Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/kame KAME as of 2001/8/31
details: https://anonhg.NetBSD.org/src/rev/20045934fdd1
branches: trunk
changeset: 514383:20045934fdd1
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Aug 31 09:59:03 2001 +0000
description:
KAME as of 2001/8/31
diffstat:
crypto/dist/kame/libipsec/ipsec_set_policy.3 | 4 +-
crypto/dist/kame/libipsec/ipsec_strerror.3 | 5 +-
crypto/dist/kame/racoon/Makefile.in | 12 +-
crypto/dist/kame/racoon/algorithm.c | 742 +++++-
crypto/dist/kame/racoon/algorithm.h | 175 +-
crypto/dist/kame/racoon/client-puzzle.c | 220 +
crypto/dist/kame/racoon/configure | 417 ++-
crypto/dist/kame/racoon/configure.in | 24 +-
crypto/dist/kame/racoon/crypto_openssl.h | 77 +-
crypto/dist/kame/racoon/dhgroup.h | 163 +
crypto/dist/kame/racoon/doc/helsinki-result.jp | 533 ++++
crypto/dist/kame/racoon/eaytest.c | 124 +-
crypto/dist/kame/racoon/grabmyaddr.c | 19 +-
crypto/dist/kame/racoon/ipsec_doi.h | 6 +-
crypto/dist/kame/racoon/isakmp_ident.c | 4 +-
crypto/dist/kame/racoon/isakmp_inf.c | 16 +-
crypto/dist/kame/racoon/localconf.c | 7 +-
crypto/dist/kame/racoon/localconf.h | 10 +-
crypto/dist/kame/racoon/misc.c | 8 +-
crypto/dist/kame/racoon/misc.h | 4 +-
crypto/dist/kame/racoon/missing/crypto/rijndael/boxes-fst.dat | 957 ++++++++
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael-alg-fst.c | 492 ++++
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael-alg-fst.h | 33 +
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael-api-fst.c | 495 ++++
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael-api-fst.h | 103 +
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael.h | 3 +
crypto/dist/kame/racoon/missing/crypto/rijndael/rijndael_local.h | 10 +
crypto/dist/kame/racoon/missing/crypto/sha2/sha2.c | 1101 ++++++++++
crypto/dist/kame/racoon/missing/crypto/sha2/sha2.h | 144 +
crypto/dist/kame/racoon/oakley.h | 44 +-
crypto/dist/kame/racoon/pfkey.c | 105 +-
crypto/dist/kame/racoon/plog.c | 11 +-
crypto/dist/kame/racoon/policy.c | 10 +-
crypto/dist/kame/racoon/proposal.c | 12 +-
crypto/dist/kame/racoon/proposal.h | 3 +-
crypto/dist/kame/racoon/samples/racoon.conf.in | 9 +-
crypto/dist/kame/racoon/session.c | 4 +-
crypto/dist/kame/racoon/sockmisc.c | 7 +-
crypto/dist/kame/racoon/sockmisc.h | 4 +-
crypto/dist/kame/racoon/stats.pl | 15 +
crypto/dist/kame/racoon/str2val.c | 8 +-
crypto/dist/kame/racoon/str2val.h | 4 +-
crypto/dist/kame/racoon/strnames.c | 24 +-
crypto/dist/kame/racoon/strnames.h | 3 +-
44 files changed, 5624 insertions(+), 547 deletions(-)
diffs (truncated from 8009 to 300 lines):
diff -r 8b314974eb46 -r 20045934fdd1 crypto/dist/kame/libipsec/ipsec_set_policy.3
--- a/crypto/dist/kame/libipsec/ipsec_set_policy.3 Fri Aug 31 09:53:23 2001 +0000
+++ b/crypto/dist/kame/libipsec/ipsec_set_policy.3 Fri Aug 31 09:59:03 2001 +0000
@@ -1,4 +1,4 @@
-.\" $KAME: ipsec_set_policy.3,v 1.14 2001/04/06 07:00:46 itojun Exp $
+.\" $KAME: ipsec_set_policy.3,v 1.15 2001/08/17 07:21:36 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -61,6 +61,8 @@
.Fa policy .
