(no commit message)
authorMartin Willi <martin@strongswan.org>
Wed, 10 May 2006 07:58:29 +0000 (07:58 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 10 May 2006 07:58:29 +0000 (07:58 -0000)
172 files changed:
src/charon/charon/Architecture.txt [new file with mode: 0644]
src/charon/charon/Known-bugs.txt [new file with mode: 0644]
src/charon/charon/Todo-list.txt [new file with mode: 0644]
src/charon/doc/Architecture.txt [deleted file]
src/charon/doc/Known-bugs.txt [deleted file]
src/charon/doc/Todo-list.txt [deleted file]
src/charon/patches/strongswan-2.7.0.patch [deleted file]
src/charon/scripts/alice-key.der [deleted file]
src/charon/scripts/alice.der [deleted file]
src/charon/scripts/bob-key.der [deleted file]
src/charon/scripts/bob.der [deleted file]
src/charon/scripts/complex1.der [deleted file]
src/charon/scripts/complex2.der [deleted file]
src/charon/scripts/daemon-loop.sh [deleted file]
src/charon/scripts/deleteline [deleted file]
src/charon/scripts/replace [deleted file]
src/charon/scripts/to-alice.sh [deleted file]
src/charon/scripts/to-bob.sh [deleted file]
src/charon/stroke/Makefile.stroke [deleted file]
src/charon/stroke/stroke.c [deleted file]
src/charon/stroke/stroke.h [deleted file]
src/lib/Makefile.lib [deleted file]
src/lib/asn1/Makefile.asn1 [deleted file]
src/lib/asn1/asn1.c [deleted file]
src/lib/asn1/asn1.h [deleted file]
src/lib/asn1/oid.c [deleted file]
src/lib/asn1/oid.h [deleted file]
src/lib/asn1/oid.pl [deleted file]
src/lib/asn1/oid.txt [deleted file]
src/lib/asn1/pem.c [deleted file]
src/lib/asn1/pem.h [deleted file]
src/lib/asn1/ttodata.c [deleted file]
src/lib/asn1/ttodata.h [deleted file]
src/lib/crypto/Makefile.transforms [deleted file]
src/lib/crypto/crypters/Makefile.crypters [deleted file]
src/lib/crypto/crypters/aes_cbc_crypter.c [deleted file]
src/lib/crypto/crypters/aes_cbc_crypter.h [deleted file]
src/lib/crypto/crypters/crypter.c [deleted file]
src/lib/crypto/crypters/crypter.h [deleted file]
src/lib/crypto/diffie_hellman.c [deleted file]
src/lib/crypto/diffie_hellman.h [deleted file]
src/lib/crypto/hashers/Makefile.hashers [deleted file]
src/lib/crypto/hashers/hasher.c [deleted file]
src/lib/crypto/hashers/hasher.h [deleted file]
src/lib/crypto/hashers/md5_hasher.c [deleted file]
src/lib/crypto/hashers/md5_hasher.h [deleted file]
src/lib/crypto/hashers/sha1_hasher.c [deleted file]
src/lib/crypto/hashers/sha1_hasher.h [deleted file]
src/lib/crypto/hmac.c [deleted file]
src/lib/crypto/hmac.h [deleted file]
src/lib/crypto/prf_plus.c [deleted file]
src/lib/crypto/prf_plus.h [deleted file]
src/lib/crypto/prfs/Makefile.prfs [deleted file]
src/lib/crypto/prfs/hmac_prf.c [deleted file]
src/lib/crypto/prfs/hmac_prf.h [deleted file]
src/lib/crypto/prfs/prf.c [deleted file]
src/lib/crypto/prfs/prf.h [deleted file]
src/lib/crypto/rsa/Makefile.rsa [deleted file]
src/lib/crypto/rsa/rsa_private_key.c [deleted file]
src/lib/crypto/rsa/rsa_private_key.h [deleted file]
src/lib/crypto/rsa/rsa_public_key.c [deleted file]
src/lib/crypto/rsa/rsa_public_key.h [deleted file]
src/lib/crypto/signers/Makefile.signers [deleted file]
src/lib/crypto/signers/hmac_signer.c [deleted file]
src/lib/crypto/signers/hmac_signer.h [deleted file]
src/lib/crypto/signers/signer.c [deleted file]
src/lib/crypto/signers/signer.h [deleted file]
src/lib/crypto/x509.c [deleted file]
src/lib/crypto/x509.h [deleted file]
src/lib/definitions.c [deleted file]
src/lib/definitions.h [deleted file]
src/lib/library.c [deleted file]
src/lib/library.h [deleted file]
src/lib/types.c [deleted file]
src/lib/types.h [deleted file]
src/lib/utils/Makefile.utils [deleted file]
src/lib/utils/host.c [deleted file]
src/lib/utils/host.h [deleted file]
src/lib/utils/identification.c [deleted file]
src/lib/utils/identification.h [deleted file]
src/lib/utils/iterator.h [deleted file]
src/lib/utils/leak_detective.c [deleted file]
src/lib/utils/leak_detective.h [deleted file]
src/lib/utils/lexparser.c [deleted file]
src/lib/utils/lexparser.h [deleted file]
src/lib/utils/linked_list.c [deleted file]
src/lib/utils/linked_list.h [deleted file]
src/lib/utils/logger.c [deleted file]
src/lib/utils/logger.h [deleted file]
src/lib/utils/logger_manager.c [deleted file]
src/lib/utils/logger_manager.h [deleted file]
src/lib/utils/randomizer.c [deleted file]
src/lib/utils/randomizer.h [deleted file]
src/lib/utils/tester.c [deleted file]
src/lib/utils/tester.h [deleted file]
src/libstrongswan/Makefile.lib [new file with mode: 0644]
src/libstrongswan/asn1/Makefile.asn1 [new file with mode: 0644]
src/libstrongswan/asn1/asn1.c [new file with mode: 0644]
src/libstrongswan/asn1/asn1.h [new file with mode: 0644]
src/libstrongswan/asn1/oid.c [new file with mode: 0644]
src/libstrongswan/asn1/oid.h [new file with mode: 0644]
src/libstrongswan/asn1/oid.pl [new file with mode: 0644]
src/libstrongswan/asn1/oid.txt [new file with mode: 0644]
src/libstrongswan/asn1/pem.c [new file with mode: 0755]
src/libstrongswan/asn1/pem.h [new file with mode: 0755]
src/libstrongswan/asn1/ttodata.c [new file with mode: 0644]
src/libstrongswan/asn1/ttodata.h [new file with mode: 0644]
src/libstrongswan/crypto/Makefile.transforms [new file with mode: 0644]
src/libstrongswan/crypto/crypters/Makefile.crypters [new file with mode: 0644]
src/libstrongswan/crypto/crypters/aes_cbc_crypter.c [new file with mode: 0644]
src/libstrongswan/crypto/crypters/aes_cbc_crypter.h [new file with mode: 0644]
src/libstrongswan/crypto/crypters/crypter.c [new file with mode: 0644]
src/libstrongswan/crypto/crypters/crypter.h [new file with mode: 0644]
src/libstrongswan/crypto/diffie_hellman.c [new file with mode: 0644]
src/libstrongswan/crypto/diffie_hellman.h [new file with mode: 0644]
src/libstrongswan/crypto/hashers/Makefile.hashers [new file with mode: 0644]
src/libstrongswan/crypto/hashers/hasher.c [new file with mode: 0644]
src/libstrongswan/crypto/hashers/hasher.h [new file with mode: 0644]
src/libstrongswan/crypto/hashers/md5_hasher.c [new file with mode: 0644]
src/libstrongswan/crypto/hashers/md5_hasher.h [new file with mode: 0644]
src/libstrongswan/crypto/hashers/sha1_hasher.c [new file with mode: 0644]
src/libstrongswan/crypto/hashers/sha1_hasher.h [new file with mode: 0644]
src/libstrongswan/crypto/hmac.c [new file with mode: 0644]
src/libstrongswan/crypto/hmac.h [new file with mode: 0644]
src/libstrongswan/crypto/prf_plus.c [new file with mode: 0644]
src/libstrongswan/crypto/prf_plus.h [new file with mode: 0644]
src/libstrongswan/crypto/prfs/Makefile.prfs [new file with mode: 0644]
src/libstrongswan/crypto/prfs/hmac_prf.c [new file with mode: 0644]
src/libstrongswan/crypto/prfs/hmac_prf.h [new file with mode: 0644]
src/libstrongswan/crypto/prfs/prf.c [new file with mode: 0644]
src/libstrongswan/crypto/prfs/prf.h [new file with mode: 0644]
src/libstrongswan/crypto/rsa/Makefile.rsa [new file with mode: 0644]
src/libstrongswan/crypto/rsa/rsa_private_key.c [new file with mode: 0644]
src/libstrongswan/crypto/rsa/rsa_private_key.h [new file with mode: 0644]
src/libstrongswan/crypto/rsa/rsa_public_key.c [new file with mode: 0644]
src/libstrongswan/crypto/rsa/rsa_public_key.h [new file with mode: 0644]
src/libstrongswan/crypto/signers/Makefile.signers [new file with mode: 0644]
src/libstrongswan/crypto/signers/hmac_signer.c [new file with mode: 0644]
src/libstrongswan/crypto/signers/hmac_signer.h [new file with mode: 0644]
src/libstrongswan/crypto/signers/signer.c [new file with mode: 0644]
src/libstrongswan/crypto/signers/signer.h [new file with mode: 0644]
src/libstrongswan/crypto/x509.c [new file with mode: 0755]
src/libstrongswan/crypto/x509.h [new file with mode: 0755]
src/libstrongswan/definitions.c [new file with mode: 0644]
src/libstrongswan/definitions.h [new file with mode: 0644]
src/libstrongswan/library.c [new file with mode: 0644]
src/libstrongswan/library.h [new file with mode: 0644]
src/libstrongswan/types.c [new file with mode: 0644]
src/libstrongswan/types.h [new file with mode: 0644]
src/libstrongswan/utils/Makefile.utils [new file with mode: 0644]
src/libstrongswan/utils/host.c [new file with mode: 0644]
src/libstrongswan/utils/host.h [new file with mode: 0644]
src/libstrongswan/utils/identification.c [new file with mode: 0644]
src/libstrongswan/utils/identification.h [new file with mode: 0644]
src/libstrongswan/utils/iterator.h [new file with mode: 0644]
src/libstrongswan/utils/leak_detective.c [new file with mode: 0644]
src/libstrongswan/utils/leak_detective.h [new file with mode: 0644]
src/libstrongswan/utils/lexparser.c [new file with mode: 0644]
src/libstrongswan/utils/lexparser.h [new file with mode: 0644]
src/libstrongswan/utils/linked_list.c [new file with mode: 0644]
src/libstrongswan/utils/linked_list.h [new file with mode: 0644]
src/libstrongswan/utils/logger.c [new file with mode: 0644]
src/libstrongswan/utils/logger.h [new file with mode: 0644]
src/libstrongswan/utils/logger_manager.c [new file with mode: 0644]
src/libstrongswan/utils/logger_manager.h [new file with mode: 0644]
src/libstrongswan/utils/randomizer.c [new file with mode: 0644]
src/libstrongswan/utils/randomizer.h [new file with mode: 0644]
src/libstrongswan/utils/tester.c [new file with mode: 0644]
src/libstrongswan/utils/tester.h [new file with mode: 0644]
src/stroke/Makefile.stroke [new file with mode: 0644]
src/stroke/stroke.c [new file with mode: 0644]
src/stroke/stroke.h [new file with mode: 0644]

diff --git a/src/charon/charon/Architecture.txt b/src/charon/charon/Architecture.txt
new file mode 100644 (file)
index 0000000..14b9927
--- /dev/null
@@ -0,0 +1,56 @@
+/** @mainpage
+
+@section design strongSwans overall design
+
+IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is
+completely handled in pluto, as it was all the times. IKEv2 is handled in the
+new keying daemon, which is called #charon. 
+Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
+Charon uses another socket interface, called stroke. Stroke uses another
+format as whack and therefore is not compatible to whack. The starter utility,
+wich does fast configuration parsing, speaks both the protocols, whack and
+stroke. It also handles daemon startup and termination. 
+Pluto uses starter for some commands, for other it uses the whack utility. To be
+as close to pluto as possible, charon has the same split up of commands to
+starter and stroke. All commands are wrapped together in the ipsec script, which
+allows transparent control of both daemons.
+@verbatim
+
+         +-----------------------------------------+
+         |                  ipsec                  |
+         +-----+--------------+---------------+----+
+               |              |               |
+               |              |               |
+               |        +-----+-----+         |
+         +-----+----+   |           |   +-----+----+
+         |          |   |  starter  |   |          |
+         |  stroke  |   |           |   |   whack  |
+         |          |   +---+--+----+   |          |
+         +------+---+       |  |        +--+-------+
+                |           |  |           |
+            +---+------+    |  |    +------+--+
+            |          |    |  |    |         |
+            |  charon  +----+  +----+  pluto  |
+            |          |            |         |
+            +-----+----+            +----+----+
+                  |                      |
+            +-----+----+                 |
+            |    LSF   |                 |
+            +-----+----+                 |
+                  |                      |
+            +-----+----+            +----+----+
+            | RAW Sock |            | UDP/500 |
+            +----------+            +---------+
+
+@endverbatim
+Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
+500. Under Linux, there is no clean way to set up two sockets at the same port.
+To reslove this problem, charon uses a RAW socket, as they are used in network
+sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
+traffic. Pluto receives any IKE message, independant of charons behavior.
+Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
+
+To gain some reusability of the code, generic crypto and utility functions are 
+separeted in a shared library, libstrongswan.
+
+*/
\ No newline at end of file
diff --git a/src/charon/charon/Known-bugs.txt b/src/charon/charon/Known-bugs.txt
new file mode 100644 (file)
index 0000000..7fdf258
--- /dev/null
@@ -0,0 +1,7 @@
+ Known bugs in charon
+======================
+
+- intiating the same connection twice makes trouble
+- leak_detective gets confused from libpthread (invalid frees)
+- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
+
diff --git a/src/charon/charon/Todo-list.txt b/src/charon/charon/Todo-list.txt
new file mode 100644 (file)
index 0000000..7bff26d
--- /dev/null
@@ -0,0 +1,57 @@
+ Todo-List for charon
+======================
+
++ = done, / = partial, - = todo, ordered by priority
+
+
++ private key loading: der, without passphrase
++ load all private keys from ipsec.d/private/ in stroke.c
++ handle leftcert and rightcert in starterstroke.c/stroke.c
++ load specified certs in stroke.c
++ extract public keys from certs
++ public key authentication
++ release for Andreas
+
++ stroke loglevels
++ stroke up
++ ike_sa_manager checkout_by_hosts
++ stroke down
++ stroke output redirection
++ stroke status
+
++ libx509
+  + new charon build - libstrong?
+    + transforms
+    + utils (plus host)
+    + logger_manager instance in lib
+    + leak detective usable for charon and pluto and anything else
+  + integrate asn1 parser/oid (asn1/oid)
+  + integrate basic PEM loading
+  + port x509 stuff
+
++ doxygen cleanup (charon/lib)
+
+/ useable certificate support
+  + more id types (use atodn from pluto)
+  + rewrite certificate storage the clean way
+  - further subjectAltName support
+  - certificate validation/chaining
+  - certificate exchange
+
++ Apply -W's from Makefile.program to charon
+- do ipsec status via starter
+- add more output to to up/down, somehow...
+
+- stroke status should show configured connections
+- stroke loglevel update
+- stroke argument parsing via getopts/gperf?
+
+- implement 3DES to load encrypted pem files
+- ipsec.secrets parsing
+
+- trapping
+- delete notify, when to send?
+- notifys on connection setup failure
+- create child sa message/rekeying
+
+- new build environment (autotools?)
diff --git a/src/charon/doc/Architecture.txt b/src/charon/doc/Architecture.txt
deleted file mode 100644 (file)
index 14b9927..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-/** @mainpage
-
-@section design strongSwans overall design
-
-IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is
-completely handled in pluto, as it was all the times. IKEv2 is handled in the
-new keying daemon, which is called #charon. 
-Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
-Charon uses another socket interface, called stroke. Stroke uses another
-format as whack and therefore is not compatible to whack. The starter utility,
-wich does fast configuration parsing, speaks both the protocols, whack and
-stroke. It also handles daemon startup and termination. 
-Pluto uses starter for some commands, for other it uses the whack utility. To be
-as close to pluto as possible, charon has the same split up of commands to
-starter and stroke. All commands are wrapped together in the ipsec script, which
-allows transparent control of both daemons.
-@verbatim
-
-         +-----------------------------------------+
-         |                  ipsec                  |
-         +-----+--------------+---------------+----+
-               |              |               |
-               |              |               |
-               |        +-----+-----+         |
-         +-----+----+   |           |   +-----+----+
-         |          |   |  starter  |   |          |
-         |  stroke  |   |           |   |   whack  |
-         |          |   +---+--+----+   |          |
-         +------+---+       |  |        +--+-------+
-                |           |  |           |
-            +---+------+    |  |    +------+--+
-            |          |    |  |    |         |
-            |  charon  +----+  +----+  pluto  |
-            |          |            |         |
-            +-----+----+            +----+----+
-                  |                      |
-            +-----+----+                 |
-            |    LSF   |                 |
-            +-----+----+                 |
-                  |                      |
-            +-----+----+            +----+----+
-            | RAW Sock |            | UDP/500 |
-            +----------+            +---------+
-
-@endverbatim
-Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
-500. Under Linux, there is no clean way to set up two sockets at the same port.
-To reslove this problem, charon uses a RAW socket, as they are used in network
-sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
-traffic. Pluto receives any IKE message, independant of charons behavior.
-Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
-
-To gain some reusability of the code, generic crypto and utility functions are 
-separeted in a shared library, libstrongswan.
-
-*/
\ No newline at end of file
diff --git a/src/charon/doc/Known-bugs.txt b/src/charon/doc/Known-bugs.txt
deleted file mode 100644 (file)
index 7fdf258..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
- Known bugs in charon
-======================
-
-- intiating the same connection twice makes trouble
-- leak_detective gets confused from libpthread (invalid frees)
-- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
-
diff --git a/src/charon/doc/Todo-list.txt b/src/charon/doc/Todo-list.txt
deleted file mode 100644 (file)
index 7bff26d..0000000
+++ /dev/null
@@ -1,57 +0,0 @@
- Todo-List for charon
-======================
-
-+ = done, / = partial, - = todo, ordered by priority
-
-
-+ private key loading: der, without passphrase
-+ load all private keys from ipsec.d/private/ in stroke.c
-+ handle leftcert and rightcert in starterstroke.c/stroke.c
-+ load specified certs in stroke.c
-+ extract public keys from certs
-+ public key authentication
-+ release for Andreas
-
-+ stroke loglevels
-+ stroke up
-+ ike_sa_manager checkout_by_hosts
-+ stroke down
-+ stroke output redirection
-+ stroke status
-
-+ libx509
-  + new charon build - libstrong?
-    + transforms
-    + utils (plus host)
-    + logger_manager instance in lib
-    + leak detective usable for charon and pluto and anything else
-  + integrate asn1 parser/oid (asn1/oid)
-  + integrate basic PEM loading
-  + port x509 stuff
-
-+ doxygen cleanup (charon/lib)
-
-/ useable certificate support
-  + more id types (use atodn from pluto)
-  + rewrite certificate storage the clean way
-  - further subjectAltName support
-  - certificate validation/chaining
-  - certificate exchange
-
-+ Apply -W's from Makefile.program to charon
-- do ipsec status via starter
-- add more output to to up/down, somehow...
-
-- stroke status should show configured connections
-- stroke loglevel update
-- stroke argument parsing via getopts/gperf?
-
-- implement 3DES to load encrypted pem files
-- ipsec.secrets parsing
-
-- trapping
-- delete notify, when to send?
-- notifys on connection setup failure
-- create child sa message/rekeying
-
-- new build environment (autotools?)
