
+CREATE TABLE peer_config_child_config (
+ peer_cfg INTEGER NOT NULL,
+ child_cfg INTEGER NOT NULL,
+ PRIMARY KEY (peer_cfg, child_cfg)
+);
+
+
+DROP TABLE IF EXISTS traffic_selectors;
+CREATE TABLE traffic_selectors (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL DEFAULT '7',
+ protocol INTEGER NOT NULL DEFAULT '0',
+ start_addr BLOB DEFAULT NULL,
+ end_addr BLOB DEFAULT NULL,
+ start_port INTEGER NOT NULL DEFAULT '0',
+ end_port INTEGER NOT NULL DEFAULT '65535'
+);
+
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ keytype INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS certificate_identity;
+CREATE TABLE certificate_identity (
+ certificate INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (certificate, identity)
+);
+
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS private_key_identity;
+CREATE TABLE private_key_identity (
+ private_key INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (private_key, identity)
+);
+
+
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS shared_secret_identity;
+CREATE TABLE shared_secret_identity (
+ shared_secret INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (shared_secret, identity)
+);
+
+
+DROP TABLE IF EXISTS certificate_authorities;
+CREATE TABLE certificate_authorities (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ certificate INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS certificate_distribution_points;
+CREATE TABLE certificate_distribution_points (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ ca INTEGER NOT NULL,
+ type INTEGER NOT NULL,
+ uri TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS pools;
+CREATE TABLE pools (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL UNIQUE,
+ start BLOB NOT NULL,
+ end BLOB NOT NULL,
+ timeout INTEGER NOT NULL
+);
+
+DROP TABLE IF EXISTS addresses;
+CREATE TABLE addresses (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ pool INTEGER NOT NULL,
+ address BLOB NOT NULL,
+ identity INTEGER NOT NULL DEFAULT 0,
+ acquired INTEGER NOT NULL DEFAULT 0,
+ released INTEGER NOT NULL DEFAULT 1
+);
+DROP INDEX IF EXISTS addresses_pool;
+CREATE INDEX addresses_pool ON addresses (
+ pool
+);
+DROP INDEX IF EXISTS addresses_address;
+CREATE INDEX addresses_address ON addresses (
+ address
+);
+DROP INDEX IF EXISTS addresses_identity;
+CREATE INDEX addresses_identity ON addresses (
+ identity
+);
+
+DROP TABLE IF EXISTS leases;
+CREATE TABLE leases (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ address INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ acquired INTEGER NOT NULL,
+ released INTEGER NOT NULL
+);
+
+DROP TABLE IF EXISTS attribute_pools;
+CREATE TABLE attribute_pools (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL
+);
+
+DROP TABLE IF EXISTS attributes;
+CREATE TABLE attributes (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ identity INTEGER NOT NULL DEFAULT 0,
+ pool INTEGER NOT NULL DEFAULT 0,
+ type INTEGER NOT NULL,
+ value BLOB NOT NULL
+);
+DROP INDEX IF EXISTS attributes_identity;
+CREATE INDEX attributes_identity ON attributes (
+ identity
+);
+DROP INDEX IF EXISTS attributes_pool;
+CREATE INDEX attributes_pool ON attributes (
+ pool
+);
+
+DROP TABLE IF EXISTS ike_sas;
+CREATE TABLE ike_sas (
+ local_spi BLOB NOT NULL PRIMARY KEY,
+ remote_spi BLOB NOT NULL,
+ id INTEGER NOT NULL,
+ initiator INTEGER NOT NULL,
+ local_id_type INTEGER NOT NULL,
+ local_id_data BLOB DEFAULT NULL,
+ remote_id_type INTEGER NOT NULL,
+ remote_id_data BLOB DEFAULT NULL,
+ host_family INTEGER NOT NULL,
+ local_host_data BLOB NOT NULL,
+ remote_host_data BLOB NOT NULL,
+ created INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+DROP TABLE IF EXISTS logs;
+CREATE TABLE logs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ local_spi BLOB NOT NULL,
+ signal INTEGER NOT NULL,
+ level INTEGER NOT NULL,
+ msg TEXT NOT NULL,
+ time INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index b82f0f4..61dff90 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -187,8 +187,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -256,6 +254,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -344,12 +347,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -364,6 +371,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index e7d75f0..90edb0c 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -166,7 +166,7 @@ static void init()
PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
- library_init(NULL);
+ library_init(NULL, "pt-tls-client");
libtnccs_init();
dbg = dbg_pt_tls;
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 39b601f..06354da 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 1267370..d7abcb4 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -24,6 +24,7 @@
#include <time.h>
#include <limits.h>
#include <syslog.h>
+#include <errno.h>
#include <library.h>
#include <utils/debug.h>
@@ -486,7 +487,7 @@ int main(int argc, char **argv)
err_t ugh = NULL;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "scepclient"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -975,9 +976,10 @@ int main(int argc, char **argv)
{ /* no PKCS#7 encoded CA+RA certificates, assume simple CA cert */
DBG1(DBG_APP, "unable to parse PKCS#7, assuming plain CA cert");
- if (!chunk_write(scep_response, ca_path, "ca cert", 0022, force))
+ if (!chunk_write(scep_response, ca_path, 0022, force))
{
- exit_scepclient("could not write ca cert file '%s'", ca_path);
+ exit_scepclient("could not write ca cert file '%s': %s",
+ ca_path, strerror(errno));
}
}
else
@@ -1031,10 +1033,10 @@ int main(int argc, char **argv)
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) ||
- !chunk_write(encoding, path,
- ca_cert ? "ca cert" : "ra cert", 0022, force))
+ !chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write cert file '%s'", path);
+ exit_scepclient("could not write cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
}
@@ -1149,9 +1151,10 @@ int main(int argc, char **argv)
join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs10);
- if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force))
+ if (!chunk_write(pkcs10_encoding, path, 0022, force))
{
- exit_scepclient("could not write pkcs10 file '%s'", path);
+ exit_scepclient("could not write pkcs10 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS10; /* delete PKCS10 flag */
}
@@ -1172,9 +1175,10 @@ int main(int argc, char **argv)
DBG2(DBG_APP, "building pkcs1 object:");
if (!private_key->get_encoding(private_key, PRIVKEY_ASN1_DER, &pkcs1) ||
- !chunk_write(pkcs1, path, "pkcs1", 0066, force))
+ !chunk_write(pkcs1, path, 0066, force))
{
- exit_scepclient("could not write pkcs1 file '%s'", path);
+ exit_scepclient("could not write pkcs1 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS1; /* delete PKCS1 flag */
}
@@ -1236,9 +1240,10 @@ int main(int argc, char **argv)
{
exit_scepclient("encoding certificate failed");
}
- if (!chunk_write(encoding, path, "self-signed cert", 0022, force))
+ if (!chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write self-signed cert file '%s'", path);
+ exit_scepclient("could not write self-signed cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */
@@ -1300,9 +1305,10 @@ int main(int argc, char **argv)
join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs7);
- if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
+ if (!chunk_write(pkcs7, path, 0022, force))
{
- exit_scepclient("could not write pkcs7 file '%s'", path);
+ exit_scepclient("could not write pkcs7 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS7; /* delete PKCS7 flag */
}
@@ -1460,9 +1466,10 @@ int main(int argc, char **argv)
exit_scepclient("multiple certs received, only first stored");
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) ||
- !chunk_write(encoding, path, "requested cert", 0022, force))
+ !chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write cert file '%s'", path);
+ exit_scepclient("could not write cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
stored = TRUE;
diff --git a/src/starter/Android.mk b/src/starter/Android.mk
index 91575c9..c2260be 100644
--- a/src/starter/Android.mk
+++ b/src/starter/Android.mk
@@ -14,7 +14,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(starter_SOURCES))
# build starter ----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libstrongswan \
$(strongswan_PATH)/src/stroke
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 405d92a..7a9154d 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 06eb142..33916c9 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -419,10 +419,10 @@ int main (int argc, char **argv)
bool attach_gdb = FALSE;
bool load_warning = FALSE;
- library_init(NULL);
+ library_init(NULL, "starter");
atexit(library_deinit);
- libhydra_init("starter");
+ libhydra_init();
atexit(libhydra_deinit);
/* parse command line */
diff --git a/src/stroke/Android.mk b/src/stroke/Android.mk
index 320314c..2accb52 100644
--- a/src/stroke/Android.mk
+++ b/src/stroke/Android.mk
@@ -10,7 +10,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(stroke_SOURCES))
# build stroke -----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 8e6ebd5..0b28528 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -186,8 +186,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -255,6 +253,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -343,12 +346,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -363,6 +370,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 75f0145..69c8ea2 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -480,7 +480,7 @@ int main(int argc, char *argv[])
const stroke_token_t *token;
int res = 0;
- library_init(NULL);
+ library_init(NULL, "stroke");
atexit(library_deinit);
if (argc < 2)
diff --git a/src/strongswan.conf b/src/strongswan.conf
deleted file mode 100644
index 0d82ded..0000000
--- a/src/strongswan.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# strongswan.conf - strongSwan configuration file
-
-charon {
-
- # number of worker threads in charon
- threads = 16
-
- # send strongswan vendor ID?
- # send_vendor_id = yes
-
- plugins {
-
- sql {
- # loglevel to log into sql database
- loglevel = -1
-
- # URI to the database
- # database = sqlite:///path/to/file.db
- # database = mysql://user:password@localhost/database
- }
- }
-
- # ...
-}
-
-pluto {
-
-}
-
-libstrongswan {
-
- # set to no, the DH exponent size is optimized
- # dh_exponent_ansi_x9_42 = no
-}
diff --git a/test-driver b/test-driver
deleted file mode 100755
index 32bf39e..0000000
--- a/test-driver
+++ /dev/null
@@ -1,127 +0,0 @@
-#! /bin/sh
-# test-driver - basic testsuite driver script.
-
-scriptversion=2012-06-27.10; # UTC
-
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake at gnu.org> or send patches to
-# <automake-patches at gnu.org>.
-
-# Make unconditional expansion of undefined variables an error. This
-# helps a lot in preventing typo-related bugs.
-set -u
-
-usage_error ()
-{
- echo "$0: $*" >&2
- print_usage >&2
- exit 2
-}
-
-print_usage ()
-{
- cat <<END
-Usage:
- test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
- [--expect-failure={yes|no}] [--color-tests={yes|no}]
- [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
-The '--test-name', '--log-file' and '--trs-file' options are mandatory.
-END
-}
-
-# TODO: better error handling in option parsing (in particular, ensure
-# TODO: $log_file, $trs_file and $test_name are defined).
-test_name= # Used for reporting.
-log_file= # Where to save the output of the test script.
-trs_file= # Where to save the metadata of the test run.
-expect_failure=no
-color_tests=no
-enable_hard_errors=yes
-while test $# -gt 0; do
- case $1 in
- --help) print_usage; exit $?;;
- --version) echo "test-driver $scriptversion"; exit $?;;
- --test-name) test_name=$2; shift;;
- --log-file) log_file=$2; shift;;
- --trs-file) trs_file=$2; shift;;
- --color-tests) color_tests=$2; shift;;
- --expect-failure) expect_failure=$2; shift;;
- --enable-hard-errors) enable_hard_errors=$2; shift;;
- --) shift; break;;
- -*) usage_error "invalid option: '$1'";;
- esac
- shift
-done
-
-if test $color_tests = yes; then
- # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
- red='�[0;31m' # Red.