.Fn ipsec_set_policy
will return the buffer of IPsec policy specification structure.
+The buffer is dynamically allocated, and must be freed by the caller by calling
+.Xr free 3 .
.Pp
You may want the length of the generated buffer such when calling
.Xr setsockopt 2 .
diff -r 8b314974eb46 -r 20045934fdd1 crypto/dist/kame/libipsec/ipsec_strerror.3
--- a/crypto/dist/kame/libipsec/ipsec_strerror.3 Fri Aug 31 09:53:23 2001 +0000
+++ b/crypto/dist/kame/libipsec/ipsec_strerror.3 Fri Aug 31 09:59:03 2001 +0000
@@ -1,4 +1,4 @@
-.\" $KAME: ipsec_strerror.3,v 1.8 2000/11/20 00:35:14 sakane Exp $
+.\" $KAME: ipsec_strerror.3,v 1.9 2001/08/17 07:21:36 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -79,3 +79,6 @@
.Sh BUGS
.Fn ipsec_strerror
will return its result which may be overwritten by subsequent calls.
+.Pp
+.Va ipsec_errcode
+is not thread safe.
diff -r 8b314974eb46 -r 20045934fdd1 crypto/dist/kame/racoon/Makefile.in
--- a/crypto/dist/kame/racoon/Makefile.in Fri Aug 31 09:53:23 2001 +0000
+++ b/crypto/dist/kame/racoon/Makefile.in Fri Aug 31 09:59:03 2001 +0000
@@ -1,4 +1,4 @@
-# $KAME: Makefile.in,v 1.33 2001/06/01 10:12:55 sakane Exp $
+# $KAME: Makefile.in,v 1.35 2001/08/08 22:09:26 sakane Exp $
@SET_MAKE@
srcdir= @srcdir@
@@ -30,7 +30,7 @@
policy.o localconf.o remoteconf.o crypto_openssl.o algorithm.o \
proposal.o sainfo.o cfparse.o cftoken.o strnames.o \
vmbuf.o plog.o logger.o schedule.o str2val.o misc.o sockmisc.o \
- safefile.o backupsa.o @LIBOBJS@
+ safefile.o backupsa.o @LIBOBJS@ @CRYPTOBJS@
# under samples
CONF= psk.txt racoon.conf
@@ -47,7 +47,7 @@
eaytest: eaytest.o crypto_openssl_test.o misc_noplog.o vmbuf.o str2val.o
$(CC) $(LDFLAGS) -o $@ eaytest.o crypto_openssl_test.o misc_noplog.o \
- vmbuf.o str2val.o $(LIBS)
+ vmbuf.o str2val.o $(LIBS) @CRYPTOBJS@
# special object rules
crypto_openssl_test.o: crypto_openssl.c
@@ -66,6 +66,12 @@
$(CC) $(CFLAGS) -c $(srcdir)/missing/$*.c
getnameinfo.o: $(srcdir)/missing/getnameinfo.c
$(CC) $(CFLAGS) -c $(srcdir)/missing/$*.c
+rijndael-api-fst.o: $(srcdir)/missing/crypto/rijndael/$*.c
+ $(CC) $(CFLAGS) -c $(srcdir)/missing/crypto/rijndael/$*.c
+rijndael-alg-fst.o: $(srcdir)/missing/crypto/rijndael/$*.c
+ $(CC) $(CFLAGS) -c $(srcdir)/missing/crypto/rijndael/$*.c
+sha2.o: $(srcdir)/missing/crypto/sha2/$*.c
+ $(CC) $(CFLAGS) -c $(srcdir)/missing/crypto/sha2/$*.c
.c.o:
$(CC) $(CFLAGS) -c $<
diff -r 8b314974eb46 -r 20045934fdd1 crypto/dist/kame/racoon/algorithm.c
