stv0g/gdoid
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

initial import form http://iec61850.ucaiug.org/90-5/default.aspx

Browse source
This commit is contained in:
Steffen Vogel 2017-12-13 22:17:10 +01:00
commit a535a36837
168 changed files with 72905 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

359
GDOI_PRIMER Normal file
View file

@ -0,0 +1,359 @@
$Id: GDOI_PRIMER,v 1.12.2.2 2011/12/12 23:24:16 bew Exp $
$Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/GDOI_PRIMER,v $
GDOI Reference Implementation Primer
------------------------------------
A. Introduction
The purpose of this reference implementation is to provide a base vehicle for
testing the GDOI group key management protocol. GDOI was first specified in RFC 3547, and
re-published with corrections and updates in RFC 6407. This primer shows
the very basics of configuring GDOI on a pair of systems with known-working
configurations.
GDOI is a key management system for groups. It is primarily designed for use
with secure broadcast applications, but many other types of applications can
take advantage of GDOI as well for their keying.
B. System Requirements
You will need two systems, either Linux (based on a 2.6 kernel ONLY) or
BSD systems. This code was developed on Linux and OS/X. The following
releases have been tested and are safe to use:
Linux: Fedora 14
OS X: 10.6.8
You will need to have version of OpenSSL that has support for SHA256. This is
currently release openssl-0.9.8a or later. Some hints if you install this
version in a non-standard location (e.g., the default is /usr/local/ssl):
* If you have shared library version of libcrypto installed in /usr/lib then
you may need to generate a shared library version in the non-standard
location.
* If you are using a shared library be sure that the shared library is
included in your LD_LIBRARY_PATH environment variable.
For help with gdoid configuration,see gdoid.conf.5. Note that the page must be
formated with "nroff -mandoc" macros.
For Ubuntu, you may need to install the libssl-dev package. E.g.,
"sudo apt-get install libssl-dev"
C. System Roles
It is most efficient for many group applications to have a rendezvous point
where group members can get keys. With that in mind, GDOI was developed to
have two distinct roles in the protocol: the role of a key server, and the
role of a group member.
C.1 Key Server
A GDOI key server has the responsibility of keeping keys for the group, and
releasing them on demand to authenticated and authorized group members.
GDOI authenticates group members using the definition of an IKE Phase 1
exchange (see RFC 2409). The GDOI registration exchange follows the IKE Phase 1
exchange. It contains liveliness checks, confidentiality, and authorization
checks.
This GDOI reference implementation does not provide any level of authorization
check. As long as the group member passes the IKE Phase 1 authentication he is
granted access to whatever groups are available on the key server.
The key server does support the GDOI "push" (or rekey) message by which a
key server can update the keys and policy for the entire group. An IP multicast
message is used for this purpose.
C.2 Group Member
A group member is a host in which some cryptosystem which needs
keys. This version supports IPsec, and also an incomplete version of
IEC 61850-90-5.
C.2.1 IPSec
Applications are not aware of IPSec protecting applications; it's
all done transparently in the kernel. In this reference implementation
the GDOI group member code is pre-configured with which groups to
join, and it contacts the key server at startup time. This ensures
that the SAs will be loaded into the kernel when the application
is started.
To test IPsec, you can use a Linux system (with a 2.6 kernel) without
modification. I have demonstrated that the kernel will accept SAs for
multicast destinations and match incoming and outgoing packets against them.
Ciphers 3DES and AES have been validated to work with OpenBSD.
C.2.2 IEC 61850-90-5
This package comes with a framework for supporting IEC 61850-90-5, a standard for
distrubuting PMU traffic as IP multicast packets. IT does NOT contain the actual
protocol support needed to protect that standard.
D. Initial Setup
Choose which system will be your key server, and which system will be your
group member and note their IP addresses.
D.1 Key Server Setup
It would be best of find sample configurations in the samples document
and use one of them. To test between two or three systems use the samples in
the "three-clients" sample directory. A quick test can be made using the samples
in the "loopback" diectory. (Be sure to uncomment the appropriate line to create
additional loopback interfaces in loopback/START_KS.)
To setup the key server, copy the "gdoi_ks.conf" file and change the IP
addresses in the following lines:
Listen-on= <key server IP addr>
<member IP addr>= GDOI-group-member-1
[GDOI-group-member-1]
Local-address= <key server IP addr>
Address= <member IP addr>
(You can ignore the configuration lines for GDOI-group-member-2 and
GDOI-group-member-3 until you're ready to test with those systems.)
That's it! The rest of the policy defines the IKE Phase 1 policy, and one
group which contains two IPSec SAs. You can leave those as is.
D.2 Group Member Setup
Edit gdoi_client1.conf and change the IP addresses in these configuration
statements:
Listen-on= <member IP addr>
<key server IP addr>= GDOI-key-server
[GDOI-key-server]
Local-address= <member IP addr>
Address= <key server IP addr>
E. Using the sample configuration
Start the test by completing the following steps:
E.1. On the key server, become "root". Be sure the gdoi_gcks.conf file is
owned by root and has a mode of 600. Then start isakmpd as follows:
# ./START_KS
This prepares the key server to accept requests from GDOI group members.
You will see some debug messages.
E.2. On the group member, become "root". Be sure the gdoi_client1.conf file
is owned by root and has a mode of 600. Then start isakmpd as follows:
# ./START_CLIENT1
This causes the group member to initiate a GDOI exchange to the key server.
You will see some debug messages.
If you wish to load SAs into the kernel, remove the "-n" flag from the call
to isakmpd in START_CLIENT1.
E.3. The exchange is successful if you see the following string near the end
of the debugging statements on both systems: DONE WITH PHASE 2!!!
You can compare your output to two sample output scripts in the "three-clients"
directory.
E.4. If you are on OpenBSD systems, you can check if the SAs were loaded into
the kernel with this command:
# cat /kern/ipsec
and you can manually delete the SAs with this command:
# ipsecadm flush
On other systems, use the setkey command to view SAs:
# setkey -D; setkey -D -P
And you can manually delete the SAs with the -F option:
# setkey -F; setkey -F -P
E.5. More debugging
The sample scripts may not show all of the debugging statements possible. More
debugging can be shown by increasing the number <nn> on the -DA=<nn> flag. The
maximum amount of debugging can be gotten with -DA=99.
F. IKE Phase 1 Configuration Statements.
The following examples are taken from the accompanying sample configurations.
F.1. In IKE Phase 1, define the DOI to be "GROUP". This must be done on both
the key server and the group member.
EXAMPLE
-------
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
F.2. For the GDOI exchange, define a Group-ID which is an IKE Phase 2 identity
type. Only KEY_ID is supported at the moment.
For more information on the IKE Phase 1 configuration see isakmpd.conf.5.
G. GDOI Configuration Statements.
To run the GDOI functionality, the following configuration is needed in the
configuration files. These examples are taken from the accompanying sample
configurations.
For more information, see the gdoid.conf(5) manual page included in this
distribution. Other example configurations can be found in the samples
directory.
G.1 Key Server
The key server stores the crypto policy and keys for a group. In this
reference implementation all keys and policy are static. Dynamic changing of
keys is not available.
The key server must define a security policy for the group. EXAMPLE 1 shows the
base policy definition to define group "1234". It defines the peer
(GDOI-group-member) and exact group policy (Default-group-mode) by
reference.
EXAMPLE 1
---------
[IPsec-group-policy]
Phase= 2
ISAKMP-peer= GDOI-group-member
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
The actual policy for Default-group-mode is shown in EXAMPLE 2. It defines the
Exchange to be a PULL_MODE (which is exchange number 32, see RFC 3547).
It also lists two Traffic Encryption Key policy groups to be part of this
group. (If this were keying a real application, perhaps one TEK would be
the audio stream and one the video stream).
EXAMPLE 2
---------
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
SA-TEKS= GROUP1-TEK1, GROUP1-TEK2
Finally, policy must be specified for each TEK. EXAMPLE 3 shows the policy for
GROUP1-TEK1. This defines a subset of the ESP policy information required.
EXAMPLE 3
---------
[GROUP1-TEK1]
Crypto-protocol= PROTO_IPSEC_ESP
Src-ID= Group-tek1-src
Dst-ID= Group-tek1-dst
TEK_Suite= GDOI-ESP-3DES-SHA-SUITE
[Group-tek1-src]
ID-type= IPV4_ADDR
Address= 172.19.193.37
Port= 1024
[Group-tek1-dst]
ID-type= IPV4_ADDR
Address= 239.192.1.1
Port= 1024
G.2 Group Member
On the group member side, the following configuration needs to be setup:
First, a policy must be defined based on the group name as shown in EXAMPLE 4.
This special naming allows the GDOI group member to find the appropriate IKE
Phase 1 policy when the crypto system gives it a group number.
EXAMPLE 4
---------
[Group-1234]
Phase= 2
ISAKMP-peer= ISAKMP-peer-gcks
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
The policy for Default-group-mode is shown in EXAMPLE 5.
EXAMPLE 5
---------
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Suites= GM-ESP
H. Hints
Here are some things to keep in mind using this package.
1. The configuration (*.conf) files that you use MUST be owned by root and
have a mode of 600. If not, isakmpd will quickly abort. The configuration
files included in the samples directory may not be set correctly -- that
depends on how you extracted the files,
2. If the IKE Phase 1 connections don't seem to be working, restart both
isakmpd daemons and try again. That usually eliminates any confusion
between them.
3. A report of the current running gdoid state can be gotten by sending a
SIGUSR1 signal to gdoid. E.g.,
kill -SIGUSR1 <gdoid-pid>
I. Generating and using RSA Public Keys with OpenSSL
To create an RSA keypair to use with the rekey messages, follow the following
steps.
1. Generate a keypair of at least 1024 bits.
openssl genrsa 1024 > rsakeys.pem
2. The keys are generated in PEM format, and GDOI would like them to be in
DER format, so they must be converted
openssl rsa -in rsakeys.pem -outform DER -out rsakeys.der
NOTE: The keys are not in a displayable format.
J. Acknowledgments
Thanks to the following individuals for contributing to gdoid:
Sebastien.Josset at space dot alcatel dot fr contributed code which enabled
gdoid to support AES as an IPsec transform, as well as the new OpenBSD PF_KEY
extensions.
nico_kth at hotmail dot com provided modifications to the pf_key code, which
enabled pushing of SAD and SPD table entries into a Linux 2.6 kernel. This
gave gdoid the ablity of supportng IPsec on Linux, whereas previously Linux
could only be used as a key server.
reet79 at ggs.ch provided code that caused gdoid to clean up the SAs and SPD
entries it installed before exiting. He also provided code that allows
X.509 certificates to reside on an XFS file system.
K. Known Bugs
1. Configuring IPsec tunnel mode SAs actually end up as transport mode SAs.
2. ECDSA has not been tested. Enabling #define USE_EC is sure to fail!