- grn='�[0;32m' # Green.
- lgn='�[1;32m' # Light green.
- blu='�[1;34m' # Blue.
- mgn='�[0;35m' # Magenta.
- std='�[m' # No color.
-else
- red= grn= lgn= blu= mgn= std=
-fi
-
-do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
-trap "st=129; $do_exit" 1
-trap "st=130; $do_exit" 2
-trap "st=141; $do_exit" 13
-trap "st=143; $do_exit" 15
-
-# Test script is run here.
-"$@" >$log_file 2>&1
-estatus=$?
-if test $enable_hard_errors = no && test $estatus -eq 99; then
- estatus=1
-fi
-
-case $estatus:$expect_failure in
- 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
- 0:*) col=$grn res=PASS recheck=no gcopy=no;;
- 77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
- 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;;
- *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;;
- *:*) col=$red res=FAIL recheck=yes gcopy=yes;;
-esac
-
-# Report outcome to console.
-echo "${col}${res}${std}: $test_name"
-
-# Register the test result, and other relevant metadata.
-echo ":test-result: $res" > $trs_file
-echo ":global-test-result: $res" >> $trs_file
-echo ":recheck: $recheck" >> $trs_file
-echo ":copy-in-global-log: $gcopy" >> $trs_file
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/testing/Makefile.am b/testing/Makefile.am
index 305bf7f..0195c89 100644
--- a/testing/Makefile.am
+++ b/testing/Makefile.am
@@ -1,4 +1,4 @@
-EXTRA_DIST = do-tests make-testing start-testing stop-testing \
+EXTRA_DIST = do-tests make-testing ssh start-testing stop-testing \
testing.conf ssh_config config hosts images scripts tests \
README
diff --git a/testing/Makefile.in b/testing/Makefile.in
index 85f1187..2185867 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -131,8 +131,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -318,7 +326,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-EXTRA_DIST = do-tests make-testing start-testing stop-testing \
+EXTRA_DIST = do-tests make-testing ssh start-testing stop-testing \
testing.conf ssh_config config hosts images scripts tests \
README
diff --git a/testing/config/kernel/config-3.12 b/testing/config/kernel/config-3.12
new file mode 100644
index 0000000..9488919
--- /dev/null
+++ b/testing/config/kernel/config-3.12
@@ -0,0 +1,2022 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 3.12.0 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+# CONFIG_FHANDLE is not set
+# CONFIG_AUDIT is not set
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_PREEMPT_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_UIDGID_STRICT_TYPE_CHECKS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+# CONFIG_EXPERT is not set
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+
+#
+# GCOV-based kernel profiling
+#
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_INTEL_LPSS is not set
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MEMTEST is not set
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_MICROCODE_INTEL_EARLY is not set
+# CONFIG_MICROCODE_AMD_EARLY is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_CROSS_MEMORY_ATTACH=y
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZBUD is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_CC_STACKPROTECTOR is not set
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+# CONFIG_PM_RUNTIME is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_PROCFS_POWER is not set
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+CONFIG_ACPI_BLACKLIST_YEAR=0
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_APEI is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+# CONFIG_PCI_IOAPIC is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_PRIVACY is not set
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+CONFIG_IP_SET_HASH_NET=y
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_TARGET_ULOG=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_IP6_NF_TARGET_MASQUERADE=y
+CONFIG_IP6_NF_TARGET_NPT=y
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_NET_MPLS_GSO is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+CONFIG_FW_LOADER_USER_HELPER=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_DA is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ATMEL_SSC is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_PCH_PHUB is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_I2O is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6060 is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+# CONFIG_NET_DSA_MV88E6131 is not set
+# CONFIG_NET_DSA_MV88E6123_61_65 is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_ARM_AT91_ETHER is not set
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+# CONFIG_NET_CALXEDA_XGMAC is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_PCH_GBE is not set
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+# CONFIG_SH_ETH is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+CONFIG_WLAN=y
+# CONFIG_AIRO is not set
+# CONFIG_ATMEL is not set
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+CONFIG_FIX_EARLYCON_MEM=y
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_MFD_HSU is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_TIMBERDALE is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_PCH_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+# CONFIG_SERIAL_ST_ASC is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+# CONFIG_PTP_1588_CLOCK_PCH is not set
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+CONFIG_GPIO_DEVRES=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+# CONFIG_SENSORS_APPLESMC is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+# CONFIG_DRM is not set
+# CONFIG_VGASTATE is not set
+# CONFIG_VIDEO_OUTPUT_CONTROL is not set
+# CONFIG_FB is not set
+# CONFIG_EXYNOS_VIDEO is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_UCLOGIC is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_DJ is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_AM335X_PHY_USB is not set
+# CONFIG_SAMSUNG_USB2PHY is not set
+# CONFIG_SAMSUNG_USB3PHY is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_THINKPAD_ACPI is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_XO15_EBOOK is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+
+#
+# Hardware Spinlock drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+# CONFIG_EXT2_FS_XIP is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+# CONFIG_F2FS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_RT_MUTEX_TESTER is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_WRITECOUNT is not set
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER_X86=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_SEQIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+# CONFIG_AVERAGE is not set
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
diff --git a/testing/config/kernel/config-3.13 b/testing/config/kernel/config-3.13
new file mode 100644
index 0000000..78d8f22
--- /dev/null
+++ b/testing/config/kernel/config-3.13
@@ -0,0 +1,2047 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 3.13.2 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+# CONFIG_FHANDLE is not set
+# CONFIG_AUDIT is not set
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_PREEMPT_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_UIDGID_STRICT_TYPE_CHECKS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+# CONFIG_EXPERT is not set
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+
+#
+# GCOV-based kernel profiling
+#
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_INTEL_LPSS is not set
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MEMTEST is not set
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_MICROCODE_INTEL_EARLY is not set
+# CONFIG_MICROCODE_AMD_EARLY is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_CROSS_MEMORY_ATTACH=y
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZBUD is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_CC_STACKPROTECTOR is not set
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+# CONFIG_PM_RUNTIME is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_APEI is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+# CONFIG_PCI_IOAPIC is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_TARGET_ULOG=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_IP6_NF_TARGET_MASQUERADE=y
+CONFIG_IP6_NF_TARGET_NPT=y
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_NET_MPLS_GSO is not set
+# CONFIG_HSR is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+CONFIG_FW_LOADER_USER_HELPER=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+# CONFIG_PARPORT is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ATMEL_SSC is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_PCH_PHUB is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Host Driver
+#
+# CONFIG_INTEL_MIC_HOST is not set
+
+#
+# Intel MIC Card Driver
+#
+# CONFIG_INTEL_MIC_CARD is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_I2O is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6060 is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+# CONFIG_NET_DSA_MV88E6131 is not set
+# CONFIG_NET_DSA_MV88E6123_61_65 is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_ARM_AT91_ETHER is not set
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+# CONFIG_NET_CALXEDA_XGMAC is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_PCH_GBE is not set
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+# CONFIG_SH_ETH is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+CONFIG_WLAN=y
+# CONFIG_AIRO is not set
+# CONFIG_ATMEL is not set
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+CONFIG_FIX_EARLYCON_MEM=y
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_MFD_HSU is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_TIMBERDALE is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_PCH_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+# CONFIG_PTP_1588_CLOCK_PCH is not set
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+# CONFIG_SENSORS_APPLESMC is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+# CONFIG_DRM is not set
+# CONFIG_VGASTATE is not set
+# CONFIG_VIDEO_OUTPUT_CONTROL is not set
+# CONFIG_FB is not set
+# CONFIG_EXYNOS_VIDEO is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_UCLOGIC is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO_TPKBD is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_DJ is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_SAMSUNG_USB2PHY is not set
+# CONFIG_SAMSUNG_USB3PHY is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_THINKPAD_ACPI is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_XO15_EBOOK is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_CHROME_PLATFORMS is not set
+
+#
+# Hardware Spinlock drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set
