eliminated ipsec_policy.h
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 26 May 2009 15:19:26 +0000 (17:19 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 26 May 2009 15:19:26 +0000 (17:19 +0200)
27 files changed:
src/libfreeswan/Makefile.am
src/libfreeswan/freeswan.h
src/libfreeswan/ipsec_policy.h [deleted file]
src/libstrongswan/utils/identification.h
src/pluto/alg_info.c
src/pluto/ca.c
src/pluto/certs.c
src/pluto/connections.c
src/pluto/constants.c
src/pluto/constants.h
src/pluto/crl.c
src/pluto/crypto.c
src/pluto/dnskey.c
src/pluto/id.c
src/pluto/ike_alg.c
src/pluto/ipsec_doi.c
src/pluto/kernel.c
src/pluto/kernel_alg.c
src/pluto/keys.c
src/pluto/nat_traversal.c
src/pluto/ocsp.c
src/pluto/pgp.c
src/pluto/smartcard.c
src/pluto/spdb.c
src/pluto/x509.c
src/starter/Makefile.am
src/whack/Makefile.am

index d2617cb..f7a1b8a 100644 (file)
@@ -1,8 +1,7 @@
 noinst_LIBRARIES = libfreeswan.a
 libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
                        atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
-                       goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \
-                       ipsec_param.h ipsec_policy.h \
+                       goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \ ipsec_param.h \
                        keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \
                        pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \
                        pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \
@@ -14,6 +13,9 @@ INCLUDES = \
 -I$(top_srcdir)/src/libstrongswan \
 -I$(top_srcdir)/src/pluto
 
+AM_CFLAGS = \
+-DNO_CREDENTIAL_FACTORY
+
 dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
                  keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
                  ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3
index bcae76a..d671e7f 100644 (file)
@@ -385,16 +385,6 @@ bitstomask(
        int n
 );
 