22
INSTALL Normal file
View file

@ -0,0 +1,22 @@
$Id: INSTALL,v 1.7.4.1 2011/12/05 20:26:53 bew Exp $
$Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/INSTALL,v $
Compiling GDOI source
---------------------
10/17/11
This package now uses a configure script for installation. Use the following
steps to make gdoid:
./configure
make
make install
The following packages are required:
Configure looks for OpenSSL in the typical places on the system, but if it
isn't found you will need to specify its location explicitely using:
--with-ssl-dir=PATH
If you need to install OpenSSL, find it at http://www.openssl.org.

60
LICENSE Normal file
View file

@ -0,0 +1,60 @@
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/

75
Makefile.am Normal file
View file

@ -0,0 +1,75 @@
# $Id: Makefile.am,v 1.3.4.2 2011/12/05 20:26:53 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
noinst_HEADERS = config.h
EXTRA_DIST = GDOI_PRIMER INSTALL LICENSE samples \
src/sysdep/openbsd/pf_key_ext.h \
src/sysdep/linux/pfkeyv2.h
SUBDIRS = src app_client
#
# Remove CVS files from the samples directory
#
dist-hook:
(cd ${distdir}/samples; rm -rf `find -name CVS`)

680
Makefile.in Normal file
View file

@ -0,0 +1,680 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# $Id: Makefile.am,v 1.3.4.2 2011/12/05 20:26:53 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = .
DIST_COMMON = $(am__configure_deps) $(noinst_HEADERS) \
$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(top_srcdir)/configure INSTALL \
config/README config/config.guess config/config.sub \
config/depcomp config/install-sh config/missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
html-recursive info-recursive install-data-recursive \
install-dvi-recursive install-exec-recursive \
install-html-recursive install-info-recursive \
install-pdf-recursive install-ps-recursive install-recursive \
installcheck-recursive installdirs-recursive pdf-recursive \
ps-recursive uninstall-recursive
HEADERS = $(noinst_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
{ test ! -d $(distdir) \
|| { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr $(distdir); }; }
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
distuninstallcheck_listfiles = find . -type f -print
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
noinst_HEADERS = config.h
EXTRA_DIST = GDOI_PRIMER INSTALL LICENSE samples \
src/sysdep/openbsd/pf_key_ext.h \
src/sysdep/linux/pfkeyv2.h
SUBDIRS = src app_client
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
.SUFFIXES:
am--refresh:
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
cd $(srcdir) && $(AUTOMAKE) --foreign \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
cd $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
config.h: stamp-h1
@if test ! -f $@; then \
rm -f stamp-h1; \
$(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
else :; fi
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status config.h
$(srcdir)/config.h.in: $(am__configure_deps)
cd $(top_srcdir) && $(AUTOHEADER)
rm -f stamp-h1
touch $@
distclean-hdr:
-rm -f config.h stamp-h1
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
# To change the values of `make' variables: instead of editing Makefiles,
# (1) if the variable is set in `config.status', edit `config.status'
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
@failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
*k*) failcom='fail=yes';; \
esac; \
done; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
@failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
*k*) failcom='fail=yes';; \
esac; \
done; \
dot_seen=no; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
rev=''; for subdir in $$list; do \
if test "$$subdir" = "."; then :; else \
rev="$$subdir $$rev"; \
fi; \
done; \
rev="$$rev ."; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
ctags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
done
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
fi
ctags: CTAGS
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
$(am__remove_distdir)
test -d $(distdir) || mkdir $(distdir)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
distdir=`$(am__cd) $(distdir) && pwd`; \
top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
(cd $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$top_distdir" \
distdir="$$distdir/$$subdir" \
am__remove_distdir=: \
am__skip_length_check=: \
distdir) \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r $(distdir)
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
dist-bzip2: distdir
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
$(am__remove_distdir)
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
dist-shar: distdir
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
zip -rq $(distdir).zip $(distdir)
$(am__remove_distdir)
dist dist-all: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
chmod -R a-w $(distdir); chmod a+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& cd $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
distuninstallcheck \
&& chmod -R a-w "$$dc_install_base" \
&& ({ \
(cd ../.. && umask 077 && mkdir "$$dc_destdir") \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
} || { rm -rf "$$dc_destdir"; exit 1; }) \
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck
$(am__remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
@cd $(distuninstallcheck_dir) \
&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
fi ; \
$(distuninstallcheck_listfiles) ; \
exit 1; } >&2
distcleancheck: distclean
@if test '$(srcdir)' = . ; then \
echo "ERROR: distcleancheck can only run from a VPATH build" ; \
exit 1 ; \
fi
@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left in build directory after distclean:" ; \
$(distcleancheck_listfiles) ; \
exit 1; } >&2
check-am: all-am
check: check-recursive
all-am: Makefile $(HEADERS) config.h
installdirs: installdirs-recursive
installdirs-am:
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic mostlyclean-am
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
info: info-recursive
info-am:
install-data-am:
install-dvi: install-dvi-recursive
install-exec-am:
install-html: install-html-recursive
install-info: install-info-recursive
install-man:
install-pdf: install-pdf-recursive
install-ps: install-ps-recursive
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am:
.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
install-strip
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
all all-am am--refresh check check-am clean clean-generic \
ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
dist-hook dist-shar dist-tarZ dist-zip distcheck distclean \
distclean-generic distclean-hdr distclean-tags distcleancheck \
distdir distuninstallcheck dvi dvi-am html html-am info \
info-am install install-am install-data install-data-am \
install-dvi install-dvi-am install-exec install-exec-am \
install-html install-html-am install-info install-info-am \
install-man install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags tags-recursive uninstall uninstall-am
#
# Remove CVS files from the samples directory
#
dist-hook:
(cd ${distdir}/samples; rm -rf `find -name CVS`)
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