+# CONFIG_POWERCAP is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+# CONFIG_EXT2_FS_XIP is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+# CONFIG_F2FS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_RT_MUTEX_TESTER is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_WRITECOUNT is not set
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_SEQIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+# CONFIG_AVERAGE is not set
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql
deleted file mode 100644
index 2917fc3..0000000
--- a/testing/hosts/default/etc/ipsec.d/tables.sql
+++ /dev/null
@@ -1,270 +0,0 @@
-/* strongSwan SQLite database */
-
-DROP TABLE IF EXISTS identities;
-CREATE TABLE identities (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- data BLOB NOT NULL,
- UNIQUE (type, data)
-);
-
-DROP TABLE IF EXISTS child_configs;
-CREATE TABLE child_configs (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL,
- lifetime INTEGER NOT NULL DEFAULT '1200',
- rekeytime INTEGER NOT NULL DEFAULT '1020',
- jitter INTEGER NOT NULL DEFAULT '180',
- updown TEXT DEFAULT NULL,
- hostaccess INTEGER NOT NULL DEFAULT '0',
- mode INTEGER NOT NULL DEFAULT '2',
- start_action INTEGER NOT NULL DEFAULT '0',
- dpd_action INTEGER NOT NULL DEFAULT '0',
- close_action INTEGER NOT NULL DEFAULT '0',
- ipcomp INTEGER NOT NULL DEFAULT '0',
- reqid INTEGER NOT NULL DEFAULT '0'
-);
-DROP INDEX IF EXISTS child_configs_name;
-CREATE INDEX child_configs_name ON child_configs (
- name
-);
-
-DROP TABLE IF EXISTS child_config_traffic_selector;
-CREATE TABLE child_config_traffic_selector (
- child_cfg INTEGER NOT NULL,
- traffic_selector INTEGER NOT NULL,
- kind INTEGER NOT NULL
-);
-DROP INDEX IF EXISTS child_config_traffic_selector;
-CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector (
- child_cfg, traffic_selector
-);
-
-DROP TABLE IF EXISTS proposals;
-CREATE TABLE proposals (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- proposal TEXT NOT NULL
-);
-
-DROP TABLE IF EXISTS child_config_proposal;
-CREATE TABLE child_config_proposal (
- child_cfg INTEGER NOT NULL,
- prio INTEGER NOT NULL,
- prop INTEGER NOT NULL
-);
-
-DROP TABLE IF EXISTS ike_configs;
-CREATE TABLE ike_configs (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- certreq INTEGER NOT NULL DEFAULT '1',
- force_encap INTEGER NOT NULL DEFAULT '0',
- local TEXT NOT NULL,
- remote TEXT NOT NULL
-);
-
-DROP TABLE IF EXISTS ike_config_proposal;
-CREATE TABLE ike_config_proposal (
- ike_cfg INTEGER NOT NULL,
- prio INTEGER NOT NULL,
- prop INTEGER NOT NULL
-);
-
-DROP TABLE IF EXISTS peer_configs;
-CREATE TABLE peer_configs (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL,
- ike_version INTEGER NOT NULL DEFAULT '2',
- ike_cfg INTEGER NOT NULL,
- local_id TEXT NOT NULL,
- remote_id TEXT NOT NULL,
- cert_policy INTEGER NOT NULL DEFAULT '1',
- uniqueid INTEGER NOT NULL DEFAULT '0',
- auth_method INTEGER NOT NULL DEFAULT '1',
- eap_type INTEGER NOT NULL DEFAULT '0',
- eap_vendor INTEGER NOT NULL DEFAULT '0',
- keyingtries INTEGER NOT NULL DEFAULT '1',
- rekeytime INTEGER NOT NULL DEFAULT '0',
- reauthtime INTEGER NOT NULL DEFAULT '3600',
- jitter INTEGER NOT NULL DEFAULT '180',
- overtime INTEGER NOT NULL DEFAULT '300',
- mobike INTEGER NOT NULL DEFAULT '1',
- dpd_delay INTEGER NOT NULL DEFAULT '120',
- virtual TEXT DEFAULT NULL,
- pool TEXT DEFAULT NULL,
- mediation INTEGER NOT NULL DEFAULT '0',
- mediated_by INTEGER NOT NULL DEFAULT '0',
- peer_id INTEGER NOT NULL DEFAULT '0'
-);
-DROP INDEX IF EXISTS peer_configs_name;
-CREATE INDEX peer_configs_name ON peer_configs (
- name
-);
-
-DROP TABLE IF EXISTS peer_config_child_config;
-CREATE TABLE peer_config_child_config (
- peer_cfg INTEGER NOT NULL,
- child_cfg INTEGER NOT NULL,
- PRIMARY KEY (peer_cfg, child_cfg)
-);
-
-DROP TABLE IF EXISTS traffic_selectors;
-CREATE TABLE traffic_selectors (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL DEFAULT '7',
- protocol INTEGER NOT NULL DEFAULT '0',
- start_addr BLOB DEFAULT NULL,
- end_addr BLOB DEFAULT NULL,
- start_port INTEGER NOT NULL DEFAULT '0',
- end_port INTEGER NOT NULL DEFAULT '65535'
-);
-
-DROP TABLE IF EXISTS certificates;
-CREATE TABLE certificates (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- keytype INTEGER NOT NULL,
- data BLOB NOT NULL
-);
-
-DROP TABLE IF EXISTS certificate_identity;
-CREATE TABLE certificate_identity (
- certificate INTEGER NOT NULL,
- identity INTEGER NOT NULL,
- PRIMARY KEY (certificate, identity)
-);
-
-DROP TABLE IF EXISTS private_keys;
-CREATE TABLE private_keys (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- data BLOB NOT NULL
-);
-
-DROP TABLE IF EXISTS private_key_identity;
-CREATE TABLE private_key_identity (
- private_key INTEGER NOT NULL,
- identity INTEGER NOT NULL,
- PRIMARY KEY (private_key, identity)
-);
-
-DROP TABLE IF EXISTS shared_secrets;
-CREATE TABLE shared_secrets (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- data BLOB NOT NULL
-);
-
-DROP TABLE IF EXISTS shared_secret_identity;
-CREATE TABLE shared_secret_identity (
- shared_secret INTEGER NOT NULL,
- identity INTEGER NOT NULL,
- PRIMARY KEY (shared_secret, identity)
-);
-
-DROP TABLE IF EXISTS certificate_authorities;
-CREATE TABLE certificate_authorities (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- certificate INTEGER NOT NULL
-);
-
-DROP TABLE IF EXISTS certificate_distribution_points;
-CREATE TABLE certificate_distribution_points (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- ca INTEGER NOT NULL,
- type INTEGER NOT NULL,
- uri TEXT NOT NULL
-);
-
-DROP TABLE IF EXISTS pools;
-CREATE TABLE pools (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL,
- start BLOB NOT NULL,
- end BLOB NOT NULL,
- timeout INTEGER NOT NULL
-);
-DROP INDEX IF EXISTS pools_name;
-CREATE INDEX pools_name ON pools (
- name
-);
-
-DROP TABLE IF EXISTS addresses;
-CREATE TABLE addresses (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- pool INTEGER NOT NULL,
- address BLOB NOT NULL,
- identity INTEGER NOT NULL DEFAULT 0,
- acquired INTEGER NOT NULL DEFAULT 0,
- released INTEGER NOT NULL DEFAULT 1
-);
-DROP INDEX IF EXISTS addresses_pool;
-CREATE INDEX addresses_pool ON addresses (
- pool
-);
-DROP INDEX IF EXISTS addresses_address;
-CREATE INDEX addresses_address ON addresses (
- address
-);
-DROP INDEX IF EXISTS addresses_identity;
-CREATE INDEX addresses_identity ON addresses (
- identity
-);
-
-DROP TABLE IF EXISTS leases;
-CREATE TABLE leases (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- address INTEGER NOT NULL,
- identity INTEGER NOT NULL,
- acquired INTEGER NOT NULL,
- released INTEGER NOT NULL
-);
-
-DROP TABLE IF EXISTS attribute_pools;
-CREATE TABLE attribute_pools (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL
-);
-
-DROP TABLE IF EXISTS attributes;
-CREATE TABLE attributes (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- identity INTEGER NOT NULL DEFAULT 0,
- pool INTEGER NOT NULL DEFAULT 0,
- type INTEGER NOT NULL,
- value BLOB NOT NULL
-);
-DROP INDEX IF EXISTS attributes_identity;
-CREATE INDEX attributes_identity ON attributes (
- identity
-);
-DROP INDEX IF EXISTS attributes_pool;
-CREATE INDEX attributes_pool ON attributes (
- pool
-);
-
-DROP TABLE IF EXISTS ike_sas;
-CREATE TABLE ike_sas (
- local_spi BLOB NOT NULL PRIMARY KEY,
- remote_spi BLOB NOT NULL,
- id INTEGER NOT NULL,
- initiator INTEGER NOT NULL,
- local_id_type INTEGER NOT NULL,
- local_id_data BLOB DEFAULT NULL,
- remote_id_type INTEGER NOT NULL,
- remote_id_data BLOB DEFAULT NULL,
- host_family INTEGER NOT NULL,
- local_host_data BLOB NOT NULL,
- remote_host_data BLOB NOT NULL,
- created INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-DROP TABLE IF EXISTS logs;
-CREATE TABLE logs (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- local_spi BLOB NOT NULL,
- signal INTEGER NOT NULL,
- level INTEGER NOT NULL,
- msg TEXT NOT NULL,
- time INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
diff --git a/testing/hosts/default/etc/pts/data.sql b/testing/hosts/default/etc/pts/data.sql
deleted file mode 100644
index 241a996..0000000
--- a/testing/hosts/default/etc/pts/data.sql
+++ /dev/null
@@ -1,1060 +0,0 @@
-/* Products */
-
-INSERT INTO products ( /* 1 */
- name
-) VALUES (
- 'Debian 6.0 i686'
-);
-
-INSERT INTO products ( /* 2 */
- name
-) VALUES (
- 'Debian 6.0 x86_64'
-);
-
-INSERT INTO products ( /* 3 */
- name
-) VALUES (
- 'Debian 7.0 i686'
-);
-
-INSERT INTO products ( /* 4 */
- name
-) VALUES (
- 'Debian 7.0 x86_64'
-);
-
-INSERT INTO products ( /* 5 */
- name
-) VALUES (
- 'Debian 8.0 i686'
-);
-
-INSERT INTO products ( /* 6 */
- name
-) VALUES (
- 'Debian 8.0 x86_64'
-);
-
-INSERT INTO products ( /* 7 */
- name
-) VALUES (
- 'Ubuntu 10.04 i686'
-);
-
-INSERT INTO products ( /* 8 */
- name
-) VALUES (
- 'Ubuntu 10.04 x86_64'
-);
-
-INSERT INTO products ( /* 9 */
- name
-) VALUES (
- 'Ubuntu 10.10 i686'
-);
-
-INSERT INTO products ( /* 10 */
- name
-) VALUES (
- 'Ubuntu 10.10 x86_64'
-);
-
-INSERT INTO products ( /* 11 */
- name
-) VALUES (
- 'Ubuntu 11.04 i686'
-);
-
-INSERT INTO products ( /* 12 */
- name
-) VALUES (
- 'Ubuntu 11.04 x86_64'
-);
-
-INSERT INTO products ( /* 13 */
- name
-) VALUES (
- 'Ubuntu 11.10 i686'
-);
-
-INSERT INTO products ( /* 14 */
- name
-) VALUES (
- 'Ubuntu 11.10 x86_64'
-);
-
-INSERT INTO products ( /* 15 */
- name
-) VALUES (
- 'Ubuntu 12.04 i686'
-);
-
-INSERT INTO products ( /* 16 */
- name
-) VALUES (
- 'Ubuntu 12.04 x86_64'
-);
-
-INSERT INTO products ( /* 17 */
- name
-) VALUES (
- 'Ubuntu 12.10 i686'
-);
-
-INSERT INTO products ( /* 18 */
- name
-) VALUES (
- 'Ubuntu 12.10 x86_64'
-);
-
-INSERT INTO products ( /* 19 */
- name
-) VALUES (
- 'Ubuntu 13.04 i686'
-);
-
-INSERT INTO products ( /* 20 */
- name
-) VALUES (
- 'Ubuntu 13.04 x86_64'
-);
-
-INSERT INTO products ( /* 21 */
- name
-) VALUES (
- 'Android 4.1.1'
-);
-
-INSERT INTO products ( /* 22 */
- name
-) VALUES (
- 'Android 4.2.1'
-);
-
-INSERT INTO products ( /* 23 */
- name
-) VALUES (
- 'Ubuntu 13.10 i686'
-);
-
-INSERT INTO products ( /* 24 */
- name
-) VALUES (
- 'Ubuntu 13.10 x86_64'
-);
-
-INSERT INTO products ( /* 25 */
- name
-) VALUES (
- 'Debian 7.1 i686'
-);
-
-INSERT INTO products ( /* 26 */
- name
-) VALUES (
- 'Debian 7.1 x86_64'
-);
-
-INSERT INTO products ( /* 27 */
- name
-) VALUES (
- 'Debian 7.2 i686'
-);
-
-INSERT INTO products ( /* 28 */
- name
-) VALUES (
- 'Debian 7.2 x86_64'
-);
-
-/* Directories */
-
-INSERT INTO directories ( /* 1 */
- path
-) VALUES (
- '/bin'
-);
-
-INSERT INTO directories ( /* 2 */
- path
-) VALUES (
- '/etc'
-);
-
-INSERT INTO directories ( /* 3 */
- path
-) VALUES (
- '/lib'
-);
-
-INSERT INTO directories ( /* 4 */
- path
-) VALUES (
- '/lib/i386-linux-gnu'
-);
-
-INSERT INTO directories ( /* 5 */
- path
-) VALUES (
- '/lib/x86_64-linux-gnu'
-);
-
-INSERT INTO directories ( /* 6 */
- path
-) VALUES (
- '/lib/xtables'
-);
-
-INSERT INTO directories ( /* 7 */
- path
-) VALUES (
- '/sbin'
-);
-
-INSERT INTO directories ( /* 8 */
- path
-) VALUES (