--- a/crypto/dist/kame/racoon/algorithm.c Fri Aug 31 09:53:23 2001 +0000
+++ b/crypto/dist/kame/racoon/algorithm.c Fri Aug 31 09:59:03 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: algorithm.c,v 1.14 2001/04/03 15:51:54 thorpej Exp $ */
+/* $KAME: algorithm.c,v 1.20 2001/08/16 06:17:12 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -39,6 +39,8 @@
#include "plog.h"
#include "debug.h"
+#include "crypto_openssl.h"
+#include "dhgroup.h"
#include "algorithm.h"
#include "oakley.h"
#include "isakmp_var.h"
@@ -46,69 +48,624 @@
#include "ipsec_doi.h"
#include "gcmalloc.h"
-static const int ipsecenc2doi[] = {
- ALGTYPE_NOTHING,
- IPSECDOI_ESP_DES_IV64,
- IPSECDOI_ESP_DES,
- IPSECDOI_ESP_3DES,
- IPSECDOI_ESP_RC5,
- IPSECDOI_ESP_IDEA,
- IPSECDOI_ESP_CAST,
- IPSECDOI_ESP_BLOWFISH,
- IPSECDOI_ESP_3IDEA,
- IPSECDOI_ESP_DES_IV32,
- IPSECDOI_ESP_RC4,
- IPSECDOI_ESP_NULL,
- IPSECDOI_ESP_RIJNDAEL,
- IPSECDOI_ESP_TWOFISH,
+static struct hash_algorithm oakley_hashdef[] = {
+{ "md5", algtype_md5, OAKLEY_ATTR_HASH_ALG_MD5,
+ eay_md5_init, eay_md5_update,
+ eay_md5_final, eay_md5_hashlen,
+ eay_md5_one, },
+{ "sha1", algtype_sha1, OAKLEY_ATTR_HASH_ALG_SHA,
+ eay_sha1_init, eay_sha1_update,
+ eay_sha1_final, eay_sha1_hashlen,
+ eay_sha1_one, },
+{ "sha2_256", algtype_sha2_256, OAKLEY_ATTR_HASH_ALG_SHA2_256,
+ eay_sha2_256_init, eay_sha2_256_update,
+ eay_sha2_256_final, eay_sha2_256_hashlen,
+ eay_sha1_one, },
+{ "sha2_384", algtype_sha2_384, OAKLEY_ATTR_HASH_ALG_SHA2_384,
+ eay_sha2_384_init, eay_sha2_384_update,
+ eay_sha2_384_final, eay_sha2_384_hashlen,
+ eay_sha1_one, },
+{ "sha2_512", algtype_sha2_512, OAKLEY_ATTR_HASH_ALG_SHA2_512,
+ eay_sha2_512_init, eay_sha2_512_update,
+ eay_sha2_512_final, eay_sha2_512_hashlen,
+ eay_sha1_one, },
+};
+
+static struct hmac_algorithm oakley_hmacdef[] = {
+{ "hmac_md5", algtype_md5, OAKLEY_ATTR_HASH_ALG_MD5,
+ eay_hmacmd5_init, eay_hmacmd5_update,
+ eay_hmacmd5_final, NULL,
+ eay_hmacmd5_one, },
+{ "hmac_sha1", algtype_sha1, OAKLEY_ATTR_HASH_ALG_SHA,
+ eay_hmacsha1_init, eay_hmacsha1_update,
+ eay_hmacsha1_final, NULL,
+ eay_hmacsha1_one, },
+{ "hmac_sha2_256", algtype_sha2_256, OAKLEY_ATTR_HASH_ALG_SHA2_256,
+ eay_hmacsha2_256_init, eay_hmacsha2_256_update,
+ eay_hmacsha2_256_final, NULL,
+ eay_hmacsha2_256_one, },
+{ "hmac_sha2_384", algtype_sha2_384, OAKLEY_ATTR_HASH_ALG_SHA2_384,
+ eay_hmacsha2_384_init, eay_hmacsha2_384_update,
+ eay_hmacsha2_384_final, NULL,
+ eay_hmacsha2_384_one, },