874
aclocal.m4 vendored Normal file
View file

@ -0,0 +1,874 @@
# generated automatically by aclocal 1.10 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_if(m4_PACKAGE_VERSION, [2.62],,
[m4_fatal([this file was generated for autoconf 2.62.
You have another version of autoconf. If you want to use that,
you should regenerate the build system entirely.], [63])])
# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_AUTOMAKE_VERSION(VERSION)
# ----------------------------
# Automake X.Y traces this macro to ensure aclocal.m4 has been
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.10'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.10], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
# _AM_AUTOCONF_VERSION(VERSION)
# -----------------------------
# aclocal traces this macro to find the Autoconf version.
# This is a private macro too. Using m4_define simplifies
# the logic in aclocal, which can simply ignore this definition.
m4_define([_AM_AUTOCONF_VERSION], [])
# AM_SET_CURRENT_AUTOMAKE_VERSION
# -------------------------------
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.10])dnl
_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
#
# Of course, Automake must honor this variable whenever it calls a
# tool from the auxiliary directory. The problem is that $srcdir (and
# therefore $ac_aux_dir as well) can be either absolute or relative,
# depending on how configure is run. This is pretty annoying, since
# it makes $ac_aux_dir quite unusable in subdirectories: in the top
# source directory, any form will work fine, but in subdirectories a
# relative path needs to be adjusted first.
#
# $ac_aux_dir/missing
# fails when called from a subdirectory if $ac_aux_dir is relative
# $top_srcdir/$ac_aux_dir/missing
# fails if $ac_aux_dir is absolute,
# fails when called from a subdirectory in a VPATH build with
# a relative $ac_aux_dir
#
# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
# are both prefixed by $srcdir. In an in-source build this is usually
# harmless because $srcdir is `.', but things will broke when you
# start a VPATH build or use an absolute $srcdir.
#
# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
# and then we would define $MISSING as
# MISSING="\${SHELL} $am_aux_dir/missing"
# This will work as long as MISSING is not called from configure, because
# unfortunately $(top_srcdir) has no meaning in configure.
# However there are other variables, like CC, which are often used in
# configure, and could therefore not use this "fixed" $ac_aux_dir.
#
# Another solution, used here, is to always expand $ac_aux_dir to an
# absolute PATH. The drawback is that using absolute paths prevent a
# configured tree to be moved without reconfiguration.
AC_DEFUN([AM_AUX_DIR_EXPAND],
[dnl Rely on autoconf to set up CDPATH properly.
AC_PREREQ([2.50])dnl
# expand $ac_aux_dir to an absolute path
am_aux_dir=`cd $ac_aux_dir && pwd`
])
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 8
# AM_CONDITIONAL(NAME, SHELL-CONDITION)
# -------------------------------------
# Define a conditional.
AC_DEFUN([AM_CONDITIONAL],
[AC_PREREQ(2.52)dnl
ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
AC_SUBST([$1_TRUE])dnl
AC_SUBST([$1_FALSE])dnl
_AM_SUBST_NOTMAKE([$1_TRUE])dnl
_AM_SUBST_NOTMAKE([$1_FALSE])dnl
if $2; then
$1_TRUE=
$1_FALSE='#'
else
$1_TRUE='#'
$1_FALSE=
fi
AC_CONFIG_COMMANDS_PRE(
[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
AC_MSG_ERROR([[conditional "$1" was never defined.
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 9
# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
# written in clear, in which case automake, when reading aclocal.m4,
# will think it sees a *use*, and therefore will trigger all it's
# C support machinery. Also note that it means that autoscan, seeing
# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
# _AM_DEPENDENCIES(NAME)
# ----------------------
# See how the compiler implements dependency checking.
# NAME is "CC", "CXX", "GCJ", or "OBJC".
# We try a few techniques and use that to set a single cache variable.
#
# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
# dependency, and given that the user is not expected to run this macro,
# just rely on AC_PROG_CC.
AC_DEFUN([_AM_DEPENDENCIES],
[AC_REQUIRE([AM_SET_DEPDIR])dnl
AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
AC_REQUIRE([AM_MAKE_INCLUDE])dnl
AC_REQUIRE([AM_DEP_TRACK])dnl
ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
[$1], CXX, [depcc="$CXX" am_compiler_list=],
[$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
[$1], UPC, [depcc="$UPC" am_compiler_list=],
[$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
[depcc="$$1" am_compiler_list=])
AC_CACHE_CHECK([dependency style of $depcc],
[am_cv_$1_dependencies_compiler_type],
[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
# We make a subdir and do the tests there. Otherwise we can end up
# making bogus files that we don't know about and never remove. For
# instance it was reported that on HP-UX the gcc test will end up
# making a dummy file named `D' -- because `-MD' means `put the output
# in D'.
mkdir conftest.dir
# Copy depcomp to subdir because otherwise we won't find it if we're
# using a relative directory.
cp "$am_depcomp" conftest.dir
cd conftest.dir
# We will build objects and dependencies in a subdirectory because
# it helps to detect inapplicable dependency modes. For instance
# both Tru64's cc and ICC support -MD to output dependencies as a
# side effect of compilation, but ICC will put the dependencies in
# the current directory while Tru64 will put them in the object
# directory.
mkdir sub
am_cv_$1_dependencies_compiler_type=none
if test "$am_compiler_list" = ""; then
am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
fi
for depmode in $am_compiler_list; do
# Setup a source with many dependencies, because some compilers
# like to wrap large dependency lists on column 80 (with \), and
# we should not choose a depcomp mode which is confused by this.
#
# We need to recreate these files for each test, as the compiler may
# overwrite some of them when testing with obscure command lines.
# This happens at least with the AIX C compiler.
: > sub/conftest.c
for i in 1 2 3 4 5 6; do
echo '#include "conftst'$i'.h"' >> sub/conftest.c
# Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
# Solaris 8's {/usr,}/bin/sh.
touch sub/conftst$i.h
done
echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
case $depmode in
nosideeffect)
# after this tag, mechanisms are not by side-effect, so they'll
# only be used when explicitly requested
if test "x$enable_dependency_tracking" = xyes; then
continue
else
break
fi
;;
none) break ;;
esac
# We check with `-c' and `-o' for the sake of the "dashmstdout"
# mode. It turns out that the SunPro C++ compiler does not properly
# handle `-M -o', and we need to detect this.
if depmode=$depmode \
source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
$SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
>/dev/null 2>conftest.err &&
grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
${MAKE-make} -s -f confmf > /dev/null 2>&1; then
# icc doesn't choke on unknown options, it will just issue warnings
# or remarks (even with -Werror). So we grep stderr for any message
# that says an option was ignored or not supported.
# When given -MP, icc 7.0 and 7.1 complain thusly:
# icc: Command line warning: ignoring option '-M'; no argument required
# The diagnosis changed in icc 8.0:
# icc: Command line remark: option '-MP' not supported
if (grep 'ignoring option' conftest.err ||
grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
am_cv_$1_dependencies_compiler_type=$depmode
break
fi
fi
done
cd ..
rm -rf conftest.dir
else
am_cv_$1_dependencies_compiler_type=none
fi
])
AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
AM_CONDITIONAL([am__fastdep$1], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_$1_dependencies_compiler_type" = gcc3])
])
# AM_SET_DEPDIR
# -------------
# Choose a directory name for dependency files.
# This macro is AC_REQUIREd in _AM_DEPENDENCIES
AC_DEFUN([AM_SET_DEPDIR],
[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
])
# AM_DEP_TRACK
# ------------
AC_DEFUN([AM_DEP_TRACK],
[AC_ARG_ENABLE(dependency-tracking,
[ --disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors])
if test "x$enable_dependency_tracking" != xno; then
am_depcomp="$ac_aux_dir/depcomp"
AMDEPBACKSLASH='\'
fi
AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
AC_SUBST([AMDEPBACKSLASH])dnl
_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
])
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
#serial 3
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
[for mf in $CONFIG_FILES; do
# Strip MF so we end up with the name of the file.
mf=`echo "$mf" | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile or not.
# We used to match only the files named `Makefile.in', but
# some people rename them; so instead we look at the file content.
# Grep'ing the first line is not enough: some people post-process
# each Makefile.in and add a new line on top of each file to say so.
# Grep'ing the whole file is not good either: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then
dirpart=`AS_DIRNAME("$mf")`
else
continue
fi
# Extract the definition of DEPDIR, am__include, and am__quote
# from the Makefile without running `make'.
DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
test -z "$DEPDIR" && continue
am__include=`sed -n 's/^am__include = //p' < "$mf"`
test -z "am__include" && continue
am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
# When using ansi2knr, U may be empty or an underscore; expand it
U=`sed -n 's/^U = //p' < "$mf"`
# Find all dependency output files, they are included files with
# $(DEPDIR) in their names. We invoke sed twice because it is the
# simplest approach to changing $(DEPDIR) to its actual value in the
# expansion.
for file in `sed -n "
s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
# Make sure the directory exists.
test -f "$dirpart/$file" && continue
fdir=`AS_DIRNAME(["$file"])`
AS_MKDIR_P([$dirpart/$fdir])
# echo "creating $dirpart/$file"
echo '# dummy' > "$dirpart/$file"
done
done
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
# AM_OUTPUT_DEPENDENCY_COMMANDS
# -----------------------------
# This macro should only be invoked once -- use via AC_REQUIRE.
#
# This code is only required when automatic dependency tracking
# is enabled. FIXME. This creates each `.P' file that we will
# need in order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
])
# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 8
# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS.
AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 12
# This macro actually does too much. Some checks are only needed if
# your package does certain things. But this isn't really a big deal.
# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
# AM_INIT_AUTOMAKE([OPTIONS])
# -----------------------------------------------
# The call with PACKAGE and VERSION arguments is the old style
# call (pre autoconf-2.50), which is being phased out. PACKAGE
# and VERSION should now be passed to AC_INIT and removed from
# the call to AM_INIT_AUTOMAKE.
# We support both call styles for the transition. After
# the next Automake release, Autoconf can make the AC_INIT
# arguments mandatory, and then we can depend on a new Autoconf
# release and drop the old call support.
AC_DEFUN([AM_INIT_AUTOMAKE],
[AC_PREREQ([2.60])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
AC_REQUIRE([AC_PROG_INSTALL])dnl
if test "`cd $srcdir && pwd`" != "`pwd`"; then
# Use -I$(srcdir) only when $(srcdir) != ., so that make's output
# is not polluted with repeated "-I."
AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
# test to see if srcdir already configured
if test -f $srcdir/config.status; then
AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
fi
fi
# test whether we have cygpath
if test -z "$CYGPATH_W"; then
if (cygpath --version) >/dev/null 2>/dev/null; then
CYGPATH_W='cygpath -w'
else
CYGPATH_W=echo
fi
fi
AC_SUBST([CYGPATH_W])
# Define the identity of the package.
dnl Distinguish between old-style and new-style calls.
m4_ifval([$2],
[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
AC_SUBST([PACKAGE], [$1])dnl
AC_SUBST([VERSION], [$2])],
[_AM_SET_OPTIONS([$1])dnl
dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
[m4_fatal([AC_INIT should be called with package and version arguments])])dnl
AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
_AM_IF_OPTION([no-define],,
[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
# Some tools Automake needs.
AC_REQUIRE([AM_SANITY_CHECK])dnl
AC_REQUIRE([AC_ARG_PROGRAM])dnl
AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
AM_MISSING_PROG(AUTOCONF, autoconf)
AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
AM_MISSING_PROG(AUTOHEADER, autoheader)
AM_MISSING_PROG(MAKEINFO, makeinfo)
AM_PROG_INSTALL_SH
AM_PROG_INSTALL_STRIP
AC_REQUIRE([AM_PROG_MKDIR_P])dnl
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
[_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
[_AM_PROG_TAR([v7])])])
_AM_IF_OPTION([no-dependencies],,
[AC_PROVIDE_IFELSE([AC_PROG_CC],
[_AM_DEPENDENCIES(CC)],
[define([AC_PROG_CC],
defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
AC_PROVIDE_IFELSE([AC_PROG_CXX],
[_AM_DEPENDENCIES(CXX)],
[define([AC_PROG_CXX],
defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
AC_PROVIDE_IFELSE([AC_PROG_OBJC],
[_AM_DEPENDENCIES(OBJC)],
[define([AC_PROG_OBJC],
defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
])
])
# When config.status generates a header, we must update the stamp-h file.
# This file resides in the same directory as the config header
# that is generated. The stamp files are numbered to have different names.
# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
# loop where config.status creates the headers, so we can generate
# our stamp files there.
AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
[# Compute $1's index in $config_headers.
_am_stamp_count=1
for _am_header in $config_headers :; do
case $_am_header in
$1 | $1:* )
break ;;
* )
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
esac
done
echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_PROG_INSTALL_SH
# ------------------
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
AC_SUBST(install_sh)])
# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 2
# Check whether the underlying file-system supports filenames
# with a leading dot. For instance MS-DOS doesn't.
AC_DEFUN([AM_SET_LEADING_DOT],
[rm -rf .tst 2>/dev/null
mkdir .tst 2>/dev/null
if test -d .tst; then
am__leading_dot=.
else
am__leading_dot=_
fi
rmdir .tst 2>/dev/null
AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 3
# AM_MAKE_INCLUDE()
# -----------------
# Check to see how make treats includes.
AC_DEFUN([AM_MAKE_INCLUDE],
[am_make=${MAKE-make}
cat > confinc << 'END'
am__doit:
@echo done
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
# We grep out `Entering directory' and `Leaving directory'
# messages which can occur if `w' ends up in MAKEFLAGS.
# In particular we don't look at `^make:' because GNU make might
# be invoked under some other name (usually "gmake"), in which
# case it prints its new name instead of `make'.
if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
am__include=include
am__quote=
_am_result=GNU
fi
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
am__include=.include
am__quote="\""
_am_result=BSD
fi
fi
AC_SUBST([am__include])
AC_SUBST([am__quote])
AC_MSG_RESULT([$_am_result])
rm -f confinc confmf
])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 5
# AM_MISSING_PROG(NAME, PROGRAM)
# ------------------------------
AC_DEFUN([AM_MISSING_PROG],
[AC_REQUIRE([AM_MISSING_HAS_RUN])
$1=${$1-"${am_missing_run}$2"}
AC_SUBST($1)])
# AM_MISSING_HAS_RUN
# ------------------
# Define MISSING if not defined so far and test if it supports --run.
# If it does, set am_missing_run to use it, otherwise, to nothing.
AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
# Use eval to expand $SHELL
if eval "$MISSING --run true"; then
am_missing_run="$MISSING --run "
else
am_missing_run=
AC_MSG_WARN([`missing' script is too old or missing])
fi
])
# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_PROG_MKDIR_P
# ---------------
# Check for `mkdir -p'.
AC_DEFUN([AM_PROG_MKDIR_P],
[AC_PREREQ([2.60])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
dnl while keeping a definition of mkdir_p for backward compatibility.
dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
dnl Makefile.ins that do not define MKDIR_P, so we do our own
dnl adjustment using top_builddir (which is defined more often than
dnl MKDIR_P).
AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
case $mkdir_p in
[[\\/$]]* | ?:[[\\/]]*) ;;
*/*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
esac
])
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 3
# _AM_MANGLE_OPTION(NAME)
# -----------------------
AC_DEFUN([_AM_MANGLE_OPTION],
[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
# _AM_SET_OPTION(NAME)
# ------------------------------
# Set option NAME. Presently that only means defining a flag for this option.
AC_DEFUN([_AM_SET_OPTION],
[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
# _AM_SET_OPTIONS(OPTIONS)
# ----------------------------------
# OPTIONS is a space-separated list of Automake options.
AC_DEFUN([_AM_SET_OPTIONS],
[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
# -------------------------------------------
# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
# Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 4
# AM_SANITY_CHECK
# ---------------
AC_DEFUN([AM_SANITY_CHECK],
[AC_MSG_CHECKING([whether build environment is sane])
# Just in case
sleep 1
echo timestamp > conftest.file
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
if test "$[*]" = "X"; then
# -L didn't work.
set X `ls -t $srcdir/configure conftest.file`
fi
rm -f conftest.file
if test "$[*]" != "X $srcdir/configure conftest.file" \
&& test "$[*]" != "X conftest.file $srcdir/configure"; then
# If neither matched, then we have a broken ls. This can happen
# if, for instance, CONFIG_SHELL is bash and it inherits a
# broken ls alias from the environment. This has actually
# happened. Such a system could not be considered "sane".
AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
alias in your environment])
fi
test "$[2]" = conftest.file
)
then
# Ok.
:
else
AC_MSG_ERROR([newly created file is older than distributed files!
Check your system clock])
fi
AC_MSG_RESULT(yes)])
# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_PROG_INSTALL_STRIP
# ---------------------
# One issue with vendor `install' (even GNU) is that you can't
# specify the program used to strip binaries. This is especially
# annoying in cross-compiling environments, where the build's strip
# is unlikely to handle the host's binaries.
# Fortunately install-sh will honor a STRIPPROG variable, so we
# always use install-sh in `make install-strip', and initialize
# STRIPPROG with the value of the STRIP variable (set by the user).
AC_DEFUN([AM_PROG_INSTALL_STRIP],
[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
# Installed binaries are usually stripped using `strip' when the user
# run `make install-strip'. However `strip' might not be the right
# tool to use in cross-compilation environments, therefore Automake
# will honor the `STRIP' environment variable to overrule this program.
dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
if test "$cross_compiling" != no; then
AC_CHECK_TOOL([STRIP], [strip], :)
fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# _AM_SUBST_NOTMAKE(VARIABLE)
# ---------------------------
# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
# This macro is traced by Automake.
AC_DEFUN([_AM_SUBST_NOTMAKE])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# serial 2
# _AM_PROG_TAR(FORMAT)
# --------------------
# Check how to create a tarball in format FORMAT.
# FORMAT should be one of `v7', `ustar', or `pax'.
#
# Substitute a variable $(am__tar) that is a command
# writing to stdout a FORMAT-tarball containing the directory
# $tardir.
# tardir=directory && $(am__tar) > result.tar
#
# Substitute a variable $(am__untar) that extract such
# a tarball read from stdin.
# $(am__untar) < result.tar
AC_DEFUN([_AM_PROG_TAR],
[# Always define AMTAR for backward compatibility.
AM_MISSING_PROG([AMTAR], [tar])
m4_if([$1], [v7],
[am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
[m4_case([$1], [ustar],, [pax],,
[m4_fatal([Unknown tar format])])
AC_MSG_CHECKING([how to create a $1 tar archive])
# Loop over all known methods to create a tar archive until one works.
_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
_am_tools=${am_cv_prog_tar_$1-$_am_tools}
# Do not fold the above two line into one, because Tru64 sh and
# Solaris sh will not grok spaces in the rhs of `-'.
for _am_tool in $_am_tools
do
case $_am_tool in
gnutar)
for _am_tar in tar gnutar gtar;
do
AM_RUN_LOG([$_am_tar --version]) && break
done
am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
am__untar="$_am_tar -xf -"
;;
plaintar)
# Must skip GNU tar: if it does not support --format= it doesn't create
# ustar tarball either.
(tar --version) >/dev/null 2>&1 && continue
am__tar='tar chf - "$$tardir"'
am__tar_='tar chf - "$tardir"'
am__untar='tar xf -'
;;
pax)
am__tar='pax -L -x $1 -w "$$tardir"'
am__tar_='pax -L -x $1 -w "$tardir"'
am__untar='pax -r'
;;
cpio)
am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
am__untar='cpio -i -H $1 -d'
;;
none)
am__tar=false
am__tar_=false
am__untar=false
;;
esac
# If the value was cached, stop now. We just wanted to have am__tar
# and am__untar set.
test -n "${am_cv_prog_tar_$1}" && break
# tar/untar a dummy directory, and stop if the command works
rm -rf conftest.dir
mkdir conftest.dir
echo GrepMe > conftest.dir/file
AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
rm -rf conftest.dir
if test -s conftest.tar; then
AM_RUN_LOG([$am__untar <conftest.tar])
grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
fi
done
rm -rf conftest.dir
AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
AC_MSG_RESULT([$am_cv_prog_tar_$1])])
AC_SUBST([am__tar])
AC_SUBST([am__untar])
]) # _AM_PROG_TAR