diff --git a/src/charon/patches/strongswan-2.7.0.patch b/src/charon/patches/strongswan-2.7.0.patch
deleted file mode 100644 (file)
index b21e101..0000000
+++ /dev/null
@@ -1,874 +0,0 @@
-diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc
---- strongswan-2.7.0/Makefile.inc      2006-01-25 18:23:15.000000000 +0100
-+++ strongswan-2.7.0-patched/Makefile.inc      2006-04-28 08:56:38.000000000 +0200
-@@ -84,6 +84,8 @@
- FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
- LIBDIR=$(DESTDIR)$(FINALLIBDIR)
-+# sharedlibdir is where shared libraries go
-+SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib
- # where the appropriate manpage tree is located
- # location within INC_USRLOCAL
-@@ -284,6 +286,9 @@
- # include PKCS11-based smartcard support
- USE_SMARTCARD?=false
-+# support IKEv2 via charon
-+USE_IKEV2?=true
-+
- # Default PKCS11 library
- # Uncomment this line if using OpenSC <= 0.9.6
- PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
-diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile
---- strongswan-2.7.0/programs/Makefile 2006-04-17 13:04:45.000000000 +0200
-+++ strongswan-2.7.0-patched/programs/Makefile 2006-04-28 08:56:38.000000000 +0200
-@@ -32,6 +32,10 @@
- SUBDIRS+=showpolicy
- endif
-+ifeq ($(USE_IKEV2),true)
-+SUBDIRS+=charon
-+endif
-+
- def:
-       @echo "Please read doc/intro.html or INSTALL before running make"
-       @false
-diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in
---- strongswan-2.7.0/programs/ipsec/ipsec.in   2006-03-09 21:09:33.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in   2006-04-28 08:56:38.000000000 +0200
-@@ -26,6 +26,7 @@
- export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
- IPSEC_STARTER_PID="/var/run/starter.pid"
-+IPSEC_CHARON_PID="/var/run/charon.pid"
- # standardize PATH, and export it for everything else's benefit
- PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
-@@ -123,6 +124,10 @@
- down)
-       shift
-       $IPSEC_EXECDIR/whack --name "$1" --terminate
-+      if test -e $IPSEC_CHARON_PID
-+      then
-+          $IPSEC_EXECDIR/stroke down "$1"
-+      fi
-       exit 0
-       ;;
- listalgs|listpubkeys|listcerts|listcacerts|\
-@@ -134,6 +139,10 @@
-       op="$1"
-       shift
-         $IPSEC_EXECDIR/whack "$@" "--$op"
-+      if test -e $IPSEC_CHARON_PID
-+      then
-+            $IPSEC_EXECDIR/stroke "$op"
-+        fi
-       exit 0
-       ;;
- ready)
-@@ -180,8 +189,16 @@
-       if test $# -eq 0
-       then
-           $IPSEC_EXECDIR/whack "--$op"
-+          if test -e $IPSEC_CHARON_PID
-+          then
-+              $IPSEC_EXECDIR/stroke "$op"
-+          fi
-       else
-           $IPSEC_EXECDIR/whack --name "$1" "--$op"
-+          if test -e $IPSEC_CHARON_PID
-+          then
-+              $IPSEC_EXECDIR/stroke "$op" "$1"
-+          fi
-       fi
-       exit 0
-       ;;
-@@ -198,6 +215,10 @@
- up)
-       shift
-       $IPSEC_EXECDIR/whack --name "$1" --initiate
-+      if test -e $IPSEC_CHARON_PID
-+      then
-+          $IPSEC_EXECDIR/stroke up "$1"
-+      fi
-       exit 0
-       ;;
- update)
-diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile
---- strongswan-2.7.0/programs/pluto/Makefile   2006-01-25 18:22:19.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/pluto/Makefile   2006-04-28 08:56:38.000000000 +0200
-@@ -170,6 +170,11 @@
-   LIBSPLUTO+= -ldl
- endif
-+# enable IKEv2 support
-+ifeq ($(USE_IKEV2),true)
-+  DEFINES+= -DIKEV2
-+endif
-+
- # This compile option activates the leak detective
- ifeq ($(USE_LEAK_DETECTIVE),true)
-   DEFINES+= -DLEAK_DETECTIVE
-diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c
---- strongswan-2.7.0/programs/pluto/demux.c    2005-02-18 22:08:59.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/pluto/demux.c    2006-04-28 08:56:13.000000000 +0200
-@@ -1196,6 +1196,21 @@
-       }
- #endif
-+#ifdef IKEV2
-+#define IKEV2_VERSION_OFFSET  17
-+#define IKEV2_VERSION         0x20
-+
-+    /* ignore IKEv2 packets - they will be handled by charon */
-+    if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET
-+    &&  md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION)
-+    {
-+      DBG(DBG_CONTROLMORE,
-+          DBG_log("  ignoring IKEv2 packet")
-+      )
-+      return FALSE;
-+    }
-+#endif /* IKEV2 */
-+
-     return TRUE;
- }
-@@ -1229,6 +1244,7 @@
-       if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
-       {
-           struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
-+
-           if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
-           {
-               SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
-diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile
---- strongswan-2.7.0/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/Makefile 2006-04-28 08:56:38.000000000 +0200
-@@ -34,6 +34,11 @@
-   DEFINES+= -DLEAK_DETECTIVE
- endif
-+# Enable charon support
-+ifeq ($(USE_IKEV2),true)
-+  DEFINES+= -DIKEV2
-+endif
-+
- INCLUDES=-I${FREESWANDIR}/linux/include
- CFLAGS=$(DEFINES) $(INCLUDES) -Wall
- CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
-@@ -46,6 +51,11 @@
-      starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
-      loglite.o ${PLUTO_OBJS}
-+# Build charon-only objs
-+ifeq ($(USE_IKEV2),true)
-+  OBJS+= invokecharon.o starterstroke.o
-+endif
-+
- DISTSRC=$(OBJS:.o=.c)
- DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
- DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
-diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c
---- strongswan-2.7.0/programs/starter/args.c   2006-04-17 12:32:36.000000000 +0200
-+++ strongswan-2.7.0-patched/programs/starter/args.c   2006-04-28 08:56:38.000000000 +0200
-@@ -86,6 +86,10 @@
- static const char *LST_keyexchange[] = {
-     "ike",
-+#ifdef IKEV2
-+    "ikev1",
-+    "ikev2",
-+#endif /* IKEV2 */
-      NULL
- };
-diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h
---- strongswan-2.7.0/programs/starter/files.h  2006-02-04 19:52:58.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/files.h  2006-04-28 08:56:38.000000000 +0200
-@@ -37,8 +37,15 @@
- #define SECRETS_FILE  IPSEC_CONFDIR"/ipsec.secrets"
- #define PLUTO_CMD       IPSEC_EXECDIR"/pluto"
--#define CTL_FILE        DEFAULT_CTLBASE CTL_SUFFIX
--#define PID_FILE        DEFAULT_CTLBASE PID_SUFFIX
-+#define PLUTO_CTL_FILE  DEFAULT_CTLBASE CTL_SUFFIX
-+#define PLUTO_PID_FILE  DEFAULT_CTLBASE PID_SUFFIX
-+
-+#ifdef IKEV2
-+#define CHARON_CMD            IPSEC_EXECDIR"/charon"
-+#define CHARON_BASE           "/var/run/charon"
-+#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX
-+#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX
-+#endif /* IKEV2 */
- #define DYNIP_DIR       "/var/run/dynip"
- #define INFO_FILE       "/var/run/ipsec.info"
-diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c
---- strongswan-2.7.0/programs/starter/invokecharon.c   1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/invokecharon.c   2006-04-28 08:56:38.000000000 +0200
-@@ -0,0 +1,174 @@
-+/* strongSwan charon launcher
-+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
-+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
-+ *
-+ * Ported from invokepluto.c to fit charons needs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: invokecharon.c $
-+ */
-+
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <signal.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+
-+#include <freeswan.h>
-+
-+#include "../pluto/constants.h"
-+#include "../pluto/defs.h"
-+#include "../pluto/log.h"
-+
-+#include "confread.h"
-+#include "invokecharon.h"
-+#include "files.h"
-+
-+static int _charon_pid = 0;
-+static int _stop_requested;
-+
-+pid_t
-+starter_charon_pid(void)
-+{
-+    return _charon_pid;
-+}
-+
-+void
-+starter_charon_sigchild(pid_t pid)
-+{
-+      if (pid == _charon_pid)
-+    {
-+              _charon_pid = 0;
-+      if (!_stop_requested)
-+      {
-+          plog("charon has died -- restart scheduled (%dsec)"
-+              , CHARON_RESTART_DELAY);
-+          alarm(CHARON_RESTART_DELAY);   // restart in 5 sec
-+      }
-+      unlink(CHARON_PID_FILE);
-+    }
-+}
-+
-+int
-+starter_stop_charon (void)
-+{
-+    pid_t pid;
-+    int i;
-+
-+    pid = _charon_pid;
-+    if (pid)
-+    {
-+      _stop_requested = 1;
-+
-+      /* be more and more aggressive */
-+      for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
-+      {
-+              if (i == 0)
-+                      kill(pid, SIGINT);
-+          else if (i < 10)
-+                      kill(pid, SIGTERM);
-+          else
-+                      kill(pid, SIGKILL);
-+          usleep(20000);
-+      }
-+      if (_charon_pid == 0)
-+          return 0;
-+      plog("starter_stop_charon(): can't stop charon !!!");
-+      return -1;
-+    }
-+    else
-+    {
-+      plog("stater_stop_charon(): charon is not started...");
-+    }
-+    return -1;
-+}
-+
-+
-+int
-+starter_start_charon (starter_config_t *cfg, bool debug)
-+{
-+    int pid, i;
-+    struct stat stb;
-+    int argc = 1;
-+    char *arg[] = {
-+      CHARON_CMD, NULL, NULL,
-+    };
-+
-+    if (!debug)
-+    {
-+      arg[argc++] = "--use-syslog";
-+    }
-+      
-+    if (_charon_pid)
-+    {
-+      plog("starter_start_charon(): charon already started...");
-+      return -1;
-+    }
-+    else
-+    {
-+      unlink(CHARON_CTL_FILE);
-+      _stop_requested = 0;
-+
-+      pid = fork();
-+      switch (pid)
-+      {
-+      case -1:
-+          plog("can't fork(): %s", strerror(errno));
-+          return -1;
-+      case 0:
-+          /* child */
-+          setsid();
-+          sigprocmask(SIG_SETMASK, 0, NULL);
-+          execv(arg[0], arg);
-+          plog("can't execv(%s,...): %s", arg[0], strerror(errno));
-+          exit(1);
-+      default:
-+          /* father */
-+              _charon_pid = pid;
-+              for (i = 0; i < 50 && _charon_pid; i++)
-+          {
-+              /* wait for charon */
-+              usleep(20000);
-+              if (stat(CHARON_PID_FILE, &stb) == 0)
-+              {
-+                  DBG(DBG_CONTROL,
-+                      DBG_log("charon (%d) started", _charon_pid)
-+                  )
-+                  return 0;
-+              }
-+          }
-+          if (_charon_pid)
-+          {
-+              /* If charon is started but with no ctl file, stop it */
-+              plog("charon too long to start... - kill kill");
-+              for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
-+              {
-+                      if (i == 0)
-+                      kill(pid, SIGINT);
-+                  else if (i < 10)
-+                      kill(pid, SIGTERM);
-+                  else
-+                      kill(pid, SIGKILL);
-+                  usleep(20000);
-+              }
-+          }
-+          else
-+          {
-+              plog("charon refused to be started");
-+          }
-+          return -1;
-+      }
-+    }
-+    return -1;
-+}
-diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h
---- strongswan-2.7.0/programs/starter/invokecharon.h   1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/invokecharon.h   2006-04-28 08:56:38.000000000 +0200
-@@ -0,0 +1,31 @@
-+/* strongSwan charon launcher
-+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
-+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
-+ *
-+ * Ported from invokepluto.h to fit charons needs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: invokecharon.h $
-+ */
-+
-+#ifndef _STARTER_CHARON_H_
-+#define _STARTER_CHARON_H_
-+
-+#define CHARON_RESTART_DELAY    5
-+
-+extern void starter_charon_sigchild (pid_t pid);
-+extern pid_t starter_charon_pid (void);
-+extern int starter_stop_charon (void);
-+extern int starter_start_charon(struct starter_config *cfg, bool debug);
-+
-+#endif /* _STARTER_CHARON_H_ */
-+
-diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c
---- strongswan-2.7.0/programs/starter/invokepluto.c    2006-02-17 22:41:50.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/invokepluto.c    2006-04-28 08:56:38.000000000 +0200
-@@ -54,7 +54,7 @@
-               , PLUTO_RESTART_DELAY);
-           alarm(PLUTO_RESTART_DELAY);   // restart in 5 sec
-       }
--      unlink(PID_FILE);
-+      unlink(PLUTO_PID_FILE);
-     }
- }
-@@ -203,7 +203,7 @@
-     }
-     else
-     {
--      unlink(CTL_FILE);
-+      unlink(PLUTO_CTL_FILE);
-       _stop_requested = 0;
-       if (cfg->setup.prepluto)
-@@ -252,7 +252,7 @@
-           {
-               /* wait for pluto */
-               usleep(20000);
--              if (stat(CTL_FILE, &stb) == 0)
-+              if (stat(PLUTO_CTL_FILE, &stb) == 0)
-               {
-                   DBG(DBG_CONTROL,
-                       DBG_log("pluto (%d) started", _pluto_pid)
-diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c
---- strongswan-2.7.0/programs/starter/starter.c        2006-02-15 19:37:46.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/starter.c        2006-04-28 08:56:38.000000000 +0200
-@@ -37,6 +37,7 @@
- #include "files.h"
- #include "starterwhack.h"
- #include "invokepluto.h"
-+#include "invokecharon.h"
- #include "klips.h"
- #include "netkey.h"
- #include "cmp.h"
-@@ -47,6 +48,9 @@
- #define FLAG_ACTION_RELOAD        0x04
- #define FLAG_ACTION_QUIT          0x08
- #define FLAG_ACTION_LISTEN        0x10
-+#ifdef IKEV2
-+#define FLAG_ACTION_START_CHARON  0x20
-+#endif /* IKEV2 */
- static unsigned int _action_ = 0;
-@@ -65,6 +69,10 @@
-           {
-               if (pid == starter_pluto_pid())
-                   name = " (Pluto)";
-+#ifdef IKEV2
-+              if (pid == starter_charon_pid())
-+                  name = " (Charon)";
-+#endif /* IKEV2 */
-               if (WIFSIGNALED(status))
-                   DBG(DBG_CONTROL,
-                       DBG_log("child %d%s has been killed by sig %d\n",
-@@ -87,6 +95,10 @@
-               if (pid == starter_pluto_pid())
-                   starter_pluto_sigchild(pid);
-+#ifdef IKEV2
-+              if (pid == starter_charon_pid())
-+                  starter_charon_sigchild(pid);
-+#endif /* IKEV2 */
-           }
-       }
-       break;
-@@ -97,6 +109,9 @@
-     case SIGALRM:
-       _action_ |= FLAG_ACTION_START_PLUTO;
-+#ifdef IKEV2
-+      _action_ |= FLAG_ACTION_START_CHARON;
-+#endif /* IKEV2 */
-       break;
-     case SIGHUP:
-@@ -193,6 +208,9 @@
-     signal(SIGQUIT, fsig);
-     signal(SIGALRM, fsig);
-     signal(SIGUSR1, fsig);
-+      
-+      
-+      plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
-     /* verify that we can start */
-     if (getuid() != 0)
-@@ -201,12 +219,24 @@
-       exit(1);
-     }
--    if (stat(PID_FILE, &stb) == 0)
-+    if (stat(PLUTO_PID_FILE, &stb) == 0)
-     {
--      plog("pluto is already running (%s exists) -- aborting", PID_FILE);
--      exit(1);
-+      plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
-     }
--
-+    else
-+    {
-+      _action_ |= FLAG_ACTION_START_PLUTO;
-+    }
-+#ifdef IKEV2
-+    if (stat(CHARON_PID_FILE, &stb) == 0)
-+    {
-+      plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
-+    }
-+    else
-+    {
-+      _action_ |= FLAG_ACTION_START_CHARON;
-+    }
-+#endif /* IKEV2 */
-     if (stat(DEV_RANDOM, &stb) != 0)
-     {
-       plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
-@@ -247,7 +277,11 @@
-     last_reload = time(NULL);
--    plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
-+    if (stat(MY_PID_FILE, &stb) == 0)
-+    {
-+      plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE);
-+      exit(0);
-+    }
-     /* fork if we're not debugging stuff */
-     if (!no_fork)
-@@ -296,17 +330,19 @@
-                     , &cfg->defaultroute);
-     }
--    _action_ = FLAG_ACTION_START_PLUTO;
--
-     for (;;)
-     {
-       /*
--       * Stop pluto (if started) and exit
--         */
-+       * Stop pluto/charon (if started) and exit
-+       */
-       if (_action_ & FLAG_ACTION_QUIT)
-       {
-           if (starter_pluto_pid())
-               starter_stop_pluto();
-+#ifdef IKEV2
-+              if (starter_charon_pid())
-+              starter_stop_charon();
-+#endif IKEV2
-           if (has_netkey)
-               starter_netkey_cleanup();
-           else
-@@ -337,6 +373,9 @@
-                   if (conn->state == STATE_ADDED)
-                   {
-                       starter_whack_del_conn(conn);
-+#ifdef IKEV2
-+                      starter_stroke_del_conn(conn);
-+#endif /* IKEV2 */
-                       conn->state = STATE_TO_ADD;
-                   }
-               }
-@@ -427,6 +466,9 @@
-                   {
-                       if (conn->state == STATE_ADDED)
-                           starter_whack_del_conn(conn);
-+#ifdef IKEV2
-+                          starter_stroke_del_conn(conn);
-+#endif /* IKEV2 */
-                   }
-                   /* Look for new ca sections that are already loaded */
-@@ -502,6 +544,27 @@
-                   conn->state = STATE_TO_ADD;
-           }
-       }
-+      
-+#ifdef IKEV2
-+      /*
-+       * Start charon
-+       */
-+      if (_action_ & FLAG_ACTION_START_CHARON)
-+      {
-+              if (starter_charon_pid() == 0)
-+              {
-+                      DBG(DBG_CONTROL,
-+                              DBG_log("Attempting to start charon...")
-+                         )
-+                      if (starter_start_charon(cfg, no_fork) != 0)
-+                      {
-+                              /* schedule next try */
-+                              alarm(PLUTO_RESTART_DELAY);
-+                      }
-+              }
-+              _action_ &= ~FLAG_ACTION_START_CHARON;
-+      }
-+#endif /* IKEV2 */
-       /*
-        * Tell pluto to reread its interfaces
-@@ -536,11 +599,36 @@
-                       conn->id = id++;
-                   }
-                   starter_whack_add_conn(conn);
-+#ifdef IKEV2
-+                  starter_stroke_add_conn(conn);
-+#endif /* IKEV2 */
-                   conn->state = STATE_ADDED;
-                   if (conn->startup == STARTUP_START)
--                      starter_whack_initiate_conn(conn);
-+                  {
-+#ifdef IKEV2
-+                      if (conn->keyexchange == 2)
-+                      {
-+                          starter_stroke_initiate_conn(conn);
-+                      }
-+                      else
-+#endif /* IKEV2 */
-+                      {
-+                          starter_whack_initiate_conn(conn);
-+                      }
-+                  }
-                   else if (conn->startup == STARTUP_ROUTE)
--                      starter_whack_route_conn(conn);
-+                  {
-+#ifdef IKEV2
-+                      if (conn->keyexchange == 2)
-+                      {
-+                              starter_stroke_route_conn(conn);
-+                      }
-+                      else
-+#endif /* IKEV2 */
-+                      {
-+                              starter_whack_route_conn(conn); 
-+                      }
-+                  }
-               }
-           }
-       }
-diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c
---- strongswan-2.7.0/programs/starter/starterstroke.c  1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/starterstroke.c  2006-04-28 08:56:38.000000000 +0200
-@@ -0,0 +1,161 @@
-+/* Stroke for charon is the counterpart to whack from pluto
-+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: starterstroke.c $
-+ */
-+
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/un.h>
-+#include <linux/stddef.h>
-+#include <unistd.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <netinet/in.h>
-+#include <arpa/inet.h>
-+
-+#include <freeswan.h>
-+
-+#include "../pluto/constants.h"
-+#include "../pluto/defs.h"
-+#include "../pluto/log.h"
-+
-+#include "../charon/stroke/stroke.h"
-+
-+#include "starterstroke.h"
-+#include "confread.h"
-+#include "files.h"
-+
-+static char* push_string(stroke_msg_t **strm, char *string)
-+{
-+      stroke_msg_t *stroke_msg;
-+      size_t string_length;
-+      
-+      if (string == NULL)
-+      {
-+              return NULL;
-+      }
-+      stroke_msg = *strm;
-+      string_length = strlen(string) + 1;
-+      stroke_msg->length += string_length;
-+      
-+      stroke_msg = realloc(stroke_msg, stroke_msg->length);
-+      strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
-+      
-+      *strm = stroke_msg;
-+      return (char*)(u_int)stroke_msg->length - string_length;
-+}
-+
-+static int
-+send_stroke_msg (stroke_msg_t *msg)
-+{
-+      struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
-+      int sock;
-+      
-+      sock = socket(AF_UNIX, SOCK_STREAM, 0);
-+      if (sock < 0)
-+      {
-+      plog("socket() failed: %s", strerror(errno));
-+      return -1;
-+      }
-+      if (connect(sock, (struct sockaddr *)&ctl_addr,
-+      offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
-+      {
-+      plog("connect(charon_ctl) failed: %s", strerror(errno));
-+      close(sock);
-+      return -1;
-+      }
-+      
-+      /* send message */
-+      if (write(sock, msg, msg->length) != msg->length)
-+      {
-+      plog("write(charon_ctl) failed: %s", strerror(errno));
-+      close(sock);
-+      return -1;
-+      }
-+      
-+      close(sock);
-+      return 0;
-+}
-+
-+static char *
-+connection_name(starter_conn_t *conn)
-+{
-+    /* if connection name is '%auto', create a new name like conn_xxxxx */
-+    static char buf[32];
-+
-+    if (streq(conn->name, "%auto"))
-+    {
-+      sprintf(buf, "conn_%ld", conn->id);
-+      return buf;
-+    }
-+    return conn->name;
-+}
-+
-+
-+int starter_stroke_add_conn(starter_conn_t *conn)
-+{
-+      stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-+      int res;
-+      
-+      msg->length = sizeof(stroke_msg_t);
-+      msg->type = STR_ADD_CONN;
-+      
-+      msg->add_conn.name = push_string(&msg, connection_name(conn));
-+      
-+      msg->add_conn.me.id = push_string(&msg, conn->left.id);
-+      msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
-+      msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
-+      msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
-+      msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
-+      
-+      msg->add_conn.other.id = push_string(&msg, conn->right.id);
-+      msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
-+      msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
-+      msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
-+      msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
-+      
-+      res = send_stroke_msg(msg);
-+      free(msg);
-+      return res;
-+}
-+
-+int starter_stroke_del_conn(starter_conn_t *conn)
-+{
-+      return 0;
-+}
-+int starter_stroke_route_conn(starter_conn_t *conn)
-+{
-+      stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-+      int res;
-+      
-+      msg->length = sizeof(stroke_msg_t);
-+      msg->type = STR_INSTALL;
-+      msg->install.name = push_string(&msg, connection_name(conn));
-+      res = send_stroke_msg(msg);
-+      free(msg);
-+      return res;
-+}
-+
-+int starter_stroke_initiate_conn(starter_conn_t *conn)
-+{
-+      stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-+      int res;
-+      
-+      msg->length = sizeof(stroke_msg_t);
-+      msg->type = STR_INITIATE;
-+      msg->initiate.name = push_string(&msg, connection_name(conn));
-+      res = send_stroke_msg(msg);
-+      free(msg);
-+      return res;
-+}
-diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h
---- strongswan-2.7.0/programs/starter/starterstroke.h  1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-patched/programs/starter/starterstroke.h  2006-04-28 08:56:38.000000000 +0200
-@@ -0,0 +1,27 @@
-+/* Stroke for charon is the counterpart to whack from pluto
-+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: starterstroke.h $
-+ */
-+
-+#ifndef _STARTER_STROKE_H_
-+#define _STARTER_STROKE_H_
-+
-+#include "confread.h"
-+
-+extern int starter_stroke_add_conn(starter_conn_t *conn);
-+extern int starter_stroke_del_conn(starter_conn_t *conn);
-+extern int starter_stroke_route_conn(starter_conn_t *conn);
-+extern int starter_stroke_initiate_conn(starter_conn_t *conn);
-+
-+#endif /* _STARTER_STROKE_H_ */
-diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c
---- strongswan-2.7.0/programs/starter/starterwhack.c   2006-04-17 12:32:36.000000000 +0200
-+++ strongswan-2.7.0-patched/programs/starter/starterwhack.c   2006-04-28 08:56:38.000000000 +0200
-@@ -54,7 +54,7 @@
- static int
- send_whack_msg (whack_message_t *msg)
- {
--    struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
-+    struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE };
-     int sock;
-     ssize_t len;
-     char *str_next, *str_roof;
diff --git a/src/charon/scripts/alice-key.der b/src/charon/scripts/alice-key.der
deleted file mode 100644 (file)
index 5a8aef6..0000000
Binary files a/src/charon/scripts/alice-key.der and /dev/null differ
diff --git a/src/charon/scripts/alice.der b/src/charon/scripts/alice.der
deleted file mode 100644 (file)
index 8154def..0000000
Binary files a/src/charon/scripts/alice.der and /dev/null differ
diff --git a/src/charon/scripts/bob-key.der b/src/charon/scripts/bob-key.der
deleted file mode 100644 (file)
index f944dec..0000000
Binary files a/src/charon/scripts/bob-key.der and /dev/null differ
diff --git a/src/charon/scripts/bob.der b/src/charon/scripts/bob.der
deleted file mode 100644 (file)
index 4016118..0000000
Binary files a/src/charon/scripts/bob.der and /dev/null differ
diff --git a/src/charon/scripts/complex1.der b/src/charon/scripts/complex1.der
deleted file mode 100644 (file)
index ba460cb..0000000
Binary files a/src/charon/scripts/complex1.der and /dev/null differ
diff --git a/src/charon/scripts/complex2.der b/src/charon/scripts/complex2.der
deleted file mode 100644 (file)
index 160b21f..0000000
Binary files a/src/charon/scripts/complex2.der and /dev/null differ
diff --git a/src/charon/scripts/daemon-loop.sh b/src/charon/scripts/daemon-loop.sh
deleted file mode 100755 (executable)
index 9a361e0..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-while [ 1 ]
-do
-       ip x p f
-       ip x s f
-       rm /var/run/charon.*
-       make
-       bin/charon
-       echo ""
-       echo "----------------------------"
-       echo ""
-done
diff --git a/src/charon/scripts/deleteline b/src/charon/scripts/deleteline
deleted file mode 100755 (executable)
index 9f529dc..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-FILES=`find . -name '*.[ch]'`
-for FILE in $FILES
-do
-       TMP=${FILE}_tmp
-       sed "/$1/d" < $FILE > $TMP
-       mv $TMP $FILE
-done
diff --git a/src/charon/scripts/replace b/src/charon/scripts/replace
deleted file mode 100755 (executable)
index adfc8e0..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-FILES=`find . -name '*.[ch]'`
-for FILE in $FILES
-do
-       TMP=${FILE}_tmp
-       sed "s/$1/$2/g" < $FILE > $TMP
-       mv $TMP $FILE
-done
diff --git a/src/charon/scripts/to-alice.sh b/src/charon/scripts/to-alice.sh
deleted file mode 100755 (executable)
index 01ba27f..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# enable ip forwarding for gateway
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
-# add connection to alice
-MY_ADDR=192.168.0.2                           # Address of local peer
-OTHER_ADDR=192.168.0.1                        # Address of remote peer
-MY_ID="C=CH, O=Linux strongSwan, CN=bob"      # ID of local peer
-OTHER_ID="C=CH, O=Linux strongSwan, CN=alice" # ID of remote peer
-MY_NET=10.2.0.0                               # protected local subnet
-OTHER_NET=10.1.0.0                            # protected remote subnet
-MY_BITS=16                                    # size of subnet
-OTHER_BITS=16                                 # size of subnet
-CONN_NAME=to-alice                            # connection name
-
-bin/stroke add $CONN_NAME "$MY_ID" "$OTHER_ID" $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS
-
-# initiate
-i=0
-LIMIT=1
-
-while [ "$i" -lt "$LIMIT" ]
-do
-  bin/stroke up $CONN_NAME
-  let "i += 1"
-done
diff --git a/src/charon/scripts/to-bob.sh b/src/charon/scripts/to-bob.sh
deleted file mode 100755 (executable)
index df30bd8..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# enable ip forwarding for gateway
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
-# add connection to bob
-MY_ADDR=192.168.0.1                           # Address of local peer
-OTHER_ADDR=192.168.0.2                        # Address of remote peer
-MY_ID="C=CH, O=Linux strongSwan, CN=alice"    # ID of local peer
-OTHER_ID="C=CH, O=Linux strongSwan, CN=bob"   # ID of remote peer
-MY_NET=10.1.0.0                               # protected local subnet
-OTHER_NET=10.2.0.0                            # protected remote subnet
-MY_BITS=16                                    # size of subnet
-OTHER_BITS=16                                 # size of subnet
-CONN_NAME=to-bob                              # connection name
-
-bin/stroke add $CONN_NAME "$MY_ID" "$OTHER_ID" $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS
-
-# initiate
-i=0
-LIMIT=0
-
-while [ "$i" -lt "$LIMIT" ]
-do
-  bin/stroke up $CONN_NAME
-  let "i += 1"
-done
diff --git a/src/charon/stroke/Makefile.stroke b/src/charon/stroke/Makefile.stroke
deleted file mode 100644 (file)
index c874450..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-STROKE_DIR= $(MAIN_DIR)stroke/
-
-$(BUILD_DIR)stroke.o :                 $(STROKE_DIR)stroke.c $(STROKE_DIR)stroke.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/charon/stroke/stroke.c b/src/charon/stroke/stroke.c
deleted file mode 100644 (file)
index 7a734a0..0000000
+++ /dev/null
@@ -1,306 +0,0 @@
-/* Stroke for charon is the counterpart to whack from pluto
- * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/fcntl.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stdio.h>
-#include <linux/stddef.h>
-
-#include "stroke.h"
-
-static char* push_string(stroke_msg_t **strm, char *string)
-{
-       stroke_msg_t *stroke_msg;
-       size_t string_length;
-       
-       if (string == NULL)
-       {
-               return NULL;
-       }
-       stroke_msg = *strm;
-       string_length = strlen(string) + 1;
-       stroke_msg->length += string_length;
-       
-       stroke_msg = realloc(stroke_msg, stroke_msg->length);
-       strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
-       
-       *strm = stroke_msg;
-       return (char*)(u_int)stroke_msg->length - string_length;
-}
-
-static int send_stroke_msg (stroke_msg_t *msg)
-{
-       struct sockaddr_un ctl_addr = { AF_UNIX, STROKE_SOCKET };
-       int sock;
-       char buffer[64];
-       int byte_count;
-       
-       sock = socket(AF_UNIX, SOCK_STREAM, 0);
-       if (sock < 0)
-       {
-               fprintf(stderr, "Opening unix socket %s: %s\n", STROKE_SOCKET, strerror(errno));
-               return -1;
-       }
-       if (connect(sock, (struct sockaddr *)&ctl_addr,
-                               offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
-       {
-               fprintf(stderr, "Connect to socket failed: %s\n", strerror(errno));
-               close(sock);
-               return -1;
-       }
-       
-       /* send message */
-       if (write(sock, msg, msg->length) != msg->length)
-       {
-               fprintf(stderr, "writing to socket failed: %s\n", strerror(errno));
-               close(sock);
-               return -1;
-       }
-       
-       while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
-       {
-               buffer[byte_count] = '\0';
-               printf("%s", buffer);
-       }
-       if (byte_count < 0)
-       {
-               fprintf(stderr, "reading from socket failed: %s\n", strerror(errno));
-       }
-       
-       close(sock);
-       return 0;
-}
-
-static int add_connection(char *name,
-                                                 char *my_id, char *other_id, 
-                                                 char *my_addr, char *other_addr,
-                                                 char *my_net, char *other_net,
-                                                 u_int my_netmask, u_int other_netmask)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       msg->type = STR_ADD_CONN;
-       
-       msg->add_conn.name = push_string(&msg, name);
-       
-       msg->add_conn.me.id = push_string(&msg, my_id);
-       msg->add_conn.me.address = push_string(&msg, my_addr);
-       msg->add_conn.me.subnet = push_string(&msg, my_net);
-       msg->add_conn.me.subnet_mask = my_netmask;
-       msg->add_conn.me.cert = NULL;
-       
-       msg->add_conn.other.id = push_string(&msg, other_id);
-       msg->add_conn.other.address = push_string(&msg, other_addr);
-       msg->add_conn.other.subnet = push_string(&msg, other_net);
-       msg->add_conn.other.subnet_mask = other_netmask;
-       msg->add_conn.other.cert = NULL;
-       
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static int initiate_connection(char *name)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       msg->type = STR_INITIATE;
-       msg->initiate.name = push_string(&msg, name);
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static int terminate_connection(char *name)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       msg->type = STR_TERMINATE;
-       msg->initiate.name = push_string(&msg, name);
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static int show_status(char *mode, char *connection)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       if (strcmp(mode, "statusall") == 0)
-       {
-               msg->type = STR_STATUS_ALL;
-       }
-       else
-       {
-               msg->type = STR_STATUS;
-       }
-       msg->status.name = push_string(&msg, connection);
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static int set_logtype(char *context, char *type, int enable)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       msg->type = STR_LOGTYPE;
-       msg->logtype.context = push_string(&msg, context);
-       msg->logtype.type = push_string(&msg, type);
-       msg->logtype.enable = enable;
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static int set_loglevel(char *context, u_int level)
-{
-       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-       int res;
-       
-       msg->length = sizeof(stroke_msg_t);
-       msg->type = STR_LOGLEVEL;
-       msg->loglevel.context = push_string(&msg, context);
-       msg->loglevel.level = level;
-       res = send_stroke_msg(msg);
-       free(msg);
-       return res;
-}
-
-static void exit_error(char *error)
-{
-       if (error)
-       {
-               fprintf(stderr, "%s\n", error);
-       }
-       exit(-1);
-}
-
-static void exit_usage(char *error)
-{
-       printf("Usage:\n");
-       printf("  Add a connection:\n");
-       printf("    stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\\\n");
-       printf("           MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n");
-       printf("    where: ID is any IKEv2 ID \n");
-       printf("           ADDR is a IPv4 address\n");
-       printf("           NET is a IPv4 address of the subnet to tunnel\n");
-       printf("           NETBITS is the size of the subnet, as the \"24\" in 192.168.0.0/24\n");
-       printf("  Initiate a connection:\n");
-       printf("    stroke up NAME\n");
-       printf("    where: NAME is a connection name added with \"stroke add\"\n");
-       printf("  Terminate a connection:\n");
-       printf("    stroke down NAME\n");
-       printf("    where: NAME is a connection name added with \"stroke add\"\n");
-       printf("  Set logtype for a logging context:\n");
-       printf("    stroke logtype CONTEXT TYPE ENABLE\n");
-       printf("    where: CONTEXT is PARSR|GNRAT|IKESA|SAMGR|CHDSA|MESSG|TPOOL|WORKR|SCHED|\n");
-       printf("                      SENDR|RECVR|SOCKT|TESTR|DAEMN|CONFG|ENCPL|PAYLD\n");
-       printf("           TYPE is CONTROL|ERROR|AUDIT|RAW|PRIVATE\n");
-       printf("           ENABLE is 0|1\n");
-       printf("  Set loglevel for a logging context:\n");
-       printf("    stroke loglevel CONTEXT LEVEL\n");
-       printf("    where: CONTEXT is PARSR|GNRAT|IKESA|SAMGR|CHDSA|MESSG|TPOOL|WORKR|SCHED|\n");
-       printf("                      SENDR|RECVR|SOCKT|TESTR|DAEMN|CONFG|ENCPL|PAYLD\n");
-       printf("           LEVEL is 0|1|2|3\n");
-       printf("  Show connection status:\n");
-       printf("    stroke status\n");
-       exit_error(error);
-}
-
-int main(int argc, char *argv[])
-{
-       int res;
-       char *op;
-       
-       if (argc < 2)
-       {
-               exit_usage(NULL);
-       }
-       
-       op = argv[1];
-
-       if (strcmp(op, "status") == 0 ||
-               strcmp(op, "statusall") == 0)
-       {
-               res = show_status(op, argc > 2 ? argv[2] : NULL);
-       }
-       else if (strcmp(op, "up") == 0)
-       {
-               if (argc < 3)
-               {
-                       exit_usage("\"up\" needs a connection name");
-               }
-               res = initiate_connection(argv[2]);
-       }
-       else if (strcmp(op, "down") == 0)
-       {
-               if (argc < 3)
-               {
-                       exit_usage("\"down\" needs a connection name");
-               }
-               res = terminate_connection(argv[2]);
-       }
-       else if (strcmp(op, "add") == 0)
-       {
-               if (argc < 11)
-               {
-                       exit_usage("\"add\" needs more parameters...");
-               }
-               res = add_connection(argv[2],
-                                                        argv[3], argv[4], 
-                                                        argv[5], argv[6], 
-                                                        argv[7], argv[8], 
-                                                        atoi(argv[9]), atoi(argv[10]));
-       }
-       else if (strcmp(op, "logtype") == 0)
-       {
-               if (argc < 5)
-               {
-                       exit_usage("\"logtype\" needs more parameters...");
-               }
-               res = set_logtype(argv[2], argv[3], atoi(argv[4])); 
-       }
-       else if (strcmp(op, "loglevel") == 0)
-       {
-               if (argc < 4)
-               {
-                       exit_usage("\"logtype\" needs more parameters...");
-               }
-               res = set_loglevel(argv[2], atoi(argv[3])); 
-       }
-       else
-       {
-               exit_usage(NULL);
-       }
-       
-       return res;
-}
diff --git a/src/charon/stroke/stroke.h b/src/charon/stroke/stroke.h
deleted file mode 100644 (file)
index cb40cf8..0000000
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * @file stroke.h
- *
- * @brief Definition of stroke_msg_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef STROKE_H_
-#define STROKE_H_
-
-/**
- * Socket which is used to communicate between charon and stroke
- */
-#define STROKE_SOCKET "/var/run/charon.ctl"
-
-
-typedef struct stroke_msg_t stroke_msg_t;
-
-/**
- * @brief A stroke message sent over the unix socket.