- '/usr/bin'
-);
-
-INSERT INTO directories ( /* 9 */
- path
-) VALUES (
- '/usr/lib'
-);
-
-INSERT INTO directories ( /* 10 */
- path
-) VALUES (
- '/usr/lib/i386-linux-gnu'
-);
-
-INSERT INTO directories ( /* 11 */
- path
-) VALUES (
- '/usr/lib/x86_64-linux-gnu'
-);
-
-INSERT INTO directories ( /* 12 */
- path
-) VALUES (
- '/usr/sbin'
-);
-
-INSERT INTO directories ( /* 13 */
- path
-) VALUES (
- '/system/bin'
-);
-
-INSERT INTO directories ( /* 14 */
- path
-) VALUES (
- '/system/lib'
-);
-
-/* Files */
-
-INSERT INTO files ( /* 1 */
- name, dir
-) VALUES (
- 'libcrypto.so.1.0.0', 5
-);
-
-INSERT INTO files ( /* 2 */
- name, dir
-) VALUES (
- 'libcrypto.so.1.0.0', 11
-);
-
-INSERT INTO files ( /* 3 */
- name, dir
-) VALUES (
- 'libssl.so.1.0.0', 5
-);
-
-INSERT INTO files ( /* 4 */
- name, dir
-) VALUES (
- 'libssl.so.1.0.0', 11
-);
-
-INSERT INTO files ( /* 5 */
- name, dir
-) VALUES (
- 'openssl', 8
-);
-
-INSERT INTO files ( /* 6 */
- name, dir
-) VALUES (
- 'tnc_config', 2
-);
-
-/* Algorithms */
-
-INSERT INTO algorithms (
- id, name
-) VALUES (
- 65536, 'SHA1-IMA'
-);
-
-INSERT INTO algorithms (
- id, name
-) VALUES (
- 32768, 'SHA1'
-);
-
-INSERT INTO algorithms (
- id, name
-) VALUES (
- 16384, 'SHA256'
-);
-
-INSERT INTO algorithms (
- id, name
-) VALUES (
- 8192, 'SHA384'
-);
-
-/* File Hashes */
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 28, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500'
-);
-
-INSERT INTO file_hashes (
- product, file, algo, hash
-) VALUES (
- 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668'
-);
-
-/* Packages */
-
-INSERT INTO packages ( /* 1 */
- name
-) VALUES (
- 'libssl-dev'
-);
-
-INSERT INTO packages ( /* 2 */
- name
-) VALUES (
- 'libssl1.0.0'
-);
-
-INSERT INTO packages ( /* 3 */
- name
-) VALUES (
- 'libssl1.0.0-dbg'
-);
-
-INSERT INTO packages ( /* 4 */
- name
-) VALUES (
- 'openssl'
-);
-
-/* Versions */
-
-INSERT INTO versions (
- package, product, release, time
-) VALUES (
- 1, 28, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
- package, product, release, time
-) VALUES (
- 2, 28, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
- package, product, release, time
-) VALUES (
- 3, 28, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
- package, product, release, time
-) VALUES (
- 4, 28, '1.0.1e-2', 1366531494
-);
-
-/* Components */
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 1, 33 /* ITA TGRUB */
-);
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 2, 33 /* ITA TBOOT */
-);
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 3, 33 /* ITA IMA - Trusted Platform */
-);
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 3, 34 /* ITA IMA - Operating System */
-);
-
-/* Groups */
-
-INSERT INTO groups ( /* 1 */
- name
-) VALUES (
- 'Default'
-);
-
-INSERT INTO groups ( /* 2 */
- name, parent
-) VALUES (
- 'Linux', 1
-);
-
-INSERT INTO groups ( /* 3 */
- name, parent
-) VALUES (
- 'Android', 1
-);
-
-INSERT INTO groups ( /* 4 */
- name, parent
-) VALUES (
- 'Debian i686', 2
-);
-
-INSERT INTO groups ( /* 5 */
- name, parent
-) VALUES (
- 'Debian x86_64', 2
-);
-
-INSERT INTO groups ( /* 6 */
- name, parent
-) VALUES (
- 'Ubuntu i686', 2
-);
-
-INSERT INTO groups ( /* 7 */
- name, parent
-) VALUES (
- 'Ubuntu x86_64', 2
-);
-
-INSERT INTO groups ( /* 8 */
- name
-) VALUES (
- 'Reference'
-);
-
-INSERT INTO groups ( /* 9 */
- name, parent
-) VALUES (
- 'Ref. Android', 8
-);
-
-INSERT INTO groups ( /* 10 */
- name, parent
-) VALUES (
- 'Ref. Linux', 8
-);
-
-/* Default Product Groups */
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 4, 1
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 4, 3
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 4, 5
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 4, 25
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 4, 27
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 5, 2
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 5, 4
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 5, 6
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 5, 26
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 5, 28
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 9
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 11
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 13
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 15
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 17
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 19
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 6, 23
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 8
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 10
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 12
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 14
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 16
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 18
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 20
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 7, 24
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 3, 21
-);
-
-INSERT INTO groups_product_defaults (
- group_id, product_id
-) VALUES (
- 3, 22
-);
-
-/* Policies */
-
-INSERT INTO policies ( /* 1 */
- type, name, rec_fail, rec_noresult
-) VALUES (
- 1, 'Installed Packages', 2, 2
-);
-
-INSERT INTO policies ( /* 2 */
- type, name, rec_fail, rec_noresult
-) VALUES (
- 2, 'Unknown Source', 2, 2
-);
-
-INSERT INTO policies ( /* 3 */
- type, name, rec_fail, rec_noresult
-) VALUES (
- 3, 'IP Forwarding Enabled', 1, 1
-);
-
-INSERT INTO policies ( /* 4 */
- type, name, rec_fail, rec_noresult
-) VALUES (
- 4, 'Default Factory Password Enabled', 1, 1
-);
-
-INSERT INTO policies ( /* 5 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
-);
-
-INSERT INTO policies ( /* 6 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
-);
-
-INSERT INTO policies ( /* 7 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 6, 'Measure /usr/bin/openssl', 5, 2, 2
-);
-
-INSERT INTO policies ( /* 8 */
- type, name, rec_fail, rec_noresult
-) VALUES (
- 11, 'No Open TCP Ports', 1, 1
-);
-
-INSERT INTO policies ( /* 9 */
- type, name, argument, rec_fail, rec_noresult
-) VALUES (
- 13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
-);
-
-INSERT INTO policies ( /* 10 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 7, 'Metadata of /etc/tnc_config', 6, 0, 0
-);
-
-INSERT INTO policies ( /* 11 */
- type, name, dir, rec_fail, rec_noresult
-) VALUES (
- 8, 'Get /bin', 1, 0, 0
-);
-
-INSERT INTO policies ( /* 12 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
-);
-
-INSERT INTO policies ( /* 13 */
- type, name, file, rec_fail, rec_noresult
-) VALUES (
- 6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
-);
-
-INSERT INTO policies ( /* 14 */
- type, name, dir, rec_fail, rec_noresult
-) VALUES (
- 8, 'Get /system/bin', 13, 0, 0
-);
-
-INSERT INTO policies ( /* 15 */
- type, name, dir, rec_fail, rec_noresult
-) VALUES (
- 8, 'Get /system/lib', 14, 0, 0
-);
-
-INSERT INTO policies ( /* 16 */
- type, name, dir, rec_fail, rec_noresult
-) VALUES (
- 9, 'Measure /bin', 1, 2, 2
-);
-
-INSERT INTO policies ( /* 17 */
- type, name, argument, rec_fail, rec_noresult
-) VALUES (
- 15, 'SWID Tag IDs', 'R', 2, 2
-);
-
-INSERT INTO policies ( /* 18 */
- type, name, argument, rec_fail, rec_noresult
-) VALUES (
- 15, 'SWID Tags', '', 2, 2
-);
-
-/* Enforcements */
-
-INSERT INTO enforcements ( /* 1 */
- policy, group_id, max_age
-) VALUES (
- 1, 1, 86400
-);
-
-INSERT INTO enforcements ( /* 2 */
- policy, group_id, max_age
-) VALUES (
- 2, 3, 0
-);
-
-INSERT INTO enforcements ( /* 3 */
- policy, group_id, max_age
-) VALUES (
- 3, 2, 0
-);
-
-INSERT INTO enforcements ( /* 4 */
- policy, group_id, max_age
-) VALUES (
- 5, 7, 86400
-);
-
-INSERT INTO enforcements ( /* 5 */
- policy, group_id, max_age
-) VALUES (
- 6, 7, 86400
-);
-
-INSERT INTO enforcements ( /* 6 */
- policy, group_id, max_age
-) VALUES (
- 7, 2, 86400
-);
-
-INSERT INTO enforcements ( /* 7 */
- policy, group_id, max_age
-) VALUES (
- 8, 1, 60
-);
-
-INSERT INTO enforcements ( /* 8 */
- policy, group_id, max_age
-) VALUES (
- 9, 1, 60
-);
-
-INSERT INTO enforcements ( /* 9 */
- policy, group_id, max_age
-) VALUES (
- 10, 2, 60
-);
-
-INSERT INTO enforcements ( /* 10 */
- policy, group_id, max_age
-) VALUES (
- 11, 10, 86400
-);
-
-INSERT INTO enforcements ( /* 11 */
- policy, group_id, max_age
-) VALUES (
- 12, 5, 86400
-);
-
-INSERT INTO enforcements ( /* 12 */
- policy, group_id, max_age
-) VALUES (
- 13, 5, 86400
-);
-
-INSERT INTO enforcements ( /* 13 */
- policy, group_id, max_age
-) VALUES (
- 14, 9, 0
-);
-
-INSERT INTO enforcements ( /* 14 */
- policy, group_id, max_age
-) VALUES (
- 15, 9, 0
-);
-
-/* regids */
-
-INSERT INTO regids ( /* 1 */
- name
-) VALUES (
- 'regid.1986-12.com.adobe'
-);
-
-INSERT INTO regids ( /* 2 */
- name
-) VALUES (
- 'regid.1991-06.com.microsoft'
-);
-
-INSERT INTO regids ( /* 3 */
- name
-) VALUES (
- 'regid.2004-05.com.ubuntu'
-);
-
-INSERT INTO regids ( /* 4 */
- name
-) VALUES (
- 'regid.1995-04.org.apache'
-);
-
-INSERT INTO regids ( /* 5 */
- name
-) VALUES (
- 'regid.1999-03.org.debian'
-);
-
-INSERT INTO regids ( /* 6 */
- name
-) VALUES (
- 'regid.1994-04.org.isc'
-);
-
-INSERT INTO regids ( /* 7 */
- name
-) VALUES (
- 'regid.1998-12.org.openssl'
-);
-
-INSERT INTO regids ( /* 8 */
- name
-) VALUES (
- 'regid.1998-01.org.samba'
-);
-
-INSERT INTO regids ( /* 9 */
- name
-) VALUES (
- 'regid.2002-08.org.sqlite'
-);
-
-INSERT INTO regids ( /* 10 */
- name
-) VALUES (
- 'regid.2004-03.org.strongswan'
-);
-
-/* Tags */
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 2, 'Windows-8-Pro'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'apache-2-2-22-13'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'bind-9-8-4-dfsg'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'libsqlite-3-7-13-1'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'libssl-1-0-1e-2'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'libssl-dev-1-0-1e-2'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'libssl-doc-1-0-1e-2'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'openssl-1-0-1e-2'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'smbclient-3-6-6-6'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 5, 'sqlite-3-7-13-1'
-);
-
-INSERT INTO tags (
- regid, unique_sw_id
-) VALUES (
- 10, 'strongSwan-5-1-1'
-);
-
diff --git a/testing/hosts/default/etc/pts/tables.sql b/testing/hosts/default/etc/pts/tables.sql
deleted file mode 100644
index a0f3a4e..0000000
--- a/testing/hosts/default/etc/pts/tables.sql
+++ /dev/null
@@ -1,256 +0,0 @@
-/* IMV PTS SQLite database */
-
-DROP TABLE IF EXISTS directories;
-CREATE TABLE directories (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- path TEXT NOT NULL
-);
-DROP INDEX IF EXISTS directories_path;
-CREATE INDEX directories_path ON directories (
- path
-);