-
-
-/*
- * general utilities
- */
-
-/* option pickup from files */
-const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
-                                               int optind, FILE *errorreport);
-
 /*
  * Debugging levels for pfkey_lib_debug
  */
diff --git a/src/libfreeswan/ipsec_policy.h b/src/libfreeswan/ipsec_policy.h
deleted file mode 100644 (file)
index 966ba79..0000000
+++ /dev/null
@@ -1,231 +0,0 @@
-#ifndef _IPSEC_POLICY_H
-/*
- * policy interface file between pluto and applications
- * Copyright (C) 2003              Michael Richardson <mcr@freeswan.org>
- * 
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- * 
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#define        _IPSEC_POLICY_H         /* seen it, no need to see it again */
-
-
-/*
- * this file defines an interface between an application (or rather an
- * application library) and a key/policy daemon. It provides for inquiries
- * as to the current state of a connected socket, as well as for general
- * questions.
- *
- * In general, the interface is defined as a series of functional interfaces,
- * and the policy messages should be internal. However, because this is in
- * fact an ABI between pieces of the system that may get compiled and revised
- * seperately, this ABI must be public and revision controlled.
- *
- * It is expected that the daemon will always support previous versions.
- */
-
-#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061
-
-enum ipsec_policy_command {
-  IPSEC_CMD_QUERY_FD       = 1,
-  IPSEC_CMD_QUERY_HOSTPAIR = 2,
-  IPSEC_CMD_QUERY_DSTONLY  = 3,
-};
-
-struct ipsec_policy_msg_head {
-  u_int32_t ipm_version;
-  u_int32_t ipm_msg_len;  
-  u_int32_t ipm_msg_type;
-  u_int32_t ipm_msg_seq;
-};
-
-enum ipsec_privacy_quality {
-  IPSEC_PRIVACY_NONE     = 0,
-  IPSEC_PRIVACY_INTEGRAL = 4,   /* not private at all. AH-like */
-  IPSEC_PRIVACY_UNKNOWN  = 8,   /* something is claimed, but details unavail */
-  IPSEC_PRIVACY_ROT13    = 12,  /* trivially breakable, i.e. 1DES */
-  IPSEC_PRIVACY_GAK      = 16,  /* known eavesdroppers */
-  IPSEC_PRIVACY_PRIVATE  = 32,  /* secure for at least a decade */
-  IPSEC_PRIVACY_STRONG   = 64,  /* ridiculously secure */
-  IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */
-  IPSEC_PRIVACY_OTP      = 224, /* some kind of *true* one time pad */
-};
-
-enum ipsec_bandwidth_quality {
-  IPSEC_QOS_UNKNOWN = 0,       /* unknown bandwidth */
-  IPSEC_QOS_INTERACTIVE = 16,  /* reasonably moderate jitter, moderate fast.
-                                 Good enough for telnet/ssh. */
-  IPSEC_QOS_VOIP        = 32,  /* faster crypto, predicable jitter */
-  IPSEC_QOS_FTP         = 64,  /* higher throughput crypto, perhaps hardware
-                                 offloaded, but latency/jitter may be bad */
-  IPSEC_QOS_WIRESPEED   = 128, /* expect to be able to fill your pipe */
-};
-
-/* moved from programs/pluto/constants.h */
-/* IPsec AH transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
- * and in http://www.iana.org/assignments/isakmp-registry
- */
-enum ipsec_authentication_algo {
-  AH_NONE         = 0,
-  AH_MD5          = 2,
-  AH_SHA          = 3,
-  AH_DES          = 4,
-  AH_SHA2_256     = 5,
-  AH_SHA2_384     = 6,
-  AH_SHA2_512     = 7,
-  AH_RIPEMD       = 8,
-  AH_AES_XCBC_MAC = 9,
-  AH_RSA          = 10
-};
-
-/* IPsec ESP transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
- * and from http://www.iana.org/assignments/isakmp-registry
- */
-
-enum ipsec_cipher_algo {
-  ESP_NONE          = 0,
-  ESP_DES_IV64      = 1,
-  ESP_DES           = 2,
-  ESP_3DES          = 3,
-  ESP_RC5           = 4,
-  ESP_IDEA          = 5,
-  ESP_CAST          = 6,
-  ESP_BLOWFISH      = 7,
-  ESP_3IDEA         = 8,
-  ESP_DES_IV32      = 9,
-  ESP_RC4           = 10,
-  ESP_NULL          = 11,
-  ESP_AES           = 12,