- */
-struct stroke_msg_t {
-       /* length of this message with all strings */
-       u_int16_t length;
-       /* type of the message */
-       enum {
-               /* initiate a connection */
-               STR_INITIATE,
-               /* install SPD entries for a connection */
-               STR_INSTALL,
-               /* add a connection */
-               STR_ADD_CONN,
-               /* delete a connection */
-               STR_DEL_CONN,
-               /* terminate connection */
-               STR_TERMINATE,
-               /* show connection status */
-               STR_STATUS,
-               /* show verbose connection status */
-               STR_STATUS_ALL,
-               /* set a log type to log/not log */
-               STR_LOGTYPE,
-               /* set the verbosity of a logging context */
-               STR_LOGLEVEL,
-               /* more to come */
-       } type;
-       union {
-               /* data for STR_INITIATE, STR_INSTALL, STR_UP, STR_DOWN */
-               struct {
-                       char *name;
-               } initiate, install, terminate, status;
-               /* data for STR_ADD_CONN */
-               struct {
-                       char *name;
-                       struct {
-                               char *id;
-                               char *cert;
-                               char *address;
-                               char *subnet;
-                               u_int8_t subnet_mask;
-                       } me, other;
-               } add_conn;
-               struct {
-                       char *context;
-                       char *type;
-                       int enable;
-               } logtype;
-               struct {
-                       char *context;
-                       u_int level;
-               } loglevel;
-       };
-       u_int8_t buffer[];
-};
-
-#endif /* STROKE_H_ */
diff --git a/src/lib/Makefile.lib b/src/lib/Makefile.lib
deleted file mode 100644 (file)
index 80a44ff..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-LIB_DIR= $(MAIN_DIR)lib/
-
-include $(MAIN_DIR)lib/utils/Makefile.utils
-include $(MAIN_DIR)lib/crypto/Makefile.transforms
-include $(MAIN_DIR)lib/asn1/Makefile.asn1
-
-LIB_OBJS+= $(BUILD_DIR)types.o
-$(BUILD_DIR)types.o :                  $(LIB_DIR)types.c $(LIB_DIR)types.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)definitions.o
-$(BUILD_DIR)definitions.o :            $(LIB_DIR)definitions.c $(LIB_DIR)definitions.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)library.o
-$(BUILD_DIR)library.o :                        $(LIB_DIR)library.c $(LIB_DIR)library.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/lib/asn1/Makefile.asn1 b/src/lib/asn1/Makefile.asn1
deleted file mode 100644 (file)
index 3a5450d..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright (C) 2006 Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-ASN1_DIR= $(LIB_DIR)asn1/
-
-
-LIB_OBJS+= $(BUILD_DIR)oid.o
-$(BUILD_DIR)oid.o :                                                    $(ASN1_DIR)oid.c $(ASN1_DIR)oid.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-LIB_OBJS+= $(BUILD_DIR)asn1.o
-$(BUILD_DIR)asn1.o :                                           $(ASN1_DIR)asn1.c $(ASN1_DIR)asn1.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-LIB_OBJS+= $(BUILD_DIR)pem.o
-$(BUILD_DIR)pem.o :                                                    $(ASN1_DIR)pem.c $(ASN1_DIR)pem.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
-LIB_OBJS+= $(BUILD_DIR)ttodata.o
-$(BUILD_DIR)ttodata.o :                                                $(ASN1_DIR)ttodata.c $(ASN1_DIR)ttodata.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/src/lib/asn1/asn1.c b/src/lib/asn1/asn1.c
deleted file mode 100644 (file)
index 662f7fc..0000000
+++ /dev/null
@@ -1,751 +0,0 @@
-/* Simple ASN.1 parser
- * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- * Copyright (C) 2006 Martin Will, Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#include "asn1.h"
-
-#include <utils/logger_manager.h>
-
-/* Names of the months */
-static const char* months[] = {
-       "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-       "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-/* some common prefabricated ASN.1 constants */
-static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
-static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
-static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
-
-const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
-const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
-const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
-
-/* some popular algorithmIdentifiers */
-
-static u_char ASN1_md5_id_str[] = {
-       0x30, 0x0C,
-       0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
-       0x05, 0x00
-};
-
-static u_char ASN1_sha1_id_str[] = {
-       0x30, 0x09,
-       0x06, 0x05, 0x2B, 0x0E,0x03, 0x02, 0x1A,
-       0x05, 0x00
-};
-
-static u_char ASN1_md5WithRSA_id_str[] = {
-       0x30, 0x0D,
-       0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
-       0x05, 0x00
-};
-
-static u_char ASN1_sha1WithRSA_id_str[] = {
-       0x30, 0x0D,
-       0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
-       0x05, 0x00
-};
-
-static u_char ASN1_rsaEncryption_id_str[] = {
-       0x30, 0x0D,
-       0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
-       0x05, 0x00
-};
-
-const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
-const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
-const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
-const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
-const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
-
-/* ASN.1 definiton of an algorithmIdentifier */
-static const asn1Object_t algorithmIdentifierObjects[] = {
-       { 0, "algorithmIdentifier",     ASN1_SEQUENCE,  ASN1_NONE }, /* 0 */
-       { 1,   "algorithm",                     ASN1_OID,               ASN1_BODY }, /* 1 */
-       { 1,   "parameters",            ASN1_EOC,               ASN1_RAW  }  /* 2 */
-};
-
-#define ALGORITHM_ID_ALG               1
-#define ALGORITHM_ID_PARAMETERS        2
-#define ALGORITHM_ID_ROOF              3
-
-static logger_t *logger = NULL;
-
-/**
- * initializes the ASN.1 logger
- */
-static void asn1_init_logger(void)
-{
-       if (logger == NULL)
-               logger = logger_manager->get_logger(logger_manager, ASN1);
-}
-
-/**
- * return the ASN.1 encoded algorithm identifier
- */
-chunk_t asn1_algorithmIdentifier(int oid)
-{
-       switch (oid)
-       {
-               case OID_RSA_ENCRYPTION:
-                       return ASN1_rsaEncryption_id;
-               case OID_MD5_WITH_RSA:
-                       return ASN1_md5WithRSA_id;
-               case OID_SHA1_WITH_RSA:
-                       return ASN1_sha1WithRSA_id;
-               case OID_MD5:
-                       return ASN1_md5_id;
-               case OID_SHA1:
-                       return ASN1_sha1_id;
-               default:
-                       return CHUNK_INITIALIZER;
-       }
-}
-
-/**
- * If the oid is listed in the oid_names table then the corresponding
- * position in the oid_names table is returned otherwise -1 is returned
- */
-int known_oid(chunk_t object)
-{
-       int oid = 0;
-       
-       while (object.len)
-       {
-               if (oid_names[oid].octet == *object.ptr)
-               {
-                       if (--object.len == 0 || oid_names[oid].down == 0)
-                       {
-                               return oid;          /* found terminal symbol */
-                       }
-                       else
-                       {
-                               object.ptr++; oid++; /* advance to next hex octet */
-                       }
-               }
-               else
-               {
-                       if (oid_names[oid].next)
-                               oid = oid_names[oid].next;
-                       else
-                               return OID_UNKNOWN;
-               }
-       }
-       return -1;
-}
-
-/**
- * Decodes the length in bytes of an ASN.1 object
- */
-u_int asn1_length(chunk_t *blob)
-{
-       u_char n;
-       size_t len;
-       
-       /* advance from tag field on to length field */
-       blob->ptr++;
-       blob->len--;
-       
-       /* read first octet of length field */
-       n = *blob->ptr++;
-       blob->len--;
-       
-       if ((n & 0x80) == 0) 
-       {/* single length octet */
-               return n;
-       }
-       
-       /* composite length, determine number of length octets */
-       n &= 0x7f;
-       
-       if (n > blob->len)
-       {
-               logger->log(logger, ERROR|LEVEL1, "number of length octets is larger than ASN.1 object");
-               return ASN1_INVALID_LENGTH;
-       }
-       
-       if (n > sizeof(len))
-       {
-               logger->log(logger, ERROR|LEVEL1, "number of length octets is larger than limit of %d octets", 
-                                       (int)sizeof(len));
-               return ASN1_INVALID_LENGTH;
-       }
-       
-       len = 0;
-       
-       while (n-- > 0)
-       {
-               len = 256*len + *blob->ptr++;
-               blob->len--;
-       }
-       return len;
-}
-
-/**
- * determines if a character string is of type ASN.1 printableString
- */
-bool is_printablestring(chunk_t str)
-{
-       const char printablestring_charset[] =
-               "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
-       u_int i;
-       
-       for (i = 0; i < str.len; i++)
-       {
-               if (strchr(printablestring_charset, str.ptr[i]) == NULL)
-                       return FALSE;
-       }
-       return TRUE;
-}
-
-/**
- * Display a date either in local or UTC time
- * TODO: Does not seem to be thread safe
- */
-char* timetoa(const time_t *time, bool utc)
-{
-       static char buf[30];
-
-       if (*time == 0)
-               sprintf(buf, "--- -- --:--:--%s----", (utc)?" UTC ":" ");
-       else
-       {
-               struct tm *t = (utc)? gmtime(time) : localtime(time);
-               sprintf(buf, "%s %02d %02d:%02d:%02d%s%04d",
-                               months[t->tm_mon], t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec,
-                               (utc)?" UTC ":" ", t->tm_year + 1900);
-       }
-       return buf;
-}
-
-/**
- * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
- */
-time_t asn1totime(const chunk_t *utctime, asn1_t type)
-{
-       struct tm t;
-       time_t tz_offset;
-       u_char *eot = NULL;
-       
-       if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
-       {
-               tz_offset = 0; /* Zulu time with a zero time zone offset */
-       }
-       else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
-       {
-               int tz_hour, tz_min;
-       
-               sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
-               tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
-       }
-       else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
-       {
-               int tz_hour, tz_min;
-       
-               sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
-               tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
-       }
-       else
-       {
-               return 0; /* error in time format */
-       }
-       
-       {
-       const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
-                       "%4d%2d%2d%2d%2d";
-       
-       sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
-                  &t.tm_hour, &t.tm_min);
-       }
-       
-       /* is there a seconds field? */
-       if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
-       {
-               sscanf(eot-2, "%2d", &t.tm_sec);
-       }
-       else
-       {
-               t.tm_sec = 0;
-       }
-       
-       /* representation of year */
-       if (t.tm_year >= 1900)
-       {
-               t.tm_year -= 1900;
-       }
-       else if (t.tm_year >= 100)
-       {
-               return 0;
-       }
-       else if (t.tm_year < 50)
-       {
-               t.tm_year += 100;
-       }
-       
-       /* representation of month 0..11*/
-       t.tm_mon--;
-       
-       /* set daylight saving time to off */
-       t.tm_isdst = 0;
-       
-       /* compensate timezone */
-       
-       return mktime(&t) - timezone - tz_offset;
-}
-
-/**
- * Initializes the internal context of the ASN.1 parser
- */
-void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, bool implicit)
-{
-       asn1_init_logger();
-
-       ctx->blobs[0] = blob;
-       ctx->level0   = level0;
-       ctx->implicit = implicit;
-       memset(ctx->loopAddr, '\0', sizeof(ctx->loopAddr));
-}
-
-/**
- * print the value of an ASN.1 simple object
- */
-static void debug_asn1_simple_object(chunk_t object, asn1_t type)
-{
-       int oid;
-       time_t time;
-       
-       switch (type)
-       {
-               case ASN1_OID:
-                       oid = known_oid(object);
-                       if (oid != OID_UNKNOWN)
-                       {
-                               logger->log(logger, CONTROL|LEVEL1, "  '%s'", oid_names[oid].name);
-                               return;
-                       }
-                       break;
-               case ASN1_UTF8STRING:
-               case ASN1_IA5STRING:
-               case ASN1_PRINTABLESTRING:
-               case ASN1_T61STRING:
-               case ASN1_VISIBLESTRING:
-                       logger->log(logger, CONTROL|LEVEL1, "  '%.*s'", (int)object.len, object.ptr);
-                       return;
-               case ASN1_UTCTIME:
-               case ASN1_GENERALIZEDTIME:
-                       time = asn1totime(&object, type);
-                       logger->log(logger, CONTROL|LEVEL1, "  '%s'", timetoa(&time, TRUE));
-                       return;
-               default:
-                       break;
-       }
-       logger->log_chunk(logger, RAW|LEVEL1, "", object);
-}
-
-/**
- * Parses and extracts the next ASN.1 object
- */
-bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx)
-{
-       asn1Object_t obj = objects[*objectID];
-       chunk_t *blob;
-       chunk_t *blob1;
-       u_char *start_ptr;
-       
-       *object = CHUNK_INITIALIZER;
-       
-       if (obj.flags & ASN1_END)  /* end of loop or option found */
-       {
-               if (ctx->loopAddr[obj.level] && ctx->blobs[obj.level+1].len > 0)
-               {
-                       *objectID = ctx->loopAddr[obj.level]; /* another iteration */
-                       obj = objects[*objectID];
-               }
-               else
-               {
-                       ctx->loopAddr[obj.level] = 0;         /* exit loop or option*/
-                       return TRUE;
-               }
-       }
-       
-       *level = ctx->level0 + obj.level;
-       blob = ctx->blobs + obj.level;
-       blob1 = blob + 1;
-       start_ptr = blob->ptr;
-       
-       /* handle ASN.1 defaults values */
-       if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) )
-       {
-               /* field is missing */
-               logger->log(logger, CONTROL|LEVEL1, "L%d - %s:", *level, obj.name);
-               if (obj.type & ASN1_CONSTRUCTED)
-               {
-                       (*objectID)++ ;  /* skip context-specific tag */
-               }
-               return TRUE;
-       }
-       
-       /* handle ASN.1 options */
-       
-       if ((obj.flags & ASN1_OPT)
-                       && (blob->len == 0 || *start_ptr != obj.type))
-       {
-               /* advance to end of missing option field */
-               do
-                       (*objectID)++;
-               while (!((objects[*objectID].flags & ASN1_END)
-                                               && (objects[*objectID].level == obj.level)));
-               return TRUE;
-       }
-               
-       /* an ASN.1 object must possess at least a tag and length field */
-       
-       if (blob->len < 2)
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s:  ASN.1 object smaller than 2 octets", 
-                                       *level, obj.name);
-               return FALSE;
-       }
-       
-       blob1->len = asn1_length(blob);
-       
-       if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s:  length of ASN.1 object invalid or too large", 
-                                       *level, obj.name);
-               return FALSE;
-       }
-       
-       blob1->ptr = blob->ptr;
-       blob->ptr += blob1->len;
-       blob->len -= blob1->len;
-       
-       /* return raw ASN.1 object without prior type checking */
-       
-       if (obj.flags & ASN1_RAW)
-       {
-               logger->log(logger, CONTROL|LEVEL1, "L%d - %s:", *level, obj.name);
-               object->ptr = start_ptr;
-               object->len = (size_t)(blob->ptr - start_ptr);
-               return TRUE;
-       }
-
-       if (*start_ptr != obj.type && !(ctx->implicit && *objectID == 0))
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
-                                       *level, obj.name, obj.type, *start_ptr);
-               logger->log_bytes(logger, RAW|LEVEL1, "", start_ptr, (u_int)(blob->ptr - start_ptr));
-               return FALSE;
-       }
-       
-       logger->log(logger, CONTROL|LEVEL1, "L%d - %s:", ctx->level0+obj.level, obj.name);
-       
-       /* In case of "SEQUENCE OF" or "SET OF" start a loop */ 
-       if (obj.flags & ASN1_LOOP)
-       {
-               if (blob1->len > 0)
-               {
-                       /* at least one item, start the loop */
-                       ctx->loopAddr[obj.level] = *objectID + 1;
-               }
-               else
-               {
-                       /* no items, advance directly to end of loop */
-                       do
-                               (*objectID)++;
-                       while (!((objects[*objectID].flags & ASN1_END)
-                                                          && (objects[*objectID].level == obj.level)));
-                       return TRUE;
-               }
-       }
-
-       if (obj.flags & ASN1_OBJ)
-       {
-               object->ptr = start_ptr;
-               object->len = (size_t)(blob->ptr - start_ptr);
-               logger->log_chunk(logger, RAW|LEVEL1, "", *object);
-       }
-       else if (obj.flags & ASN1_BODY)
-       {
-               *object = *blob1;
-               debug_asn1_simple_object(*object, obj.type);
-       }
-       return TRUE;
-}
-
-/**
- * parse an ASN.1 simple type
- */
-bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name)
-{
-       size_t len;
-       
-       /* an ASN.1 object must possess at least a tag and length field */
-       if (object->len < 2)
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s:  ASN.1 object smaller than 2 octets", 
-                                       level, name);
-               return FALSE;
-       }
-       
-       if (*object->ptr != type)
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
-                                       level, name, type, *object->ptr);
-               return FALSE;
-       }
-       
-       len = asn1_length(object);
-       
-       if (len == ASN1_INVALID_LENGTH || object->len < len)
-       {
-               logger->log(logger, ERROR|LEVEL1, "L%d - %s:  length of ASN.1 object invalid or too large",
-                                       level, name);
-               return FALSE;
-       }
-       
-       logger->log(logger, CONTROL|LEVEL1, "L%d - %s:", level, name);
-       debug_asn1_simple_object(*object, type);
-       return TRUE;
-}
-
-/**
- * extracts an algorithmIdentifier
- */
-int parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
-{
-       asn1_ctx_t ctx;
-       chunk_t object;
-       u_int level;
-       int alg = OID_UNKNOWN;
-       int objectID = 0;
-       
-       asn1_init(&ctx, blob, level0, FALSE);
-       
-       while (objectID < ALGORITHM_ID_ROOF)
-       {
-               if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx))
-                       return OID_UNKNOWN;
-               
-               switch (objectID)
-               {
-                       case ALGORITHM_ID_ALG:
-                               alg = known_oid(object);
-                               break;
-                       case ALGORITHM_ID_PARAMETERS:
-                               if (parameters != NULL)
-                                       *parameters = object;
-                               break;
-                       default:
-                               break;
-               }
-               objectID++;
-       }
-       return alg;
- }
-
-/*
- *  tests if a blob contains a valid ASN.1 set or sequence
- */
-bool is_asn1(chunk_t blob)
-{
-       u_int len;
-       u_char tag = *blob.ptr;
-       
-       asn1_init_logger();
-
-       if (tag != ASN1_SEQUENCE && tag != ASN1_SET)
-       {
-               logger->log(logger, ERROR|LEVEL2, "  file content is not binary ASN.1");
-               return FALSE;
-       }
-       len = asn1_length(&blob);
-       if (len != blob.len)
-       {
-               logger->log(logger, ERROR|LEVEL2, "  file size does not match ASN.1 coded length");
-               return FALSE;
-       }
-       return TRUE;
-}
-
-/**
- * codes ASN.1 lengths up to a size of 16'777'215 bytes
- */
-void code_asn1_length(size_t length, chunk_t *code)
-{
-       if (length < 128)
-       {
-               code->ptr[0] = length;
-               code->len = 1;
-       }
-       else if (length < 256)
-       {
-               code->ptr[0] = 0x81;
-               code->ptr[1] = (u_char) length;
-               code->len = 2;
-       }
-       else if (length < 65536)
-       {
-               code->ptr[0] = 0x82;
-               code->ptr[1] = length >> 8;
-               code->ptr[2] = length & 0x00ff;
-               code->len = 3;
-       }
-       else
-       {
-               code->ptr[0] = 0x83;
-               code->ptr[1] = length >> 16;
-               code->ptr[2] = (length >> 8) & 0x00ff;
-               code->ptr[3] = length & 0x0000ff;
-               code->len = 4;
-       }
-}
-
-/**
- * build an empty asn.1 object with tag and length fields already filled in
- */
-u_char* build_asn1_object(chunk_t *object, asn1_t type, size_t datalen)
-{
-       u_char length_buf[4];
-       chunk_t length = { length_buf, 0 };
-       u_char *pos;
-       
-       /* code the asn.1 length field */
-       code_asn1_length(datalen, &length);
-       
-       /* allocate memory for the asn.1 TLV object */
-       object->len = 1 + length.len + datalen;
-       object->ptr = malloc(object->len);
-       
-       /* set position pointer at the start of the object */
-       pos = object->ptr;
-       
-       /* copy the asn.1 tag field and advance the pointer */
-       *pos++ = type;
-       
-       /* copy the asn.1 length field and advance the pointer */
-       memcpy(pos, length.ptr, length.len); 
-       pos += length.len;
-       
-       return pos;
-}
-
-/**
- * build a simple ASN.1 object
- */
-chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
-{
-       chunk_t object;
-       
-       u_char *pos = build_asn1_object(&object, tag, content.len);
-       memcpy(pos, content.ptr, content.len); 
-       pos += content.len;
-       
-       return object;
-}
-
-/**
- * Build an ASN.1 object from a variable number of individual chunks.
- * Depending on the mode, chunks either are moved ('m') or copied ('c').
- */
-chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
-{
-       chunk_t construct;
-       va_list chunks;
-       u_char *pos;
-       int i;
-       int count = strlen(mode);
-       
-       /* sum up lengths of individual chunks */ 
-       va_start(chunks, mode);
-       construct.len = 0;
-       for (i = 0; i < count; i++)
-       {
-               chunk_t ch = va_arg(chunks, chunk_t);
-               construct.len += ch.len;
-       }
-       va_end(chunks);
-       
-       /* allocate needed memory for construct */
-       pos = build_asn1_object(&construct, type, construct.len);
-       
-       /* copy or move the chunks */
-       va_start(chunks, mode);
-       for (i = 0; i < count; i++)
-       {
-               chunk_t ch = va_arg(chunks, chunk_t);
-               
-               switch (*mode++)
-               {
-                       case 'm':
-                               memcpy(pos, ch.ptr, ch.len); 
-                               pos += ch.len;
-                               free(ch.ptr);
-                               break;
-                       case 'c':
-                       default:
-                               memcpy(pos, ch.ptr, ch.len); 
-                               pos += ch.len;
-               }
-       }
-       va_end(chunks);
-       
-       return construct;
-}
-
-/**
- * convert a MP integer into a DER coded ASN.1 object
- */
-chunk_t asn1_integer_from_mpz(const mpz_t value)
-{
-       size_t bits = mpz_sizeinbase(value, 2);  /* size in bits */
-       chunk_t n;
-       n.len = 1 + bits / 8;  /* size in bytes */      
-       n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value);
-       
-       return asn1_wrap(ASN1_INTEGER, "m", n);
-}
-
-/**
- *  convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
- */
-chunk_t timetoasn1(const time_t *time, asn1_t type)
-{
-       int offset;
-       const char *format;
-       char buf[TIMETOA_BUF];
-       chunk_t formatted_time;
-       struct tm *t = gmtime(time);
-       
-       if (type == ASN1_GENERALIZEDTIME)
-       {
-               format = "%04d%02d%02d%02d%02d%02dZ";
-               offset = 1900;
-       }
-       else /* ASN1_UTCTIME */
-       {
-               format = "%02d%02d%02d%02d%02d%02dZ";
-               offset = (t->tm_year < 100)? 0 : -100;
-       }
-       sprintf(buf, format, t->tm_year + offset, t->tm_mon + 1, t->tm_mday
-                       , t->tm_hour, t->tm_min, t->tm_sec);
-       formatted_time.ptr = buf;
-       formatted_time.len = strlen(buf);
-       return asn1_simple_object(type, formatted_time);
-}
diff --git a/src/lib/asn1/asn1.h b/src/lib/asn1/asn1.h
deleted file mode 100644 (file)
index 556bb2b..0000000
+++ /dev/null
@@ -1,137 +0,0 @@
-/* Simple ASN.1 parser
- * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- * Copyright (C) 2006 Martin Will, Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef _ASN1_H
-#define _ASN1_H
-
-#include <stdarg.h>
-#include <gmp.h>
-
-#include <types.h>
-#include <asn1/oid.h>
-
-
-/* Defines some primitive ASN1 types */
-typedef enum {
-    ASN1_EOC =                         0x00,
-    ASN1_BOOLEAN =                     0x01,
-    ASN1_INTEGER =                     0x02,
-    ASN1_BIT_STRING =          0x03,
-    ASN1_OCTET_STRING =        0x04,
-    ASN1_NULL =                        0x05,
-    ASN1_OID =                         0x06,
-    ASN1_ENUMERATED =          0x0A,
-    ASN1_UTF8STRING =          0x0C,
-    ASN1_NUMERICSTRING =       0x12,
-    ASN1_PRINTABLESTRING =     0x13,
-    ASN1_T61STRING =           0x14,
-    ASN1_VIDEOTEXSTRING =      0x15,
-    ASN1_IA5STRING =           0x16,
-    ASN1_UTCTIME =                     0x17,
-    ASN1_GENERALIZEDTIME =     0x18,
-    ASN1_GRAPHICSTRING =       0x19,
-    ASN1_VISIBLESTRING =       0x1A,
-    ASN1_GENERALSTRING =       0x1B,
-    ASN1_UNIVERSALSTRING =     0x1C,
-    ASN1_BMPSTRING =           0x1E,
-
-    ASN1_CONSTRUCTED =         0x20,
-
-    ASN1_SEQUENCE =                    0x30,
-
-    ASN1_SET =                         0x31,
-
-    ASN1_CONTEXT_S_0 =         0x80,
-    ASN1_CONTEXT_S_1 =         0x81,
-    ASN1_CONTEXT_S_2 =         0x82,
-    ASN1_CONTEXT_S_3 =         0x83,
-    ASN1_CONTEXT_S_4 =         0x84,
-    ASN1_CONTEXT_S_5 =         0x85,
-    ASN1_CONTEXT_S_6 =         0x86,
-    ASN1_CONTEXT_S_7 =         0x87,
-    ASN1_CONTEXT_S_8 =         0x88,
-
-    ASN1_CONTEXT_C_0 =         0xA0,
-    ASN1_CONTEXT_C_1 =         0xA1,
-    ASN1_CONTEXT_C_2 =         0xA2,
-    ASN1_CONTEXT_C_3 =         0xA3,
-    ASN1_CONTEXT_C_4 =         0xA4,
-    ASN1_CONTEXT_C_5 =         0xA5
-} asn1_t;
-
-/* Definition of ASN1 flags */
-
-#define ASN1_NONE      0x00
-#define ASN1_DEF       0x01
-#define ASN1_OPT       0x02
-#define ASN1_LOOP      0x04
-#define ASN1_END       0x08
-#define ASN1_OBJ       0x10
-#define ASN1_BODY      0x20
-#define ASN1_RAW       0x40
-
-#define ASN1_INVALID_LENGTH    0xffffffff
-
-/* definition of an ASN.1 object */
-
-typedef struct {
-    u_int   level;
-    const u_char  *name;
-    asn1_t  type;
-    u_char  flags;
-} asn1Object_t;
-
-#define ASN1_MAX_LEVEL 10
-
-typedef struct {
-    bool  implicit;
-    u_int level0;
-    u_int loopAddr[ASN1_MAX_LEVEL+1];
-    chunk_t blobs[ASN1_MAX_LEVEL+2];
-} asn1_ctx_t;
-
-/* some common prefabricated ASN.1 constants */
-extern const chunk_t ASN1_INTEGER_0;
-extern const chunk_t ASN1_INTEGER_1;
-extern const chunk_t ASN1_INTEGER_2;
-
-/* some popular algorithmIdentifiers */
-extern const chunk_t ASN1_md5_id;
-extern const chunk_t ASN1_sha1_id;
-extern const chunk_t ASN1_rsaEncryption_id;
-extern const chunk_t ASN1_md5WithRSA_id;
-extern const chunk_t ASN1_sha1WithRSA_id;
-
-#define TIMETOA_BUF 30
-
-extern chunk_t asn1_algorithmIdentifier(int oid);
-extern int known_oid(chunk_t object);
-extern u_int asn1_length(chunk_t *blob);
-extern bool is_printablestring(chunk_t str);
-extern time_t asn1totime(const chunk_t *utctime, asn1_t type);
-extern void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, bool implicit);
-extern bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx);
-extern bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name);
-extern int parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters);
-extern bool is_asn1(chunk_t blob);
-
-extern void code_asn1_length(size_t length, chunk_t *code);
-extern u_char* build_asn1_object(chunk_t *object, asn1_t type, size_t datalen);
-extern chunk_t asn1_integer_from_mpz(const mpz_t value);
-extern chunk_t asn1_simple_object(asn1_t tag, chunk_t content);
-extern chunk_t asn1_wrap(asn1_t type, const char *mode, ...);
-extern chunk_t timetoasn1(const time_t *time, asn1_t type);
-
-#endif /* _ASN1_H */
diff --git a/src/lib/asn1/oid.c b/src/lib/asn1/oid.c
deleted file mode 100644 (file)
index 4b0632d..0000000
+++ /dev/null
@@ -1,197 +0,0 @@
-/* List of some useful object identifiers (OIDs)
- * Copyright (C) 2003-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- * 
- * This file has been automatically generated by the script oid.pl
- * Do not edit manually!