71
app_client/Makefile.am Normal file
View file

@ -0,0 +1,71 @@
# $Id: Makefile.am,v 1.1.2.1 2011/12/05 20:31:06 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/app_client/Attic/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2002 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
#
# Makefile.am for gdoid.
#
bin_PROGRAMS = app_stub
app_stub_SOURCES = app_stub.c

484
app_client/Makefile.in Normal file
View file

@ -0,0 +1,484 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# $Id: Makefile.am,v 1.1.2.1 2011/12/05 20:31:06 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/app_client/Attic/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2002 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
#
# Makefile.am for gdoid.
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = app_stub$(EXEEXT)
subdir = app_client
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(bindir)"
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am_app_stub_OBJECTS = app_stub.$(OBJEXT)
app_stub_OBJECTS = $(am_app_stub_OBJECTS)
app_stub_LDADD = $(LDADD)
DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
am__depfiles_maybe = depfiles
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = $(app_stub_SOURCES)
DIST_SOURCES = $(app_stub_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
app_stub_SOURCES = app_stub.c
all: all-am
.SUFFIXES:
.SUFFIXES: .c .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign app_client/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign app_client/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_PROGRAMS)'; for p in $$list; do \
p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
if test -f $$p \
; then \
f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
$(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
rm -f "$(DESTDIR)$(bindir)/$$f"; \
done
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
app_stub$(EXEEXT): $(app_stub_OBJECTS) $(app_stub_DEPENDENCIES)
@rm -f app_stub$(EXEEXT)
$(LINK) $(app_stub_OBJECTS) $(app_stub_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app_stub.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS)
installdirs:
for dir in "$(DESTDIR)$(bindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-exec-am: install-binPROGRAMS
install-html: install-html-am
install-info: install-info-am
install-man:
install-pdf: install-pdf-am
install-ps: install-ps-am
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-binPROGRAMS
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
clean-generic ctags distclean distclean-compile \
distclean-generic distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-binPROGRAMS \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
uninstall-am uninstall-binPROGRAMS
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