-  ESP_AES_CTR       = 13,
-  ESP_AES_CCM_8     = 14,
-  ESP_AES_CCM_12    = 15,
-  ESP_AES_CCM_16    = 16,
-  ESP_UNASSIGNED_17 = 17,
-  ESP_AES_GCM_8     = 18,
-  ESP_AES_GCM_12    = 19,
-  ESP_AES_GCM_16    = 20,
-  ESP_SEED_CBC      = 21,
-  ESP_CAMELLIA      = 22,
-  ESP_SERPENT       = 252,
-  ESP_TWOFISH       = 253
-};
-
-/* IPCOMP transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
- */
-
-enum ipsec_comp_algo {
-  IPSCOMP_NONE   = 0,
-  IPCOMP_OUI     = 1,
-  IPCOMP_DEFLATE = 2,
-  IPCOMP_LZS     = 3,
-  IPCOMP_LZJH    = 4
-};
-
-/* Identification type values
- * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 
- */
-
-enum ipsec_id_type {
-  ID_IMPOSSIBLE=             (-2),     /* private to Pluto */
-  ID_MYID=                   (-1),     /* private to Pluto */
-  ID_NONE=                     0,      /* private to Pluto */
-  ID_IPV4_ADDR=                1,
-  ID_FQDN=                     2,
-  ID_USER_FQDN=                3,
-  ID_IPV4_ADDR_SUBNET=         4,
-  ID_IPV6_ADDR=                5,
-  ID_IPV6_ADDR_SUBNET=         6,
-  ID_IPV4_ADDR_RANGE=          7,
-  ID_IPV6_ADDR_RANGE=          8,
-  ID_DER_ASN1_DN=              9,
-  ID_DER_ASN1_GN=              10,
-  ID_KEY_ID=                   11
-};
-
-/* Certificate type values
- * RFC 2408 ISAKMP, chapter 3.9
- */
-enum ipsec_cert_type {
-  CERT_NONE=                   0,
-  CERT_PKCS7_WRAPPED_X509=     1,
-  CERT_PGP=                    2,
-  CERT_DNS_SIGNED_KEY=         3,
-  CERT_X509_SIGNATURE=         4,
-  CERT_X509_KEY_EXCHANGE=      5,
-  CERT_KERBEROS_TOKENS=                6,
-  CERT_CRL=                    7,
-  CERT_ARL=                    8,
-  CERT_SPKI=                   9,
-  CERT_X509_ATTRIBUTE=         10,
-  CERT_RAW_RSA_KEY=             11
-};
-
-/* a SIG record in ASCII */
-struct ipsec_dns_sig {
-  char fqdn[256];
-  char dns_sig[768];     /* empty string if not signed */
-};
-
-struct ipsec_raw_key {
-  char id_name[256];
-  char fs_keyid[8];
-};
-
-struct ipsec_identity {
-  enum ipsec_id_type     ii_type;
-  enum ipsec_cert_type   ii_format;
-  union {
-    struct ipsec_dns_sig ipsec_dns_signed;
-    /* some thing for PGP */
-    /* some thing for PKIX */
-    struct ipsec_raw_key ipsec_raw_key;
-  } ii_credential;
-};
-
-#define IPSEC_MAX_CREDENTIALS 32
-
-struct ipsec_policy_cmd_query {
-  struct ipsec_policy_msg_head head;
-
-  /* Query section */
-  ip_address query_local;     /* us   */
-  ip_address query_remote;    /* them */
-  u_short src_port, dst_port;
-
-  /* Answer section */
-  enum ipsec_privacy_quality     strength;
-  enum ipsec_bandwidth_quality   bandwidth;
-  enum ipsec_authentication_algo auth_detail;  
-  enum ipsec_cipher_algo         esp_detail;
-  enum ipsec_comp_algo           comp_detail;
-
-  int                            credential_count;
-
-  struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS];
-};
-
-#define IPSEC_POLICY_SOCKET "/var/run/pluto.info"
-
-/* prototypes */
-extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result);
-extern err_t ipsec_policy_init(void);
-extern err_t ipsec_policy_final(void);
-extern err_t ipsec_policy_readmsg(int policysock,
-                                 unsigned char *buf, size_t buflen);
-extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen);
-extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result);
-
-
-extern const char *ipsec_policy_version_code(void);
-extern const char *ipsec_policy_version_string(void);
-
-#endif /* _IPSEC_POLICY_H */
index 77791b5..dc0aec1 100644 (file)
@@ -79,7 +79,8 @@ enum id_type_t {
         * An example of an ID_RFC822_ADDR is "jsmith@example.com".
         * The string MUST NOT contain any terminators.
         */
-       ID_RFC822_ADDR = 3,
+       ID_USER_FQDN   = 3,    /* IKEv1 only */
+       ID_RFC822_ADDR = 3,    /* IKEv2 only */
 