-
-DROP TABLE IF EXISTS files;
-CREATE TABLE files (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- dir INTEGER DEFAULT 0 REFERENCES directories(id),
- name TEXT NOT NULL
-);
-DROP INDEX IF EXISTS files_name;
-CREATE INDEX files_name ON files (
- name
-);
-
-DROP TABLE IF EXISTS products;
-CREATE TABLE products (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL
-);
-DROP INDEX IF EXISTS products_name;
-CREATE INDEX products_name ON products (
- name
-);
-
-DROP TABLE IF EXISTS algorithms;
-CREATE TABLE algorithms (
- id INTEGER PRIMARY KEY,
- name VARCHAR(20) not NULL
-);
-
-DROP TABLE IF EXISTS file_hashes;
-CREATE TABLE file_hashes (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- file INTEGER NOT NULL REFERENCES files(id),
- product INTEGER NOT NULL REFERENCES products(id),
- device INTEGER DEFAULT 0,
- key INTEGER DEFAULT 0 REFERENCES keys(id),
- algo INTEGER NOT NULL REFERENCES algorithms(id),
- hash BLOB NOT NULL
-);
-
-DROP TABLE IF EXISTS keys;
-CREATE TABLE keys (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- keyid BLOB NOT NULL,
- owner TEXT NOT NULL
-);
-DROP INDEX IF EXISTS keys_keyid;
-CREATE INDEX keys_keyid ON keys (
- keyid
-);
-DROP INDEX IF EXISTS keys_owner;
-CREATE INDEX keys_owner ON keys (
- owner
-);
-
-DROP TABLE IF EXISTS groups;
-CREATE TABLE groups (
- id INTEGER NOT NULL PRIMARY KEY,
- name VARCHAR(50) NOT NULL UNIQUE,
- parent INTEGER
-);
-
-DROP TABLE IF EXISTS groups_members;
-CREATE TABLE groups_members (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- group_id INTEGER NOT NULL REFERENCES groups(id),
- device_id INTEGER NOT NULL REFERENCES devices(id),
- UNIQUE (group_id, device_id)
-);
-
-DROP TABLE IF EXISTS groups_product_defaults;
-CREATE TABLE groups_product_defaults (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- group_id INTEGER NOT NULL REFERENCES groups(id),
- product_id INTEGER NOT NULL REFERENCES products(id),
- UNIQUE (group_id, product_id)
-);
-
-DROP TABLE IF EXISTS policies;
-CREATE TABLE policies (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- name VARCHAR(100) NOT NULL UNIQUE,
- argument TEXT DEFAULT '' NOT NULL,
- rec_fail INTEGER NOT NULL,
- rec_noresult INTEGER NOT NULL,
- file INTEGER DEFAULT 0 REFERENCES files(id),
- dir INTEGER DEFAULT 0 REFERENCES directories(id)
-);
-
-DROP TABLE IF EXISTS enforcements;
-CREATE TABLE enforcements (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- policy INTEGER NOT NULL REFERENCES policies(id),
- group_id INTEGER NOT NULL REFERENCES groups(id),
- rec_fail INTEGER,
- rec_noresult INTEGER,
- max_age INTEGER NOT NULL,
- UNIQUE (policy, group_id)
-);
-
-DROP TABLE IF EXISTS sessions;
-CREATE TABLE sessions (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- time INTEGER NOT NULL,
- connection INTEGER NOT NULL,
- identity INTEGER DEFAULT 0 REFERENCES identities(id),
- device INTEGER DEFAULT 0 REFERENCES devices(id),
- product INTEGER DEFAULT 0 REFERENCES products(id),
- rec INTEGER DEFAULT 3
-);
-
-DROP TABLE IF EXISTS workitems;
-CREATE TABLE workitems (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- session INTEGER NOT NULL REFERENCES sessions(id),
- enforcement INTEGER NOT NULL REFERENCES enforcements(id),
- type INTEGER NOT NULL,
- arg_str TEXT,
- arg_int INTEGER DEFAULT 0,
- rec_fail INTEGER NOT NULL,
- rec_noresult INTEGER NOT NULL,
- rec_final INTEGER,
- result TEXT
-);
-DROP INDEX IF EXISTS workitems_session;
-CREATE INDEX workitems_sessions ON workitems (
- session
-);
-
-DROP TABLE IF EXISTS results;
-CREATE TABLE results (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- session INTEGER NOT NULL REFERENCES measurements(id),
- policy INTEGER NOT NULL REFERENCES policies(id),
- rec INTEGER NOT NULL,
- result TEXT NOT NULL
-);
-DROP INDEX IF EXISTS results_session;
-CREATE INDEX results_session ON results (
- session
-);
-
-DROP TABLE IF EXISTS components;
-CREATE TABLE components (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- vendor_id INTEGER NOT NULL,
- name INTEGER NOT NULL,
- qualifier INTEGER DEFAULT 0
-);
-
-
-DROP TABLE IF EXISTS key_component;
-CREATE TABLE key_component (
- key INTEGER NOT NULL,
- component INTEGER NOT NULL,
- depth INTEGER DEFAULT 0,
- seq_no INTEGER DEFAULT 0,
- PRIMARY KEY (key, component)
-);
-
-
-DROP TABLE IF EXISTS component_hashes;
-CREATE TABLE component_hashes (
- component INTEGER NOT NULL,
- key INTEGER NOT NULL,
- seq_no INTEGER NOT NULL,
- pcr INTEGER NOT NULL,
- algo INTEGER NOT NULL,
- hash BLOB NOT NULL,
- PRIMARY KEY(component, key, seq_no, algo)
-);
-
-DROP TABLE IF EXISTS packages;
-CREATE TABLE packages (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL,
- blacklist INTEGER DEFAULT 0
-);
-DROP INDEX IF EXISTS packages_name;
-CREATE INDEX packages_name ON packages (
- name
-);
-
-DROP TABLE IF EXISTS versions;
-CREATE TABLE versions (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- package INTEGER NOT NULL REFERENCES packages(id),
- product INTEGER NOT NULL REFERENCES products(id),
- release TEXT NOT NULL,
- security INTEGER DEFAULT 0,
- blacklist INTEGER DEFAULT 0,
- time INTEGER DEFAULT 0
-);
-DROP INDEX IF EXISTS versions_release;
-CREATE INDEX versions_release ON versions (
- release
-);
-DROP INDEX IF EXISTS versions_package_product;
-CREATE INDEX versions_package_product ON versions (
- package, product
-);
-
-DROP TABLE IF EXISTS devices;
-CREATE TABLE devices (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- description TEXT DEFAULT '',
- value TEXT NOT NULL,
- product INTEGER REFERENCES products(id),
- created INTEGER
-);
-DROP INDEX IF EXISTS devices_id;
-CREATE INDEX devices_value ON devices (
- value
-);
-
-DROP TABLE IF EXISTS identities;
-CREATE TABLE identities (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- type INTEGER NOT NULL,
- value BLOB NOT NULL,
- UNIQUE (type, value)
-);
-
-DROP TABLE IF EXISTS regids;
-CREATE TABLE regids (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- name TEXT NOT NULL
-);
-DROP INDEX IF EXISTS regids_name;
-CREATE INDEX regids_name ON regids (
- name
-);
-
-DROP TABLE IF EXISTS tags;
-CREATE TABLE tags (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- regid INTEGER NOT NULL REFERENCES regids(id),
- unique_sw_id TEXT NOT NULL,
- value TEXT
-);
-DROP INDEX IF EXISTS tags_name;
-CREATE INDEX tags_unique_sw_id ON tags (
- unique_sw_id
-);
-
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index 354b48b..b6b8854 100755
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -68,7 +68,7 @@ do_on_exit graceful_umount $APTCACHE
log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)"
execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"
-execute "mount -t proc none $LOOPDIR/proc"
+execute "mount -t proc none $LOOPDIR/proc" 0
do_on_exit graceful_umount $LOOPDIR/proc
for service in $SERVICES
diff --git a/testing/scripts/build-guestkernel b/testing/scripts/build-guestkernel
index 66a9fe7..40aa1b4 100755
--- a/testing/scripts/build-guestkernel
+++ b/testing/scripts/build-guestkernel
@@ -27,7 +27,7 @@ then
fi
log_action "Unpacking kernel"
-execute "tar xjf $KERNELTARBALL"
+execute "tar xJf $KERNELTARBALL"
KERNELDIR=$BUILDDIR/$KERNEL
cd $KERNELDIR
diff --git a/testing/scripts/recipes/003_freeradius.mk b/testing/scripts/recipes/003_freeradius.mk
index 631c8b6..05ed8b3 100644
--- a/testing/scripts/recipes/003_freeradius.mk
+++ b/testing/scripts/recipes/003_freeradius.mk
@@ -3,7 +3,7 @@
PV = 2.2.1
PKG = freeradius-server-$(PV)
TAR = $(PKG).tar.bz2
-SRC = ftp://ftp.freeradius.org/pub/freeradius/$(TAR)
+SRC = ftp://ftp.freeradius.org/pub/freeradius/old/$(TAR)
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
diff --git a/testing/scripts/recipes/010_tkm.mk b/testing/scripts/recipes/010_tkm.mk
index cf24e1e..960eba7 100644
--- a/testing/scripts/recipes/010_tkm.mk
+++ b/testing/scripts/recipes/010_tkm.mk
@@ -2,7 +2,7 @@
PKG = tkm
SRC = http://git.codelabs.ch/git/$(PKG).git
-REV = v0.1
+REV = v0.1.1
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 85f80fe..438e666 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -79,7 +79,9 @@ CONFIG_OPTS = \
--enable-cmd \
--enable-libipsec \
--enable-kernel-libipsec \
- --enable-tkm
+ --enable-tkm \
+ --enable-ntru \
+ --enable-lookip
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
diff --git a/testing/ssh b/testing/ssh
new file mode 100755
index 0000000..95d064c
--- /dev/null
+++ b/testing/ssh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+DIR=$(dirname `readlink -f $0`)
+. $DIR/testing.conf
+SSHCONF="-F $DIR/ssh_config"
+
+if [ $# == 0 ]
+then
+ echo "$0 <host>"
+ exit 1
+fi
+
+host=$1
+echo "$host" | grep -q "^\([0-9]\+\.\|[0-9a-fA-F]\+:\).*"
+if [ $? -eq 0 ]
+then
+ # assume we got an ip address
+ ip=$host
+else
+ pos='$1'
+ echo "$host" | grep -q ".*1$"
+ if [ $? -eq 0 ]
+ then
+ # {host}1, use second address
+ pos='$2'
+ host=`echo "$host" | sed -n -e "s/1$//p"`
+ fi
+ ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, "{ print ${pos} }" | awk '{ print $1 }'`"
+ if [ -z $ip ]
+ then
+ echo "Host '$host' unknown"
+ exit 1
+ fi
+fi
+
+shift
+exec ssh $SSHCONF -q root@$ip $@
diff --git a/testing/testing.conf b/testing/testing.conf
index 21055b8..8e0c81e 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,14 +24,14 @@ fi
: ${TESTDIR=/srv/strongswan-testing}
# Kernel configuration
-: ${KERNELVERSION=3.11.6}
+: ${KERNELVERSION=3.13.2}
: ${KERNEL=linux-$KERNELVERSION}
-: ${KERNELTARBALL=$KERNEL.tar.bz2}
-: ${KERNELCONFIG=$DIR/../config/kernel/config-3.11}
-: ${KERNELPATCH=ha-3.11-abicompat.patch.bz2}
+: ${KERNELTARBALL=$KERNEL.tar.xz}
+: ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
+: ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.1.1}
+: ${SWANVERSION=5.1.2}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat
index fce551c..2327eb9 100644
--- a/testing/tests/ikev1/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev1/ip-pool-db/pretest.dat
@@ -1,4 +1,4 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null
moon::ipsec pool --addattr dns --server PH_IP_WINNETOU 2> /dev/null
@@ -10,7 +10,7 @@ dave::iptables-restore < /etc/iptables.rules
carol::ipsec start
dave::ipsec start
moon::ipsec start
-carol::sleep 2
+carol::sleep 2
carol::ipsec up home
dave::ipsec up home
carol::sleep 1
diff --git a/testing/tests/ikev1/net2net-ntru-cert/description.txt b/testing/tests/ikev1/net2net-ntru-cert/description.txt
new file mode 100644
index 0000000..638a671
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The key exchange is based on NTRU encryption with a security strength of 256 bits.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat
new file mode 100644
index 0000000..78d2bff
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
+sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..218c9f1
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="ike 4, lib 4"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha512-ntru256!