879
app_client/app_stub.c Normal file
View file

@ -0,0 +1,879 @@
/* $Id: app_stub.c,v 1.1.2.2 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/app_client/Attic/app_stub.c,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* app_stub -- This program demonstrates how an application
* contacts a GDOI client daemon for keys and policy.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <sys/un.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <signal.h>
#include "../src/gdoi_app_num.h"
#ifdef IEC90_5_SUPPORT
#include "../src/gdoi_app_iec90_5_attr.h"
#endif
#ifdef SRTP_SUPPORT
#include "../src/gdoi_srtp_attr.h"
#endif
#define APPS_CLIENT_PIPE "/tmp/apps_to_gdoi"
#define GDOI_CLIENT_PIPE "/tmp/gdoi_to_app"
#define MAX_MSG_SIZE 500 /* Guess */
#define MAX_PRINT_BUF_LEN 80
#define ATTR_HDR_SZ 4
#define GET_RETRY_VALUE 30
#define NORMAL_POLL_VALUE 15
#define GET_NEW_KEYS_BEFORE_EXPIRATION_PERIOD 5
/*
* Supported applications
* List must match the list in ../src/gdoi_app_num.cst.
*/
#ifdef SRTP_SUPPORT
#define APP_SRTP "srtp"
#endif
#define APP_IEC90_5 "iec90-5"
unsigned int apptype;
/*
* HEADER TYPE
*/
struct cmd_header {
short version;
short command;
#define COMMAND_ADD 3
#define COMMAND_GET 5
u_int32_t app_proto;
int peer_errno;
int sequence;
int pid;
};
int retry_secs;
int poll_for_pushed_policy_secs;
int current_state;
unsigned int key_expiration_time;
#define INVALID_VALUE 0x0fffffff
typedef enum states_ {
ERROR,
NO_KEYS,
HAVE_KEYS,
ASKING_FOR_MORE_KEYS
} states;
#define GDOI_CLIENT_ATTR_GROUP_ID 101
#define GDOI_CLIENT_ATTR_RETURN_PIPE 102
#define GDOI_CLIENT_ATTR_GROUP_ADDRESS 103
/*
* The following
*/
#ifdef SRTP_SUPPORT
#define GDOI_PROTO_SRTP 100
#endif
#ifdef IEC90_5_SUPPORT
#define GDOI_PROTO_IEC90_5 101
#endif
/*
* STRUCTURES
*
* Generic Header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Errno |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
int group;
int s_to_gdoi;
void shutmedown (int sig)
{
printf("error: shutting down due to signal %d\n", sig);
close(s_to_gdoi);
exit(1);
}
void err (char *tag)
{
printf("error: %s", tag);
if (errno) {
printf(", errno=%s", strerror(errno));
}
printf("\n");
exit(1);
}
u_int8_t *grow_buf (u_int8_t *old_buf, int *old_buf_sz, u_int8_t *build_buf,
int build_buf_sz)
{
u_int8_t *new_buf;
int new_buf_sz = *old_buf_sz + build_buf_sz;
new_buf = realloc(old_buf, new_buf_sz);
if (!new_buf)
{
err("realloc failed");
}
memcpy((new_buf+*old_buf_sz), build_buf, build_buf_sz);
*old_buf_sz = new_buf_sz;
return new_buf;
}
void
encode_16 (u_int8_t *cp, short x)
{
*cp++ = x >> 8;
*cp = x & 0xff;
}
u_int16_t
decode_16 (u_int8_t *cp)
{
return cp[0] << 8 | cp[1];
}
u_int32_t
decode_32 (u_int8_t *cp)
{
return cp[0] << 24 | cp[1] << 16 | cp[2] << 8 | cp[3];
}
u_int8_t *
attribute_add_var (u_int8_t *buf, int *buf_sz, short type, char *value, short len)
{
u_int8_t *new_buf, *ptr;
int new_buf_sz;
/*
* Calculate size of new buffer needed
*/
new_buf_sz = *buf_sz + len + ATTR_HDR_SZ;
new_buf = realloc(buf, new_buf_sz);
if (!new_buf)
{
err("realloc failed");
}
ptr = new_buf + *buf_sz;
encode_16(ptr, type);
ptr += 2;
encode_16(ptr, len);
ptr += 2;
memcpy(ptr, value, len);
*buf_sz = new_buf_sz;
return new_buf;
}
int
print_generic_attributes (u_int8_t *buf, size_t sz, int *lifetime)
{
u_int8_t *attr;
int fmt;
u_int16_t type;
u_int8_t *value;
u_int16_t len;
int i;
u_int8_t display_buf[MAX_PRINT_BUF_LEN];
printf("Generic Attributes:\n");
for (attr = buf; attr < buf + sz; attr = value + len)
{
if (attr + 4 > buf + sz)
return -1;
type = decode_16(attr) & 0x7fff;
fmt = *attr >> 7;
value = attr + (fmt ? 2 : 4);
len = (fmt ? 2 : decode_16(attr+2));
printf(" Format: %d, Type: %03d, Length: %02d Value: ", fmt, type, len);
if (value + len > buf + sz)
return -1;
switch (type) {
case GDOI_CLIENT_ATTR_GROUP_ID:
printf("Group ID %d (%#x)\n",
ntohl(decode_32(value)), ntohl(decode_32(value)));
break;
case GDOI_CLIENT_ATTR_RETURN_PIPE:
if (len >= MAX_PRINT_BUF_LEN) {
len = MAX_PRINT_BUF_LEN - 1;
}
memcpy(display_buf, value, len);
display_buf[len] = 0;
printf("Return Pipe %s\n", display_buf);
break;
case GDOI_CLIENT_ATTR_GROUP_ADDRESS:
if (4 == len) {
printf("Address: %x\n", decode_32(value));
} else {
printf("Address lenggh %d not supported\n", len);
}
break;
default:
printf("Unknown Attribute: %d\n", type);
break;
}
}
printf("\n");
return 0;
}
#ifdef IEC90_5_SUPPORT
static void
print_attribute_hex (u_int8_t *value, u_int16_t len)
{
int i;
for (i=0; i<len; i++)
{
printf("%x", value[i]);
}
printf("\n");
}
int
print_iec90_5_attributes (u_int8_t *buf, size_t sz, unsigned int *lifetime)
{
u_int8_t *attr;
int fmt;
u_int16_t type;
u_int8_t *value;
u_int16_t len;
u_int8_t display_buf[MAX_PRINT_BUF_LEN];
printf("Attributes:\n");
for (attr = buf; attr < buf + sz; attr = value + len)
{
if (attr + 4 > buf + sz)
return -1;
type = decode_16(attr) & 0x7fff;
fmt = *attr >> 7;
value = attr + (fmt ? 2 : 4);
len = (fmt ? 2 : decode_16(attr+2));
printf(" Format: %d, Type: %03d, Length: %02d Value: ", fmt, type, len);
if (value + len > buf + sz)
return -1;
switch (type) {
case IEC90_5_OID:
printf("OID:\n\t");
print_attribute_hex(value, len);
break;
case IEC90_5_LIFETIME_SECS:
printf("Lifetime of IEC90-5 keys: %d\n", htonl(decode_32(value)));
/*
* Return the lifetime if requested.
*/
if (lifetime) {
*lifetime = 2<<htonl(decode_32(value));
}
break;
case IEC90_5_KEYID:
printf("Key ID: %d\n", decode_16(value));
break;
case IEC90_5_AUTH_ALG:
printf("Authentication Algorighm: %d\n", decode_16(value));
break;
case IEC90_5_AUTH_KEY_SIZE:
printf("Authentication Key Size: %d\n", decode_16(value));
break;
case IEC90_5_AUTH_KEY:
printf("Authentication Key:\n\t");
print_attribute_hex(value, len);
break;
default:
printf("Unknown Attribute: %d\n", type);
break;
}
}
printf("\n");
return 0;
}
#endif
#ifdef SRTP_SUPPORT
int
print_srtp_attributes (u_int8_t *buf, size_t sz, int *lifetime)
{
u_int8_t *attr;
int fmt;
u_int16_t type;
u_int8_t *value;
u_int16_t len;
int i;
u_int8_t display_buf[MAX_PRINT_BUF_LEN];
printf("Attributes:\n");
for (attr = buf; attr < buf + sz; attr = value + len)
{
if (attr + 4 > buf + sz)
return -1;
type = decode_16(attr) & 0x7fff;
fmt = *attr >> 7;
value = attr + (fmt ? 2 : 4);
len = (fmt ? 2 : decode_16(attr+2));
printf(" Format: %d, Type: %03d, Length: %02d Value: ", fmt, type, len);
if (value + len > buf + sz)
return -1;
switch (type) {
case SRTP_SOURCE_ID:
printf("Source Address");
break;
case SRTP_DEST_ID:
printf("Destination Address");
break;
case SRTP_MASTER_KEY:
printf("Master Key:\n\t");
for (i=0; i<len; i++)
{
printf("%x", value[i]);
}
printf("\n");
break;
case SRTP_MASTER_SALT_KEY:
printf("Master Salt Key:\n\t");
for (i=0; i<len; i++)
{
printf("%x", value[i]);
}
printf("\n");
break;
case SRTP_REPLAY_WINDOW:
printf("Replay window size: %d\n", decode_16(value));
break;
case SRTP_KD_RATE:
printf("KD Rate: %d\n", decode_16(value));
break;
case SRTP_LIFETIME:
printf("Lifetime of SRTP keys: %d (%d packets)\n",
decode_16(value), 2<<decode_16(value));
/*
* Return the lifetime if requested.
*/
if (lifetime) {
*lifetime = 2<<decode_16(value);
}
break;
case SRTP_SRTCP_LIFETIME:
printf("Lifetime of SRTCP keys: %d (%d packets)\n",
decode_16(value), 2<<decode_16(value));
break;
default:
printf("Unknown Attribute: %d\n", type);
break;
}
}
printf("\n");
return 0;
}
#endif
void
print_hdr (struct cmd_header *hdr)
{
printf(" Version: %d\n", hdr->version);
printf(" Command: %d\n", hdr->command);
printf(" App Proto:%d\n", hdr->app_proto);
printf(" Errno: %d\n", hdr->peer_errno);
printf(" Sequence: %d\n", hdr->sequence);
printf(" Pid: %d\n", hdr->pid);
printf("\n");
}
u_int8_t *create_initial_GET_packet (int *len)
{
u_int8_t *buf, *start_attr;
struct cmd_header *hdr;
int buf_sz;
/*
* Create header. It's a fixed size.
*
* NOTE: A real application would want to save the header for comparison to
* IPC replies from the GDOI GM.
*/
hdr = calloc(1, sizeof(struct cmd_header));
if (!hdr)
{
err("calloc failure");
}
hdr->version = 1;
hdr->command = COMMAND_GET;
hdr->app_proto = apptype;
srand(time(NULL));
hdr->sequence = rand();
hdr->pid = (int) getpid();
printf("Sending packet:\n");
print_hdr(hdr);
buf = (u_int8_t *) hdr;
buf_sz = sizeof(struct cmd_header);
/*
* Add attributes
*/
start_attr = buf + buf_sz;
buf = attribute_add_var(buf, &buf_sz,
GDOI_CLIENT_ATTR_GROUP_ID,
(char *)&group, 4);
buf = attribute_add_var(buf, &buf_sz,
GDOI_CLIENT_ATTR_RETURN_PIPE, GDOI_CLIENT_PIPE,
strlen(GDOI_CLIENT_PIPE));
print_generic_attributes(buf + sizeof(struct cmd_header),
buf_sz - sizeof(struct cmd_header), NULL);
printf("\n");
*len = buf_sz;
return buf;
}
void
analyze_returned_ADD_packet (u_int8_t *buf, int len, unsigned int *lifetime)
{
struct cmd_header *hdr;
hdr = (struct cmd_header *) buf;
printf("Returned Packet:\n");
print_hdr(hdr);
switch (hdr->app_proto) {
#ifdef IEC90_5_SUPPORT
case GDOI_PROTO_IEC90_5:
print_iec90_5_attributes(buf + sizeof(struct cmd_header),
len - sizeof(struct cmd_header),
lifetime);
break;
#endif
#ifdef SRTP_SUPPORT
case GDOI_PROTO_SRTP:
print_srtp_attributes(buf + sizeof(struct cmd_header),
len - sizeof(struct cmd_header),
lifetime);
break;
#endif
default:
printf("Unsupported protocol %d\n", hdr->app_proto);
break;
}
}
int
connect_to_gdoi (void)
{
int s, ret;
struct sockaddr_un pipe;
s = socket (AF_LOCAL, SOCK_STREAM, 0);
if (s < 0)
{
err("socket open failed");
return -1;
}
bzero(&pipe, sizeof(struct sockaddr_un));
pipe.sun_family = AF_LOCAL;
strncpy(pipe.sun_path, APPS_CLIENT_PIPE, sizeof(pipe.sun_path)-1);
ret = connect(s, (struct sockaddr *)&pipe, sizeof(pipe));
if (ret < 0)
{
err("connect failed");
return -1;
}
return s;
}
int
create_return_sock (void)
{
int s, ret;
struct sockaddr_un pipe;
s = socket (AF_LOCAL, SOCK_STREAM, 0);
if (s < 0)
{
err("socket open failed");
return;
}
unlink(GDOI_CLIENT_PIPE);
bzero(&pipe, sizeof(struct sockaddr_un));
pipe.sun_family = AF_LOCAL;
strncpy(pipe.sun_path, GDOI_CLIENT_PIPE, sizeof(pipe.sun_path)-1);
ret = bind(s, (struct sockaddr *)&pipe, sizeof(pipe));
if (ret < 0)
{
err("bind failed");
return;
}
ret = listen(s, 1024);
if (ret < 0)
{
err("listen failed");
return;
}
return s;
}
/*
* Send a request for keys.
*/
void
ask_for_keys (int s)
{
int ret;
u_int8_t *data_out;
int data_out_len;
struct msghdr msg;
struct iovec iov[1];
data_out = create_initial_GET_packet(&data_out_len);
msg.msg_name = NULL;
msg.msg_namelen = 0;
iov[0].iov_base = data_out;
iov[0].iov_len = data_out_len;
msg.msg_control = 0;
msg.msg_controllen = 0;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
ret = sendmsg(s, &msg, 0);
if (ret < 0) {
err("sendmsg failed");
return;
}
/*
* Set the retry timer.
*/
retry_secs = GET_RETRY_VALUE;
/*
* Cleanup
*/
free(data_out);
data_out_len = 0;
}
void
handle_ADD_packet (u_int8_t *data_in, int num_bytes)
{
unsigned int lifetime;
if (num_bytes) {
analyze_returned_ADD_packet(data_in, num_bytes, &lifetime);
/*
* Now that we have keys, reset the timer to reflect the lifetime of
* the keys.
*
* It may be that we get an un-requested update before
* that time.
*/
current_state = HAVE_KEYS;
if (lifetime) {
key_expiration_time = time(NULL) + lifetime;
/*
* Don't need to retry anymore
*/
retry_secs = INVALID_VALUE;
} else {
printf("WARNING: No lifetime given by GDOI. Re-trying.\n");
}
} else {
printf("\nGDOI closed the connection\n");
exit(0);
}
}
/*
* Decide how long to sleep based on the the current state.
*/
int
until_next_event (void)
{
int sleep_time;
if (retry_secs < poll_for_pushed_policy_secs) {
sleep_time = retry_secs;
} else {
sleep_time = poll_for_pushed_policy_secs;
}
printf("Sleeping for %d seconds.\n", sleep_time);
return sleep_time;
}
main (argc, argv)
int argc;
char **argv;
{
int s_from_gdoi, c;
int ret;
u_int8_t data_in[1024];
int data_in_len;
int cc;
char *usage="[ -a <appname> ] -g <group_number>";
char *appname;
struct sockaddr_un from;
int from_len;
int flags;
/*
* Option processing
*/
while (1) {
cc = getopt(argc, argv, "a:g:");
if (cc == -1) {
break;
}
switch (cc) {
case 'a':
appname = optarg;
apptype = 0;
#ifdef IEC90_5_SUPPORT
if (!strncmp(APP_IEC90_5, appname, strlen(APP_IEC90_5)))
apptype = GDOI_PROTO_IEC90_5;
#endif
#ifdef SRTP_SUPPORT
if (!strncmp(APP_SRTP, appname, strlen(APP_SRTP)))
apptype = GDOI_PROTO_SRTP;
#endif
if (!apptype) {
printf("Unknown GDOI app %s\n", appname);
}
break;
case 'g':
group = atoi(optarg);
break;
default:
printf("Unknown option %c\n", cc);
printf("Usage: %s %s\n", argv[0], usage);
exit(1);
}
}
if (!group || !apptype) {
printf("Usage: %s %s\n", argv[0], usage);
exit(1);
}
current_state = NO_KEYS;
s_to_gdoi = connect_to_gdoi();
if (s_to_gdoi < 0) {
return;
}
signal(SIGTERM, shutmedown);
signal(SIGHUP, shutmedown);
s_from_gdoi = create_return_sock();
/*
* Make the first request for keys.
*/
ask_for_keys(s_to_gdoi);
/*
* Setup the return pipe.
*/
c = accept(s_from_gdoi, (struct sockaddr *)&from, (socklen_t *)&from_len);
if (c < 0) {
err("accept failed");
exit(1);
}
/*
* Make it non-blocking so we can poll it later.
*/
if ((flags = fcntl(c, F_GETFL, 0)) < 0) {
err("F_GETFL error");
}
flags |= O_NONBLOCK;
if (fcntl(c, F_SETFL, flags) < 0) {
err("F_SETFL error");
}
/*
* Setup initial timer values.
*/
poll_for_pushed_policy_secs = NORMAL_POLL_VALUE;
key_expiration_time = 0;
/*
* Wait for something to happen.
* 1. If no keys are returned within n seconds, try again.
* 2. If an ADD message with keys is returned:
* a. handle them
* b. set a timer slightly before the lifetime ends
* 3. If an unsolicited ADD message with new keys is received:
* a. stop the timer.
* b. handle them.
* c. reset the timer to slightly before th next lifetime ends.
*/
while (1) {
/*
* Sleep until we need to check the socket or ask for keys.
*/
sleep(until_next_event());
/*
* Read in non-blocking mode.
*/
ret = recvfrom(c, &data_in, MAX_MSG_SIZE, 0, NULL, NULL);
if (ret < 1) {
switch (errno) {
case EAGAIN:
/*
* GDOI hasn't sent anything yet.
*/
if ((current_state == NO_KEYS) ||
(current_state == ASKING_FOR_MORE_KEYS)) {
printf("\nAsking for Keys Again.\n");
ask_for_keys(s_to_gdoi);
}
/*
* Nothing to do if we already have keys -- we were just
* checking in case GDOI pushed new keys to us.
*/
break;
default:
err("recvfrom failed");
return;
}
} else {
/*
* BUG! It could be the GDOI was interrupted while sending us
* a response, in which case we may have only some of the
* payload. We're ignoring that this in this sample.
*/
handle_ADD_packet(data_in, ret);
}
/*
* Check if we need to ask for new keys. I.e., GDOI didn't give us any
* replacement keys so we need to ask for them.
*
* We want to ask for new keys GET_NEW_KEYS_BEFORE_EXPIRATION_PERIOD
* seconds before the end of the actual lifetime, which gives us some
* time to get another update before the current keys expire.
*/
printf("Key Expiration time: %d, Current time: %lld\n",
key_expiration_time, (long long int) time(NULL));
printf("Currrent State: %d\n", current_state);
if ((key_expiration_time - time(NULL)) <=
GET_NEW_KEYS_BEFORE_EXPIRATION_PERIOD) {
ask_for_keys(s_to_gdoi);
current_state = ASKING_FOR_MORE_KEYS;
}
/*
* If the keys expire without replacement, then we need to change state
* and ask again.
*/
if (key_expiration_time < time(NULL)) {
ask_for_keys(s_to_gdoi);
current_state = NO_KEYS;
}
}
}