        /**
         * ID data is an IPv4 subnet (IKEv1 only)
@@ -147,6 +148,11 @@ enum id_type_t {
         * IETF Attribute Syntax String (RFC 3281)
         */
        ID_IETF_ATTR_STRING = 205,
+
+       /**
+        * Private ID used by the pluto daemon for opportunistic encryption
+        */
+       ID_MYID = 206,
 };
 
 /**
index 1caa980..a85a189 100644 (file)
@@ -26,7 +26,6 @@
 
 #include <ctype.h>
 #include <freeswan.h>
-#include <ipsec_policy.h>
 #include <pfkeyv2.h>
 
 #include <utils.h>
index 3fac998..363a78b 100644 (file)
@@ -21,7 +21,6 @@
 #include <sys/types.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
index b5a5ea9..7d78f22 100644 (file)
@@ -17,7 +17,6 @@
 #include <string.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "asn1/asn1.h"
 
index d2c7a51..960884e 100644 (file)
@@ -27,7 +27,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 #include "kameipsec.h"
 
 #include "constants.h"
@@ -499,7 +498,7 @@ default_end(struct end *e, ip_address *dflt_nexthop)
                return "unknown address family in default_end";
 
        /* default ID to IP (but only if not NO_IP -- WildCard) */
-       if (e->id.kind == ID_NONE && !isanyaddr(&e->host_addr))
+       if (e->id.kind == ID_ANY && !isanyaddr(&e->host_addr))
        {
                e->id.kind = afi->id_addr;
                e->id.ip_addr = e->host_addr;
@@ -628,7 +627,7 @@ format_end(char *buf
        {
                strcpy(host_id, "[%myid]");
        }
-       else if (!(this->id.kind == ID_NONE
+       else if (!(this->id.kind == ID_ANY
        || (id_is_ipaddr(&this->id) && sameaddr(&this->id.ip_addr, &this->host_addr))))
        {
                int len = idtoa(&this->id, host_id+1, sizeof(host_id)-2);
@@ -802,7 +801,7 @@ extract_end(struct end *dst, const whack_end_t *src, const char *which)
        /* decode id, if any */
        if (src->id == NULL)
        {
-               dst->id.kind = ID_NONE;
+               dst->id.kind = ID_ANY;
        }
        else
        {
@@ -1246,7 +1245,7 @@ remove_group_instance(const struct connection *group USED_BY_DEBUG
  * his_id can be used to carry over an ID discovered in Phase 1.
  * It must not disagree with the one in c, but if that is unspecified,
  * the new connection will use his_id.
- * If his_id is NULL, and c.that.id is uninstantiated (ID_NONE), the
+ * If his_id is NULL, and c.that.id is uninstantiated (ID_ANY), the
  * new connection will continue to have an uninstantiated that.id.
  * Note: instantiation does not affect port numbers.
  *
@@ -2076,7 +2075,7 @@ continue_oppo(struct adns_continuation *acr, err_t ugh)
        bool was_held = cr->b.held;
        int whackfd = cr->b.whackfd;
 
-       /* note: cr->id has no resources; cr->sgw_id is id_none:
+       /* note: cr->id has no resources; cr->sgw_id is ID_ANY:
         * neither need freeing.
         */
        whack_log_fd = whackfd;
index 289787c..ae58d90 100644 (file)
@@ -24,7 +24,6 @@
 #include <netinet/in.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
index 60b14f8..25764a8 100644 (file)
@@ -1,4 +1,3 @@
-
 /* manifest constants
  * Copyright (C) 1997 Angelos D. Keromytis.
  * Copyright (C) 1998-2002  D. Hugh Redelmeier.
@@ -18,6 +17,7 @@
 #define _CONSTANTS_H
 
 #include <utils.h>
+#include <utils/identification.h>
 #include <crypto/hashers/hasher.h>
 
 extern const char compile_time_interop_options[];
@@ -109,168 +109,6 @@ extern const char sparse_end[];
 