+ esp=aes256-sha512!
+ mobike=no
+
+conn net-net
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..f4fd948
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+ send_vendor_id = yes
+}
+
+libstrongswan {
+ plugins {
+ ntru {
+ parameter_set = optimum
+ }
+ }
+}
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
new file mode 100644
index 0000000..ce610b6
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="ike 4, lib 4"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha512-ntru256!
+ esp=aes256-sha512!
+ mobike=no
+
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 0000000..f0432ad
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev1/net2net-ntru-cert/posttest.dat b/testing/tests/ikev1/net2net-ntru-cert/posttest.dat
new file mode 100644
index 0000000..837738f
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+
diff --git a/testing/tests/ikev1/net2net-ntru-cert/pretest.dat b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat
new file mode 100644
index 0000000..c724e5d
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat
@@ -0,0 +1,6 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-ntru-cert/test.conf b/testing/tests/ikev1/net2net-ntru-cert/test.conf
new file mode 100644
index 0000000..646b8b3
--- /dev/null
+++ b/testing/tests/ikev1/net2net-ntru-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/rw-ntru-psk/description.txt b/testing/tests/ikev1/rw-ntru-psk/description.txt
new file mode 100644
index 0000000..40cdd18
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/description.txt
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and
+192 bit for <b>carol</b> and <b>dave</b>, respectively. Authentication is based on strong
+preshared keys (PSKs).
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 mode-config payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/rw-ntru-psk/evaltest.dat b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat
new file mode 100644
index 0000000..5622135
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon:: ipsec statusall 2> /dev/null::rw-carol.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
+moon:: ipsec statusall 2> /dev/null::rw-dave.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::ESP
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::ESP
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.conf
new file mode 100644
index 0000000..315aa10
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-ntru128!
+ esp=aes128-sha256!
+ authby=psk
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftid=carol at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 0000000..3e6d33a
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org carol at strongswan.org : PSK 0sC0qhnO9/1MWf6tNvCz6mY6pFiDzkVsNlDxZ+9eUjiwwzhHO5UIvgMcvCGcKY/720
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.conf
new file mode 100644
index 0000000..c168b51
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes192-sha384-ntru192!
+ esp=aes192-sha384!
+ authby=psk
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftid=dave at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 0000000..3c355de
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org dave at strongswan.org : PSK 0snWAi1DPzCAhr1JA/JzZw8fr4ySDSNcF/5+8c2sPSBEXo+TjWCCcr5wKuTF/HunX8
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..2194db5
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,32 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-ntru128,aes192-sha384-ntru192!
+ esp=aes128-sha256,aes192-sha384!
+ authby=psk
+
+conn rw-carol
+ also=rw
+ right=PH_IP_CAROL
+ rightid=carol at strongswan.org
+ auto=add
+
+conn rw-dave
+ also=rw
+ right=PH_IP_DAVE
+ rightid=dave at strongswan.org
+ auto=add
+
+conn rw
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=moon.strongswan.org
+ leftfirewall=yes
+ rightsourceip=10.3.0.0/28
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 0000000..a9e89c0
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org carol at strongswan.org : PSK 0sC0qhnO9/1MWf6tNvCz6mY6pFiDzkVsNlDxZ+9eUjiwwzhHO5UIvgMcvCGcKY/720
+
+moon.strongswan.org dave at strongswan.org : PSK 0snWAi1DPzCAhr1JA/JzZw8fr4ySDSNcF/5+8c2sPSBEXo+TjWCCcr5wKuTF/HunX8
diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev1/rw-ntru-psk/posttest.dat b/testing/tests/ikev1/rw-ntru-psk/posttest.dat
new file mode 100644
index 0000000..b757d8b
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev1/rw-ntru-psk/pretest.dat b/testing/tests/ikev1/rw-ntru-psk/pretest.dat
new file mode 100644
index 0000000..40eaede
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1/rw-ntru-psk/test.conf b/testing/tests/ikev1/rw-ntru-psk/test.conf
new file mode 100644
index 0000000..164b07f
--- /dev/null
+++ b/testing/tests/ikev1/rw-ntru-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/compress-nat/description.txt b/testing/tests/ikev2/compress-nat/description.txt
new file mode 100644
index 0000000..1ad94e7
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/description.txt
@@ -0,0 +1,3 @@
+The peers <b>alice</b> and <b>bob</b> are located behind the NAT routers <b>moon</b> and <b>sun</b>,
+respectively. They both connect to a central gateway <b>carol</b> using IPComp.
+In order to test the IPsec tunnel both peers ping each other and gateway <b>carol</b>.
diff --git a/testing/tests/ikev2/compress-nat/evaltest.dat b/testing/tests/ikev2/compress-nat/evaltest.dat
new file mode 100644
index 0000000..2c5db89
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/evaltest.dat
@@ -0,0 +1,22 @@
+alice::ipsec status 2> /dev/null::hub.*ESTABLISHED.*alice at strongswan.org.*carol at strongswan.org::YES
+bob:: ipsec status 2> /dev/null::hub.*ESTABLISHED.*bob at strongswan.org.*carol at strongswan.org::YES
+carol::ipsec status 2> /dev/null::hub.*ESTABLISHED.*PH_IP_MOON.*alice at strongswan.org::YES
+carol::ipsec status 2> /dev/null::hub.*ESTABLISHED.*PH_IP_SUN.*bob at strongswan.org::YES
+alice::ipsec status 2> /dev/null::hub.*INSTALLED, TUNNEL.*IPCOMP::YES
+bob:: ipsec status 2> /dev/null::hub.*INSTALLED, TUNNEL.*IPCOMP::YES
+carol::ipsec status 2> /dev/null::hub.*INSTALLED, TUNNEL.*IPCOMP::YES
+carol::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
+carol::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
+alice::ip xfrm state::proto comp spi::YES
+bob:: ip xfrm state::proto comp spi::YES
+carol::ip xfrm state::proto comp spi::YES
+alice::ping -c 1 -s 8184 -p deadbeef PH_IP_CAROL::8192 bytes from PH_IP_CAROL: icmp_req=1::YES
+alice::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES
+alice::ping -c 1 -s 8184 -p deadbeef PH_IP_BOB::8192 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+bob:: ping -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE: icmp_req=1::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > carol.strongswan.org.*: UDP::YES
+moon::tcpdump::IP carol.strongswan.org.* > moon.strongswan.org.*: UDP::YES
+sun::tcpdump::IP sun.strongswan.org.* > carol.strongswan.org.*: UDP::YES
+sun::tcpdump::IP carol.strongswan.org.* > sun.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/ipsec.conf
new file mode 100644
index 0000000..7ecc68f
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ dpdaction=restart
+ dpddelay=60s
+ leftfirewall=yes
+ lefthostaccess=yes
+
+conn hub
+ leftcert=aliceCert.pem
+ leftid=alice at strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=PH_IP_CAROL
+ rightid=carol at strongswan.org
+ rightsubnet=PH_IP_CAROL/32,10.2.0.0/16
+ compress=yes
+ auto=add
diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/ipsec.conf
new file mode 100644
index 0000000..6ef2c06
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ dpdaction=restart
+ dpddelay=60s
+ leftfirewall=yes
+ lefthostaccess=yes
+
+conn hub
+ leftcert=bobCert.pem
+ leftid=bob at strongswan.org
+ leftsubnet=10.2.0.0/16
+ right=PH_IP_CAROL
+ rightid=carol at strongswan.org
+ rightsubnet=PH_IP_CAROL/32,10.1.0.0/16
+ compress=yes
+ auto=add
diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/ipsec.conf
new file mode 100644
index 0000000..23d179b
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ dpdaction=clear
+ dpddelay=60s
+
+conn hub
+ leftcert=carolCert.pem
+ leftid=carol at strongswan.org
+ leftfirewall=yes
+ lefthostaccess=yes
+ right=%any
+ leftsubnet=0.0.0.0/0
+ rightsubnet=0.0.0.0/0
+ compress=yes
+ auto=add
diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/iptables.rules b/testing/tests/ikev2/compress-nat/hosts/carol/etc/iptables.rules
new file mode 100644
index 0000000..ae8f9a6
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/iptables.rules
@@ -0,0 +1,24 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow IKE
+-A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/compress-nat/posttest.dat b/testing/tests/ikev2/compress-nat/posttest.dat
new file mode 100644
index 0000000..b8432a8
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/posttest.dat
@@ -0,0 +1,10 @@
+bob::ipsec stop
+alice::ipsec stop
+carol::ipsec stop
+alice::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+bob::iptables-restore < /etc/iptables.flush
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::conntrack -F
+sun::conntrack -F
\ No newline at end of file
diff --git a/testing/tests/ikev2/compress-nat/pretest.dat b/testing/tests/ikev2/compress-nat/pretest.dat
new file mode 100644
index 0000000..3211bc5
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/pretest.dat
@@ -0,0 +1,21 @@
+alice::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+bob::iptables-restore < /etc/iptables.rules
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1100-1200
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT
+moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT
+sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p udp -j SNAT --to-source PH_IP_SUN:1200-1300
+sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-source PH_IP_SUN:2000-2100
+sun::iptables -A FORWARD -i eth1 -o eth0 -s 10.2.0.0/16 -j ACCEPT
+sun::iptables -A FORWARD -i eth0 -o eth1 -d 10.2.0.0/16 -j ACCEPT
+carol::ipsec start
+alice::ipsec start
+bob::ipsec start
+carol::expect-connection hub
+alice::expect-connection hub
+bob::expect-connection hub
+alice::ipsec up hub
+bob::ipsec up hub
diff --git a/testing/tests/ikev2/compress-nat/test.conf b/testing/tests/ikev2/compress-nat/test.conf
new file mode 100644
index 0000000..fd0c7f1
--- /dev/null
+++ b/testing/tests/ikev2/compress-nat/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-s-b-med.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice carol bob"
diff --git a/testing/tests/ikev2/compress/description.txt b/testing/tests/ikev2/compress/description.txt
index 4782983..4c60384 100644
--- a/testing/tests/ikev2/compress/description.txt
+++ b/testing/tests/ikev2/compress/description.txt
@@ -1,3 +1,4 @@
-This scenario enables IPCOMP compression between roadwarrior <b>carol</b> and
-gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> checks
-the established tunnel with compression.