- */
-
-#include <stdlib.h>
-
-#include "oid.h"
-
-const oid_t oid_names[] = {
-  {0x02,                       7, 1, "ITU-T Administration"   },  /*   0 */
-  {  0x82,                     0, 1, ""                       },  /*   1 */
-  {    0x06,                   0, 1, "Germany ITU-T member"   },  /*   2 */
-  {      0x01,                 0, 1, "Deutsche Telekom AG"    },  /*   3 */
-  {        0x0A,               0, 1, ""                       },  /*   4 */
-  {          0x07,             0, 1, ""                       },  /*   5 */
-  {            0x14,           0, 0, "ND"                     },  /*   6 */
-  {0x09,                      18, 1, "data"                   },  /*   7 */
-  {  0x92,                     0, 1, ""                       },  /*   8 */
-  {    0x26,                   0, 1, ""                       },  /*   9 */
-  {      0x89,                 0, 1, ""                       },  /*  10 */
-  {        0x93,               0, 1, ""                       },  /*  11 */
-  {          0xF2,             0, 1, ""                       },  /*  12 */
-  {            0x2C,           0, 1, ""                       },  /*  13 */
-  {              0x64,         0, 1, "pilot"                  },  /*  14 */
-  {                0x01,       0, 1, "pilotAttributeType"     },  /*  15 */
-  {                  0x01,    17, 0, "UID"                    },  /*  16 */
-  {                  0x19,     0, 0, "DC"                     },  /*  17 */
-  {0x55,                      51, 1, "X.500"                  },  /*  18 */
-  {  0x04,                    36, 1, "X.509"                  },  /*  19 */
-  {    0x03,                  21, 0, "CN"                     },  /*  20 */
-  {    0x04,                  22, 0, "S"                      },  /*  21 */
-  {    0x05,                  23, 0, "SN"                     },  /*  22 */
-  {    0x06,                  24, 0, "C"                      },  /*  23 */
-  {    0x07,                  25, 0, "L"                      },  /*  24 */
-  {    0x08,                  26, 0, "ST"                     },  /*  25 */
-  {    0x0A,                  27, 0, "O"                      },  /*  26 */
-  {    0x0B,                  28, 0, "OU"                     },  /*  27 */
-  {    0x0C,                  29, 0, "T"                      },  /*  28 */
-  {    0x0D,                  30, 0, "D"                      },  /*  29 */
-  {    0x24,                  31, 0, "userCertificate"        },  /*  30 */
-  {    0x29,                  32, 0, "N"                      },  /*  31 */
-  {    0x2A,                  33, 0, "G"                      },  /*  32 */
-  {    0x2B,                  34, 0, "I"                      },  /*  33 */
-  {    0x2D,                  35, 0, "ID"                     },  /*  34 */
-  {    0x48,                   0, 0, "role"                   },  /*  35 */
-  {  0x1D,                     0, 1, "id-ce"                  },  /*  36 */
-  {    0x09,                  38, 0, "subjectDirectoryAttrs"  },  /*  37 */
-  {    0x0E,                  39, 0, "subjectKeyIdentifier"   },  /*  38 */
-  {    0x0F,                  40, 0, "keyUsage"               },  /*  39 */
-  {    0x10,                  41, 0, "privateKeyUsagePeriod"  },  /*  40 */
-  {    0x11,                  42, 0, "subjectAltName"         },  /*  41 */
-  {    0x12,                  43, 0, "issuerAltName"          },  /*  42 */
-  {    0x13,                  44, 0, "basicConstraints"       },  /*  43 */
-  {    0x15,                  45, 0, "reasonCode"             },  /*  44 */
-  {    0x1F,                  46, 0, "crlDistributionPoints"  },  /*  45 */
-  {    0x20,                  47, 0, "certificatePolicies"    },  /*  46 */
-  {    0x23,                  48, 0, "authorityKeyIdentifier" },  /*  47 */
-  {    0x25,                  49, 0, "extendedKeyUsage"       },  /*  48 */
-  {    0x37,                  50, 0, "targetInformation"      },  /*  49 */
-  {    0x38,                   0, 0, "noRevAvail"             },  /*  50 */
-  {0x2A,                      88, 1, ""                       },  /*  51 */
-  {  0x86,                     0, 1, ""                       },  /*  52 */
-  {    0x48,                   0, 1, ""                       },  /*  53 */
-  {      0x86,                 0, 1, ""                       },  /*  54 */
-  {        0xF7,               0, 1, ""                       },  /*  55 */
-  {          0x0D,             0, 1, "RSADSI"                 },  /*  56 */
-  {            0x01,          83, 1, "PKCS"                   },  /*  57 */
-  {              0x01,        66, 1, "PKCS-1"                 },  /*  58 */
-  {                0x01,      60, 0, "rsaEncryption"          },  /*  59 */
-  {                0x02,      61, 0, "md2WithRSAEncryption"   },  /*  60 */
-  {                0x04,      62, 0, "md5WithRSAEncryption"   },  /*  61 */
-  {                0x05,      63, 0, "sha-1WithRSAEncryption" },  /*  62 */
-  {                0x0B,      64, 0, "sha256WithRSAEncryption"},  /*  63 */
-  {                0x0C,      65, 0, "sha384WithRSAEncryption"},  /*  64 */
-  {                0x0D,       0, 0, "sha512WithRSAEncryption"},  /*  65 */
-  {              0x07,        73, 1, "PKCS-7"                 },  /*  66 */
-  {                0x01,      68, 0, "data"                   },  /*  67 */
-  {                0x02,      69, 0, "signedData"             },  /*  68 */
-  {                0x03,      70, 0, "envelopedData"          },  /*  69 */
-  {                0x04,      71, 0, "signedAndEnvelopedData" },  /*  70 */
-  {                0x05,      72, 0, "digestedData"           },  /*  71 */
-  {                0x06,       0, 0, "encryptedData"          },  /*  72 */
-  {              0x09,         0, 1, "PKCS-9"                 },  /*  73 */
-  {                0x01,      75, 0, "E"                      },  /*  74 */
-  {                0x02,      76, 0, "unstructuredName"       },  /*  75 */
-  {                0x03,      77, 0, "contentType"            },  /*  76 */
-  {                0x04,      78, 0, "messageDigest"          },  /*  77 */
-  {                0x05,      79, 0, "signingTime"            },  /*  78 */
-  {                0x06,      80, 0, "counterSignature"       },  /*  79 */
-  {                0x07,      81, 0, "challengePassword"      },  /*  80 */
-  {                0x08,      82, 0, "unstructuredAddress"    },  /*  81 */
-  {                0x0E,       0, 0, "extensionRequest"       },  /*  82 */
-  {            0x02,          86, 1, "digestAlgorithm"        },  /*  83 */
-  {              0x02,        85, 0, "md2"                    },  /*  84 */
-  {              0x05,         0, 0, "md5"                    },  /*  85 */
-  {            0x03,           0, 1, "encryptionAlgorithm"    },  /*  86 */
-  {              0x07,         0, 0, "3des-ede-cbc"           },  /*  87 */
-  {0x2B,                     149, 1, ""                       },  /*  88 */
-  {  0x06,                   136, 1, "dod"                    },  /*  89 */
-  {    0x01,                   0, 1, "internet"               },  /*  90 */
-  {      0x04,               105, 1, "private"                },  /*  91 */
-  {        0x01,               0, 1, "enterprise"             },  /*  92 */
-  {          0x82,            98, 1, ""                       },  /*  93 */
-  {            0x37,           0, 1, "Microsoft"              },  /*  94 */
-  {              0x0A,         0, 1, ""                       },  /*  95 */
-  {                0x03,       0, 1, ""                       },  /*  96 */
-  {                  0x03,     0, 0, "msSGC"                  },  /*  97 */
-  {          0x89,             0, 1, ""                       },  /*  98 */
-  {            0x31,           0, 1, ""                       },  /*  99 */
-  {              0x01,         0, 1, ""                       },  /* 100 */
-  {                0x01,       0, 1, ""                       },  /* 101 */
-  {                  0x02,     0, 1, ""                       },  /* 102 */
-  {                    0x02, 104, 0, ""                       },  /* 103 */
-  {                    0x4B,   0, 0, "TCGID"                  },  /* 104 */
-  {      0x05,                 0, 1, "security"               },  /* 105 */
-  {        0x05,               0, 1, "mechanisms"             },  /* 106 */
-  {          0x07,             0, 1, "id-pkix"                },  /* 107 */
-  {            0x01,         110, 1, "id-pe"                  },  /* 108 */
-  {              0x01,         0, 0, "authorityInfoAccess"    },  /* 109 */
-  {            0x03,         120, 1, "id-kp"                  },  /* 110 */
-  {              0x01,       112, 0, "serverAuth"             },  /* 111 */
-  {              0x02,       113, 0, "clientAuth"             },  /* 112 */
-  {              0x03,       114, 0, "codeSigning"            },  /* 113 */
-  {              0x04,       115, 0, "emailProtection"        },  /* 114 */
-  {              0x05,       116, 0, "ipsecEndSystem"         },  /* 115 */
-  {              0x06,       117, 0, "ipsecTunnel"            },  /* 116 */
-  {              0x07,       118, 0, "ipsecUser"              },  /* 117 */
-  {              0x08,       119, 0, "timeStamping"           },  /* 118 */
-  {              0x09,         0, 0, "ocspSigning"            },  /* 119 */
-  {            0x08,         122, 1, "id-otherNames"          },  /* 120 */
-  {              0x05,         0, 0, "xmppAddr"               },  /* 121 */
-  {            0x0A,         127, 1, "id-aca"                 },  /* 122 */
-  {              0x01,       124, 0, "authenticationInfo"     },  /* 123 */
-  {              0x02,       125, 0, "accessIdentity"         },  /* 124 */
-  {              0x03,       126, 0, "chargingIdentity"       },  /* 125 */
-  {              0x04,         0, 0, "group"                  },  /* 126 */
-  {            0x30,           0, 1, "id-ad"                  },  /* 127 */
-  {              0x01,         0, 1, "ocsp"                   },  /* 128 */
-  {                0x01,     130, 0, "basic"                  },  /* 129 */
-  {                0x02,     131, 0, "nonce"                  },  /* 130 */
-  {                0x03,     132, 0, "crl"                    },  /* 131 */
-  {                0x04,     133, 0, "response"               },  /* 132 */
-  {                0x05,     134, 0, "noCheck"                },  /* 133 */
-  {                0x06,     135, 0, "archiveCutoff"          },  /* 134 */
-  {                0x07,       0, 0, "serviceLocator"         },  /* 135 */
-  {  0x0E,                   142, 1, "oiw"                    },  /* 136 */
-  {    0x03,                   0, 1, "secsig"                 },  /* 137 */
-  {      0x02,                 0, 1, "algorithms"             },  /* 138 */
-  {        0x07,             140, 0, "des-cbc"                },  /* 139 */
-  {        0x1A,             141, 0, "sha-1"                  },  /* 140 */
-  {        0x1D,               0, 0, "sha-1WithRSASignature"  },  /* 141 */
-  {  0x24,                     0, 1, "TeleTrusT"              },  /* 142 */
-  {    0x03,                   0, 1, "algorithm"              },  /* 143 */
-  {      0x03,                 0, 1, "signatureAlgorithm"     },  /* 144 */
-  {        0x01,               0, 1, "rsaSignature"           },  /* 145 */
-  {          0x02,           147, 0, "rsaSigWithripemd160"    },  /* 146 */
-  {          0x03,           148, 0, "rsaSigWithripemd128"    },  /* 147 */
-  {          0x04,             0, 0, "rsaSigWithripemd256"    },  /* 148 */
-  {0x60,                       0, 1, ""                       },  /* 149 */
-  {  0x86,                     0, 1, ""                       },  /* 150 */
-  {    0x48,                   0, 1, ""                       },  /* 151 */
-  {      0x01,                 0, 1, "organization"           },  /* 152 */
-  {        0x65,             160, 1, "gov"                    },  /* 153 */
-  {          0x03,             0, 1, "csor"                   },  /* 154 */
-  {            0x04,           0, 1, "nistalgorithm"          },  /* 155 */
-  {              0x02,         0, 1, "hashalgs"               },  /* 156 */
-  {                0x01,     158, 0, "id-SHA-256"             },  /* 157 */
-  {                0x02,     159, 0, "id-SHA-384"             },  /* 158 */
-  {                0x03,       0, 0, "id-SHA-512"             },  /* 159 */
-  {        0x86,               0, 1, ""                       },  /* 160 */
-  {          0xf8,             0, 1, ""                       },  /* 161 */
-  {            0x42,         174, 1, "netscape"               },  /* 162 */
-  {              0x01,       169, 1, ""                       },  /* 163 */
-  {                0x01,     165, 0, "nsCertType"             },  /* 164 */
-  {                0x03,     166, 0, "nsRevocationUrl"        },  /* 165 */
-  {                0x04,     167, 0, "nsCaRevocationUrl"      },  /* 166 */
-  {                0x08,     168, 0, "nsCaPolicyUrl"          },  /* 167 */
-  {                0x0d,       0, 0, "nsComment"              },  /* 168 */
-  {              0x03,       172, 1, "directory"              },  /* 169 */
-  {                0x01,       0, 1, ""                       },  /* 170 */
-  {                  0x03,     0, 0, "employeeNumber"         },  /* 171 */
-  {              0x04,         0, 1, "policy"                 },  /* 172 */
-  {                0x01,       0, 0, "nsSGC"                  },  /* 173 */
-  {            0x45,           0, 1, "verisign"               },  /* 174 */
-  {              0x01,         0, 1, "pki"                    },  /* 175 */
-  {                0x09,       0, 1, "attributes"             },  /* 176 */
-  {                  0x02,   178, 0, "messageType"            },  /* 177 */
-  {                  0x03,   179, 0, "pkiStatus"              },  /* 178 */
-  {                  0x04,   180, 0, "failInfo"               },  /* 179 */
-  {                  0x05,   181, 0, "senderNonce"            },  /* 180 */
-  {                  0x06,   182, 0, "recipientNonce"         },  /* 181 */
-  {                  0x07,   183, 0, "transID"                },  /* 182 */
-  {                  0x08,     0, 0, "extensionReq"           }   /* 183 */
-};
diff --git a/src/lib/asn1/oid.h b/src/lib/asn1/oid.h
deleted file mode 100644 (file)
index a9265d4..0000000
+++ /dev/null
@@ -1,80 +0,0 @@
-/* Object identifiers (OIDs) used by FreeS/WAN
- * Copyright (C) 2003-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- * 
- * This file has been automatically generated by the script oid.pl
- * Do not edit manually!
- */
-
-#ifndef OID_H_
-#define OID_H_
-
-typedef struct {
-    u_char octet;
-    u_int  next;
-    u_int  down;
-    const u_char *name;
-} oid_t;
-
-extern const oid_t oid_names[];
-
-#define OID_UNKNOWN                    -1
-#define OID_ROLE                       35
-#define OID_SUBJECT_KEY_ID             38
-#define OID_SUBJECT_ALT_NAME           41
-#define OID_BASIC_CONSTRAINTS          43
-#define OID_CRL_REASON_CODE            44
-#define OID_CRL_DISTRIBUTION_POINTS    45
-#define OID_AUTHORITY_KEY_ID           47
-#define OID_EXTENDED_KEY_USAGE         48
-#define OID_TARGET_INFORMATION         49
-#define OID_NO_REV_AVAIL               50
-#define OID_RSA_ENCRYPTION             59
-#define OID_MD2_WITH_RSA               60
-#define OID_MD5_WITH_RSA               61
-#define OID_SHA1_WITH_RSA              62
-#define OID_SHA256_WITH_RSA            63
-#define OID_SHA384_WITH_RSA            64
-#define OID_SHA512_WITH_RSA            65
-#define OID_PKCS7_DATA                 67
-#define OID_PKCS7_SIGNED_DATA          68
-#define OID_PKCS7_ENVELOPED_DATA       69
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA        70
-#define OID_PKCS7_DIGESTED_DATA                71
-#define OID_PKCS7_ENCRYPTED_DATA       72
-#define OID_PKCS9_EMAIL                        74
-#define OID_PKCS9_CONTENT_TYPE         76
-#define OID_PKCS9_MESSAGE_DIGEST       77
-#define OID_PKCS9_SIGNING_TIME         78
-#define OID_MD2                                84
-#define OID_MD5                                85
-#define OID_3DES_EDE_CBC               87
-#define OID_AUTHORITY_INFO_ACCESS      109
-#define OID_OCSP_SIGNING               119
-#define OID_XMPP_ADDR                  121
-#define OID_AUTHENTICATION_INFO                123
-#define OID_ACCESS_IDENTITY            124
-#define OID_CHARGING_IDENTITY          125
-#define OID_GROUP                      126
-#define OID_OCSP                       128
-#define OID_BASIC                      129
-#define OID_NONCE                      130
-#define OID_CRL                                131
-#define OID_RESPONSE                   132
-#define OID_NO_CHECK                   133
-#define OID_ARCHIVE_CUTOFF             134
-#define OID_SERVICE_LOCATOR            135
-#define OID_DES_CBC                    139
-#define OID_SHA1                       140
-#define OID_SHA1_WITH_RSA_OIW          141
-#define OID_NS_REVOCATION_URL          165
-#define OID_NS_CA_REVOCATION_URL       166
-#define OID_NS_CA_POLICY_URL           167
-#define OID_NS_COMMENT                 168
-#define OID_PKI_MESSAGE_TYPE           177
-#define OID_PKI_STATUS                 178
-#define OID_PKI_FAIL_INFO              179
-#define OID_PKI_SENDER_NONCE           180
-#define OID_PKI_RECIPIENT_NONCE                181
-#define OID_PKI_TRANS_ID               182
-
-#endif /* OID_H_ */
diff --git a/src/lib/asn1/oid.pl b/src/lib/asn1/oid.pl
deleted file mode 100644 (file)
index a3725e5..0000000
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/usr/bin/perl
-# Generates oid.h and oid.c out of oid.txt
-# Copyright (C) 2003-2004 Andreas Steffen, Zuercher Hochschule Winterthur
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-$copyright="Copyright (C) 2003-2004 Andreas Steffen, Zuercher Hochschule Winterthur";
-$automatic="This file has been automatically generated by the script oid.pl";
-$warning="Do not edit manually!";
-
-print "oid.pl generating oid.h and oid.c\n";
-
-# Generate oid.h
-
-open(OID_H,  ">oid.h")
-    or die "could not open 'oid.h': $!";
-
-print OID_H "/* Object identifiers (OIDs) used by FreeS/WAN\n",
-           " * ", $copyright, "\n",
-           " * \n",
-           " * ", $automatic, "\n",
-           " * ", $warning, "\n",
-           " */\n\n",
-           "#ifndef OID_H_\n",
-           "#define OID_H_\n\n",
-           "typedef struct {\n",
-           "    u_char octet;\n",
-           "    u_int  next;\n",
-           "    u_int  down;\n",
-           "    const u_char *name;\n",
-           "} oid_t;\n",
-           "\n",
-            "extern const oid_t oid_names[];\n",
-           "\n",
-           "#define OID_UNKNOWN                        -1\n";
-
-# parse oid.txt
-
-open(SRC,  "<oid.txt")
-    or die "could not open 'oid.txt': $!";
-
-$counter = 0;
-$max_name = 0;
-$max_order = 0;
-
-while ($line = <SRC>)
-{
-    $line =~ m/( *?)(0x\w{2})\s+(".*?")[ \t]*?([\w_]*?)\Z/;
-
-    @order[$counter] = length($1);
-    @octet[$counter] = $2;
-    @name[$counter] = $3;
-
-    if (length($1) > $max_order)
-    {
-       $max_order = length($1);
-    }
-    if (length($3) > $max_name)
-    {
-       $max_name = length($3);
-    }
-    if (length($4) > 0)
-    {
-       printf OID_H "#define %s%s%d\n", $4, "\t" x ((39-length($4))/8), $counter;
-    }
-    $counter++;
-}
-
-print OID_H "\n#endif /* OID_H_ */\n";
-
-close SRC;
-close OID_H;
-
-# Generate oid.c
-
-open(OID_C, ">oid.c")
-    or die "could not open 'oid.c': $!";
-
-print OID_C "/* List of some useful object identifiers (OIDs)\n",
-            " * ", $copyright, "\n",
-           " * \n",
-           " * ", $automatic, "\n",
-           " * ", $warning, "\n",
-           " */\n",
-           "\n",
-           "#include <stdlib.h>\n",
-           "\n",
-           "#include \"oid.h\"\n",
-           "\n",
-            "const oid_t oid_names[] = {\n";
-
-for ($c = 0; $c < $counter; $c++)
-{
-    $next = 0;
-
-    for ($d = $c+1; $d < $counter && @order[$d] >= @order[$c]; $d++)
-    {
-       if (@order[$d] == @order[$c])
-       {
-           @next[$c] = $d;
-           last;
-       }
-    }
-
-    printf OID_C "  {%s%s,%s%3d, %d, %s%s}%s  /* %3d */\n"
-       ,' '  x @order[$c]
-       , @octet[$c]
-       , ' ' x (1 + $max_order - @order[$c])
-       , @next[$c]
-       , @order[$c+1] > @order[$c]
-       , @name[$c]
-       , ' ' x ($max_name - length(@name[$c]))
-       , $c != $counter-1 ? "," : " "
-       , $c;
-}
-
-print OID_C "};\n" ;
-close OID_C;
diff --git a/src/lib/asn1/oid.txt b/src/lib/asn1/oid.txt
deleted file mode 100644 (file)
index eed46d5..0000000
+++ /dev/null
@@ -1,184 +0,0 @@
-0x02                         "ITU-T Administration"
-  0x82                       ""
-    0x06                     "Germany ITU-T member"
-      0x01                   "Deutsche Telekom AG"
-        0x0A                 ""
-          0x07               ""
-            0x14             "ND"
-0x09                         "data"
-  0x92                       ""
-    0x26                     ""
-      0x89                   ""
-        0x93                 ""
-          0xF2               ""
-            0x2C             ""
-              0x64           "pilot"
-                0x01         "pilotAttributeType"
-                  0x01       "UID"
-                  0x19       "DC"
-0x55                         "X.500"
-  0x04                       "X.509"
-    0x03                     "CN"
-    0x04                     "S"
-    0x05                     "SN"
-    0x06                     "C"
-    0x07                     "L"
-    0x08                     "ST"
-    0x0A                     "O"
-    0x0B                     "OU"
-    0x0C                     "T"
-    0x0D                     "D"
-    0x24                     "userCertificate"
-    0x29                     "N"
-    0x2A                     "G"
-    0x2B                     "I"
-    0x2D                     "ID"
-    0x48                     "role"                    OID_ROLE
-  0x1D                       "id-ce"
-    0x09                     "subjectDirectoryAttrs"
-    0x0E                     "subjectKeyIdentifier"    OID_SUBJECT_KEY_ID
-    0x0F                     "keyUsage"
-    0x10                     "privateKeyUsagePeriod"
-    0x11                     "subjectAltName"          OID_SUBJECT_ALT_NAME
-    0x12                     "issuerAltName"
-    0x13                     "basicConstraints"                OID_BASIC_CONSTRAINTS
-    0x15                     "reasonCode"              OID_CRL_REASON_CODE
-    0x1F                     "crlDistributionPoints"   OID_CRL_DISTRIBUTION_POINTS
-    0x20                     "certificatePolicies"
-    0x23                     "authorityKeyIdentifier"  OID_AUTHORITY_KEY_ID
-    0x25                     "extendedKeyUsage"                OID_EXTENDED_KEY_USAGE
-    0x37                     "targetInformation"       OID_TARGET_INFORMATION
-    0x38                     "noRevAvail"              OID_NO_REV_AVAIL
-0x2A                         ""
-  0x86                       ""
-    0x48                     ""
-      0x86                   ""
-        0xF7                 ""
-          0x0D               "RSADSI"
-            0x01             "PKCS"
-              0x01           "PKCS-1"
-                0x01         "rsaEncryption"           OID_RSA_ENCRYPTION
-                0x02         "md2WithRSAEncryption"    OID_MD2_WITH_RSA
-                0x04         "md5WithRSAEncryption"    OID_MD5_WITH_RSA
-                0x05         "sha-1WithRSAEncryption"  OID_SHA1_WITH_RSA
-                0x0B         "sha256WithRSAEncryption" OID_SHA256_WITH_RSA
-                0x0C         "sha384WithRSAEncryption" OID_SHA384_WITH_RSA
-                0x0D         "sha512WithRSAEncryption" OID_SHA512_WITH_RSA
-              0x07           "PKCS-7"
-                0x01         "data"                    OID_PKCS7_DATA
-                0x02         "signedData"              OID_PKCS7_SIGNED_DATA
-                0x03         "envelopedData"           OID_PKCS7_ENVELOPED_DATA
-                0x04         "signedAndEnvelopedData"  OID_PKCS7_SIGNED_ENVELOPED_DATA
-                0x05         "digestedData"            OID_PKCS7_DIGESTED_DATA
-                0x06         "encryptedData"           OID_PKCS7_ENCRYPTED_DATA
-              0x09           "PKCS-9"
-                0x01         "E"                       OID_PKCS9_EMAIL
-                0x02         "unstructuredName"
-                0x03         "contentType"             OID_PKCS9_CONTENT_TYPE
-                0x04         "messageDigest"           OID_PKCS9_MESSAGE_DIGEST
-                0x05         "signingTime"             OID_PKCS9_SIGNING_TIME
-                0x06         "counterSignature"
-                0x07         "challengePassword"
-                0x08         "unstructuredAddress"
-                0x0E         "extensionRequest"
-            0x02             "digestAlgorithm"
-              0x02           "md2"                     OID_MD2
-              0x05           "md5"                     OID_MD5
-            0x03             "encryptionAlgorithm"
-              0x07           "3des-ede-cbc"            OID_3DES_EDE_CBC
-0x2B                         ""
-  0x06                       "dod"
-    0x01                     "internet"
-      0x04                   "private"
-        0x01                 "enterprise"
-          0x82               ""
-            0x37             "Microsoft"
-              0x0A           ""
-                0x03         ""
-                  0x03       "msSGC"
-          0x89               ""
-            0x31             ""
-              0x01           ""
-                0x01         ""
-                  0x02       ""
-                    0x02     ""
-                    0x4B     "TCGID"
-      0x05                   "security"
-        0x05                 "mechanisms"
-          0x07               "id-pkix"
-            0x01             "id-pe"
-              0x01           "authorityInfoAccess"     OID_AUTHORITY_INFO_ACCESS
-            0x03             "id-kp"
-              0x01           "serverAuth"
-              0x02           "clientAuth"
-              0x03           "codeSigning"
-              0x04           "emailProtection"
-              0x05           "ipsecEndSystem"
-              0x06           "ipsecTunnel"
-              0x07           "ipsecUser"
-              0x08           "timeStamping"
-              0x09           "ocspSigning"             OID_OCSP_SIGNING
-            0x08             "id-otherNames"
-              0x05           "xmppAddr"                        OID_XMPP_ADDR
-            0x0A             "id-aca"
-              0x01           "authenticationInfo"      OID_AUTHENTICATION_INFO
-              0x02           "accessIdentity"          OID_ACCESS_IDENTITY
-              0x03           "chargingIdentity"                OID_CHARGING_IDENTITY
-              0x04           "group"                   OID_GROUP
-            0x30             "id-ad"
-              0x01           "ocsp"                    OID_OCSP
-                0x01         "basic"                   OID_BASIC
-                0x02         "nonce"                   OID_NONCE
-                0x03         "crl"                     OID_CRL
-                0x04         "response"                        OID_RESPONSE
-                0x05         "noCheck"                 OID_NO_CHECK
-                0x06         "archiveCutoff"           OID_ARCHIVE_CUTOFF
-                0x07         "serviceLocator"          OID_SERVICE_LOCATOR
-  0x0E                       "oiw"
-    0x03                     "secsig"
-      0x02                   "algorithms"
-        0x07                 "des-cbc"                 OID_DES_CBC
-        0x1A                 "sha-1"                   OID_SHA1
-        0x1D                 "sha-1WithRSASignature"   OID_SHA1_WITH_RSA_OIW
-  0x24                       "TeleTrusT"
-    0x03                     "algorithm"
-      0x03                   "signatureAlgorithm"
-        0x01                 "rsaSignature"
-          0x02               "rsaSigWithripemd160"
-          0x03               "rsaSigWithripemd128"
-          0x04               "rsaSigWithripemd256"
-0x60                         ""
-  0x86                       ""
-    0x48                     ""
-      0x01                   "organization"
-        0x65                 "gov"
-          0x03               "csor"
-            0x04             "nistalgorithm"
-              0x02           "hashalgs"