 #define FULL_INET_ADDRESS_SIZE    6
 
-/* Group parameters from draft-ietf-ike-01.txt section 6 */
-
-#define MODP_GENERATOR "2"
-
-#define MODP768_MODULUS \
-       "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
-       "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
-       "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
-       "E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF"
-
-#define MODP1024_MODULUS \
-       "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
-       "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
-       "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
-       "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \
-       "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 " \
-       "FFFFFFFF FFFFFFFF"
-
-#define MODP1536_MODULUS \
-       "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
-       "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
-       "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
-       "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \
-       "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D " \
-       "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F " \
-       "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D " \
-       "670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF "
-
-/* draft-ietf-ipsec-ike-modp-groups-03.txt */
-#define MODP2048_MODULUS \
-               "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
-               "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
-               "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
-               "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
-               "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
-               "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
-               "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
-               "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
-               "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
-               "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
-               "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF"
-
-#define MODP3072_MODULUS \
-               "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
-               "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
-               "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
-               "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
-               "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
-               "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
-               "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
-               "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
-               "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
-               "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
-               "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
-               "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
-               "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
-               "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
-               "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
-               "43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"
-
-#define MODP4096_MODULUS \
-               "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
-               "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
-               "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
-               "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
-               "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
-               "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
-               "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
-               "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
-               "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
-               "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
-               "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
-               "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
-               "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
-               "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
-               "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
-               "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \
-               "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \
-               "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \
-               "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \
-               "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \
-               "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199" \
-               "FFFFFFFF FFFFFFFF"
-
-/* copy&pasted from rfc3526: */
-#define MODP6144_MODULUS \
-               "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08" \
-               "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B" \
-               "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9" \
-               "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6" \
-               "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8" \
-               "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
-               "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C" \
-               "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718" \
-               "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D" \
-               "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D" \
-               "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226" \
-               "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
-               "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC" \
-               "E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26" \
-               "99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB" \
-               "04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2" \
-               "233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127" \
-               "D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \
-               "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406" \
-               "AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918" \
-               "DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151" \
-               "2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03" \
-               "F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F" \
-               "BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \
-               "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B" \
-               "B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632" \
-               "387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E" \
-               "6DCC4024 FFFFFFFF FFFFFFFF"
-
-/* copy&pasted from rfc3526: */
-#define MODP8192_MODULUS \
-               "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
-               "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
-               "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
-               "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
-               "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
-               "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
-               "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
-               "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
-               "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
-               "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
-               "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
-               "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
-               "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
-               "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
-               "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
-               "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \
-               "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \
-               "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \
-               "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \
-               "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \
-               "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \
-               "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD" \
-               "F8FF9406 AD9E530E E5DB382F 413001AE B06A53ED 9027D831" \
-               "179727B0 865A8918 DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B" \
-               "DB7F1447 E6CC254B 33205151 2BD7AF42 6FB8F401 378CD2BF" \
-               "5983CA01 C64B92EC F032EA15 D1721D03 F482D7CE 6E74FEF6" \
-               "D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F BEC7E8F3" \
-               "23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \
-               "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328" \
-               "06A1D58B B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C" \
-               "DA56C9EC 2EF29632 387FE8D7 6E3C0468 043E8F66 3F4860EE" \
-               "12BF2D5B 0B7474D6 E694F91E 6DBE1159 74A3926F 12FEE5E4" \
-               "38777CB6 A932DF8C D8BEC4D0 73B931BA 3BC832B6 8D9DD300" \
-               "741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C 5AE4F568" \
-               "3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9" \
-               "22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B" \
-               "4BCBC886 2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A" \
-               "062B3CF5 B3A278A6 6D2A13F8 3F44F82D DF310EE0 74AB6A36" \
-               "4597E899 A0255DC1 64F31CC5 0846851D F9AB4819 5DED7EA1" \
-               "B1D510BD 7EE74D73 FAF36BC3 1ECFA268 359046F4 EB879F92" \
-               "4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \
-               "9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \
-               "60C980DD 98EDD3DF FFFFFFFF FFFFFFFF"
-#define LOCALSECRETSIZE         (512 / BITS_PER_BYTE)
-
 /* limits on nonce sizes.  See RFC2409 "The internet key exchange (IKE)" 5 */
 #define MINIMUM_NONCE_SIZE      8       /* bytes */
 #define DEFAULT_NONCE_SIZE      16      /* bytes */
@@ -292,6 +130,92 @@ extern const char sparse_end[];
 