+This scenario enables IPComp compression between roadwarrior <b>carol</b> and
+gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> check
+the established tunnel with compression. The packet sizes of the two pings
+are different because the kernel does not compress small packets.
diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat
index b989a77..843326e 100644
--- a/testing/tests/ikev2/compress/evaltest.dat
+++ b/testing/tests/ikev2/compress/evaltest.dat
@@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
moon:: ip xfrm state::proto comp spi::YES
carol::ip xfrm state::proto comp spi::YES
-carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
+carol::ping -n -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
+carol::ping -n -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE::YES
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
index 7502175..7880989 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
@@ -9,6 +9,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
compress=yes
+ leftfirewall=yes
conn home
left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index 85d8c19..dc93764 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
index aa1be04..718b3c8 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
@@ -9,6 +9,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
compress=yes
+ leftfirewall=yes
conn rw
left=PH_IP_MOON
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index 85d8c19..dc93764 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress/posttest.dat b/testing/tests/ikev2/compress/posttest.dat
index c6d6235..046d4cf 100644
--- a/testing/tests/ikev2/compress/posttest.dat
+++ b/testing/tests/ikev2/compress/posttest.dat
@@ -1,2 +1,4 @@
moon::ipsec stop
carol::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat
index f5aa989..29a9035 100644
--- a/testing/tests/ikev2/compress/pretest.dat
+++ b/testing/tests/ikev2/compress/pretest.dat
@@ -1,3 +1,5 @@
+carol::iptables-restore < /etc/iptables.rules
+moon::iptables-restore < /etc/iptables.rules
carol::ipsec start
moon::ipsec start
carol::sleep 2
diff --git a/testing/tests/ikev2/host2host-transport-nat/description.txt b/testing/tests/ikev2/host2host-transport-nat/description.txt
new file mode 100644
index 0000000..6f18a88
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/description.txt
@@ -0,0 +1,13 @@
+An IPsec <b>transport-mode</b> connection between the natted host <b>alice</b> and gateway <b>sun</b>
+is successfully set up. <b>leftfirewall=yes</b> automatically inserts iptables-based firewall
+rules that let pass the decrypted IP packets. In order to test the host-to-host connection
+<b>alice</b> pings <b>sun</b>.<br/>
+<b>Note:</b> This scenario also demonstrates two problems with transport-mode and NAT traversal:
+<ol>
+<li>The client <b>venus</b> behind the same NAT as client <b>alice</b> is not able to ping <b>sun</b>
+(even with ICMP explicitly allowed there) because the request arrives unencrypted and thus gets
+dropped when the IPsec policies are consulted (increases the <em>XfrmInTmplMismatch</em> counter
+in <em>/proc/net/xfrm_stat</em>).</li>
+<li>A similar issue arises when <b>venus</b> also establishes an IPsec <b>transport-mode</b> connection to
+<b>sun</b>, due to the conflicting IPsec policies <b>sun</b> declines such a connection.</li>
+</ol>
diff --git a/testing/tests/ikev2/host2host-transport-nat/evaltest.dat b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat
new file mode 100644
index 0000000..faa9fb2
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat
@@ -0,0 +1,12 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*sun.strongswan.org.*alice at strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT::YES
+alice::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+venus::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::NO
+venus::ipsec up nat-t::received TS_UNACCEPTABLE notify::YES
+sun::cat /var/log/daemon.log::unable to install policy::YES
+sun::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES
+sun::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ICMP echo request::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ICMP echo reply::NO
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/ipsec.conf
new file mode 100644
index 0000000..8679a23
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,18 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn nat-t
+ leftcert=aliceCert.pem
+ leftid=alice at strongswan.org
+ leftfirewall=yes
+ right=192.168.0.2
+ rightid=@sun.strongswan.org
+ type=transport
+ auto=add
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/ipsec.conf
new file mode 100644
index 0000000..11b0b2d
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,18 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ left=192.168.0.2
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftfirewall=yes
+
+conn nat-t
+ right=%any
+ type=transport
+ auto=add
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/iptables.rules b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/iptables.rules
new file mode 100644
index 0000000..0a2cd80
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/iptables.rules
@@ -0,0 +1,28 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow IKE
+-A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow ICMP
+-A INPUT -i eth0 -p icmp -j ACCEPT
+-A OUTPUT -o eth0 -p icmp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/ipsec.conf
new file mode 100644
index 0000000..b416b30
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/ipsec.conf
@@ -0,0 +1,18 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn nat-t
+ leftcert=venusCert.pem
+ leftid=venus at strongswan.org
+ leftfirewall=yes
+ right=192.168.0.2
+ rightid=@sun.strongswan.org
+ type=transport
+ auto=add
diff --git a/testing/tests/ikev2/host2host-transport-nat/posttest.dat b/testing/tests/ikev2/host2host-transport-nat/posttest.dat
new file mode 100644
index 0000000..80a3c7b
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/posttest.dat
@@ -0,0 +1,6 @@
+alice::ipsec stop
+venus::ipsec stop
+sun::ipsec stop
+alice::iptables-restore < /etc/iptables.flush
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/host2host-transport-nat/pretest.dat b/testing/tests/ikev2/host2host-transport-nat/pretest.dat
new file mode 100644
index 0000000..fe0f17d
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/pretest.dat
@@ -0,0 +1,12 @@
+alice::iptables-restore < /etc/iptables.rules
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE
+moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT
+moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::expect-connection nat-t
+venus::expect-connection nat-t
+alice::ipsec up nat-t
diff --git a/testing/tests/ikev2/host2host-transport-nat/test.conf b/testing/tests/ikev2/host2host-transport-nat/test.conf
new file mode 100644
index 0000000..8c2face
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun alice venus moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat
index fce551c..2327eb9 100644
--- a/testing/tests/ikev2/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev2/ip-pool-db/pretest.dat
@@ -1,4 +1,4 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null
moon::ipsec pool --addattr dns --server PH_IP_WINNETOU 2> /dev/null
@@ -10,7 +10,7 @@ dave::iptables-restore < /etc/iptables.rules
carol::ipsec start
dave::ipsec start
moon::ipsec start
-carol::sleep 2
+carol::sleep 2
carol::ipsec up home
dave::ipsec up home
carol::sleep 1
diff --git a/testing/tests/ikev2/ip-split-pools-db/pretest.dat b/testing/tests/ikev2/ip-split-pools-db/pretest.dat
index 5691f0f..c5af81b 100644
--- a/testing/tests/ikev2/ip-split-pools-db/pretest.dat
+++ b/testing/tests/ikev2/ip-split-pools-db/pretest.dat
@@ -1,4 +1,4 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::ipsec pool --add pool0 --start 10.3.0.1 --end 10.3.0.1 --timeout 48 2> /dev/null
moon::ipsec pool --add pool1 --start 10.3.1.1 --end 10.3.1.1 --timeout 48 2> /dev/null
@@ -6,7 +6,7 @@ moon::ipsec pool --status 2> /dev/null
carol::ipsec start
dave::ipsec start
moon::ipsec start
-carol::sleep 2
+carol::sleep 2
carol::ipsec up home
dave::ipsec up home
carol::sleep 1
diff --git a/testing/tests/ikev2/ip-two-pools-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-db/pretest.dat
index 3aba879..bb36a26 100644
--- a/testing/tests/ikev2/ip-two-pools-db/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-db/pretest.dat
@@ -1,6 +1,6 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
-moon::ipsec pool --add extpool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null
+moon::ipsec pool --add extpool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null
moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null
moon::ipsec pool --addattr dns --server PH_IP_VENUS --pool intpool --identity venus.strongswan.org 2> /dev/null
moon::ipsec pool --addattr dns --server PH_IP_ALICE --pool intpool --identity alice at strongswan.org 2> /dev/null
@@ -18,7 +18,7 @@ venus::ipsec start
carol::ipsec start
dave::ipsec start
moon::ipsec start
-carol::sleep 2
+carol::sleep 2
carol::ipsec up home
dave::ipsec up home
alice::ipsec up home
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
index b74c1e0..8ebfdc7 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
@@ -1,4 +1,4 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null
moon::iptables-restore < /etc/iptables.rules
@@ -7,7 +7,7 @@ alice::iptables-restore < /etc/iptables.rules
carol::ipsec start
moon::ipsec start
alice::ipsec start
-carol::sleep 2
+carol::sleep 2
carol::ipsec up home
alice::ipsec up home
alice::sleep 1
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
index e3d8f4a..466a5ea 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
@@ -1,6 +1,6 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
-moon::ipsec pool --add v4_pool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null
+moon::ipsec pool --add v4_pool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null
moon::ipsec pool --add v6_pool --start fec3:\:1 --end fec3:\:fe --timeout 48 2> /dev/null
alice::ip -6 route add default via fec1:\:1
moon::ipsec start
diff --git a/testing/tests/ikev2/lookip/description.txt b/testing/tests/ikev2/lookip/description.txt
new file mode 100644
index 0000000..0568e48
--- /dev/null
+++ b/testing/tests/ikev2/lookip/description.txt
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order.
+<p>
+Using the <b>ipsec lookup</b> tool which communicates with the <b>lookip</b> plugin via a unix
+socket, information about the assigned virtual IP is retrieved.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev2/lookip/evaltest.dat b/testing/tests/ikev2/lookip/evaltest.dat
new file mode 100644
index 0000000..6846617
--- /dev/null
+++ b/testing/tests/ikev2/lookip/evaltest.dat
@@ -0,0 +1,22 @@
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon:: ipsec lookip --lookup PH_IP_CAROL1 2> /dev/null::192.168.0.100.*rw\[1].*carol at strongswan.org::YES
+moon:: ipsec lookip --lookup PH_IP_DAVE1 2> /dev/null::192.168.0.200.*rw\[2].*dave at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/ipsec.conf
new file mode 100644
index 0000000..8c6c28b
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/ipsec.conf
new file mode 100644
index 0000000..72b8a59
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..85c48a7
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..c81c5b6
--- /dev/null
+++ b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown lookip
+}
diff --git a/testing/tests/ikev2/lookip/posttest.dat b/testing/tests/ikev2/lookip/posttest.dat
new file mode 100644
index 0000000..b757d8b
--- /dev/null
+++ b/testing/tests/ikev2/lookip/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/lookip/pretest.dat b/testing/tests/ikev2/lookip/pretest.dat
new file mode 100644
index 0000000..3864bda
--- /dev/null
+++ b/testing/tests/ikev2/lookip/pretest.dat
@@ -0,0 +1,10 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/lookip/test.conf b/testing/tests/ikev2/lookip/test.conf
new file mode 100644
index 0000000..164b07f
--- /dev/null
+++ b/testing/tests/ikev2/lookip/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/net2net-ntru-cert/description.txt b/testing/tests/ikev2/net2net-ntru-cert/description.txt
new file mode 100644
index 0000000..638a671
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The key exchange is based on NTRU encryption with a security strength of 256 bits.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat
new file mode 100644
index 0000000..78d2bff
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
+sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..9da45bc
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="ike 4, lib 4"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-sha512-ntru256!
+ esp=aes256-sha512!
+ mobike=no
+
+conn net-net
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..f4fd948
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+ send_vendor_id = yes
+}
+
+libstrongswan {
+ plugins {
+ ntru {
+ parameter_set = optimum
+ }
+ }
+}
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
new file mode 100644
index 0000000..50be980
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ charondebug="ike 4, lib 4"
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-sha512-ntru256!