-                0x01         "id-SHA-256"
-                0x02         "id-SHA-384"
-                0x03         "id-SHA-512"
-        0x86                 ""
-          0xf8               ""
-            0x42             "netscape"
-              0x01           ""
-                0x01         "nsCertType"
-                0x03         "nsRevocationUrl"         OID_NS_REVOCATION_URL
-                0x04         "nsCaRevocationUrl"       OID_NS_CA_REVOCATION_URL
-                0x08         "nsCaPolicyUrl"           OID_NS_CA_POLICY_URL
-                0x0d         "nsComment"               OID_NS_COMMENT
-              0x03           "directory"
-                0x01         ""
-                  0x03       "employeeNumber"
-              0x04           "policy"
-                0x01         "nsSGC"
-            0x45             "verisign"
-              0x01           "pki"
-                0x09         "attributes"
-                  0x02       "messageType"             OID_PKI_MESSAGE_TYPE
-                  0x03       "pkiStatus"               OID_PKI_STATUS
-                  0x04       "failInfo"                        OID_PKI_FAIL_INFO
-                  0x05       "senderNonce"             OID_PKI_SENDER_NONCE
-                  0x06       "recipientNonce"          OID_PKI_RECIPIENT_NONCE
-                  0x07       "transID"                 OID_PKI_TRANS_ID
-                  0x08       "extensionReq"
diff --git a/src/lib/asn1/pem.c b/src/lib/asn1/pem.c
deleted file mode 100755 (executable)
index eca7e8d..0000000
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * Copyright (C) 2001-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-#include <stddef.h>
-#include <sys/types.h>
-
-#include "asn1.h"
-#include "pem.h"
-#include "ttodata.h"
-
-#include <utils/lexparser.h>
-#include <utils/logger_manager.h>
-#include <crypto/hashers/hasher.h>
-#include <crypto/crypters/crypter.h>
-
-static logger_t *logger = NULL;
-
-/**
- * initializes the PEM logger
- */
-static void pem_init_logger(void)
-{
-       if (logger == NULL)
-               logger = logger_manager->get_logger(logger_manager, ASN1);
-}
-
-/**
- * check the presence of a pattern in a character string
- */
-static bool present(const char* pattern, chunk_t* ch)
-{
-       u_int pattern_len = strlen(pattern);
-
-       if (ch->len >= pattern_len && strncmp(ch->ptr, pattern, pattern_len) == 0)
-       {
-               ch->ptr += pattern_len;
-               ch->len -= pattern_len;
-               return TRUE;
-       }
-       return FALSE;
-}
-
-/**
- * find a boundary of the form -----tag name-----
- */
-static bool find_boundary(const char* tag, chunk_t *line)
-{
-       chunk_t name = CHUNK_INITIALIZER;
-
-       if (!present("-----", line))
-               return FALSE;
-       if (!present(tag, line))
-               return FALSE;
-       if (*line->ptr != ' ')
-               return FALSE;
-       line->ptr++;  line->len--;
-       
-       /* extract name */
-       name.ptr = line->ptr;
-       while (line->len > 0)
-       {
-               if (present("-----", line))
-               {
-                       logger->log(logger, CONTROL|LEVEL2,
-                               "  -----%s %.*s-----", tag, (int)name.len, name.ptr);
-                       return TRUE;
-               }
-               line->ptr++;  line->len--;  name.len++;
-       }
-       return FALSE;
-}
-
-/*
- * decrypts a DES-EDE-CBC encrypted data block
- */
-static err_t pem_decrypt(chunk_t *blob, chunk_t *iv, char *passphrase)
-{
-       hasher_t *hasher;
-       crypter_t *crypter;
-       chunk_t hash;
-       chunk_t decrypted;
-       chunk_t pass = {(char*)passphrase, strlen(passphrase)};
-       chunk_t key = {alloca(24), 24};
-       u_int8_t padding, *last_padding_pos, *first_padding_pos;
-       
-       /* build key from passphrase and IV */
-       hasher = hasher_create(HASH_MD5);
-       hash.len = hasher->get_hash_size(hasher);
-       hash.ptr = alloca(hash.len);
-       hasher->get_hash(hasher, pass, NULL);
-       hasher->get_hash(hasher, *iv, hash.ptr);
-       
-       memcpy(key.ptr, hash.ptr, hash.len);
-       
-       hasher->get_hash(hasher, hash, NULL);
-       hasher->get_hash(hasher, pass, NULL);
-       hasher->get_hash(hasher, *iv, hash.ptr);
-       
-       memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
-       
-       hasher->destroy(hasher);
-       
-       /* decrypt blob */
-       crypter = crypter_create(ENCR_3DES, 0);
-       crypter->set_key(crypter, key);
-       crypter->decrypt(crypter, *blob, *iv, &decrypted);
-       memcpy(blob->ptr, decrypted.ptr, blob->len);
-       chunk_free(&decrypted);
-       
-       /* determine amount of padding */
-       last_padding_pos = blob->ptr + blob->len - 1;
-       padding = *last_padding_pos;
-       first_padding_pos = (padding > blob->len) ? blob->ptr : last_padding_pos - padding;
-
-       /* check the padding pattern */
-       while (--last_padding_pos > first_padding_pos)
-       {
-               if (*last_padding_pos != padding)
-                       return "invalid passphrase";
-       }
-       /* remove padding */
-       blob->len -= padding;
-       return NULL;
-}
-
-/*  Converts a PEM encoded file into its binary form
- *
- *  RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
- *  RFC 934 Message Encapsulation, January 1985
- */
-err_t pem_to_bin(chunk_t *blob, char *passphrase, bool *pgp)
-{
-       typedef enum {
-               PEM_PRE    = 0,
-               PEM_MSG    = 1,
-               PEM_HEADER = 2,
-               PEM_BODY   = 3,
-               PEM_POST   = 4,
-               PEM_ABORT  = 5
-       } state_t;
-
-       bool encrypted = FALSE;
-
-       state_t state  = PEM_PRE;
-
-       chunk_t src    = *blob;
-       chunk_t dst    = *blob;
-       chunk_t line   = CHUNK_INITIALIZER;
-       chunk_t iv     = CHUNK_INITIALIZER;
-
-       u_char iv_buf[16]; /* MD5 digest size */
-
-       /* zero size of converted blob */
-       dst.len = 0;
-
-       /* zero size of IV */
-       iv.ptr = iv_buf;
-       iv.len = 0;
-
-       pem_init_logger();
-
-       while (fetchline(&src, &line))
-       {
-               if (state == PEM_PRE)
-               {
-                       if (find_boundary("BEGIN", &line))
-                       {
-                               state = PEM_MSG;
-                       }
-                       continue;
-               }
-               else
-               {
-                       if (find_boundary("END", &line))
-                       {
-                               state = PEM_POST;
-                               break;
-                       }
-                       if (state == PEM_MSG)
-                       {
-                               state = (memchr(line.ptr, ':', line.len) == NULL) ? PEM_BODY : PEM_HEADER;
-                       }
-                       if (state == PEM_HEADER)
-                       {
-                               chunk_t name  = CHUNK_INITIALIZER;
-                               chunk_t value = CHUNK_INITIALIZER;
-
-                               /* an empty line separates HEADER and BODY */
-                               if (line.len == 0)
-                               {
-                                       state = PEM_BODY;
-                                       continue;
-                               }
-
-                               /* we are looking for a parameter: value pair */
-                               logger->log(logger, CONTROL|LEVEL2, "  %.*s", (int)line.len, line.ptr);
-                               if (!extract_parameter_value(&name, &value, &line))
-                                       continue;
-
-                               if (match("Proc-Type", &name) && *value.ptr == '4')
-                                       encrypted = TRUE;
-                               else if (match("DEK-Info", &name))
-                               {
-                                       const char *ugh = NULL;
-                                       size_t len = 0;
-                                       chunk_t dek;
-
-                                       if (!extract_token(&dek, ',', &value))
-                                               dek = value;
-
-                                       /* we support DES-EDE3-CBC encrypted files, only */
-                                       if (!match("DES-EDE3-CBC", &dek))
-                                               return "encryption algorithm not supported";
-
-                                       eat_whitespace(&value);
-                                       ugh = ttodata(value.ptr, value.len, 16, iv.ptr, 16, &len);
-                                       if (ugh)
-                                               return "error in IV";
-
-                                       iv.len = len;
-                               }
-                       }
-                       else /* state is PEM_BODY */
-                       {
-                               const char *ugh = NULL;
-                               size_t len = 0;
-                               chunk_t data;
-                               
-                               /* remove any trailing whitespace */
-                               if (!extract_token(&data ,' ', &line))
-                               {
-                                       data = line;
-                               }
-                               
-                               /* check for PGP armor checksum */
-                               if (*data.ptr == '=')
-                               {
-                                       *pgp = TRUE;
-                                       data.ptr++;
-                                       data.len--;
-                                       logger->log(logger, CONTROL|LEVEL2, "  Armor checksum: %.*s",
-                                                               (int)data.len, data.ptr);
-                               continue;
-                               }
-
-                               ugh = ttodata(data.ptr, data.len, 64, dst.ptr, blob->len - dst.len, &len);
-                               if (ugh)
-                               {
-                                       state = PEM_ABORT;
-                                       break;
-                               }
-                               else
-                               {
-                                       dst.ptr += len;
-                                       dst.len += len;
-                               }
-                       }
-               }
-       }
-       /* set length to size of binary blob */
-       blob->len = dst.len;
-
-       if (state != PEM_POST)
-               return "file coded in unknown format, discarded";
-
-       return (encrypted)? pem_decrypt(blob, &iv, passphrase) : NULL;
-}
-
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool pem_asn1_load_file(const char *filename, char *passphrase,
-                                               const char *type, chunk_t *blob, bool *pgp)
-{
-       err_t ugh = NULL;
-
-       FILE *fd = fopen(filename, "r");
-
-       pem_init_logger();
-
-       if (fd)
-       {
-               int bytes;
-               fseek(fd, 0, SEEK_END );
-               blob->len = ftell(fd);
-               rewind(fd);
-               blob->ptr = malloc(blob->len);
-               bytes = fread(blob->ptr, 1, blob->len, fd);
-               fclose(fd);
-               logger->log(logger, CONTROL, "loaded %s file '%s' (%d bytes)", type, filename, bytes);
-
-               *pgp = FALSE;
-
-               /* try DER format */
-               if (is_asn1(*blob))
-               {
-                       logger->log(logger, CONTROL|LEVEL1, "  file coded in DER format");
-                       return TRUE;
-               }
-
-               /* try PEM format */
-               ugh = pem_to_bin(blob, passphrase, pgp);
-
-               if (ugh == NULL)
-               {
-                       if (*pgp)
-                       {
-                               logger->log(logger, CONTROL|LEVEL1, "  file coded in armored PGP format");
-                               return TRUE;
-                       }
-                       if (is_asn1(*blob))
-                       {
-                               logger->log(logger, CONTROL|LEVEL1, "  file coded in PEM format");
-                               return TRUE;
-                       }
-                       ugh = "file coded in unknown format, discarded";
-               }
-
-               /* a conversion error has occured */
-               logger->log(logger, ERROR, "  %s", ugh);
-               chunk_free(blob);
-       }
-       else
-       {
-               logger->log(logger, ERROR, "could not open %s file '%s'", type, filename);
-       }
-       return FALSE;
-}
diff --git a/src/lib/asn1/pem.h b/src/lib/asn1/pem.h
deleted file mode 100755 (executable)
index 9edb3dc..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2001-2004 Andreas Steffen, Zuercher Hochschule Winterthur
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef PEM_H_
-#define PEM_H_
-
-#include <stdio.h>
-
-#include <types.h>
-
-err_t pem_to_bin(chunk_t *blob, char *passphrase, bool *pgp);
-
-bool pem_asn1_load_file(const char *filename, char *passphrase,
-                                               const char *type, chunk_t *blob, bool *pgp);
-
-#endif /*PEM_H_*/
diff --git a/src/lib/asn1/ttodata.c b/src/lib/asn1/ttodata.c
deleted file mode 100644 (file)
index 8114b12..0000000
+++ /dev/null
@@ -1,378 +0,0 @@
-/*
- * convert from text form of arbitrary data (e.g., keys) to binary
- * Copyright (C) 2000  Henry Spencer.
- * 
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- * 
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-
-#include "ttodata.h"
-
-#include <string.h>
-#include <ctype.h>
-
-/* converters and misc */
-static int unhex(const char *, char *, size_t);
-static int unb64(const char *, char *, size_t);
-static int untext(const char *, char *, size_t);
-static const char *badch(const char *, int, char *, size_t);
-
-/* internal error codes for converters */
-#define        SHORT   (-2)            /* internal buffer too short */
-#define        BADPAD  (-3)            /* bad base64 padding */
-#define        BADCH0  (-4)            /* invalid character 0 */
-#define        BADCH1  (-5)            /* invalid character 1 */
-#define        BADCH2  (-6)            /* invalid character 2 */
-#define        BADCH3  (-7)            /* invalid character 3 */
-#define        BADOFF(code) (BADCH0-(code))
-
-/**
- * @brief convert text to data, with verbose error reports
- * 
- * If some of this looks slightly odd, it's because it has changed
- * repeatedly (from the original atodata()) without a major rewrite.
- *
- * @param src
- * @param srclen       0 means apply strlen()
- * @param base                 0 means figure it out
- * @param dst          need not be valid if dstlen is 0
- * @param dstlen       
- * @param lenp         where to record length (NULL is nowhere)
- * @param errp         error buffer
- * @param flags
- * @return                     NULL on success, else literal or errp
- */
-const char *ttodatav(const char *src, size_t srclen, int base, char *dst, size_t dstlen, size_t *lenp, char *errp, size_t errlen, unsigned int flags)
-{
-       size_t ingroup; /* number of input bytes converted at once */
-       char buf[4];            /* output from conversion */
-       int nbytes;             /* size of output */
-       int (*decode)(const char *, char *, size_t);
-       char *stop;
-       int ndone;
-       int i;
-       int underscoreok;
-       int skipSpace = 0;
-
-       if (srclen == 0)
-               srclen = strlen(src);
-       if (dstlen == 0)
-               dst = buf;      /* point it somewhere valid */
-       stop = dst + dstlen;
-
-       if (base == 0) {
-               if (srclen < 2)
-                       return "input too short to be valid";
-               if (*src++ != '0')
-                       return "input does not begin with format prefix";
-               switch (*src++) {
-               case 'x':
-               case 'X':
-                       base = 16;
-                       break;
-               case 's':
-               case 'S':
-                       base = 64;
-                       break;
-               case 't':
-               case 'T':
-                       base = 256;
-                       break;
-               default:
-                       return "unknown format prefix";
-               }
-               srclen -= 2;
-       }
-       switch (base) {
-       case 16:
-               decode = unhex;
-               underscoreok = 1;
-               ingroup = 2;
-               break;
-       case 64:
-               decode = unb64;
-               underscoreok = 0;
-               ingroup = 4;
-               if(flags & TTODATAV_IGNORESPACE) {
-                       skipSpace = 1;
-               }
-               break;
-
-       case 256:
-               decode = untext;
-               ingroup = 1;
-               underscoreok = 0;
-               break;
-       default:
-               return "unknown base";
-       }
-
-       /* proceed */
-       ndone = 0;
-       while (srclen > 0) {
-               char stage[4];  /* staging area for group */
-               size_t sl = 0;
-
-               /* Grab ingroup characters into stage,
-                * squeezing out blanks if we are supposed to ignore them.
-                */
-               for (sl = 0; sl < ingroup; src++, srclen--) {
-                       if (srclen == 0)
-                               return "input ends in mid-byte, perhaps truncated";
-                       else if (!(skipSpace && (*src == ' ' || *src == '\t')))
-                               stage[sl++] = *src;
-               }
-               
-               nbytes = (*decode)(stage, buf, sizeof(buf));
-               switch (nbytes) {
-               case BADCH0:
-               case BADCH1:
-               case BADCH2:
-               case BADCH3:
-                       return badch(stage, nbytes, errp, errlen);
-               case SHORT:
-                       return "internal buffer too short (\"can't happen\")";
-               case BADPAD:
-                       return "bad (non-zero) padding at end of base64 input";
-               }
-               if (nbytes <= 0)
-                       return "unknown internal error";
-               for (i = 0; i < nbytes; i++) {
-                       if (dst < stop)
-                               *dst++ = buf[i];
-                       ndone++;
-               }
-               while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')){
-                       src++;
-                       srclen--;
-               }
-               if (underscoreok && srclen > 1 && *src == '_') {
-                       /* srclen > 1 means not last character */
-                       src++;
-                       srclen--;
-               }
-       }
-
-       if (ndone == 0)
-               return "no data bytes specified by input";
-       if (lenp != NULL)
-               *lenp = ndone;
-       return NULL;
-}
-
-/**
- * @brief ttodata - convert text to data
- * 
- * @param src
- * @param srclen       0 means apply strlen()
- * @param base         0 means figure it out
- * @param dst          need not be valid if dstlen is 0
- * @param dstlen
- * @param lenp         where to record length (NULL is nowhere)
- * @return                     NULL on success, else literal
- */
-const char *ttodata(const char *src, size_t srclen, int base, char *dst, size_t dstlen, size_t *lenp)
-{
-       return ttodatav(src, srclen, base, dst, dstlen, lenp, (char *)NULL,
-                       (size_t)0, TTODATAV_SPACECOUNTS);
-}
-
-/**
- * @brief atodata - convert ASCII to data
- * 
- * backward-compatibility interface
- * 
- * @param src
- * @param srclen
- * @param dst
- * @param dstlen
- * @return                     0 for failure, true length for success
- */
-size_t atodata(const char *src, size_t srclen, char *dst, size_t dstlen)
-{
-       size_t len;
-       const char *err;
-
-       err = ttodata(src, srclen, 0, dst, dstlen, &len);
-       if (err != NULL)
-               return 0;
-       return len;
-}
-
-/**
- * @brief  atobytes - convert ASCII to data bytes
- *
- * another backward-compatibility interface
- */
-const char *atobytes(const char *src, size_t srclen, char *dst, size_t dstlen, size_t *lenp)
-{
-       return ttodata(src, srclen, 0, dst, dstlen, lenp);
-}
-
-/**
- * @brief unhex - convert two ASCII hex digits to byte
- * 
- * @param src          known to be full length
- * @param dstnumber of result bytes, or error code
- * @param dstlen       not large enough is a failure
- * @return                     
- */
-static int unhex(const char *src, char *dst, size_t dstlen)
-{
-       char *p;
-       unsigned byte;
-       static char hex[] = "0123456789abcdef";
-
-       if (dstlen < 1)
-               return SHORT;
-       
-       p = strchr(hex, *src);
-       if (p == NULL)
-               p = strchr(hex, tolower(*src));
-       if (p == NULL)
-               return BADCH0;
-       byte = (p - hex) << 4;
-       src++;
-
-       p = strchr(hex, *src);
-       if (p == NULL)
-               p = strchr(hex, tolower(*src));
-       if (p == NULL)
-               return BADCH1;
-       byte |= (p - hex);
-
-       *dst = byte;
-       return 1;
-}
-
-/**
- * @brief unb64 - convert four ASCII base64 digits to three bytes
- *
- * Note that a base64 digit group is padded out with '=' if it represents
- * less than three bytes:  one byte is dd==, two is ddd=, three is dddd.
- *
- * @param src          known to be full length 
- * @param dst          
- * @param dstlen       
- * @return                     number of result bytes, or error code
- */
-static int unb64(const char *src, char *dst, size_t dstlen)
-{
-       char *p;
-       unsigned byte1;
-       unsigned byte2;
-       static char base64[] =
-       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-       if (dstlen < 3)
-               return SHORT;
-
-       p = strchr(base64, *src++);
-
-       if (p == NULL)
-               return BADCH0;
-       byte1 = (p - base64) << 2;      /* first six bits */
-
-       p = strchr(base64, *src++);
-       if (p == NULL) {
-               return BADCH1;
-       }
-
-       byte2 = p - base64;             /* next six:  two plus four */
-       *dst++ = byte1 | (byte2 >> 4);
-       byte1 = (byte2 & 0xf) << 4;
-
-       p = strchr(base64, *src++);
-       if (p == NULL) {
-               if (*(src-1) == '=' && *src == '=') {
-                       if (byte1 != 0)         /* bad padding */
-                               return BADPAD;
-                       return 1;
-               }
-               return BADCH2;
-       }
-
-       byte2 = p - base64;             /* next six:  four plus two */
-       *dst++ = byte1 | (byte2 >> 2);
-       byte1 = (byte2 & 0x3) << 6;
-
-       p = strchr(base64, *src++);
-       if (p == NULL) {
-               if (*(src-1) == '=') {
-                       if (byte1 != 0)         /* bad padding */
-                               return BADPAD;
-                       return 2;
-               }
-               return BADCH3;
-       }
-       byte2 = p - base64;             /* last six */
-       *dst++ = byte1 | byte2;
-
-       return 3;
-}
-
-/**
- * @brief untext - convert one ASCII character to byte
- * 
- * @param src          known to be full length
- * @param dst          
- * @param dstlen       not large enough is a failure
- * @return                     number of result bytes, or error code
- */
-static int untext(const char *src, char *dst, size_t dstlen)
-{
-       if (dstlen < 1)
-               return SHORT;
-
-       *dst = *src;
-       return 1;
-}
-
-/**
- * @brief badch - produce a nice complaint about an unknown character
- *
- * If the compiler complains that the array bigenough[] has a negative
- * size, that means the TTODATAV_BUF constant has been set too small.
- * 
- * @param src          
- * @param errcode      
- * @param errp         might be NULL
- * @param errlen       
- * @return                     literal or errp
- */
-static const char *badch(const char *src, int errcode, char *errp, size_t errlen)
-{
-       static const char pre[] = "unknown character (`";
-       static const char suf[] = "') in input";
-       char buf[5];
-#      define  REQD    (sizeof(pre) - 1 + sizeof(buf) - 1 + sizeof(suf))
-       struct sizecheck {
-               char bigenough[TTODATAV_BUF - REQD];    /* see above */
-       };
-       char ch;
-
-       if (errp == NULL || errlen < REQD)
-               return "unknown character in input";
-       strcpy(errp, pre);
-       ch = *(src + BADOFF(errcode));
-       if (isprint(ch)) {
-               buf[0] = ch;
-               buf[1] = '\0';
-       } else {
-               buf[0] = '\\';
-               buf[1] = ((ch & 0700) >> 6) + '0';
-               buf[2] = ((ch & 0070) >> 3) + '0';
-               buf[3] = ((ch & 0007) >> 0) + '0';
-               buf[4] = '\0';
-       }
-       strcat(errp, buf);
-       strcat(errp, suf);
-       return (const char *)errp;
-}
diff --git a/src/lib/asn1/ttodata.h b/src/lib/asn1/ttodata.h
deleted file mode 100644 (file)
index b2b5ade..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * convert from text form of arbitrary data (e.g., keys) to binary
- * Copyright (C) 2000  Henry Spencer.
- * 
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- * 
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-
-#ifndef TTODATA_H_
-#define TTODATA_H_
-
-#include <types.h>
-
-#define        TTODATAV_BUF    40      /* ttodatav's largest non-literal message */
-#define TTODATAV_IGNORESPACE  (1<<1)  /* ignore spaces in base64 encodings*/
-#define TTODATAV_SPACECOUNTS  0       /* do not ignore spaces in base64   */
-
-err_t ttodata(const char *src, size_t srclen, int base, char *buf, size_t buflen, size_t *needed);
-
-
-#endif /* TTODATA_H_ */
diff --git a/src/lib/crypto/Makefile.transforms b/src/lib/crypto/Makefile.transforms
deleted file mode 100644 (file)
index af0b147..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-CRYPTO_DIR= $(LIB_DIR)crypto/
-
-include $(CRYPTO_DIR)crypters/Makefile.crypters
-include $(CRYPTO_DIR)hashers/Makefile.hashers
-include $(CRYPTO_DIR)prfs/Makefile.prfs
-include $(CRYPTO_DIR)signers/Makefile.signers
-include $(CRYPTO_DIR)rsa/Makefile.rsa
-
-LIB_OBJS+= $(BUILD_DIR)diffie_hellman.o
-$(BUILD_DIR)diffie_hellman.o : $(CRYPTO_DIR)diffie_hellman.c $(CRYPTO_DIR)diffie_hellman.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)hmac.o
-$(BUILD_DIR)hmac.o :                   $(CRYPTO_DIR)hmac.c $(CRYPTO_DIR)hmac.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)prf_plus.o
-$(BUILD_DIR)prf_plus.o :               $(CRYPTO_DIR)prf_plus.c $(CRYPTO_DIR)prf_plus.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)x509.o
-$(BUILD_DIR)x509.o :                   $(CRYPTO_DIR)x509.c $(CRYPTO_DIR)x509.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/lib/crypto/crypters/Makefile.crypters b/src/lib/crypto/crypters/Makefile.crypters
deleted file mode 100644 (file)
index 612477d..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-CRYPTERS_DIR= $(CRYPTO_DIR)crypters/
-
-LIB_OBJS+= $(BUILD_DIR)crypter.o
-$(BUILD_DIR)crypter.o :                        $(CRYPTERS_DIR)crypter.c $(CRYPTERS_DIR)crypter.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-                                                               
-LIB_OBJS+= $(BUILD_DIR)aes_cbc_crypter.o
-$(BUILD_DIR)aes_cbc_crypter.o :        $(CRYPTERS_DIR)aes_cbc_crypter.c $(CRYPTERS_DIR)aes_cbc_crypter.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/lib/crypto/crypters/aes_cbc_crypter.c b/src/lib/crypto/crypters/aes_cbc_crypter.c
deleted file mode 100644 (file)
index 9b7b07c..0000000
+++ /dev/null
@@ -1,1627 +0,0 @@
-/**
- * @file aes_cbc_crypter.c
- * 
- * @brief Implementation of aes_cbc_crypter_t
- * 
- */
- /*
- * Copyright (C) 2001 Dr B. R. Gladman <brg@gladman.uk.net>
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#include "aes_cbc_crypter.h"
-
-
-
-/*
- * The number of key schedule words for different block and key lengths
- * allowing for method of computation which requires the length to be a
- * multiple of the key length. This version of AES implementation supports
- * all three keylengths 16, 24 and 32 bytes!