 #define IKE_UDP_PORT    500
 
+/* IPsec AH transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
+ * and in http://www.iana.org/assignments/isakmp-registry
+ */
+enum ipsec_authentication_algo {
+  AH_NONE         = 0,
+  AH_MD5          = 2,
+  AH_SHA          = 3,
+  AH_DES          = 4,
+  AH_SHA2_256     = 5,
+  AH_SHA2_384     = 6,
+  AH_SHA2_512     = 7,
+  AH_RIPEMD       = 8,
+  AH_AES_XCBC_MAC = 9,
+  AH_RSA          = 10
+};
+
+extern enum_names ah_transformid_names;
+
+/* IPsec ESP transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
+ * and from http://www.iana.org/assignments/isakmp-registry
+ */
+
+enum ipsec_cipher_algo {
+  ESP_NONE          = 0,
+  ESP_DES_IV64      = 1,
+  ESP_DES           = 2,
+  ESP_3DES          = 3,
+  ESP_RC5           = 4,
+  ESP_IDEA          = 5,
+  ESP_CAST          = 6,
+  ESP_BLOWFISH      = 7,
+  ESP_3IDEA         = 8,
+  ESP_DES_IV32      = 9,
+  ESP_RC4           = 10,
+  ESP_NULL          = 11,
+  ESP_AES           = 12,
+  ESP_AES_CTR       = 13,
+  ESP_AES_CCM_8     = 14,
+  ESP_AES_CCM_12    = 15,
+  ESP_AES_CCM_16    = 16,
+  ESP_UNASSIGNED_17 = 17,
+  ESP_AES_GCM_8     = 18,
+  ESP_AES_GCM_12    = 19,
+  ESP_AES_GCM_16    = 20,
+  ESP_SEED_CBC      = 21,
+  ESP_CAMELLIA      = 22,
+  ESP_SERPENT       = 252,
+  ESP_TWOFISH       = 253
+};
+
+extern enum_names esp_transformid_names;
+
+/* IPCOMP transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
+ */
+
+enum ipsec_comp_algo {
+  IPSCOMP_NONE   = 0,
+  IPCOMP_OUI     = 1,
+  IPCOMP_DEFLATE = 2,
+  IPCOMP_LZS     = 3,
+  IPCOMP_LZJH    = 4
+};
+
+extern enum_names ipcomp_transformid_names;
+
+/* Certificate type values
+ * RFC 2408 ISAKMP, chapter 3.9
+ */
+enum ipsec_cert_type {
+  CERT_NONE=                0,
+  CERT_PKCS7_WRAPPED_X509=  1,
+  CERT_PGP=                 2,
+  CERT_DNS_SIGNED_KEY=      3,
+  CERT_X509_SIGNATURE=      4,
+  CERT_X509_KEY_EXCHANGE=   5,
+  CERT_KERBEROS_TOKENS=     6,
+  CERT_CRL=                 7,
+  CERT_ARL=                 8,
+  CERT_SPKI=                9,
+  CERT_X509_ATTRIBUTE=      10,
+  CERT_RAW_RSA_KEY=         11
+};
+
 /* RFC 2560 OCSP - certificate status */
 
 typedef enum {
@@ -759,15 +683,9 @@ extern enum_names protocol_names;
        : (p)==PROTO_IPCOMP ? enum_show(&ipcomp_transformid_names, (t)) \
        : "??")
 
-/* many transform values are moved to freeswan/ipsec_policy.h */
-
-extern enum_names isakmp_transformid_names;
-
 #define KEY_IKE               1
 
-extern enum_names ah_transformid_names;
-extern enum_names esp_transformid_names;
-extern enum_names ipcomp_transformid_names;
+extern enum_names isakmp_transformid_names;
 
 /* the following are from RFC 2393/draft-shacham-ippcp-rfc2393bis-05.txt 3.3 */
 typedef u_int16_t cpi_t;
index b8cdb43..1d9b544 100644 (file)
@@ -23,7 +23,6 @@
 #include <sys/types.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
index 8ea6d87..e02dc25 100644 (file)
@@ -14,7 +14,6 @@
  */
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
index b59b172..bd19053 100644 (file)
@@ -28,7 +28,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "adns.h"       /* needs <resolv.h> */
index bca483e..f34775e 100644 (file)
@@ -26,7 +26,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
@@ -36,7 +35,7 @@
 #include "packet.h"
 #include "whack.h"
 