+ esp=aes256-sha512!
+ mobike=no
+
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 0000000..f0432ad
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/net2net-ntru-cert/posttest.dat b/testing/tests/ikev2/net2net-ntru-cert/posttest.dat
new file mode 100644
index 0000000..837738f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+
diff --git a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat
new file mode 100644
index 0000000..c724e5d
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat
@@ -0,0 +1,6 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-ntru-cert/test.conf b/testing/tests/ikev2/net2net-ntru-cert/test.conf
new file mode 100644
index 0000000..646b8b3
--- /dev/null
+++ b/testing/tests/ikev2/net2net-ntru-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/rw-ntru-psk/description.txt b/testing/tests/ikev2/rw-ntru-psk/description.txt
new file mode 100644
index 0000000..6a42c2b
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/description.txt
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and
+192 bit for <b>carol</b> and <b>dave</b>, respectively. Authentication is based on strong
+preshared keys (PSKs).
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev2/rw-ntru-psk/evaltest.dat b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat
new file mode 100644
index 0000000..938157c
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
+moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.conf
new file mode 100644
index 0000000..8c6b77b
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-ntru128!
+ esp=aes128-sha256!
+ authby=psk
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftid=carol at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 0000000..3e6d33a
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org carol at strongswan.org : PSK 0sC0qhnO9/1MWf6tNvCz6mY6pFiDzkVsNlDxZ+9eUjiwwzhHO5UIvgMcvCGcKY/720
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.conf
new file mode 100644
index 0000000..356acb4
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes192-sha384-ntru192!
+ esp=aes192-sha384!
+ authby=psk
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftid=dave at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 0000000..3c355de
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org dave at strongswan.org : PSK 0snWAi1DPzCAhr1JA/JzZw8fr4ySDSNcF/5+8c2sPSBEXo+TjWCCcr5wKuTF/HunX8
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..cdcebc7
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-ntru128,aes192-sha384-ntru192!
+ esp=aes128-sha256,aes192-sha384!
+ authby=psk
+
+conn rw
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 0000000..a9e89c0
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org carol at strongswan.org : PSK 0sC0qhnO9/1MWf6tNvCz6mY6pFiDzkVsNlDxZ+9eUjiwwzhHO5UIvgMcvCGcKY/720
+
+moon.strongswan.org dave at strongswan.org : PSK 0snWAi1DPzCAhr1JA/JzZw8fr4ySDSNcF/5+8c2sPSBEXo+TjWCCcr5wKuTF/HunX8
diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..079ea72
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ send_vendor_id = yes
+}
diff --git a/testing/tests/ikev2/rw-ntru-psk/posttest.dat b/testing/tests/ikev2/rw-ntru-psk/posttest.dat
new file mode 100644
index 0000000..b757d8b
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/rw-ntru-psk/pretest.dat b/testing/tests/ikev2/rw-ntru-psk/pretest.dat
new file mode 100644
index 0000000..40eaede
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-ntru-psk/test.conf b/testing/tests/ikev2/rw-ntru-psk/test.conf
new file mode 100644
index 0000000..164b07f
--- /dev/null
+++ b/testing/tests/ikev2/rw-ntru-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ipv6/rw-compress-ikev2/description.txt b/testing/tests/ipv6/rw-compress-ikev2/description.txt
new file mode 100644
index 0000000..da52957
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/description.txt
@@ -0,0 +1,10 @@
+This scenario enables IPComp compression between roadwarrior <b>carol</b> and
+gateway <b>moon</b>. Two IPv6 ICMP requests from <b>carol</b> to <b>alice</b>
+check the established tunnel with compression. The packet sizes are different
+because the kernel does not compress small packets.<br/>
+<b>Note:</b> The kernel applies IPComp after fragmenting the original packet
+according to the MTU. Also, because <b>alice</b> does not know about the IPsec
+tunnel between <b>moon</b> and <b>carol</b> the response to the first ICMP
+request is fragmented in too large fragments and <b>moon</b> sends back ICMPs
+with type 2 to notify <b>alice</b> about this (Path MTU Discovery).
+The second ping is then answered successfully.
diff --git a/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
new file mode 100644
index 0000000..0a0b1a7
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
@@ -0,0 +1,13 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
+moon:: ip xfrm state::proto comp spi::YES
+carol::ip xfrm state::proto comp spi::YES
+# send two pings because the first is lost due to Path MTU Discovery between alice and moon
+carol::ping6 -c 2 -W 1 -s 8184 -p deadbeef ip6-alice.strongswan.org::8192 bytes from ip6-alice.strongswan.org::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
new file mode 100644
index 0000000..bd9a9e5
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+ca strongswan
+ cacert=strongswanCert.pem
+ crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
+ auto=add
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ compress=yes
+ leftfirewall=yes
+
+conn home
+ leftcert=carolCert.pem
+ leftid=carol at strongswan.org
+ right=PH_IP6_MOON
+ rightsubnet=fec1::/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..c4f9b5b
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+ca strongswan
+ cacert=strongswanCert.pem
+ crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
+ auto=add
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ compress=yes
+ leftfirewall=yes
+
+conn rw
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=fec1::/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..dc93764
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/posttest.dat b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
new file mode 100644
index 0000000..fdaf440
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/rw-compress-ikev2/pretest.dat b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
new file mode 100644
index 0000000..3f6427f
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+# enable Path MTU Discovery
+moon::ip6tables -I OUTPUT 1 -o eth1 -p icmpv6 --icmpv6-type 2 -j ACCEPT
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+moon::ipsec start
+carol::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+carol::ipsec up home
diff --git a/testing/tests/ipv6/rw-compress-ikev2/test.conf b/testing/tests/ipv6/rw-compress-ikev2/test.conf
new file mode 100644
index 0000000..4e8d1e9
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/test.conf
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
+
diff --git a/testing/tests/sql/ip-pool-db-expired/pretest.dat b/testing/tests/sql/ip-pool-db-expired/pretest.dat
index 391785a..10a51bc 100644
--- a/testing/tests/sql/ip-pool-db-expired/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 20b1937..639cfd9 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db/pretest.dat b/testing/tests/sql/ip-pool-db/pretest.dat
index 819aca3..46f3332 100644
--- a/testing/tests/sql/ip-pool-db/pretest.dat
+++ b/testing/tests/sql/ip-pool-db/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
index 8b30de8..ba3f4d1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db/pretest.dat b/testing/tests/sql/ip-split-pools-db/pretest.dat
index e1dcb9d..6c76338 100644
--- a/testing/tests/sql/ip-split-pools-db/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/multi-level-ca/pretest.dat b/testing/tests/sql/multi-level-ca/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/multi-level-ca/pretest.dat
+++ b/testing/tests/sql/multi-level-ca/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/net2net-cert/pretest.dat b/testing/tests/sql/net2net-cert/pretest.dat
index a1777ef..b62da61 100644
--- a/testing/tests/sql/net2net-cert/pretest.dat
+++ b/testing/tests/sql/net2net-cert/pretest.dat
@@ -1,12 +1,12 @@
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-sun::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
sun::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
-moon::sleep 1
+moon::sleep 1
moon::ipsec up net-net
diff --git a/testing/tests/sql/net2net-psk/pretest.dat b/testing/tests/sql/net2net-psk/pretest.dat
index a1777ef..b62da61 100644
--- a/testing/tests/sql/net2net-psk/pretest.dat
+++ b/testing/tests/sql/net2net-psk/pretest.dat
@@ -1,12 +1,12 @@
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-sun::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
sun::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
-moon::sleep 1
+moon::sleep 1
moon::ipsec up net-net
diff --git a/testing/tests/sql/net2net-route-pem/pretest.dat b/testing/tests/sql/net2net-route-pem/pretest.dat
index 8ca573e..537aa63 100644
--- a/testing/tests/sql/net2net-route-pem/pretest.dat
+++ b/testing/tests/sql/net2net-route-pem/pretest.dat
@@ -1,7 +1,7 @@
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-sun::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
sun::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
diff --git a/testing/tests/sql/net2net-start-pem/pretest.dat b/testing/tests/sql/net2net-start-pem/pretest.dat
index 1c71f0c..7307aca 100644
--- a/testing/tests/sql/net2net-start-pem/pretest.dat
+++ b/testing/tests/sql/net2net-start-pem/pretest.dat
@@ -1,7 +1,7 @@
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-sun::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
sun::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
diff --git a/testing/tests/sql/rw-cert/pretest.dat b/testing/tests/sql/rw-cert/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/rw-cert/pretest.dat
+++ b/testing/tests/sql/rw-cert/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
index 8f2387b..2a8e460 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
@@ -1,7 +1,7 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
diff --git a/testing/tests/sql/rw-psk-ipv4/pretest.dat b/testing/tests/sql/rw-psk-ipv4/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/rw-psk-ipv6/pretest.dat b/testing/tests/sql/rw-psk-ipv6/pretest.dat
index 587dd7f..fdb5f19 100644
--- a/testing/tests/sql/rw-psk-ipv6/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv6/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/rw-psk-rsa-split/pretest.dat b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/rw-psk-rsa-split/pretest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/rw-rsa-keyid/pretest.dat b/testing/tests/sql/rw-rsa-keyid/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/rw-rsa-keyid/pretest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/rw-rsa/pretest.dat b/testing/tests/sql/rw-rsa/pretest.dat
index fdd4df5..6d56ede 100644
--- a/testing/tests/sql/rw-rsa/pretest.dat
+++ b/testing/tests/sql/rw-rsa/pretest.dat
@@ -1,9 +1,9 @@
moon::rm /etc/ipsec.d/cacerts/*
carol::rm /etc/ipsec.d/cacerts/*
dave::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/shunt-policies/pretest.dat b/testing/tests/sql/shunt-policies/pretest.dat
index a1777ef..b62da61 100644
--- a/testing/tests/sql/shunt-policies/pretest.dat
+++ b/testing/tests/sql/shunt-policies/pretest.dat
@@ -1,12 +1,12 @@
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
-sun::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
sun::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
-moon::sleep 1
+moon::sleep 1
moon::ipsec up net-net
diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
new file mode 100644
index 0000000..cc9d6e0
--- /dev/null
+++ b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+ dh_mapping {
+ 15 = 1
+ 16 = 2
+ }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
index a991d05..7541a2a 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
@@ -5,7 +5,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second
alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second
-alice::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db
+alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
alice::cat /etc/tnc_config
carol::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat
index e1434e4..0ac88dd 100644
--- a/testing/tests/tnc/tnccs-20-os/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os/pretest.dat
@@ -4,13 +4,13 @@ dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
moon::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
-moon::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db
+moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
dave::cat /etc/tnc_config
moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+carol::ipsec start
+dave::ipsec start
carol::sleep 1
carol::ipsec up home
dave::ipsec up home
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat
index 2a53977..f7d86ec 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat
@@ -7,7 +7,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
dave::cat /etc/tnc_config
alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data.sql
-alice::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db
+alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
alice::ipsec start
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
carol::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
index 794aef9..49ea041 100644
--- a/testing/tests/tnc/tnccs-20-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat
@@ -3,13 +3,13 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
-moon::cd /etc/pts; cat tables.sql data.sql data1.sql | sqlite3 config.db
+moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
dave::cat /etc/tnc_config
moon::ipsec start
-dave::ipsec start
-carol::ipsec start
+dave::ipsec start
+carol::ipsec start
dave::sleep 1
dave::ipsec up home
carol::ipsec up home
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list