- *
- * Nk =       4   6   8
- *        -------------
- * Nb = 4 |  60  60  64
- *      6 |  96  90  96
- *      8 | 120 120 120
- */
-#define AES_KS_LENGTH   120
-#define AES_RC_LENGTH    29
-
-#define AES_BLOCK_SIZE 16
-
-typedef struct private_aes_cbc_crypter_t private_aes_cbc_crypter_t;
-
-/**
- * @brief Class implementing the AES symmetric encryption algorithm.
- * 
- * @ingroup crypters
- */
-struct private_aes_cbc_crypter_t {
-       
-       /**
-        * Public part of this class.
-        */
-       aes_cbc_crypter_t public;
-       
-       /**
-        * Number of words in the key input block.
-        */
-       u_int32_t    aes_Nkey;
-       
-       /**
-        * The number of cipher rounds.
-        */
-       u_int32_t    aes_Nrnd;
-       
-       /**
-       * The encryption key schedule.
-       */
-       u_int32_t    aes_e_key[AES_KS_LENGTH];
-
-       /**
-       * The decryption key schedule.
-       */
-       u_int32_t    aes_d_key[AES_KS_LENGTH];
-       
-       /**
-       * The number of columns in the cipher state.
-       */
-       u_int32_t    aes_Ncol;
-       
-       /**
-       * Key size of this AES cypher object.
-       */
-       u_int32_t    key_size;
-       
-       /**
-       * Decrypts a block.
-       * 
-       * No memory gets allocated.
-       * 
-       * @param this                   calling object
-       * @param[in] in_blk     block to decrypt
-       * @param[out] out_blk   decrypted data are written to this location
-       */
-       void (*decrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]);
-       
-       /**
-       * Encrypts a block.
-       * 
-       * No memory gets allocated.
-       * 
-       * @param this                   calling object
-       * @param[in] in_blk     block to encrypt
-       * @param[out] out_blk   encrypted data are written to this location
-       */
-       void (*encrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]);
-};
-
-
-/* ugly macro stuff */
-
-/* 1.  Define UNROLL for full loop unrolling in encryption and decryption.
- * 2.  Define PARTIAL_UNROLL to unroll two loops in encryption and decryption.
- * 3.  Define FIXED_TABLES for compiled rather than dynamic tables.
- * 4.  Define FF_TABLES to use tables for field multiplies and inverses.
- *     Do not enable this without understanding stack space requirements.
- * 5.  Define ARRAYS to use arrays to hold the local state block. If this
- *     is not defined, individually declared 32-bit words are used.
- * 6.  Define FAST_VARIABLE if a high speed variable block implementation
- *     is needed (essentially three separate fixed block size code sequences)
- * 7.  Define either ONE_TABLE or FOUR_TABLES for a fast table driven 
- *     version using 1 table (2 kbytes of table space) or 4 tables (8
- *     kbytes of table space) for higher speed.
- * 8.  Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed 
- *     increase by using tables for the last rounds but with more table
- *     space (2 or 8 kbytes extra).
- * 9.  If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but 
- *     slower version is provided.
- * 10. If fast decryption key scheduling is needed define ONE_IM_TABLE
- *     or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra).
- */
-
-#define UNROLL
-//#define PARTIAL_UNROLL
-
-#define FIXED_TABLES
-//#define FF_TABLES
-//#define ARRAYS
-#define FAST_VARIABLE
-
-//#define ONE_TABLE
-#define FOUR_TABLES
-
-//#define ONE_LR_TABLE
-#define FOUR_LR_TABLES
-
-//#define ONE_IM_TABLE
-#define FOUR_IM_TABLES
-
-#if defined(UNROLL) && defined (PARTIAL_UNROLL)
-#error both UNROLL and PARTIAL_UNROLL are defined
-#endif
-
-#if defined(ONE_TABLE) && defined (FOUR_TABLES)
-#error both ONE_TABLE and FOUR_TABLES are defined
-#endif
-
-#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES)
-#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined
-#endif
-
-#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES)
-#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined
-#endif
-
-#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32
-#error an illegal block size has been specified
-#endif  
-
-/**
- * Rotates bytes within words by n positions, moving bytes 
- * to higher index positions with wrap around into low positions.
- */ 
-#define upr(x,n)        (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n))))
-/**
- * Moves bytes by n positions to higher index positions in 
- * words but without wrap around.
- */ 
-#define ups(x,n)        ((x) << 8 * (n))
-
-/**
- * Extracts a byte from a word.
- */
-#define bval(x,n)       ((unsigned char)((x) >> 8 * (n)))
-#define bytes2word(b0, b1, b2, b3)  \
-        ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
-
-
-/* little endian processor without data alignment restrictions: AES_LE_OK */
-/* original code: i386 */
-#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) 
-#define        AES_LE_OK 1
-/* added (tested): alpha  --jjo */
-#elif defined(__alpha__)|| defined (__alpha)
-#define AES_LE_OK 1
-/* added (tested): ia64  --jjo */
-#elif defined(__ia64__)|| defined (__ia64)
-#define AES_LE_OK 1
-#endif
-
-#ifdef AES_LE_OK
-/* little endian processor without data alignment restrictions */
-#define word_in(x)      *(u_int32_t*)(x)
-#define const_word_in(x)      *(const u_int32_t*)(x)
-#define word_out(x,v)   *(u_int32_t*)(x) = (v)
-#define const_word_out(x,v)   *(const u_int32_t*)(x) = (v)
-#else
-/* slower but generic big endian or with data alignment restrictions */
-/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */
-#define word_in(x)      ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
-#define const_word_in(x)      ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24))
-#define word_out(x,v)   ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
-#define const_word_out(x,v)   ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24)
-#endif
-
-// Disable at least some poor combinations of options
-
-#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-#define FIXED_TABLES
-#undef  UNROLL
-#undef  ONE_LR_TABLE
-#undef  FOUR_LR_TABLES
-#undef  ONE_IM_TABLE
-#undef  FOUR_IM_TABLES
-#elif !defined(FOUR_TABLES)
-#ifdef  FOUR_LR_TABLES
-#undef  FOUR_LR_TABLES
-#define ONE_LR_TABLE
-#endif
-#ifdef  FOUR_IM_TABLES
-#undef  FOUR_IM_TABLES
-#define ONE_IM_TABLE
-#endif
-#elif !defined(AES_BLOCK_SIZE)
-#if defined(UNROLL)
-#define PARTIAL_UNROLL
-#undef UNROLL
-#endif
-#endif
-
-// the finite field modular polynomial and elements
-
-#define ff_poly 0x011b
-#define ff_hi   0x80
-
-// multiply four bytes in GF(2^8) by 'x' {02} in parallel
-
-#define m1  0x80808080
-#define m2  0x7f7f7f7f
-#define m3  0x0000001b
-#define FFmulX(x)  ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3))
-
-// The following defines provide alternative definitions of FFmulX that might
-// give improved performance if a fast 32-bit multiply is not available. Note
-// that a temporary variable u needs to be defined where FFmulX is used.
-
-// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) 
-// #define m4  0x1b1b1b1b
-// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) 
-
-// perform column mix operation on four bytes in parallel
-
-#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1))
-
-#if defined(FIXED_TABLES)
-
-// the S-Box table
-
-static const unsigned char s_box[256] =
-{
-    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
-    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
-    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
-    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
-    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
-    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
-    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
-    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
-    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
-    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
-    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
-    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
-    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
-    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
-    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
-    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
-    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
-    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
-    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
-    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
-    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
-    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
-    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
-    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
-    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
-    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
-    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
-    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
-    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
-    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
-    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
-    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-};
-
-// the inverse S-Box table
-
-static const unsigned char inv_s_box[256] =
-{
-    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
-    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
-    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
-    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
-    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
-    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
-    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
-    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
-    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
-    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
-    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
-    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
-    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
-    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
-    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
-    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
-    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
-    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
-    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
-    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
-    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
-    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
-    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
-    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
-    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
-    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
-    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
-    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
-    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
-    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
-    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
-    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-};
-
-#define w0(p)          0x000000##p
-
-// Number of elements required in this table for different
-// block and key lengths is:
-//
-// Nk =      4  6  8
-//        ----------
-// Nb = 4 | 10  8  7
-//      6 | 19 12 11
-//      8 | 29 19 14
-//
-// this table can be a table of bytes if the key schedule
-// code is adjusted accordingly
-
-static const u_int32_t rcon_tab[29] =
-{
-    w0(01), w0(02), w0(04), w0(08),
-    w0(10), w0(20), w0(40), w0(80),
-    w0(1b), w0(36), w0(6c), w0(d8),
-    w0(ab), w0(4d), w0(9a), w0(2f),
-    w0(5e), w0(bc), w0(63), w0(c6),
-    w0(97), w0(35), w0(6a), w0(d4),
-    w0(b3), w0(7d), w0(fa), w0(ef),
-    w0(c5)
-};
-
-#undef  w0
-
-#define r0(p,q,r,s) 0x##p##q##r##s
-#define r1(p,q,r,s) 0x##q##r##s##p
-#define r2(p,q,r,s) 0x##r##s##p##q
-#define r3(p,q,r,s) 0x##s##p##q##r
-#define w0(p)          0x000000##p
-#define w1(p)        0x0000##p##00
-#define w2(p)        0x00##p##0000
-#define w3(p)        0x##p##000000
-
-#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) 
-
-//  data for forward tables (other than last round)
-
-#define f_table \
-    r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\
-    r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\
-    r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\
-    r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\
-    r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\
-    r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\
-    r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\
-    r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\
-    r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\
-    r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\
-    r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\
-    r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\
-    r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\
-    r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\
-    r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\
-    r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\
-    r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\
-    r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\
-    r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\
-    r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\
-    r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\
-    r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\
-    r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\
-    r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\
-    r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\
-    r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\
-    r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\
-    r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\
-    r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\
-    r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\
-    r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\
-    r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\
-    r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\
-    r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\
-    r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\
-    r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\
-    r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\
-    r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\
-    r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\
-    r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\
-    r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\
-    r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\
-    r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\
-    r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\
-    r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\
-    r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\
-    r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\
-    r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\
-    r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\
-    r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\
-    r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\
-    r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\
-    r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\
-    r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\
-    r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\
-    r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\
-    r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\
-    r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\
-    r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\
-    r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\
-    r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\
-    r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\
-    r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\
-    r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c)
-
-//  data for inverse tables (other than last round)
-
-#define i_table \
-    r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\
-    r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\
-    r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\
-    r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\
-    r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\
-    r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\
-    r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\
-    r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\
-    r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\
-    r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\
-    r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\
-    r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\
-    r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\
-    r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\
-    r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\
-    r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\
-    r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\
-    r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\
-    r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\
-    r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\
-    r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\
-    r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\
-    r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\
-    r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\
-    r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\
-    r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\
-    r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\
-    r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\
-    r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\
-    r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\
-    r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\
-    r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\
-    r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\
-    r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\
-    r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\
-    r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\
-    r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\
-    r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\
-    r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\
-    r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\
-    r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\
-    r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\
-    r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\
-    r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\
-    r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\
-    r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\
-    r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\
-    r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\
-    r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\
-    r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\
-    r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\
-    r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\
-    r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\
-    r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\
-    r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\
-    r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\
-    r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\
-    r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\
-    r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\
-    r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\
-    r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\
-    r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\
-    r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\
-    r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0)
-
-// generate the required tables in the desired endian format
-
-#undef  r
-#define r   r0
-
-#if defined(ONE_TABLE)
-static const u_int32_t ft_tab[256] =
-    {   f_table };
-#elif defined(FOUR_TABLES)
-static const u_int32_t ft_tab[4][256] =
-{   {   f_table },
-#undef  r
-#define r   r1
-    {   f_table },
-#undef  r
-#define r   r2
-    {   f_table },
-#undef  r
-#define r   r3
-    {   f_table }
-};
-#endif
-
-#undef  r
-#define r   r0
-#if defined(ONE_TABLE)
-static const u_int32_t it_tab[256] =
-    {   i_table };
-#elif defined(FOUR_TABLES)
-static const u_int32_t it_tab[4][256] =
-{   {   i_table },
-#undef  r
-#define r   r1
-    {   i_table },
-#undef  r
-#define r   r2
-    {   i_table },
-#undef  r
-#define r   r3
-    {   i_table }
-};
-#endif
-
-#endif
-
-#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) 
-
-//  data for inverse tables (last round)
-
-#define li_table    \
-    w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\
-    w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\
-    w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\
-    w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\
-    w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\
-    w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\
-    w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\
-    w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\
-    w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\
-    w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\
-    w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\
-    w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\
-    w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\
-    w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\
-    w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\
-    w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\
-    w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\
-    w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\
-    w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\
-    w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\
-    w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\
-    w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\
-    w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\
-    w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\
-    w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\
-    w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\
-    w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\
-    w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\
-    w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\
-    w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\
-    w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\
-    w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d),
-
-// generate the required tables in the desired endian format
-
-#undef  r
-#define r(p,q,r,s)  w0(q)
-#if defined(ONE_LR_TABLE)
-static const u_int32_t fl_tab[256] =
-    {   f_table     };
-#elif defined(FOUR_LR_TABLES)
-static const u_int32_t fl_tab[4][256] =
-{   {   f_table    },
-#undef  r
-#define r(p,q,r,s)   w1(q)
-    {   f_table    },
-#undef  r
-#define r(p,q,r,s)   w2(q)
-    {   f_table    },
-#undef  r
-#define r(p,q,r,s)   w3(q)
-    {   f_table    }
-};
-#endif
-
-#undef  w
-#define w   w0
-#if defined(ONE_LR_TABLE)
-static const u_int32_t il_tab[256] =
-    {   li_table    };
-#elif defined(FOUR_LR_TABLES)
-static const u_int32_t il_tab[4][256] =
-{   {   li_table    },
-#undef  w
-#define w   w1
-    {   li_table    },
-#undef  w
-#define w   w2
-    {   li_table    },
-#undef  w
-#define w   w3
-    {   li_table    }
-};
-#endif
-
-#endif
-
-#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) 
-
-#define m_table \
-    r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\
-    r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\
-    r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\
-    r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\
-    r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\
-    r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\
-    r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\
-    r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\
-    r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\
-    r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\
-    r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\
-    r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\
-    r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\
-    r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\
-    r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\
-    r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\
-    r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\
-    r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\
-    r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\
-    r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\
-    r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\
-    r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\
-    r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\
-    r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\
-    r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\
-    r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\
-    r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\
-    r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\
-    r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\
-    r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\
-    r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\
-    r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\
-    r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\
-    r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\
-    r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\
-    r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\
-    r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\
-    r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\
-    r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\
-    r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\
-    r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\
-    r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\
-    r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\
-    r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\
-    r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\
-    r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\
-    r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\
-    r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\
-    r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\
-    r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\
-    r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\
-    r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\
-    r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\
-    r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\
-    r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\
-    r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\
-    r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\
-    r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\
-    r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\
-    r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\
-    r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\
-    r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\
-    r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\
-    r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d)
-
-#undef r
-#define r   r0
-
-#if defined(ONE_IM_TABLE)
-static const u_int32_t im_tab[256] =
-    {   m_table };
-#elif defined(FOUR_IM_TABLES)
-static const u_int32_t im_tab[4][256] =
-{   {   m_table },
-#undef  r
-#define r   r1
-    {   m_table },
-#undef  r
-#define r   r2
-    {   m_table },
-#undef  r
-#define r   r3
-    {   m_table }
-};
-#endif
-
-#endif
-
-#else
-
-static int tab_gen = 0;
-
-static unsigned char  s_box[256];            // the S box
-static unsigned char  inv_s_box[256];        // the inverse S box
-static u_int32_t  rcon_tab[AES_RC_LENGTH];   // table of round constants
-
-#if defined(ONE_TABLE)
-static u_int32_t  ft_tab[256];
-static u_int32_t  it_tab[256];
-#elif defined(FOUR_TABLES)
-static u_int32_t  ft_tab[4][256];
-static u_int32_t  it_tab[4][256];
-#endif
-
-#if defined(ONE_LR_TABLE)
-static u_int32_t  fl_tab[256];
-static u_int32_t  il_tab[256];
-#elif defined(FOUR_LR_TABLES)
-static u_int32_t  fl_tab[4][256];
-static u_int32_t  il_tab[4][256];
-#endif
-
-#if defined(ONE_IM_TABLE)
-static u_int32_t  im_tab[256];
-#elif defined(FOUR_IM_TABLES)
-static u_int32_t  im_tab[4][256];
-#endif
-
-// Generate the tables for the dynamic table option
-
-#if !defined(FF_TABLES)
-
-// It will generally be sensible to use tables to compute finite 
-// field multiplies and inverses but where memory is scarse this 
-// code might sometimes be better.
-
-// return 2 ^ (n - 1) where n is the bit number of the highest bit
-// set in x with x in the range 1 < x < 0x00000200.   This form is
-// used so that locals within FFinv can be bytes rather than words
-
-static unsigned char hibit(const u_int32_t x)
-{   unsigned char r = (unsigned char)((x >> 1) | (x >> 2));
-    
-    r |= (r >> 2);
-    r |= (r >> 4);
-    return (r + 1) >> 1;
-}
-
-// return the inverse of the finite field element x
-
-static unsigned char FFinv(const unsigned char x)
-{   unsigned char    p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
-
-    if(x < 2) return x;
-
-    for(;;)
-    {
-        if(!n1) return v1;
-
-        while(n2 >= n1)
-        {   
-            n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
-        }
-        
-        if(!n2) return v2;
-
-        while(n1 >= n2)
-        {   
-            n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
-        }
-    }
-}
-
-// define the finite field multiplies required for Rijndael
-
-#define FFmul02(x)  ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0))
-#define FFmul03(x)  ((x) ^ FFmul02(x))
-#define FFmul09(x)  ((x) ^ FFmul02(FFmul02(FFmul02(x))))
-#define FFmul0b(x)  ((x) ^ FFmul02((x) ^ FFmul02(FFmul02(x))))
-#define FFmul0d(x)  ((x) ^ FFmul02(FFmul02((x) ^ FFmul02(x))))
-#define FFmul0e(x)  FFmul02((x) ^ FFmul02((x) ^ FFmul02(x)))
-
-#else
-
-#define FFinv(x)    ((x) ? pow[255 - log[x]]: 0)
-
-#define FFmul02(x) (x ? pow[log[x] + 0x19] : 0)
-#define FFmul03(x) (x ? pow[log[x] + 0x01] : 0)
-#define FFmul09(x) (x ? pow[log[x] + 0xc7] : 0)
-#define FFmul0b(x) (x ? pow[log[x] + 0x68] : 0)
-#define FFmul0d(x) (x ? pow[log[x] + 0xee] : 0)
-#define FFmul0e(x) (x ? pow[log[x] + 0xdf] : 0)
-
-#endif
-
-// The forward and inverse affine transformations used in the S-box
-
-#define fwd_affine(x) \
-    (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8)))
-
-#define inv_affine(x) \
-    (w = (u_int32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(unsigned char)(w^(w>>8)))
-
-static void gen_tabs(void)
-{   u_int32_t  i, w;
-
-#if defined(FF_TABLES)
-
-    unsigned char  pow[512], log[256];
-
-    // log and power tables for GF(2^8) finite field with
-    // 0x011b as modular polynomial - the simplest primitive
-    // root is 0x03, used here to generate the tables
-
-    i = 0; w = 1; 
-    do
-    {   
-        pow[i] = (unsigned char)w;
-        pow[i + 255] = (unsigned char)w;
-        log[w] = (unsigned char)i++;
-        w ^=  (w << 1) ^ (w & ff_hi ? ff_poly : 0);
-    }
-    while (w != 1);
-
-#endif
-
-    for(i = 0, w = 1; i < AES_RC_LENGTH; ++i)
-    {
-        rcon_tab[i] = bytes2word(w, 0, 0, 0);
-        w = (w << 1) ^ (w & ff_hi ? ff_poly : 0);
-    }
-
-    for(i = 0; i < 256; ++i)
-    {   unsigned char    b;
-
-        s_box[i] = b = fwd_affine(FFinv((unsigned char)i));
-
-        w = bytes2word(b, 0, 0, 0);
-#if defined(ONE_LR_TABLE)
-        fl_tab[i] = w;
-#elif defined(FOUR_LR_TABLES)
-        fl_tab[0][i] = w;
-        fl_tab[1][i] = upr(w,1);
-        fl_tab[2][i] = upr(w,2);
-        fl_tab[3][i] = upr(w,3);
-#endif
-        w = bytes2word(FFmul02(b), b, b, FFmul03(b));
-#if defined(ONE_TABLE)
-        ft_tab[i] = w;
-#elif defined(FOUR_TABLES)
-        ft_tab[0][i] = w;
-        ft_tab[1][i] = upr(w,1);
-        ft_tab[2][i] = upr(w,2);
-        ft_tab[3][i] = upr(w,3);
-#endif
-        inv_s_box[i] = b = FFinv(inv_affine((unsigned char)i));
-
-        w = bytes2word(b, 0, 0, 0);
-#if defined(ONE_LR_TABLE)
-        il_tab[i] = w;
-#elif defined(FOUR_LR_TABLES)
-        il_tab[0][i] = w;
-        il_tab[1][i] = upr(w,1);
-        il_tab[2][i] = upr(w,2);
-        il_tab[3][i] = upr(w,3);
-#endif
-        w = bytes2word(FFmul0e(b), FFmul09(b), FFmul0d(b), FFmul0b(b));
-#if defined(ONE_TABLE)
-        it_tab[i] = w;
-#elif defined(FOUR_TABLES)
-        it_tab[0][i] = w;
-        it_tab[1][i] = upr(w,1);
-        it_tab[2][i] = upr(w,2);
-        it_tab[3][i] = upr(w,3);
-#endif
-#if defined(ONE_IM_TABLE)
-        im_tab[b] = w;
-#elif defined(FOUR_IM_TABLES)
-        im_tab[0][b] = w;
-        im_tab[1][b] = upr(w,1);
-        im_tab[2][b] = upr(w,2);
-        im_tab[3][b] = upr(w,3);
-#endif
-
-    }
-}
-
-#endif
-
-#define no_table(x,box,vf,rf,c) bytes2word( \
-    box[bval(vf(x,0,c),rf(0,c))], \
-    box[bval(vf(x,1,c),rf(1,c))], \
-    box[bval(vf(x,2,c),rf(2,c))], \
-    box[bval(vf(x,3,c),rf(3,c))])
-
-#define one_table(x,op,tab,vf,rf,c) \
- (     tab[bval(vf(x,0,c),rf(0,c))] \
-  ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
-  ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
-  ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
-
-#define four_tables(x,tab,vf,rf,c) \
- (  tab[0][bval(vf(x,0,c),rf(0,c))] \
-  ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
-  ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
-  ^ tab[3][bval(vf(x,3,c),rf(3,c))])
-
-#define vf1(x,r,c)  (x)
-#define rf1(r,c)    (r)
-#define rf2(r,c)    ((r-c)&3)
-
-#if defined(FOUR_LR_TABLES)
-#define ls_box(x,c)     four_tables(x,fl_tab,vf1,rf2,c)
-#elif defined(ONE_LR_TABLE)
-#define ls_box(x,c)     one_table(x,upr,fl_tab,vf1,rf2,c)
-#else
-#define ls_box(x,c)     no_table(x,s_box,vf1,rf2,c)
-#endif
-
-#if defined(FOUR_IM_TABLES)
-#define inv_mcol(x)     four_tables(x,im_tab,vf1,rf1,0)
-#elif defined(ONE_IM_TABLE)
-#define inv_mcol(x)     one_table(x,upr,im_tab,vf1,rf1,0)
-#else
-#define inv_mcol(x) \
-    (f9 = (x),f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \
-    f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
-#endif
-
-#define nc   (this->aes_Ncol)
-
-// Initialise the key schedule from the user supplied key. The key
-// length is now specified in bytes - 16, 24 or 32 as appropriate.
-// This corresponds to bit lengths of 128, 192 and 256 bits, and
-// to Nk values of 4, 6 and 8 respectively.