-const struct id empty_id;       /* ID_NONE */
+const struct id empty_id;       /* ID_ANY */
 
 enum myid_state myid_state = MYID_UNKNOWN;
 struct id myids[MYID_SPECIFIED+1];      /* %myid */
@@ -48,7 +47,7 @@ char *myid_str[MYID_SPECIFIED+1];     /* string form of IDs */
 void
 init_id(void)
 {
-       passert(empty_id.kind == ID_NONE);
+       passert(empty_id.kind == ID_ANY);
        myid_state = MYID_UNKNOWN;
        {
                enum myid_state s;
@@ -191,7 +190,7 @@ atoid(char *src, struct id *id, bool myid_ok)
                if (streq(src, "%any") || streq(src, "0.0.0.0"))
                {
                        /* any ID will be accepted */
-                       id->kind = ID_NONE;
+                       id->kind = ID_ANY;
                }
                else
                {
@@ -287,7 +286,7 @@ idtoa(const struct id *id, char *dst, size_t dstlen)
        id = resolve_myid(id);
        switch (id->kind)
        {
-       case ID_NONE:
+       case ID_ANY:
                n = snprintf(dst, dstlen, "(none)");
                break;
        case ID_IPV4_ADDR:
@@ -368,7 +367,7 @@ unshare_id_content(struct id *id)
                id->name = chunk_clone(id->name);
                break;
        case ID_MYID:
-       case ID_NONE:
+       case ID_ANY:
        case ID_IPV4_ADDR:
        case ID_IPV6_ADDR:
                break;
@@ -389,7 +388,7 @@ free_id_content(struct id *id)
                free(id->name.ptr);
                break;
        case ID_MYID:
-       case ID_NONE:
+       case ID_ANY:
        case ID_IPV4_ADDR:
        case ID_IPV6_ADDR:
                break;
@@ -408,7 +407,7 @@ same_id(const struct id *a, const struct id *b)
                return FALSE;
        switch (a->kind)
        {
-       case ID_NONE:
+       case ID_ANY:
                return TRUE;    /* kind of vacuous */
 
        case ID_IPV4_ADDR:
@@ -450,7 +449,7 @@ same_id(const struct id *a, const struct id *b)
 bool
 match_id(const struct id *a, const struct id *b, int *wildcards)
 {
-       if (b->kind == ID_NONE)
+       if (b->kind == ID_ANY)
        {
                *wildcards = MAX_WILDCARDS;
                return TRUE;
@@ -472,7 +471,7 @@ id_count_wildcards(const struct id *id)
 {
        switch (id->kind)
        {
-       case ID_NONE:
+       case ID_ANY:
                return MAX_WILDCARDS;
        case ID_DER_ASN1_DN:
                return dn_count_wildcards(id->name);
@@ -495,7 +494,7 @@ build_id_payload(struct isakmp_ipsec_id *hd, chunk_t *tl, struct end *end)
        hd->isaiid_idtype = id->kind;
        switch (id->kind)
        {
-       case ID_NONE:
+       case ID_ANY:
                hd->isaiid_idtype = aftoinfo(addrtypeof(&end->host_addr))->id_addr;
                tl->len = addrbytesptr(&end->host_addr
                        , (const unsigned char **)&tl->ptr);        /* sets tl->ptr too */
index 42c71e9..92d9e85 100644 (file)
@@ -20,7 +20,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <library.h>
 #include <debug.h>
index 0a30c54..52f5553 100644 (file)
@@ -28,7 +28,6 @@
 #include <sys/time.h>           /* for gettimeofday */
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <library.h>
 #include <asn1/asn1.h>
@@ -4379,7 +4378,7 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b,
         * legal).
         */
        our_id = resolve_myid(&c->spd.this.id);
-       if (our_id->kind == ID_NONE)
+       if (our_id->kind == ID_ANY)
        {
                iptoid(&c->spd.this.host_addr, &our_id_space);
                our_id = &our_id_space;
index 395dde7..fdc2c4c 100644 (file)
@@ -29,7 +29,6 @@
 #include <arpa/inet.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <library.h>
 #include <crypto/rngs/rng.h>
index dfa9ac2..98ea628 100644 (file)
@@ -26,7 +26,6 @@
 #include <pfkey.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
index e75cd8f..031d00a 100644 (file)
@@ -32,7 +32,6 @@
 #endif
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
@@ -183,7 +182,7 @@ get_secret(const struct connection *c, enum PrivateKeyKind kind, bool asym)
        }
        else if (kind == PPK_PSK
        && (c->policy & (POLICY_PSK | POLICY_XAUTH_PSK))
-       && ((c->kind == CK_TEMPLATE && c->spd.that.id.kind == ID_NONE) ||
+       && ((c->kind == CK_TEMPLATE && c->spd.that.id.kind == ID_ANY) ||
                (c->kind == CK_INSTANCE && id_is_ipaddr(&c->spd.that.id))))
        {
                /* roadwarrior: replace him with 0.0.0.0 */
@@ -1428,7 +1427,7 @@ add_x509_public_key(x509cert_t *cert , time_t until
                struct id id = empty_id;
 