+{ "hmac_sha2_512", algtype_sha2_512, OAKLEY_ATTR_HASH_ALG_SHA2_512,
+ eay_hmacsha2_512_init, eay_hmacsha2_512_update,
+ eay_hmacsha2_512_final, NULL,
+ eay_hmacsha2_512_one, },
+};
+
+static struct enc_algorithm oakley_encdef[] = {
+{ "des", algtype_des, OAKLEY_ATTR_ENC_ALG_DES, 8,
+ eay_des_encrypt, eay_des_decrypt,
+ eay_des_weakkey, eay_des_keylen, },
+#ifdef HAVE_OPENSSL_IDEA_H
+{ "idea", algtype_idea, OAKLEY_ATTR_ENC_ALG_IDEA, 8,
+ eay_idea_encrypt, eay_idea_decrypt,
+ eay_idea_weakkey, eay_idea_keylen, },
+#endif
+{ "blowfish", algtype_blowfish, OAKLEY_ATTR_ENC_ALG_BLOWFISH, 8,
+ eay_bf_encrypt, eay_bf_decrypt,
+ eay_bf_weakkey, eay_bf_keylen, },
+#ifdef HAVE_OPENSSL_RC5_H
+{ "rc5", algtype_rc5, OAKLEY_ATTR_ENC_ALG_RC5, 8,
+ eay_rc5_encrypt, eay_rc5_decrypt,
+ eay_rc5_weakkey, eay_rc5_keylen, },
+#endif
+{ "3des", algtype_3des, OAKLEY_ATTR_ENC_ALG_3DES, 8,
+ eay_3des_encrypt, eay_3des_decrypt,
+ eay_3des_weakkey, eay_3des_keylen, },
+{ "cast", algtype_cast128, OAKLEY_ATTR_ENC_ALG_CAST, 8,
+ eay_cast_encrypt, eay_cast_decrypt,
+ eay_cast_weakkey, eay_cast_keylen, },
+{ "aes", algtype_rijndael, OAKLEY_ATTR_ENC_ALG_AES, 16,
+ eay_aes_encrypt, eay_aes_decrypt,
+ eay_aes_weakkey, eay_aes_keylen, },
};
-static const int ipsecauth2doi[] = {
- ALGTYPE_NOTHING,
- IPSECDOI_ATTR_AUTH_HMAC_MD5,
- IPSECDOI_ATTR_AUTH_HMAC_SHA1,
- IPSECDOI_ATTR_AUTH_DES_MAC,
- IPSECDOI_ATTR_AUTH_KPDK,
- IPSECDOI_ATTR_AUTH_NONE,
+
+static struct enc_algorithm ipsec_encdef[] = {
+{ "des-iv64", algtype_des_iv64, IPSECDOI_ESP_DES_IV64, 8,
+ NULL, NULL,
+ NULL, eay_des_keylen, },
+{ "des", algtype_des, IPSECDOI_ESP_DES, 8,
+ NULL, NULL,
+ NULL, eay_des_keylen, },
+{ "3des", algtype_3des, IPSECDOI_ESP_3DES, 8,
+ NULL, NULL,
+ NULL, eay_3des_keylen, },
+#ifdef HAVE_OPENSSL_RC5_H
+{ "rc5", algtype_rc5, IPSECDOI_ESP_RC5, 8,
+ NULL, NULL,
+ NULL, eay_rc5_keylen, },
+#endif
+{ "cast", algtype_cast128, IPSECDOI_ESP_CAST, 8,
+ NULL, NULL,
+ NULL, eay_cast_keylen, },
+{ "blowfish", algtype_blowfish, IPSECDOI_ESP_BLOWFISH, 8,
+ NULL, NULL,
+ NULL, eay_bf_keylen, },
+{ "des-iv32", algtype_des_iv32, IPSECDOI_ESP_DES_IV32, 8,
+ NULL, NULL,
+ NULL, eay_des_keylen, },
+{ "null", algtype_null_enc, IPSECDOI_ESP_NULL, 8,
+ NULL, NULL,
+ NULL, eay_3des_keylen, },
+{ "rijndael", algtype_rijndael, IPSECDOI_ESP_RIJNDAEL, 16,
+ NULL, NULL,
+ NULL, eay_aes_keylen, },
+{ "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
+ NULL, NULL,
+ NULL, eay_twofish_keylen, },