-
-#define mx(t,f) (*t++ = inv_mcol(*f),f++)
-#define cp(t,f) *t++ = *f++
-
-#if   AES_BLOCK_SIZE == 16
-#define cpy(d,s)    cp(d,s); cp(d,s); cp(d,s); cp(d,s)
-#define mix(d,s)    mx(d,s); mx(d,s); mx(d,s); mx(d,s)
-#elif AES_BLOCK_SIZE == 24
-#define cpy(d,s)    cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
-                    cp(d,s); cp(d,s)
-#define mix(d,s)    mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
-                    mx(d,s); mx(d,s)
-#elif AES_BLOCK_SIZE == 32
-#define cpy(d,s)    cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
-                    cp(d,s); cp(d,s); cp(d,s); cp(d,s)
-#define mix(d,s)    mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
-                    mx(d,s); mx(d,s); mx(d,s); mx(d,s)
-#else
-
-#define cpy(d,s) \
-switch(nc) \
-{   case 8: cp(d,s); cp(d,s); \
-    case 6: cp(d,s); cp(d,s); \
-    case 4: cp(d,s); cp(d,s); \
-            cp(d,s); cp(d,s); \
-}
-
-#define mix(d,s) \
-switch(nc) \
-{   case 8: mx(d,s); mx(d,s); \
-    case 6: mx(d,s); mx(d,s); \
-    case 4: mx(d,s); mx(d,s); \
-            mx(d,s); mx(d,s); \
-}
-
-#endif
-
-// y = output word, x = input word, r = row, c = column
-// for r = 0, 1, 2 and 3 = column accessed for row r
-
-#if defined(ARRAYS)
-#define s(x,c) x[c]
-#else
-#define s(x,c) x##c
-#endif
-
-// I am grateful to Frank Yellin for the following constructions
-// which, given the column (c) of the output state variable that
-// is being computed, return the input state variables which are
-// needed for each row (r) of the state
-
-// For the fixed block size options, compilers reduce these two 
-// expressions to fixed variable references. For variable block 
-// size code conditional clauses will sometimes be returned
-
-#define unused  77  // Sunset Strip
-
-#define fwd_var(x,r,c) \
- ( r==0 ?                      \
-    ( c==0 ? s(x,0) \
-    : c==1 ? s(x,1) \
-    : c==2 ? s(x,2) \
-    : c==3 ? s(x,3) \
-    : c==4 ? s(x,4) \
-    : c==5 ? s(x,5) \
-    : c==6 ? s(x,6) \
-    : s(x,7))          \
- : r==1 ?                      \
-    ( c==0 ? s(x,1) \
-    : c==1 ? s(x,2) \
-    : c==2 ? s(x,3) \
-    : c==3 ? nc==4 ? s(x,0) : s(x,4) \
-    : c==4 ? s(x,5) \
-    : c==5 ? nc==8 ? s(x,6) : s(x,0) \
-    : c==6 ? s(x,7) \
-    : s(x,0))          \
- : r==2 ?                      \
-    ( c==0 ? nc==8 ? s(x,3) : s(x,2) \
-    : c==1 ? nc==8 ? s(x,4) : s(x,3) \
-    : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-    : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-    : c==4 ? nc==8 ? s(x,7) : s(x,0) \
-    : c==5 ? nc==8 ? s(x,0) : s(x,1) \
-    : c==6 ? s(x,1) \
-    : s(x,2))          \
- :                                     \
-    ( c==0 ? nc==8 ? s(x,4) : s(x,3) \
-    : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-    : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-    : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \
-    : c==4 ? nc==8 ? s(x,0) : s(x,1) \
-    : c==5 ? nc==8 ? s(x,1) : s(x,2) \
-    : c==6 ? s(x,2) \
-    : s(x,3)))
-
-#define inv_var(x,r,c) \
- ( r==0 ?                      \
-    ( c==0 ? s(x,0) \
-    : c==1 ? s(x,1) \
-    : c==2 ? s(x,2) \
-    : c==3 ? s(x,3) \
-    : c==4 ? s(x,4) \
-    : c==5 ? s(x,5) \
-    : c==6 ? s(x,6) \
-    : s(x,7))          \
- : r==1 ?                      \
-    ( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \
-    : c==1 ? s(x,0) \
-    : c==2 ? s(x,1) \
-    : c==3 ? s(x,2) \
-    : c==4 ? s(x,3) \
-    : c==5 ? s(x,4) \
-    : c==6 ? s(x,5) \
-    : s(x,6))          \
- : r==2 ?                      \
-    ( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
-    : c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
-    : c==2 ? nc==8 ? s(x,7) : s(x,0) \
-    : c==3 ? nc==8 ? s(x,0) : s(x,1) \
-    : c==4 ? nc==8 ? s(x,1) : s(x,2) \
-    : c==5 ? nc==8 ? s(x,2) : s(x,3) \
-    : c==6 ? s(x,3) \
-    : s(x,4))          \
- :                                     \
-    ( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \
-    : c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
-    : c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
-    : c==3 ? nc==8 ? s(x,7) : s(x,0) \
-    : c==4 ? nc==8 ? s(x,0) : s(x,1) \
-    : c==5 ? nc==8 ? s(x,1) : s(x,2) \
-    : c==6 ? s(x,2) \
-    : s(x,3)))
-
-#define si(y,x,k,c) s(y,c) = const_word_in(x + 4 * c) ^ k[c]
-#define so(y,x,c)   word_out(y + 4 * c, s(x,c))
-
-#if defined(FOUR_TABLES)
-#define fwd_rnd(y,x,k,c)    s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c)
-#define inv_rnd(y,x,k,c)    s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c)
-#elif defined(ONE_TABLE)
-#define fwd_rnd(y,x,k,c)    s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c)
-#define inv_rnd(y,x,k,c)    s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c)
-#else
-#define fwd_rnd(y,x,k,c)    s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c]
-#define inv_rnd(y,x,k,c)    s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c])
-#endif
-
-#if defined(FOUR_LR_TABLES)
-#define fwd_lrnd(y,x,k,c)   s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c)
-#define inv_lrnd(y,x,k,c)   s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c)
-#elif defined(ONE_LR_TABLE)
-#define fwd_lrnd(y,x,k,c)   s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c)
-#define inv_lrnd(y,x,k,c)   s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c)
-#else
-#define fwd_lrnd(y,x,k,c)   s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c]
-#define inv_lrnd(y,x,k,c)   s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]
-#endif
-
-#if AES_BLOCK_SIZE == 16
-
-#if defined(ARRAYS)
-#define locals(y,x)     x[4],y[4]
-#else
-#define locals(y,x)     x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
-// the following defines prevent the compiler requiring the declaration
-// of generated but unused variables in the fwd_var and inv_var macros
-#define b04 unused
-#define b05 unused
-#define b06 unused
-#define b07 unused
-#define b14 unused
-#define b15 unused
-#define b16 unused
-#define b17 unused
-#endif
-#define l_copy(y, x)    s(y,0) = s(x,0); s(y,1) = s(x,1); \
-                        s(y,2) = s(x,2); s(y,3) = s(x,3);
-#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
-#define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
-#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
-
-#elif AES_BLOCK_SIZE == 24
-
-#if defined(ARRAYS)
-#define locals(y,x)     x[6],y[6]
-#else
-#define locals(y,x)     x##0,x##1,x##2,x##3,x##4,x##5, \
-                        y##0,y##1,y##2,y##3,y##4,y##5
-#define b06 unused
-#define b07 unused
-#define b16 unused
-#define b17 unused
-#endif
-#define l_copy(y, x)    s(y,0) = s(x,0); s(y,1) = s(x,1); \
-                        s(y,2) = s(x,2); s(y,3) = s(x,3); \
-                        s(y,4) = s(x,4); s(y,5) = s(x,5);
-#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \
-                        si(y,x,k,3); si(y,x,k,4); si(y,x,k,5)
-#define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); \
-                        so(y,x,3); so(y,x,4); so(y,x,5)
-#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \
-                        rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5)
-#else
-
-#if defined(ARRAYS)
-#define locals(y,x)     x[8],y[8]
-#else
-#define locals(y,x)     x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \
-                        y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7
-#endif
-#define l_copy(y, x)    s(y,0) = s(x,0); s(y,1) = s(x,1); \
-                        s(y,2) = s(x,2); s(y,3) = s(x,3); \
-                        s(y,4) = s(x,4); s(y,5) = s(x,5); \
-                        s(y,6) = s(x,6); s(y,7) = s(x,7);
-
-#if AES_BLOCK_SIZE == 32
-
-#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \
-                        si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7)
-#define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \
-                        so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7)
-#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \
-                        rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7)
-#else
-
-#define state_in(y,x,k) \
-switch(nc) \
-{   case 8: si(y,x,k,7); si(y,x,k,6); \
-    case 6: si(y,x,k,5); si(y,x,k,4); \
-    case 4: si(y,x,k,3); si(y,x,k,2); \
-            si(y,x,k,1); si(y,x,k,0); \
-}
-
-#define state_out(y,x) \
-switch(nc) \
-{   case 8: so(y,x,7); so(y,x,6); \
-    case 6: so(y,x,5); so(y,x,4); \
-    case 4: so(y,x,3); so(y,x,2); \
-            so(y,x,1); so(y,x,0); \
-}
-
-#if defined(FAST_VARIABLE)
-
-#define round(rm,y,x,k) \
-switch(nc) \
-{   case 8: rm(y,x,k,7); rm(y,x,k,6); \
-            rm(y,x,k,5); rm(y,x,k,4); \
-            rm(y,x,k,3); rm(y,x,k,2); \
-            rm(y,x,k,1); rm(y,x,k,0); \
-            break; \
-    case 6: rm(y,x,k,5); rm(y,x,k,4); \
-            rm(y,x,k,3); rm(y,x,k,2); \
-            rm(y,x,k,1); rm(y,x,k,0); \
-            break; \
-    case 4: rm(y,x,k,3); rm(y,x,k,2); \
-            rm(y,x,k,1); rm(y,x,k,0); \
-            break; \
-}
-#else
-
-#define round(rm,y,x,k) \
-switch(nc) \
-{   case 8: rm(y,x,k,7); rm(y,x,k,6); \
-    case 6: rm(y,x,k,5); rm(y,x,k,4); \
-    case 4: rm(y,x,k,3); rm(y,x,k,2); \
-            rm(y,x,k,1); rm(y,x,k,0); \
-}
-
-#endif
-
-#endif
-#endif
-
-/**
- * Implementation of private_aes_cbc_crypter_t.encrypt_block.
- */
-static void encrypt_block(const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[])
-{   u_int32_t        locals(b0, b1);
-    const u_int32_t  *kp = this->aes_e_key;
-
-#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-    u_int32_t        f2;
-#endif
-
-    state_in(b0, in_blk, kp); kp += nc;
-
-#if defined(UNROLL)
-
-    switch(this->aes_Nrnd)
-    {
-    case 14:    round(fwd_rnd,  b1, b0, kp         ); 
-                round(fwd_rnd,  b0, b1, kp + nc    ); kp += 2 * nc;
-    case 12:    round(fwd_rnd,  b1, b0, kp         ); 
-                round(fwd_rnd,  b0, b1, kp + nc    ); kp += 2 * nc;
-    case 10:    round(fwd_rnd,  b1, b0, kp         );             
-                round(fwd_rnd,  b0, b1, kp +     nc);
-                round(fwd_rnd,  b1, b0, kp + 2 * nc); 
-                round(fwd_rnd,  b0, b1, kp + 3 * nc);
-                round(fwd_rnd,  b1, b0, kp + 4 * nc); 
-                round(fwd_rnd,  b0, b1, kp + 5 * nc);
-                round(fwd_rnd,  b1, b0, kp + 6 * nc); 
-                round(fwd_rnd,  b0, b1, kp + 7 * nc);
-                round(fwd_rnd,  b1, b0, kp + 8 * nc);
-                round(fwd_lrnd, b0, b1, kp + 9 * nc);
-    }
-
-#elif defined(PARTIAL_UNROLL)
-    {   u_int32_t    rnd;
-
-        for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd)
-        {
-            round(fwd_rnd, b1, b0, kp); 
-            round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc;
-        }
-
-        round(fwd_rnd,  b1, b0, kp);
-        round(fwd_lrnd, b0, b1, kp + nc);
-    }
-#else
-    {   u_int32_t    rnd;
-
-        for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd)
-        {
-            round(fwd_rnd, b1, b0, kp); 
-            l_copy(b0, b1); kp += nc;
-        }
-
-        round(fwd_lrnd, b0, b1, kp);
-    }
-#endif
-
-    state_out(out_blk, b0);
-}
-
-/**
- * Implementation of private_aes_cbc_crypter_t.decrypt_block.
- */
-static void decrypt_block(const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[])
-{   u_int32_t        locals(b0, b1);
-    const u_int32_t  *kp = this->aes_d_key;
-
-#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-    u_int32_t        f2, f4, f8, f9; 
-#endif
-
-    state_in(b0, in_blk, kp); kp += nc;
-
-#if defined(UNROLL)
-
-    switch(this->aes_Nrnd)
-    {
-    case 14:    round(inv_rnd,  b1, b0, kp         );
-                round(inv_rnd,  b0, b1, kp + nc    ); kp += 2 * nc;
-    case 12:    round(inv_rnd,  b1, b0, kp         );
-                round(inv_rnd,  b0, b1, kp + nc    ); kp += 2 * nc;
-    case 10:    round(inv_rnd,  b1, b0, kp         );             
-                round(inv_rnd,  b0, b1, kp +     nc);
-                round(inv_rnd,  b1, b0, kp + 2 * nc); 
-                round(inv_rnd,  b0, b1, kp + 3 * nc);
-                round(inv_rnd,  b1, b0, kp + 4 * nc); 
-                round(inv_rnd,  b0, b1, kp + 5 * nc);
-                round(inv_rnd,  b1, b0, kp + 6 * nc); 
-                round(inv_rnd,  b0, b1, kp + 7 * nc);
-                round(inv_rnd,  b1, b0, kp + 8 * nc);
-                round(inv_lrnd, b0, b1, kp + 9 * nc);
-    }
-
-#elif defined(PARTIAL_UNROLL)
-    {   u_int32_t    rnd;
-
-        for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd)
-        {
-            round(inv_rnd, b1, b0, kp); 
-            round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc;
-        }
-
-        round(inv_rnd,  b1, b0, kp);
-        round(inv_lrnd, b0, b1, kp + nc);
-    }
-#else
-    {   u_int32_t    rnd;
-
-        for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd)
-        {
-            round(inv_rnd, b1, b0, kp); 
-            l_copy(b0, b1); kp += nc;
-        }
-
-        round(inv_lrnd, b0, b1, kp);
-    }
-#endif
-
-    state_out(out_blk, b0);
-}
-
-/**
- * Implementation of crypter_t.decrypt.
- */
-static status_t decrypt (private_aes_cbc_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
-{
-       int ret, pos;
-       const u_int32_t *iv_i;
-       u_int8_t *in, *out;
-       
-       ret = data.len;
-       if (((data.len) % 16) != 0)
-       {
-               /* data length must be padded to a multiple of blocksize */
-               return INVALID_ARG;
-       }
-       
-       decrypted->ptr = malloc(data.len);
-       if (decrypted->ptr == NULL)
-       {
-               return OUT_OF_RES;
-       }
-       decrypted->len = data.len;
-
-       in = data.ptr;
-       out = decrypted->ptr;
-       
-       pos=data.len-16;
-       in+=pos;
-       out+=pos;
-       while(pos>=0) {
-               this->decrypt_block(this,in,out);
-               if (pos==0)
-                       iv_i=(const u_int32_t*) (iv.ptr);
-               else
-                       iv_i=(const u_int32_t*) (in-16);
-               *((u_int32_t *)(&out[ 0])) ^= iv_i[0];
-               *((u_int32_t *)(&out[ 4])) ^= iv_i[1];
-               *((u_int32_t *)(&out[ 8])) ^= iv_i[2];
-               *((u_int32_t *)(&out[12])) ^= iv_i[3];
-               in-=16;
-               out-=16;
-               pos-=16;
-       }
-       
-       return SUCCESS;
-}
-
-
-/**
- * Implementation of crypter_t.decrypt.
- */
-static status_t encrypt (private_aes_cbc_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
-{
-       int ret, pos;
-       const u_int32_t *iv_i;
-       u_int8_t *in, *out;
-       
-       ret = data.len;
-       if (((data.len) % 16) != 0)
-       {
-               /* data length must be padded to a multiple of blocksize */
-               return INVALID_ARG;
-       }
-       
-       encrypted->ptr = malloc(data.len);
-       if (encrypted->ptr == NULL)
-       {
-               return OUT_OF_RES;
-       }
-       encrypted->len = data.len;
-
-       in = data.ptr;
-       out = encrypted->ptr;
-       
-       pos=0;
-       while(pos<data.len)
-       {
-               if (pos==0)
-                       iv_i=(const u_int32_t*) iv.ptr;
-               else
-                       iv_i=(const u_int32_t*) (out-16);
-               *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0]));
-               *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4]));
-               *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8]));
-               *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12]));
-               this->encrypt_block(this,out,out);
-               in+=16;
-               out+=16;
-               pos+=16;
-       }
-       return SUCCESS;
-}
-
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_aes_cbc_crypter_t *this)
-{
-       return AES_BLOCK_SIZE;
-}
-
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_aes_cbc_crypter_t *this)
-{
-       return this->key_size;
-}
-
-/**
- * Implementation of crypter_t.set_key.
- */
-static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key)
-{
-       u_int32_t    *kf, *kt, rci, f = 0;
-       u_int8_t *in_key = key.ptr;
-       
-       if (key.len != this->key_size)
-       {
-               return INVALID_ARG;
-       }
-       
-       this->aes_Nrnd = (this->aes_Nkey > (this->aes_Ncol) ? this->aes_Nkey : (this->aes_Ncol)) + 6; 
-       
-       this->aes_e_key[0] = const_word_in(in_key     );
-       this->aes_e_key[1] = const_word_in(in_key +  4);
-       this->aes_e_key[2] = const_word_in(in_key +  8);
-       this->aes_e_key[3] = const_word_in(in_key + 12);
-       
-       kf = this->aes_e_key; 
-       kt = kf + nc * (this->aes_Nrnd + 1) - this->aes_Nkey; 
-       rci = 0;
-       
-       switch(this->aes_Nkey)
-       {
-       case 4: do
-                       {   kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++];
-                               kf[5] = kf[1] ^ kf[4];
-                               kf[6] = kf[2] ^ kf[5];
-                               kf[7] = kf[3] ^ kf[6];
-                               kf += 4;
-                       }
-                       while(kf < kt);
-                       break;
-       
-       case 6: this->aes_e_key[4] = const_word_in(in_key + 16);
-                       this->aes_e_key[5] = const_word_in(in_key + 20);
-                       do
-                       {   kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++];
-                               kf[ 7] = kf[1] ^ kf[ 6];
-                               kf[ 8] = kf[2] ^ kf[ 7];
-                               kf[ 9] = kf[3] ^ kf[ 8];
-                               kf[10] = kf[4] ^ kf[ 9];
-                               kf[11] = kf[5] ^ kf[10];
-                               kf += 6;
-                       }
-                       while(kf < kt);
-                       break;
-
-       case 8: this->aes_e_key[4] = const_word_in(in_key + 16);
-                       this->aes_e_key[5] = const_word_in(in_key + 20);
-                       this->aes_e_key[6] = const_word_in(in_key + 24);
-                       this->aes_e_key[7] = const_word_in(in_key + 28);
-                       do
-                       {   kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++];
-                               kf[ 9] = kf[1] ^ kf[ 8];
-                               kf[10] = kf[2] ^ kf[ 9];
-                               kf[11] = kf[3] ^ kf[10];
-                               kf[12] = kf[4] ^ ls_box(kf[11],0);
-                               kf[13] = kf[5] ^ kf[12];
-                               kf[14] = kf[6] ^ kf[13];
-                               kf[15] = kf[7] ^ kf[14];
-                               kf += 8;
-                       }
-                       while (kf < kt);
-                       break;
-       }
-       
-       if(!f)
-    {
-               u_int32_t    i;
-
-               kt = this->aes_d_key + nc * this->aes_Nrnd;
-               kf = this->aes_e_key;
-               
-               cpy(kt, kf); kt -= 2 * nc;
-               
-               for(i = 1; i < this->aes_Nrnd; ++i)
-               { 
-#if defined(ONE_TABLE) || defined(FOUR_TABLES)
-#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES)
-                       u_int32_t    f2, f4, f8, f9;
-#endif
-                       mix(kt, kf);
-#else
-                       cpy(kt, kf);
-#endif
-                       kt -= 2 * nc;
-        }
-               cpy(kt, kf);
-    }
-
-       return SUCCESS;
-}
-
-/**
- * Implementation of crypter_t.destroy and aes_cbc_crypter_t.destroy.
- */
-static void destroy (private_aes_cbc_crypter_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header
- */
-aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size)
-{
-       private_aes_cbc_crypter_t *this = malloc_thing(private_aes_cbc_crypter_t);
-       
-       #if !defined(FIXED_TABLES)
-       if(!tab_gen) { gen_tabs(); tab_gen = 1; }
-       #endif
-       
-       this->key_size = key_size;
-       switch(key_size) {
-       case 32:        /* bytes */
-               this->aes_Ncol = 8;
-               this->aes_Nkey = 8;
-               break;
-       case 24:        /* bytes */
-               this->aes_Ncol = 6;
-               this->aes_Nkey = 6;
-               break;
-       case 16:        /* bytes */
-               this->aes_Ncol = 4;
-               this->aes_Nkey = 4;
-               break;
-       default:
-               free(this);
-               return NULL;
-       }
-       
-       /* functions of crypter_t interface */  
-       this->public.crypter_interface.encrypt = (status_t (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
-       this->public.crypter_interface.decrypt = (status_t (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
-       this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
-       this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
-       this->public.crypter_interface.set_key = (status_t (*) (crypter_t *,chunk_t)) set_key;
-       this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-       
-       /* private functions */
-       this->decrypt_block = decrypt_block;
-       this->encrypt_block = encrypt_block;
-       
-       return &(this->public);
-}
diff --git a/src/lib/crypto/crypters/aes_cbc_crypter.h b/src/lib/crypto/crypters/aes_cbc_crypter.h
deleted file mode 100644 (file)
index d7a3c0f..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * @file aes_cbc_crypter.h
- * 
- * @brief Interface of aes_cbc_crypter_t
- * 
- */
-
-/*
- * Copyright (C) 2001 Dr B. R. Gladman <brg@gladman.uk.net>
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef AES_CBC_CRYPTER_H_
-#define AES_CBC_CRYPTER_H_
-
-#include <crypto/crypters/crypter.h>
-
-
-typedef struct aes_cbc_crypter_t aes_cbc_crypter_t;
-
-/**
- * @brief Class implementing the AES symmetric encryption algorithm.
- * 
- * @b Constructors:
- *  - aes_cbc_crypter_create()
- * 
- * @ingroup crypters
- */
-struct aes_cbc_crypter_t {
-       
-       /**
-        * The crypter_t interface.
-        */
-       crypter_t crypter_interface;
-};
-
-/**
- * @brief Constructor to create aes_cbc_crypter_t objects.
- * 
- * Supported key sizes are: 16, 24 or 32. 
- * 
- * @param key_size             key size in bytes
- * @return                             
- *                                             - aes_cbc_crypter_t object
- *                                             - NULL if key size not supported
- */
-aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size);
-
-
-#endif /* AES_CBC_CRYPTER_H_ */
diff --git a/src/lib/crypto/crypters/crypter.c b/src/lib/crypto/crypters/crypter.c
deleted file mode 100644 (file)
index 827d102..0000000
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * @file crypter.c
- * 
- * @brief Generic constructor for crypter_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-
-#include "crypter.h"
-
-#include <crypto/crypters/aes_cbc_crypter.h>
-
-
-/** 
- * String mappings for encryption_algorithm_t.
- */
-mapping_t encryption_algorithm_m[] = {
-{ENCR_UNDEFINED, "ENCR_UNDEFINED"},
-{ENCR_DES_IV64, "ENCR_DES_IV64"},
-{ENCR_DES, "ENCR_DES"},
-{ENCR_3DES, "ENCR_3DES"},
-{ENCR_RC5, "ENCR_RC5"},
-{ENCR_IDEA, "ENCR_IDEA"},
-{ENCR_CAST, "ENCR_CAST"},
-{ENCR_BLOWFISH, "ENCR_BLOWFISH"},
-{ENCR_3IDEA, "ENCR_3IDEA"},
-{ENCR_DES_IV32, "ENCR_DES_IV32"},
-{ENCR_NULL, "ENCR_NULL"},
-{ENCR_AES_CBC, "ENCR_AES_CBC"},
-{ENCR_AES_CTR, "ENCR_AES_CTR"},
-{MAPPING_END, NULL}
-};
-
-/* 
- * Described in header.
- */
-crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size)
-{
-       switch (encryption_algorithm)
-       {
-               case ENCR_AES_CBC:
-               {
-                       return (crypter_t*)aes_cbc_crypter_create(key_size);
-               }
-               default:
-                       return NULL;
-       }
-}
diff --git a/src/lib/crypto/crypters/crypter.h b/src/lib/crypto/crypters/crypter.h
deleted file mode 100644 (file)
index 9c219f5..0000000
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * @file crypter.h
- * 
- * @brief Interface crypter_t
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CRYPTER_H_
-#define CRYPTER_H_
-
-#include <types.h>
-
-typedef enum encryption_algorithm_t encryption_algorithm_t;
-
-/**
- * @brief Encryption algorithm, as in IKEv2 RFC 3.3.2.
- * 
- * Currently only the following algorithms are implemented and therefore supported:
- * - ENCR_AES_CBC
- * 
- * @todo Implement more enryption algorithms, such as 3DES
- * 
- * @ingroup crypters
- */
-enum encryption_algorithm_t {
-       ENCR_UNDEFINED = 1024,
-       ENCR_DES_IV64 = 1,
-       ENCR_DES = 2,
-       ENCR_3DES = 3,
-       ENCR_RC5 = 4,
-       ENCR_IDEA = 5,
-       ENCR_CAST = 6,
-       ENCR_BLOWFISH = 7,
-       ENCR_3IDEA = 8,
-       ENCR_DES_IV32 = 9,
-       ENCR_NULL = 11,
-       /**
-        * Implemented in class aes_cbc_crypter_t.
-        */
-       ENCR_AES_CBC = 12,
-       ENCR_AES_CTR = 13
-};
-
-/** 
- * String mappings for encryption_algorithm_t.
- */
-extern mapping_t encryption_algorithm_m[];
-
-
-typedef struct crypter_t crypter_t;
-
-/**
- * @brief Generic interface for symmetric encryption algorithms.
- * 
- * @b Constructors:
- *  - crypter_create()
- * 
- * @ingroup crypters
- */
-struct crypter_t {
-       /**
-        * @brief Encrypt a chunk of data and allocate space for the encrypted value.
-        * 
-        * @param this                          calling object
-        * @param data                          data to encrypt
-        * @param iv                            initializing vector
-        * @param[out] encrypted        pointer where the encrypted bytes will be written
-        * @return
-        *                                                      - SUCCESS
-        *                                                      - INVALID_ARG if data size not a multiple of block size
-        */
-       status_t (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted);
-       
-       /**
-        * @brief Decrypt a chunk of data and allocate space for the decrypted value.
-        * 
-        * @param this                          calling object
-        * @param data                          data to decrypt
-        * @param iv                            initializing vector
-        * @param[out] encrypted        pointer where the decrypted bytes will be written
-        * @return
-        *                                                      - SUCCESS
-        *                                                      - INVALID_ARG if data size not a multiple of block size
-        */
-       status_t (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted);
-
-       /**
-        * @brief Get the block size of this crypter_t object.
-        * 
-        * @param this                          calling object
-        * @return                                      block size in bytes
-        */
-       size_t (*get_block_size) (crypter_t *this);
-
-       /**
-        * @brief Get the key size of this crypter_t object.
-        * 
-        * @param this                          calling object
-        * @return                                      key size in bytes
-        */
-       size_t (*get_key_size) (crypter_t *this);
-       
-       /**
-        * @brief Set the key for this crypter_t object.
-        * 
-        * @param this                          calling object
-        * @param key                           key to set
-        * @return
-        *                                                      - SUCCESS
-        *                                                      - INVALID_ARG if key length invalid
-        */
-       status_t (*set_key) (crypter_t *this, chunk_t key);
-       
-       /**
-        * @brief Destroys a crypter_t object.
-        *
-        * @param this                          calling object
-        */
-       void (*destroy) (crypter_t *this);
-};
-
-/**
- * @brief Generic constructor for crypter_t objects.
- * 
- * Currently only the following algorithms are implemented and therefore supported:
- * - ENCR_AES_CBC
- * 
- * The key_size is ignored for algorithms with fixed key size.
- * 
- * @param encryption_algorithm Algorithm to use for crypter
- * @param key_size                             size of the key in bytes
- * @return
- *                                                             - crypter_t object
- *                                                             - NULL if encryption algorithm/key_size is not supported
- */
-crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size);
-
-#endif /*CRYPTER_H_*/
diff --git a/src/lib/crypto/diffie_hellman.c b/src/lib/crypto/diffie_hellman.c
deleted file mode 100644 (file)
index e458fb8..0000000
+++ /dev/null
@@ -1,615 +0,0 @@
-/**
- * @file diffie_hellman.c
- * 
- * @brief Implementation of diffie_hellman_t.
- * 
- */
-
-/*
- * Copyright (C) 1998-2002  D. Hugh Redelmeier.
- * Copyright (C) 1999, 2000, 2001  Henry Spencer.
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <gmp.h> 
-#include <stdio.h> 
-
-#include "diffie_hellman.h"
-
-#include <daemon.h>
-#include <utils/randomizer.h>
-
-
-/** 
- * String mappings for diffie_hellman_group_t.
- */
-mapping_t diffie_hellman_group_m[] = {
-       {MODP_UNDEFINED, "MODP_UNDEFINED"},
-       {MODP_768_BIT, "MODP_768_BIT"},
-       {MODP_1024_BIT, "MODP_1024_BIT"},
-       {MODP_1536_BIT, "MODP_1536_BIT"},
-       {MODP_2048_BIT, "MODP_2048_BIT"},
-       {MODP_3072_BIT, "MODP_3072_BIT"},
-       {MODP_4096_BIT, "MODP_4096_BIT"},
-       {MODP_6144_BIT, "MODP_6144_BIT"},
-       {MODP_8192_BIT, "MODP_8192_BIT"},
-       {MAPPING_END, NULL}
-};
-
-
-/**
- * Modulus of Group 1 (MODP_768_BIT).
- */
-static u_int8_t group1_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80        ,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 2 (MODP_1024_BIT).
- */
-static u_int8_t group2_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 5 (MODP_1536_BIT).
- */
-static u_int8_t group5_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-/**
- * Modulus of Group 14 (MODP_2048_BIT).
- */
-static u_int8_t group14_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-       0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-       0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-       0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-       0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 15 (MODP_3072_BIT).
- */
-static u_int8_t group15_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-       0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-       0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-       0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-       0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-       0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-       0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-       0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-       0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-       0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-       0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-       0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-       0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 16 (MODP_4096_BIT).
- */
-static u_int8_t group16_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-       0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-       0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-       0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-       0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-       0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-       0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-       0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-       0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-       0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-       0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-       0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-       0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-       0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-       0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-       0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-       0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-       0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-       0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-       0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-       0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 17 (MODP_6144_BIT).