                gntoid(&id, gn);
-               if (id.kind != ID_NONE)
+               if (id.kind != ID_ANY)
                {
                        pk = allocate_RSA_public_key(c);
                        pk->id = id;
index 5f27bf0..de3972f 100644 (file)
@@ -25,7 +25,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 #include <pfkeyv2.h>
 #include <pfkey.h>
 
index 6613ef1..1445f4b 100644 (file)
@@ -22,7 +22,6 @@
 #include <fcntl.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <library.h>
 #include <asn1/asn1.h>
index 999a771..e80b2cc 100644 (file)
@@ -17,7 +17,6 @@
 #include <time.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <library.h>
 #include <crypto/hashers/hasher.h>
index 9ca9281..855a8a1 100644 (file)
@@ -28,7 +28,6 @@
 #include <dlfcn.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 
index 5ab6916..723124d 100644 (file)
@@ -21,7 +21,6 @@
 #include <sys/queue.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include "constants.h"
 #include "defs.h"
index fe2b049..9a5714b 100644 (file)
@@ -24,7 +24,6 @@
 #include <sys/types.h>
 
 #include <freeswan.h>
-#include <ipsec_policy.h>
 
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
@@ -1027,7 +1026,7 @@ void select_x509cert_id(x509cert_t *cert, struct id *end_id)
 {
        bool copy_subject_dn = TRUE;         /* ID is subject DN */
 
-       if (end_id->kind != ID_NONE) /* check for matching subjectAltName */
+       if (end_id->kind != ID_ANY) /* check for matching subjectAltName */
        {
                generalName_t *gn = cert->subjectAltName;
 
@@ -1047,7 +1046,7 @@ void select_x509cert_id(x509cert_t *cert, struct id *end_id)
 
        if (copy_subject_dn)
        {
-               if (end_id->kind != ID_NONE && end_id->kind != ID_DER_ASN1_DN)
+               if (end_id->kind != ID_ANY && end_id->kind != ID_DER_ASN1_DN)
                {
                         char buf[BUF_LEN];
 
@@ -1479,7 +1478,7 @@ void gntoid(struct id *id, const generalName_t *gn)
                id->name = gn->name;
                break;
        default:
-               id->kind = ID_NONE;
+               id->kind = ID_ANY;
                id->name = chunk_empty;
        }
 }
index a859c33..336cc75 100644 (file)
@@ -13,7 +13,14 @@ INCLUDES = \
 -I$(top_srcdir)/src/whack \
 -I$(top_srcdir)/src/stroke
 
-AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DIPSEC_CONFDIR=\"${confdir}\" \
+-DIPSEC_PIDDIR=\"${piddir}\" \
+-DIPSEC_EAPDIR=\"${eapdir}\" \
+-DNO_CREDENTIAL_FACTORY \
+-DDEBUG
+
 starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la
 EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
 dist_man_MANS = ipsec.conf.5 starter.8
index 27f8562..be74e22 100644 (file)
@@ -11,5 +11,7 @@ whack_LDADD = \
 $(top_builddir)/src/libstrongswan/libstrongswan.la \
 $(top_builddir)/src/libfreeswan/libfreeswan.a
 
-AM_CFLAGS = -DDEBUG
+AM_CFLAGS = \
+-DNO_CREDENTIAL_FACTORY \
+-DDEBUG