+#ifdef HAVE_OPENSSL_IDEA_H
+{ "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
+ NULL, NULL,
+ NULL, NULL, },
+{ "idea", algtype_idea, IPSECDOI_ESP_IDEA, 8,
+ NULL, NULL,
+ NULL, NULL, },
+#endif
+{ "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
+ NULL, NULL,
+ NULL, NULL, },
};
-static const int ipseccomp2doi[] = {
- ALGTYPE_NOTHING,
- IPSECDOI_IPCOMP_OUI,
- IPSECDOI_IPCOMP_DEFLATE,
- IPSECDOI_IPCOMP_LZS,
+
+static struct hmac_algorithm ipsec_hmacdef[] = {
+{ "md5", algtype_hmac_md5, IPSECDOI_ATTR_AUTH_HMAC_MD5,
+ NULL, NULL,
+ NULL, eay_md5_hashlen,
+ NULL, },
+{ "sha1", algtype_hmac_sha1, IPSECDOI_ATTR_AUTH_HMAC_SHA1,
+ NULL, NULL,
+ NULL, eay_sha1_hashlen,
+ NULL, },
+{ "kpdk", algtype_kpdk, IPSECDOI_ATTR_AUTH_KPDK,
+ NULL, NULL,
+ NULL, eay_kpdk_hashlen,
+ NULL, },
+{ "null", algtype_non_auth, IPSECDOI_ATTR_AUTH_NONE,
+ NULL, NULL,
+ NULL, eay_null_hashlen,
+ NULL, },
+{ "hmac_sha2_256", algtype_hmac_sha2_256, IPSECDOI_ATTR_SHA2_256,
+ NULL, NULL,
+ NULL, eay_sha2_256_hashlen,
+ NULL, },
+{ "hmac_sha2_384", algtype_hmac_sha2_384, IPSECDOI_ATTR_SHA2_384,
+ NULL, NULL,
+ NULL, eay_sha2_384_hashlen,
+ NULL, },
+{ "hmac_sha2_512", algtype_hmac_sha2_512, IPSECDOI_ATTR_SHA2_512,
+ NULL, NULL,
+ NULL, eay_sha2_512_hashlen,
+ NULL, },
+};
+
+static struct misc_algorithm ipsec_compdef[] = {
+{ "oui", algtype_oui, IPSECDOI_IPCOMP_OUI, },
+{ "deflate", algtype_deflate, IPSECDOI_IPCOMP_DEFLATE, },
+{ "lzs", algtype_lzs, IPSECDOI_IPCOMP_LZS, },
+};
+
+static struct misc_algorithm oakley_authdef[] = {
+{ "psk", algtype_psk, OAKLEY_ATTR_AUTH_METHOD_PSKEY, },
+{ "dsssig", algtype_dsssig, OAKLEY_ATTR_AUTH_METHOD_DSSSIG, },
+{ "rsasig", algtype_rsasig, OAKLEY_ATTR_AUTH_METHOD_RSASIG, },
+{ "rsaenc", algtype_rsaenc, OAKLEY_ATTR_AUTH_METHOD_RSAENC, },
+{ "rsarev", algtype_rsarev, OAKLEY_ATTR_AUTH_METHOD_RSAREV, },
+{ "gssapi_krb", algtype_gssapikrb, OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, },
+};
+
+static struct dh_algorithm oakley_dhdef[] = {
+{ "modp768", algtype_modp768, OAKLEY_ATTR_GRP_DESC_MODP768,
+ &dh_modp768, },
+{ "modp1024", algtype_modp1024, OAKLEY_ATTR_GRP_DESC_MODP1024,
+ &dh_modp1024, },
+{ "modp1536", algtype_modp1536, OAKLEY_ATTR_GRP_DESC_MODP1536,
+ &dh_modp1536, },
+{ "modp2048", algtype_modp2048, OAKLEY_ATTR_GRP_DESC_MODP2048,
+ &dh_modp2048, },
+{ "modp3072", algtype_modp3072, OAKLEY_ATTR_GRP_DESC_MODP3072,
+ &dh_modp3072, },
Home |
Main Index |
Thread Index |
Old Index