- */
-static u_int8_t group17_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-       0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-       0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-       0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-       0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-       0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-       0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-       0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-       0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-       0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-       0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-       0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-       0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-       0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-       0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-       0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-       0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-       0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-       0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-       0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-       0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-       0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-       0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-       0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-       0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-       0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-       0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-       0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-       0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-       0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-       0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-       0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-       0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-       0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-       0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-       0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-       0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 18 (MODP_8192_BIT).
- */
-static u_int8_t group18_modulus[] = {
-       0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-       0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-       0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-       0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-       0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-       0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-       0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-       0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-       0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-       0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-       0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-       0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-       0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-       0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-       0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-       0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-       0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-       0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-       0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-       0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-       0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-       0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-       0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-       0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-       0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-       0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-       0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-       0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-       0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-       0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-       0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-       0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-       0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-       0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-       0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-       0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-       0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-       0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-       0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-       0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-       0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-       0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-       0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-       0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-       0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-       0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-       0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-       0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-       0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
-       0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
-       0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-       0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
-       0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
-       0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-       0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
-       0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
-       0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-       0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
-       0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
-       0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-       0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
-       0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
-       0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-       0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-};
-
-typedef struct modulus_info_entry_t modulus_info_entry_t;
-
-/** 
- * Entry of the modulus list.
- */
-struct modulus_info_entry_t {
-       /**
-        * Group number as it is defined in file transform_substructure.h.
-        */
-       diffie_hellman_group_t group;
-       
-       /**
-        * Pointer to first byte of modulus (network order).
-        */
-       u_int8_t *modulus;
-       
-       /* 
-        * Length of modulus in bytes.
-        */     
-       size_t modulus_length;
-       
-       /* 
-        * Generator value.
-        */     
-       u_int16_t generator;
-};
-
-
-/**
- * All supported modulus values.
- */
-static modulus_info_entry_t modulus_info_entries[] = {
-       {MODP_768_BIT,group1_modulus,sizeof(group1_modulus),2},
-       {MODP_1024_BIT,group2_modulus,sizeof(group2_modulus),2},
-       {MODP_1536_BIT,group5_modulus,sizeof(group5_modulus),2},
-       {MODP_2048_BIT,group14_modulus,sizeof(group14_modulus),2},
-       {MODP_3072_BIT,group15_modulus,sizeof(group15_modulus),2},
-       {MODP_4096_BIT,group16_modulus,sizeof(group16_modulus),2},
-       {MODP_6144_BIT,group17_modulus,sizeof(group17_modulus),2},
-       {MODP_8192_BIT,group18_modulus,sizeof(group18_modulus),2},
-};
-
-typedef struct private_diffie_hellman_t private_diffie_hellman_t;
-
-/**
- * Private data of an diffie_hellman_t object.
- * 
- */
-struct private_diffie_hellman_t {
-       /**
-        * Public diffie_hellman_t interface.
-        */
-       diffie_hellman_t public;
-       
-       /**
-        * Diffie Hellman group number.
-        */
-       u_int16_t dh_group_number;
-
-       /**
-        * Modulus.
-        */
-       mpz_t modulus;
-       
-       /**
-        * Modulus length.
-        */
-       size_t modulus_length;
-       
-       /* 
-        * Generator value.
-        */     
-       u_int16_t generator;
-
-       /**
-        * My private value .
-        */
-       mpz_t my_private_value;
-       
-       /**
-        * My public value.
-        */
-       mpz_t my_public_value;
-
-       /**
-        * Other public value.
-        */     
-       mpz_t other_public_value;
-       
-       /**
-        * Shared secret.
-        */     
-       mpz_t shared_secret;
-
-       /**
-        * True if shared secret is computed and stored in my_public_value.
-        */
-       bool shared_secret_is_computed;
-       
-       /**
-        * Sets the modulus for a specific diffie hellman group.
-        * 
-        * @param this                  calling object
-        * @return
-        *                                              SUCCESS if modulus could be found
-        *                                              NOT_FOUND if modulus not supported
-        */
-       status_t (*set_modulus) (private_diffie_hellman_t *this);
-       
-       /**
-        * Makes sure my public value is computed.
-        * 
-        * @param this                  calling object
-        */
-       void (*compute_public_value) (private_diffie_hellman_t *this);
-
-       /**
-        * Computes shared secret (other public value must be available).
-        * 
-        * @param this                  calling object
-        */
-       void (*compute_shared_secret) (private_diffie_hellman_t *this);
-};
-
-/**
- * Implementation of private_diffie_hellman_t.set_modulus.
- */
-static status_t set_modulus(private_diffie_hellman_t *this)
-{
-       int i;
-       status_t status = NOT_FOUND;
-       
-       for (i = 0; i < (sizeof(modulus_info_entries) / sizeof(modulus_info_entry_t)); i++)
-       {
-               if (modulus_info_entries[i].group == this->dh_group_number)
-               {
-                       chunk_t modulus_chunk;
-                       modulus_chunk.ptr = modulus_info_entries[i].modulus;
-                       modulus_chunk.len = modulus_info_entries[i].modulus_length;
-                       mpz_import(this->modulus, modulus_chunk.len, 1, 1, 1, 0, modulus_chunk.ptr);
-                       this->modulus_length = modulus_chunk.len;
-                       this->generator = modulus_info_entries[i].generator;
-                       status = SUCCESS;
-                       break;
-               }
-       }
-       return status;
-}
-
-/**
- * Implementation of diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_diffie_hellman_t *this,chunk_t public_value)
-{
-       mpz_import(this->other_public_value, public_value.len, 1, 1, 1, 0, public_value.ptr);
-       this->compute_shared_secret(this);
-}
-
-/**
- * Implementation of diffie_hellman_t.get_other_public_value.
- */
-static status_t get_other_public_value(private_diffie_hellman_t *this,chunk_t *public_value)
-{
-       if (!this->shared_secret_is_computed)
-       {
-               return FAILED;
-       }
-       public_value->len = this->modulus_length;
-    public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->other_public_value);
-       return SUCCESS;
-}
-
-/**
- * Implementation of private_diffie_hellman_t.compute_shared_secret.
- */
-static void compute_shared_secret (private_diffie_hellman_t *this)
-{
-       /* initialize my public value */
-       mpz_init(this->shared_secret);
-       /* calculate my public value */
-       mpz_powm(this->shared_secret,this->other_public_value,this->my_private_value,this->modulus);
-       
-       this->shared_secret_is_computed = TRUE;
-}
-
-/**
- * Implementation of private_diffie_hellman_t.compute_public_value.
- */
-static void compute_public_value (private_diffie_hellman_t *this)
-{
-       mpz_t generator;
-       /* initialize generator and set it*/
-       mpz_init_set_ui (generator,this->generator);
-       /* initialize my public value */
-       mpz_init(this->my_public_value);
-       /* calculate my public value */
-       mpz_powm(this->my_public_value,generator,this->my_private_value,this->modulus);
-       /* generator not used anymore */
-       mpz_clear(generator);
-}
-
-/**
- * Implementation of diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_diffie_hellman_t *this,chunk_t *public_value)
-{
-       public_value->len = this->modulus_length;
-    public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->my_public_value);
-}
-
-/**
- * Implementation of diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret)
-{
-       if (!this->shared_secret_is_computed)
-       {
-               return FAILED;
-       }
-       secret->len = this->modulus_length;
-    secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->shared_secret);
-       return SUCCESS;
-}
-
-/**
- * Implementation of diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_diffie_hellman_t *this)
-{
-       return this->dh_group_number;
-}
-
-/**
- * Implementation of diffie_hellman_t.destroy.
- */
-static void destroy(private_diffie_hellman_t *this)
-{
-       mpz_clear(this->modulus);
-       mpz_clear(this->my_private_value);
-       mpz_clear(this->my_public_value);
-       mpz_clear(this->other_public_value);
-
-       if (this->shared_secret_is_computed)
-       {
-               /* other public value gets initialized together with shared secret */
-               mpz_clear(this->shared_secret);
-       }
-       free(this);
-}
-
-/*
- * Described in header.
- */
-diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
-{
-       private_diffie_hellman_t *this = malloc_thing(private_diffie_hellman_t);
-       randomizer_t *randomizer;
-       chunk_t random_bytes;
-
-       /* public functions */
-       this->public.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
-       this->public.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
-       this->public.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;
-       this->public.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
-       this->public.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
-       this->public.destroy = (void (*)(diffie_hellman_t *)) destroy;
-       
-       /* private functions */
-       this->set_modulus = set_modulus;
-       this->compute_public_value = compute_public_value;
-       this->compute_shared_secret = compute_shared_secret;
-       
-       /* private variables */
-       this->dh_group_number = dh_group_number;
-       mpz_init(this->modulus);
-       mpz_init(this->other_public_value);
-       mpz_init(this->my_private_value);
-               
-       /* set this->modulus */ 
-       if (this->set_modulus(this) != SUCCESS)
-       {
-               free(this);
-               return NULL;
-       }
-       randomizer = randomizer_create();
-       if (randomizer == NULL)
-       {
-               free(this);
-               return NULL;
-       }
-       if (randomizer->allocate_pseudo_random_bytes(randomizer, this->modulus_length, &random_bytes) != SUCCESS)
-       {
-               randomizer->destroy(randomizer);
-               free(this);
-               return NULL;
-       }
-       
-       mpz_import(this->my_private_value, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
-       chunk_free(&random_bytes);
-       
-       randomizer->destroy(randomizer);
-       
-       this->compute_public_value(this);
-       
-       this->shared_secret_is_computed = FALSE;
-       
-       return &(this->public);
-}
diff --git a/src/lib/crypto/diffie_hellman.h b/src/lib/crypto/diffie_hellman.h
deleted file mode 100644 (file)
index 48a1655..0000000
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * @file diffie_hellman.h
- * 
- * @brief Interface of diffie_hellman_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef DIFFIE_HELLMAN_H_
-#define DIFFIE_HELLMAN_H_
-
-#include <types.h>
-
-
-typedef enum diffie_hellman_group_t diffie_hellman_group_t;
-
-/** 
- * @brief Diffie-Hellman group.
- * 
- * The modulus (or group) to use for a Diffie-Hellman calculation.
- * 
- * See IKEv2 RFC 3.3.2 and RFC 3526.
- * 
- * @ingroup transforms
- */
-enum diffie_hellman_group_t {
-       MODP_UNDEFINED = 1024,
-       MODP_768_BIT = 1,
-       MODP_1024_BIT = 2,
-       MODP_1536_BIT = 5,
-       MODP_2048_BIT = 14,
-       MODP_3072_BIT = 15,
-       MODP_4096_BIT = 16,
-       MODP_6144_BIT = 17,
-       MODP_8192_BIT = 18
-};
-
-/** 
- * String mappings for diffie_hellman_group_t.
- */
-extern mapping_t diffie_hellman_group_m[];
-
-
-typedef struct diffie_hellman_t diffie_hellman_t;
-
-/**
- * @brief Implementation of the widely used Diffie-Hellman algorithm.
- * 
- * @b Constructors:
- *  - diffie_hellman_create()
- * 
- * @ingroup transforms
- */
-struct diffie_hellman_t {
-               
-       /**
-        * @brief Returns the shared secret of this diffie hellman exchange.
-        *      
-        * @warning Space for returned secret is allocated and must be 
-        * freed by the caller.
-        * 
-        * @param this                  calling diffie_hellman_t object
-        * @param[out] secret   shared secret will be written into this chunk
-        * @return                              
-        *                                              - SUCCESS
-        *                                              - FAILED if not both DH values are set
-        */
-       status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret);
-       
-       /**
-        * @brief Sets the public value of partner.
-        *      
-        * chunk gets cloned and can be destroyed afterwards.
-        * 
-        * @param this                  calling diffie_hellman_t object
-        * @param public_value  public value of partner
-        */
-       void (*set_other_public_value) (diffie_hellman_t *this, chunk_t public_value);
-       
-       /**
-        * @brief Gets the public value of partner.
-        *      
-        * @warning Space for returned chunk is allocated and must be 
-        * freed by the caller.
-        * 
-        * @param this                          calling diffie_hellman_t object
-        * @param[out] public_value public value of partner is stored at this location
-        * @return                              
-        *                                                      - SUCCESS
-        *                                                      - FAILED if other public value not set
-        */
-       status_t (*get_other_public_value) (diffie_hellman_t *this, chunk_t *public_value);
-       
-       /**
-        * @brief Gets the public value of caller
-        *      
-        * @warning Space for returned chunk is allocated and must be 
-        * freed by the caller.
-        * 
-        * @param this                          calling diffie_hellman_t object
-        * @param[out]                          public_value public value of caller is stored at this location
-        */
-       void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *public_value);
-       
-       /**
-        * @brief Get the DH group used.
-        * 
-        * @param this                          calling diffie_hellman_t object
-        * @return                                      DH group set in construction
-        */
-       diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this);
-
-       /**
-        * @brief Destroys an diffie_hellman_t object.
-        *
-        * @param this                          diffie_hellman_t object to destroy
-        */
-       void (*destroy) (diffie_hellman_t *this);
-};
-
-/**
- * @brief Creates a new diffie_hellman_t object.
- * 
- * The first diffie hellman public value gets automatically created.
- * 
- * @param dh_group_number      Diffie Hellman group number to use
- * @return
- *                                                     - diffie_hellman_t object
- *                                                     - NULL if dh group not supported
- * 
- * @ingroup transforms
- */
-diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number);
-
-#endif /*DIFFIE_HELLMAN_H_*/
diff --git a/src/lib/crypto/hashers/Makefile.hashers b/src/lib/crypto/hashers/Makefile.hashers
deleted file mode 100644 (file)
index e05d41a..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-
-HASHERS_DIR= $(CRYPTO_DIR)hashers/
-
-LIB_OBJS+= $(BUILD_DIR)hasher.o
-$(BUILD_DIR)hasher.o :                 $(HASHERS_DIR)hasher.c $(HASHERS_DIR)hasher.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-                                                               
-LIB_OBJS+= $(BUILD_DIR)sha1_hasher.o
-$(BUILD_DIR)sha1_hasher.o :            $(HASHERS_DIR)sha1_hasher.c $(HASHERS_DIR)sha1_hasher.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
-                                                               
-LIB_OBJS+= $(BUILD_DIR)md5_hasher.o
-$(BUILD_DIR)md5_hasher.o :             $(HASHERS_DIR)md5_hasher.c $(HASHERS_DIR)md5_hasher.h
-                                                               $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/src/lib/crypto/hashers/hasher.c b/src/lib/crypto/hashers/hasher.c
deleted file mode 100644 (file)
index c15f418..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file hasher.c
- * 
- * @brief Generic constructor for hasher_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-
-#include "hasher.h"
-
-#include <crypto/hashers/sha1_hasher.h>
-#include <crypto/hashers/md5_hasher.h>
-
-/**
- * String mappings for hash_algorithm_t.
- */
-mapping_t hash_algorithm_m[] = {
-       {HASH_MD2,"HASH_MD2"},
-       {HASH_MD5,"HASH_MD5"},
-       {HASH_SHA1,"HASH_SHA1"},
-       {HASH_SHA256,"HASH_SHA256"},
-       {HASH_SHA384,"HASH_SHA384"},
-       {HASH_SHA512,"HASH_SHA512"},
-       {MAPPING_END, NULL}
-};
-
-/*
- * Described in header.
- */
-hasher_t *hasher_create(hash_algorithm_t hash_algorithm)
-{
-       switch (hash_algorithm)
-       {
-               case HASH_SHA1:
-               {
-                       return (hasher_t*)sha1_hasher_create();
-               }
-               case HASH_MD5:
-               {
-                       return (hasher_t*)md5_hasher_create();
-               }
-               default:
-                       return NULL;
-       }
-}
diff --git a/src/lib/crypto/hashers/hasher.h b/src/lib/crypto/hashers/hasher.h
deleted file mode 100644 (file)
index 24683c0..0000000
+++ /dev/null
@@ -1,147 +0,0 @@
-/**
- * @file hasher.h
- * 
- * @brief Interface hasher_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef HASHER_H_
-#define HASHER_H_
-
-
-#include <types.h>
-
-
-typedef enum hash_algorithm_t hash_algorithm_t;
-
-/**
- * @brief Algorithms to use for hashing.
- * 
- * Currently only the following algorithms are implemented and therefore supported:
- * - HASH_MD5
- * - HASH_SHA1
- * 
- * @ingroup hashers
- * 
- */
-enum hash_algorithm_t {
-       HASH_MD2,
-       /**
-        * Implemented in class md5_hasher_t.
-        */
-       HASH_MD5,
-       /**
-        * Implemented in class sha1_hasher_t.
-        */
-       HASH_SHA1,
-       HASH_SHA256,
-       HASH_SHA384,
-       HASH_SHA512,
-};
-
-/**
- * String mappings for hash_algorithm_t.
- */
-extern mapping_t hash_algorithm_m[];
-
-
-typedef struct hasher_t hasher_t;
-
-/**
- * @brief Generic interface for all hash functions.
- * 
- * @b Constructors:
- *  - hasher_create()
- *  - md5_hasher_create()
- *  - sha1_hasher_create()
- * 
- * @see                
- *                     - md5_hasher_t
- *                     - sha1_hasher_t
- * 
- * @todo Implement more hash algorithms
- * 
- * @ingroup hashers
- */
-struct hasher_t {
-       /**
-        * @brief Hash data and write it in the buffer.
-        * 
-        * If the parameter hash is NULL, no result is written back
-        * an more data can be appended to already hashed data.
-        * If not, the result is written back and the hasher is reseted.
-        * 
-        * @warning: the hash output parameter must hold at least
-        * hash_t.get_block_size bytes.
-        * 
-        * @param this                  calling object
-        * @param data                  data to hash
-        * @param[out] hash             pointer where the hash will be written
-        */
-       void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash);
-       
-       /**
-        * @brief Hash data and allocate space for the hash.
-        * 
-        * If the parameter hash is NULL, no result is written back
-        * an more data can be appended to already hashed data.
-        * If not, the result is written back and the hasher is reseted.
-        * 
-        * @param this                  calling object
-        * @param data                  chunk with data to hash
-        * @param[out] hash             chunk which will hold allocated hash
-        */
-       void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
-       
-       /**
-        * @brief Get the size of the resulting hash.
-        * 
-        * @param this                  calling object
-        * @return                              hash size in bytes
-        */
-       size_t (*get_hash_size) (hasher_t *this);
-       
-       /**
-        * @brief Resets the hashers state, which allows
-        * computation of a completely new hash.
-        * 
-        * @param this                  calling object
-        */
-       void (*reset) (hasher_t *this);
-       
-       /**
-        * @brief Destroys a hasher object.
-        *
-        * @param this  calling object
-        */
-       void (*destroy) (hasher_t *this);
-};
-
-/**
- * @brief Generic interface to create a hasher_t.
- * 
- * @param hash_algorithm       Algorithm to use for hashing
- * @return
- *                                                     - hasher_t object
- *                                                     - NULL if algorithm not supported
- * 
- * @ingroup hashers
- */
-hasher_t *hasher_create(hash_algorithm_t hash_algorithm);
-
-#endif /*HASHER_H_*/
diff --git a/src/lib/crypto/hashers/md5_hasher.c b/src/lib/crypto/hashers/md5_hasher.c
deleted file mode 100644 (file)
index b0bc2f6..0000000
+++ /dev/null
@@ -1,394 +0,0 @@
-/**
- * @file md5_hasher.c
- * 
- * @brief Implementation of md5_hasher_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. 
- * All rights reserved.
- * 
- * Derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.
- * Ported to fulfill hasher_t interface.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "md5_hasher.h"
-
-#include <definitions.h>
-
-#define BLOCK_SIZE_MD5 16
-
-
-/* Constants for MD5Transform routine. */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-static u_int8_t PADDING[64] = {
-  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * ugly macro stuff
- */ 
-/* F, G, H and I are basic MD5 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.
- */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-Rotation is separate from addition to prevent recomputation.
- */
-#define FF(a, b, c, d, x, s, ac) { \
- (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
-  }
-#define GG(a, b, c, d, x, s, ac) { \
- (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
-  }
-#define HH(a, b, c, d, x, s, ac) { \
- (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
-  }
-#define II(a, b, c, d, x, s, ac) { \
- (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
-  }
-
-
-
-typedef struct private_md5_hasher_t private_md5_hasher_t;
-
-/**
- * Private data structure with hasing context.
- */
-struct private_md5_hasher_t {
-       /**
-        * Public interface for this hasher.
-        */
-       md5_hasher_t public;
-       
-       /*
-        * State of the hasher.
-        */
-       u_int32_t state[5];
-    u_int32_t count[2];
-    u_int8_t buffer[64];
-};
-
-
-#if BYTE_ORDER != LITTLE_ENDIAN
-
-/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is
- * a multiple of 4.
- */
-static void Encode (u_int8_t *output, u_int32_t *input, size_t *len)
-{
-       size_t i, j;
-
-       for (i = 0, j = 0; j < len; i++, j += 4) 
-       {
-               output[j] = (u_int8_t)(input[i] & 0xff);
-               output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff);
-               output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff);
-               output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff);
-       }
-}
-
-/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is
- * a multiple of 4.
- */
-static void Decode(u_int32_t *output, u_int8_t *input, size_t len)
-{
-       size_t i, j;
-
-       for (i = 0, j = 0; j < len; i++, j += 4)
-       {
-               output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) |
-               (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24);
-       }
-}
-
-#elif BYTE_ORDER == LITTLE_ENDIAN
- #define Encode memcpy
- #define Decode memcpy
-#endif
-
-/* MD5 basic transformation. Transforms state based on block.
- */
-static void MD5Transform(u_int32_t state[4], u_int8_t block[64])
-{
-       u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
-       Decode(x, block, 64);
-
-       /* Round 1 */
-       FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
-       FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
-       FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
-       FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
-       FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
-       FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
-       FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
-       FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
-       FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
-       FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
-       FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-       FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-       FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-       FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-       FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-       FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-       /* Round 2 */
-       GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
-       GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
-       GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-       GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
-       GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
-       GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
-       GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-       GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
-       GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
-       GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-       GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
-       GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
-       GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
-       GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
-       GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
-       GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
-       /* Round 3 */
-       HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
-       HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
-       HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-       HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-       HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
-       HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
-       HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
-       HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-       HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-       HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
-       HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
-       HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
-       HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
-       HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-       HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-       HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
-       /* Round 4 */
-       II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
-       II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
-       II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-       II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
-       II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-       II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
-       II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-       II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
-       II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
-       II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-       II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
-       II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-       II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
-       II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-       II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
-       II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
-       state[0] += a;
-       state[1] += b;
-       state[2] += c;
-       state[3] += d;
-}
-
-/* MD5 block update operation. Continues an MD5 message-digest
- * operation, processing another message block, and updating the
- * context.
- */
-static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputLen)
-{
-       u_int32_t i;
-       size_t index, partLen;
-
-       /* Compute number of bytes mod 64 */
-       index = (u_int8_t)((this->count[0] >> 3) & 0x3F);
-
-       /* Update number of bits */
-       if ((this->count[0] += (inputLen << 3)) < (inputLen << 3))
-       {
-               this->count[1]++;
-       }
-       this->count[1] += (inputLen >> 29);
-
-       partLen = 64 - index;
-
-       /* Transform as many times as possible. */
-       if (inputLen >= partLen) 
-       {
-               memcpy(&this->buffer[index], input, partLen);
-               MD5Transform (this->state, this->buffer);
-
-               for (i = partLen; i + 63 < inputLen; i += 64)
-               {
-               MD5Transform (this->state, &input[i]);
-               }
-               index = 0;
-       }
-       else
-       {
-               i = 0;
-       }
-
-       /* Buffer remaining input */
-       memcpy(&this->buffer[index], &input[i], inputLen-i);
-}
-
-/* MD5 finalization. Ends an MD5 message-digest operation, writing the
- * the message digest and zeroizing the context.
- */
-static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16])
-{
-       u_int8_t bits[8];
-       size_t index, padLen;
-
-       /* Save number of bits */
-       Encode (bits, this->count, 8);
-
-       /* Pad out to 56 mod 64. */
-       index = (size_t)((this->count[0] >> 3) & 0x3f);
-       padLen = (index < 56) ? (56 - index) : (120 - index);
-       MD5Update (this, PADDING, padLen);
-
-       /* Append length (before padding) */
-       MD5Update (this, bits, 8);
-
-       if (digest != NULL)                     /* Bill Simpson's padding */
-       {
-               /* store state in digest */
-               Encode (digest, this->state, 16);
-       }
-}
-
-
-
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
-{
-       MD5Update(this, chunk.ptr, chunk.len);
-       if (buffer != NULL)
-       {
-               MD5Final(this, buffer);
-               this->public.hasher_interface.reset(&(this->public.hasher_interface));
-       }
-}
-
-
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
-{
-       chunk_t allocated_hash;
-       
-       MD5Update(this, chunk.ptr, chunk.len);
-       if (hash != NULL)
-       {       
-               allocated_hash.ptr = malloc(BLOCK_SIZE_MD5);
-               allocated_hash.len = BLOCK_SIZE_MD5;
-
-               MD5Final(this, allocated_hash.ptr);
-               this->public.hasher_interface.reset(&(this->public.hasher_interface));
-               
-               *hash = allocated_hash;
-       }
-}
-       
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_md5_hasher_t *this)
-{
-       return BLOCK_SIZE_MD5;
-}
-
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_md5_hasher_t *this)
-{
-       this->state[0] = 0x67452301;
-       this->state[1] = 0xefcdab89;
-       this->state[2] = 0x98badcfe;
-       this->state[3] = 0x10325476;
-       this->count[0] = 0;
-       this->count[1] = 0;
-}
-
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_md5_hasher_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header.
- */
-md5_hasher_t *md5_hasher_create(void)
-{
-       private_md5_hasher_t *this = malloc_thing(private_md5_hasher_t);
-
-       this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
-       this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
-       this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
-       this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
-       this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-       
-       /* initialize */
-       this->public.hasher_interface.reset(&(this->public.hasher_interface));
-       
-       return &(this->public);
-}
diff --git a/src/lib/crypto/hashers/md5_hasher.h b/src/lib/crypto/hashers/md5_hasher.h
deleted file mode 100644 (file)
index 3ee721b..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file md5_hasher.h
- * 
- * @brief Interface for md5_hasher_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef MD5_HASHER_H_
-#define MD5_HASHER_H_
-
-#include <crypto/hashers/hasher.h>
-
-
-typedef struct md5_hasher_t md5_hasher_t;
-
-/**
- * @brief Implementation of hasher_t interface using the
- * MD5 algorithm.
- * 
- * @b Constructors:
- * - hasher_create() using HASH_MD5 as algorithm
- * - md5_hasher_create()
- * 
- * @see hasher_t
- * 
- * @ingroup hashers
- */
-struct md5_hasher_t {
-       
-       /**
-        * Generic hasher_t interface for this hasher.
-        */
-       hasher_t hasher_interface;
-};
-
-/**
- * @brief Creates a new md5_hasher_t.
- * 
- * @return     md5_hasher_t object
- * 
- * @ingroup hashers
- */
-md5_hasher_t *md5_hasher_create(void);
-
-#endif /*MD5_HASHER_H_*/
diff --git a/src/lib/crypto/hashers/sha1_hasher.c b/src/lib/crypto/hashers/sha1_hasher.c
deleted file mode 100644 (file)
index 0dda019..0000000
+++ /dev/null
@@ -1,269 +0,0 @@
-/**
- * @file sha1_hasher.c
- * 
- * @brief Implementation of hasher_sha_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- * 
- * Ported from Steve Reid's <steve@edmweb.com> implementation
- * "SHA1 in C" found in strongSwan.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "sha1_hasher.h"
-
-#include <definitions.h>
-
-#define BLOCK_SIZE_SHA1 20
-
-/*
- * ugly macro stuff
- */ 
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-#if BYTE_ORDER == LITTLE_ENDIAN
- #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) |(rol(block->l[i],8)&0x00FF00FF))
-#elif BYTE_ORDER == BIG_ENDIAN
- #define blk0(i) block->l[i]
-#else
- #error "Endianness not defined!"
-#endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-
-typedef struct private_sha1_hasher_t private_sha1_hasher_t;
-
-/**
- * Private data structure with hasing context.
- */
-struct private_sha1_hasher_t {
- &