242
config.h Normal file
View file

@ -0,0 +1,242 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.in by autoheader. */
/* Define to 1 if the `closedir' function returns void instead of `int'. */
/* #undef CLOSEDIR_VOID */
/* Use missing queue.h definitions */
/* #undef DEFINE_EXTRA_QUEUE_FUNCTIONS */
/* Sockaddr Length */
#define DEFINE_SA_LEN 1
/* GDOI Application Interface support */
#define GDOI_APP_SUPPORT 1
/* Define to 1 if you have the <arpa/inet.h> header file. */
#define HAVE_ARPA_INET_H 1
/* Define to 1 if you have the `bzero' function. */
#define HAVE_BZERO 1
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
*/
#define HAVE_DIRENT_H 1
/* Define to 1 if you have the <fcntl.h> header file. */
#define HAVE_FCNTL_H 1
/* Define to 1 if you have the `gettimeofday' function. */
#define HAVE_GETTIMEOFDAY 1
/* Define to 1 if you have the `inet_ntoa' function. */
#define HAVE_INET_NTOA 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if you have the `dl' library (-ldl). */
#define HAVE_LIBDL 1
/* Define to 1 if you have the `memmove' function. */
#define HAVE_MEMMOVE 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the `memset' function. */
#define HAVE_MEMSET 1
/* Define to 1 if you have the `mkfifo' function. */
#define HAVE_MKFIFO 1
/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
/* #undef HAVE_NDIR_H */
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#define HAVE_NETINET_IN_H 1
/* Define to 1 if you have the `select' function. */
#define HAVE_SELECT 1
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
/* Define to 1 if you have the <stddef.h> header file. */
#define HAVE_STDDEF_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strcasecmp' function. */
#define HAVE_STRCASECMP 1
/* Define to 1 if you have the `strcspn' function. */
#define HAVE_STRCSPN 1
/* Define to 1 if you have the `strdup' function. */
#define HAVE_STRDUP 1
/* Define to 1 if you have the `strerror' function. */
#define HAVE_STRERROR 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strlcpy' function. */
#define HAVE_STRLCPY 1
/* Define to 1 if you have the `strncasecmp' function. */
#define HAVE_STRNCASECMP 1
/* Define to 1 if you have the `strspn' function. */
#define HAVE_STRSPN 1
/* Define to 1 if you have the `strstr' function. */
#define HAVE_STRSTR 1
/* Define to 1 if you have the `strtol' function. */
#define HAVE_STRTOL 1
/* Define to 1 if you have the `strtoul' function. */
#define HAVE_STRTOUL 1
/* Define to 1 if you have the <syslog.h> header file. */
#define HAVE_SYSLOG_H 1
/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
*/
/* #undef HAVE_SYS_DIR_H */
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#define HAVE_SYS_IOCTL_H 1
/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
*/
/* #undef HAVE_SYS_NDIR_H */
/* Define to 1 if you have the <sys/param.h> header file. */
#define HAVE_SYS_PARAM_H 1
/* Define to 1 if you have the <sys/select.h> header file. */
#define HAVE_SYS_SELECT_H 1
/* Define to 1 if you have the <sys/socket.h> header file. */
#define HAVE_SYS_SOCKET_H 1
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/time.h> header file. */
#define HAVE_SYS_TIME_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the `tzset' function. */
#define HAVE_TZSET 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* IEC 57-61850-90-5 Support */
#define IEC90_5_SUPPORT 1
/* Old OpenBSD PF_KEY Extensions */
/* #undef OLD_OPENBSD_PFKEY_EXT */
/* Need to open FIFO with O_RDRW */
/* #undef OPEN_FIFO_RDRW */
/* Name of package */
#define PACKAGE "gdoid"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME "gdoi.h"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "gdoi.h 1.5iec"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "gdoi-h"
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.5iec"
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
/* Initialize the RNG */
/* #undef SEED_RNG */
/* Define to the type of arg 1 for `select'. */
#define SELECT_TYPE_ARG1 int
/* Define to the type of args 2, 3 and 4 for `select'. */
#define SELECT_TYPE_ARG234 (fd_set *)
/* Define to the type of arg 5 for `select'. */
#define SELECT_TYPE_ARG5 (struct timeval *)
/* SRTP Support */
#define SRTP_SUPPORT 1
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#define TIME_WITH_SYS_TIME 1
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
/* #undef TM_IN_SYS_TIME */
/* Phase 1 Agressive Support */
/* #undef USE_AGGRESSIVE */
/* Debugging */
#define USE_DEBUG 1
/* Old Sockaddr Definition */
/* #undef USE_OLD_SOCKADDR */
/* 3DES Support */
#define USE_TRIPLEDES 1
/* Version number of package */
#define VERSION "1.5iec"
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Not defined in <sys/types.h> */
/* #undef in_addr_t */
/* Not defined in <sys/types.h> */
/* #undef in_port_t */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define to `int' if <sys/types.h> does not define. */
/* #undef mode_t */
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */

241
config.h.in Normal file
View file

@ -0,0 +1,241 @@
/* config.h.in. Generated from configure.in by autoheader. */
/* Define to 1 if the `closedir' function returns void instead of `int'. */
#undef CLOSEDIR_VOID
/* Use missing queue.h definitions */
#undef DEFINE_EXTRA_QUEUE_FUNCTIONS
/* Sockaddr Length */
#undef DEFINE_SA_LEN
/* GDOI Application Interface support */
#undef GDOI_APP_SUPPORT
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
/* Define to 1 if you have the `bzero' function. */
#undef HAVE_BZERO
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
*/
#undef HAVE_DIRENT_H
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
/* Define to 1 if you have the `inet_ntoa' function. */
#undef HAVE_INET_NTOA
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
/* Define to 1 if you have the `memmove' function. */
#undef HAVE_MEMMOVE
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define to 1 if you have the `mkfifo' function. */
#undef HAVE_MKFIFO
/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
#undef HAVE_NDIR_H
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
/* Define to 1 if you have the `select' function. */
#undef HAVE_SELECT
/* Define to 1 if you have the `socket' function. */
#undef HAVE_SOCKET
/* Define to 1 if you have the <stddef.h> header file. */
#undef HAVE_STDDEF_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the `strcasecmp' function. */
#undef HAVE_STRCASECMP
/* Define to 1 if you have the `strcspn' function. */
#undef HAVE_STRCSPN
/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define to 1 if you have the `strerror' function. */
#undef HAVE_STRERROR
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strlcpy' function. */
#undef HAVE_STRLCPY
/* Define to 1 if you have the `strncasecmp' function. */
#undef HAVE_STRNCASECMP
/* Define to 1 if you have the `strspn' function. */
#undef HAVE_STRSPN
/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define to 1 if you have the `strtol' function. */
#undef HAVE_STRTOL
/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
*/
#undef HAVE_SYS_DIR_H
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
*/
#undef HAVE_SYS_NDIR_H
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the `tzset' function. */
#undef HAVE_TZSET
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* IEC 57-61850-90-5 Support */
#undef IEC90_5_SUPPORT
/* Old OpenBSD PF_KEY Extensions */
#undef OLD_OPENBSD_PFKEY_EXT
/* Need to open FIFO with O_RDRW */
#undef OPEN_FIFO_RDRW
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
/* Initialize the RNG */
#undef SEED_RNG
/* Define to the type of arg 1 for `select'. */
#undef SELECT_TYPE_ARG1
/* Define to the type of args 2, 3 and 4 for `select'. */
#undef SELECT_TYPE_ARG234
/* Define to the type of arg 5 for `select'. */
#undef SELECT_TYPE_ARG5
/* SRTP Support */
#undef SRTP_SUPPORT
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
/* Phase 1 Agressive Support */
#undef USE_AGGRESSIVE
/* Debugging */
#undef USE_DEBUG
/* Old Sockaddr Definition */
#undef USE_OLD_SOCKADDR
/* 3DES Support */
#undef USE_TRIPLEDES
/* Version number of package */
#undef VERSION
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Not defined in <sys/types.h> */
#undef in_addr_t
/* Not defined in <sys/types.h> */
#undef in_port_t
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
#undef inline
#endif
/* Define to `int' if <sys/types.h> does not define. */
#undef mode_t
/* Define to `long int' if <sys/types.h> does not define. */
#undef off_t
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t

4
config/README Normal file
View file

@ -0,0 +1,4 @@
# $Id: README,v 1.1 2003/09/05 21:37:22 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/config/README,v $
This directory stores automatically copied scripts used by configure.

1500
config/config.guess vendored Executable file
View file

File diff suppressed because it is too large Load diff

1616
config/config.sub vendored Executable file
View file

File diff suppressed because it is too large Load diff

584
config/depcomp Executable file
View file

@ -0,0 +1,584 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2006-10-15.18
# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software
# Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
Run PROGRAMS ARGS to compile a file, generating dependencies
as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by `PROGRAMS ARGS'.
object Object file output by `PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputing dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "depcomp $scriptversion"
exit $?
;;
esac
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
fi
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
depfile=${depfile-`echo "$object" |
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
# here, because this file can only contain one case statement.
if test "$depmode" = hp; then
# HP compiler uses -M and no extra arg.
gccflag=-M
depmode=gcc
fi
if test "$depmode" = dashXmstdout; then
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
exit $stat
fi
mv "$tmpdepfile" "$depfile"
;;
gcc)
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say).
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
gccflag=-MD,
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
## The second -e expression handles DOS-style file names with drive letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the `deleted header file' problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
tr ' ' '
' < "$tmpdepfile" |
## Some versions of gcc put a space before the `:'. On the theory
## that the space means something, we add a space to the output as
## well.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
sgi)
if test "$libtool" = yes; then
"$@" "-Wp,-MDupdate,$tmpdepfile"
else
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like `#:fec' to the end of the
# dependency line.
tr ' ' '
' < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
tr '
' ' ' >> $depfile
echo >> $depfile
# The second pass generates a dummy entry for each header file.
tr ' ' '
' < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> $depfile
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts `$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
tmpdepfile="$stripped.u"
if test "$libtool" = yes; then
"$@" -Wc,-M
else
"$@" -M
fi
stat=$?
if test -f "$tmpdepfile"; then :
else
stripped=`echo "$stripped" | sed 's,^.*/,,'`
tmpdepfile="$stripped.u"
fi
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
exit $stat
fi
if test -f "$tmpdepfile"; then
outname="$stripped.o"
# Each line is of the form `foo.o: dependent.h'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
icc)
# Intel's C compiler understands `-MD -MF file'. However on
# icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
# which is wrong. We want:
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using \ :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each line is of the form `foo.o: dependent.h',
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
# Add `dependent.h:' lines.
sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in `foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
if test "$libtool" = yes; then
# With Tru64 cc, shared objects can also be used to make a
# static library. This mechanism is used in libtool 1.4 series to
# handle both shared and static libraries in a single compilation.
# With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
#
# With libtool 1.5 this exception was removed, and libtool now
# generates 2 separate objects for the 2 libraries. These two
# compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
tmpdepfile2=$dir$base.o.d # libtool 1.5
tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.o.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
tmpdepfile4=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
dashmstdout)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for `:'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
"$@" $dashmflag |
sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
tr ' ' '
' < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
dashXmstdout)
# This case only exists to satisfy depend.m4. It is never actually
# run, as this mode is specially recognized in the preamble.
exit 1
;;
makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no
for arg in "$@"; do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix="`echo $object | sed 's/^.*\././'`"
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
sed '1,2d' "$tmpdepfile" | tr ' ' '
' | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
cpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
"$@" -E |
sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o,
# because we must use -o when running libtool.
"$@" || exit $?
IFS=" "
for arg
do
case "$arg" in
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
shift
;;
*)
set fnord "$@" "$arg"
shift
shift
;;
esac
done
"$@" -E |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
echo " " >> "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
none)
exec "$@"
;;
*)
echo "Unknown depmode $depmode" 1>&2
exit 1
;;
esac
exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:

507
config/install-sh Executable file
View file

@ -0,0 +1,507 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2006-10-14.15
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
posix_glob=
posix_mkdir=
# Desired mode of installed file.
mode=0755
chmodcmd=$chmodprog
chowncmd=
chgrpcmd=
stripcmd=
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=
dst=
dir_arg=
dstarg=
no_target_directory=
usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
-c (ignored)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
--help display this help and exit.
--version display version info and exit.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) shift
continue;;
-d) dir_arg=true
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
shift
shift
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-s) stripcmd=$stripprog
shift
continue;;
-t) dstarg=$2
shift
shift
continue;;
-T) no_target_directory=true
shift
continue;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
done
if test $# -ne 0 && test -z "$dir_arg$dstarg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dstarg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dstarg"
shift # fnord
fi
shift # arg
dstarg=$arg
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call `install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
trap '(exit $?); exit' 1 2 13 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names starting with `-'.
case $src in
-*) src=./$src ;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dstarg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dstarg
# Protect names starting with `-'.
case $dst in
-*) dst=./$dst ;;
esac
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dstarg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writeable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix=/ ;;
-*) prefix=./ ;;
*) prefix= ;;
esac
case $posix_glob in
'')
if (set -f) 2>/dev/null; then
posix_glob=true
else
posix_glob=false
fi ;;
esac
oIFS=$IFS
IFS=/
$posix_glob && set -f
set fnord $dstdir
shift
$posix_glob && set +f
IFS=$oIFS
prefixes=
for d
do
test -z "$d" && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
&& { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
&& { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
&& { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# Now rename the file to the real destination.
{ $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \
|| {
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
if test -f "$dst"; then
$doit $rmcmd -f "$dst" 2>/dev/null \
|| { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \
&& { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\
|| {
echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
else
:
fi
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
} || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:

367
config/missing Executable file
View file

@ -0,0 +1,367 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
scriptversion=2006-05-10.23
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
fi
run=:
sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
# In the cases where this matters, `missing' is being run in the
# srcdir already.
if test -f configure.ac; then
configure_ac=configure.ac
else
configure_ac=configure.in
fi
msg="missing on your system"
case $1 in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
shift
"$@" && exit 0
# Exit code 63 means version mismatch. This often happens
# when the user try to use an ancient version of a tool on
# a file that requires a minimum version. In this case we
# we should proceed has if the program had been absent, or
# if --run hadn't been passed.
if test $? = 63; then
run=:
msg="probably too old"
fi
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
--run try to run the given command, and emulate it if it fails
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
autom4te touch the output file, or create a stub one
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing $scriptversion (GNU Automake)"
exit $?
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
;;
esac
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
# the program).
case $1 in
lex|yacc)
# Not GNU programs, they don't have --version.
;;
tar)
if test -n "$run"; then
echo 1>&2 "ERROR: \`tar' requires --run"
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
exit 1
fi
;;
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
# Could not run --version or --help. This is probably someone
# running `$TOOL --version' or `$TOOL --help' to check whether
# $TOOL exists and not knowing $TOOL uses missing.
exit 1
fi
;;
esac
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
case $1 in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acinclude.m4' or \`${configure_ac}'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case $f in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
automake*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
;;
autom4te)
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
proper tools for further handling them.
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo "#! /bin/sh"
echo "# Created by GNU Automake missing as a replacement of"
echo "# $ $@"
echo "exit 0"
chmod +x $file
exit 1
fi
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if test $# -ne 1; then
eval LASTARG="\${$#}"
case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
if test ! -f y.tab.h; then
echo >y.tab.h
fi
if test ! -f y.tab.c; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
lex|flex)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if test $# -ne 1; then
eval LASTARG="\${$#}"
case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
if test ! -f lex.yy.c; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
help2man)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
exit 1
fi
;;
makeinfo)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -z "$file"; then
# ... or it is the one specified with @setfilename ...
infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '
/^@setfilename/{
s/.* \([^ ]*\) *$/\1/
p
q
}' $infile`
# ... or it is derived from the source name (dir/f.texi becomes f.info)
test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
fi
# If the file does not exist, the user really needs makeinfo;
# let's fail without touching anything.
test -f $file || exit 1
touch $file
;;
tar)
shift
# We have already tried tar in the generic part.
# Look for gnutar/gtar before invocation to avoid ugly error
# messages.
if (gnutar --version > /dev/null 2>&1); then
gnutar "$@" && exit 0
fi
if (gtar --version > /dev/null 2>&1); then
gtar "$@" && exit 0
fi
firstarg="$1"
if shift; then
case $firstarg in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
case $firstarg in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
;;
esac
fi
echo 1>&2 "\
WARNING: I can't seem to be able to run \`tar' with the given arguments.
You may want to install GNU tar or Free paxutils, or check the
command line arguments."
exit 1
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequisites for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:

8422
configure vendored Executable file
View file

File diff suppressed because it is too large Load diff

439
configure.in Normal file
View file

@ -0,0 +1,439 @@
dnl $Id: configure.in,v 1.6.2.4 2011/12/12 23:15:28 bew Exp $
dnl $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/configure.in,v $
dnl
dnl The license applies to all software incorporated in the "Cisco GDOI reference
dnl implementation" except for those portions incorporating third party software
dnl specifically identified as being licensed under separate license.
dnl
dnl
dnl The Cisco Systems Public Software License, Version 1.0
dnl Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
dnl Subject to the following terms and conditions, Cisco Systems, Inc.,
dnl hereby grants you a worldwide, royalty-free, nonexclusive, license,
dnl subject to third party intellectual property claims, to create
dnl derivative works of the Licensed Code and to reproduce, display,
dnl perform, sublicense, distribute such Licensed Code and derivative works.
dnl All rights not expressly granted herein are reserved.
dnl 1. Redistributions of source code must retain the above
dnl copyright notice, this list of conditions and the following
dnl disclaimer.
dnl 2. Redistributions in binary form must reproduce the above
dnl copyright notice, this list of conditions and the following
dnl disclaimer in the documentation and/or other materials
dnl provided with the distribution.
dnl 3. The names Cisco and "Cisco GDOI reference implementation" must not
dnl be used to endorse or promote products derived from this software without
dnl prior written permission. For written permission, please contact
dnl opensource@cisco.com.
dnl 4. Products derived from this software may not be called
dnl "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
dnl "Cisco GDOI reference implementation" appear in
dnl their name, without prior written permission of Cisco Systems, Inc.
dnl THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
dnl WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
dnl WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
dnl PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
dnl SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
dnl INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
dnl SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
dnl BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
dnl LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
dnl THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
dnl SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
dnl LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
dnl PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
dnl LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
dnl LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
dnl EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
dnl AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
dnl THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
dnl (US$5,000).
dnl
dnl ====================================================================
dnl This software consists of voluntary contributions made by Cisco Systems,
dnl Inc. and many individuals on behalf of Cisco Systems, Inc. For more
dnl information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
dnl
dnl This product includes software developed by Ericsson Radio Systems.
dnl
AC_PREREQ(2.13)
AC_INIT(gdoi.h, 1.5iec)
AC_CONFIG_AUX_DIR(config)
AM_INIT_AUTOMAKE(gdoid, 1.5iec)
AM_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
# Checks for programs.
AC_PROG_AWK
AC_PROG_CC
# Host-specific checks
case "$build_os" in
linux*)
CFLAGS="$CFLAGS -DSYMBOL_PREFIX='\"_\"' -DKAME -DLINUX_PFKEY"
# No more support for FreeS/WAN ... require a 2.6 kernel and ipsec_tools.
AM_CONDITIONAL(HAVE_FREESWAN, false)
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AC_DEFINE(SEED_RNG, 1, Initialize the RNG)
;;
darwin*)
CFLAGS="$CFLAGS -DHAVE_GETNAMEINFO -DHAVE_PCAP -DOPENBSD_PFKEY_EXT -DOSX"
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AM_CONDITIONAL(HAVE_FREESWAN, false)
;;
openbsd*)
CFLAGS="$CFLAGS -DHAVE_GETNAMEINFO -DHAVE_PCAP -DOPENBSD_PFKEY_EXT"
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AM_CONDITIONAL(HAVE_FREESWAN, false)
# Determine if this release has the old or new PF_KEY extension symbols.
AC_MSG_CHECKING(whether old PF_KEY Extension symbols are defined)
AC_TRY_RUN(
[
#include <sys/types.h>
#include <net/pfkeyv2.h>
#if !defined FLOW_X_TYPE_REQUIRE
#error FLOW_X_TYPE_REQUIRE not defined
#endif
main() { return 0;}
],
[AC_MSG_RESULT(yes)
AC_DEFINE(OLD_OPENBSD_PFKEY_EXT, 1, [Old OpenBSD PF_KEY Extensions])],
[AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])])
;;
freebsd*)
CFLAGS="$CFLAGS -DKAME -DFREEBSD_PFKEY_EXT"
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AM_CONDITIONAL(HAVE_FREESWAN, false)
AC_DEFINE(OPEN_FIFO_RDRW, 1, [Need to open FIFO with O_RDRW])
;;
dnl Should be bsdi and netbsd.
dnl Actually, should be replaced with a few tests.
bsdi*)
CFLAGS="$CFLAGS -DKAME -DNETBSD_PFKEY_EXT"
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AM_CONDITIONAL(HAVE_FREESWAN, false)
;;
*)
# Set the basics for a BSD system
AM_CONDITIONAL(HAVE_PF_KEY_V2, true)
AM_CONDITIONAL(HAVE_FREESWAN, false)
;;
esac
# Checks for libraries.
#
# Libcrypto is required
#
# The --with-ssl-dir option and associated code was taken from OpenSSH.
#
# The big search for OpenSSL
AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
tryssldir=$withval
fi
]
)
saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
if test "x$prefix" != "xNONE" ; then
tryssldir="$tryssldir $prefix"
fi
AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
LIBS="$saved_LIBS -lcrypto"
# Skip directories if they don't exist
if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
continue;
fi
if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
# Try to use $ssldir/lib if it exists, otherwise
# $ssldir
if test -d "$ssldir/lib" ; then
LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$ssldir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$ssldir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$ssldir $LDFLAGS"
fi
fi
# Try to use $ssldir/include if it exists, otherwise
# $ssldir
if test -d "$ssldir/include" ; then
CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
fi
fi
# Basic test to check for compatible version and correct linking
# *does not* test for RSA - that comes later.
AC_TRY_RUN(
[
#include <sys/param.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
int main(void)
{
char a[2048];
SHA256_CTX c;
SHA256_Init(&c);
memset(a, 0, sizeof(a));
RAND_add(a, sizeof(a), sizeof(a));
return(RAND_status() <= 0);
}
],
[
found_crypto=1
break;
],
[],
[
AC_MSG_ERROR([Cross-compiling not supported])
]
)
if test ! -z "$found_crypto" ; then
break;
fi
done
if test -z "$found_crypto" ; then
AC_MSG_ERROR([Could not find working
OpenSSL library, including SHA256.
Must have openssl-0.9.8a or higher.
please install, or check config.log.
If it is installed in an unusual place,
specify the path --with-ssl-dir=<path>])
fi
if test -z "$ssldir" ; then
ssldir="(system)"
fi
ac_cv_openssldir=$ssldir
])
if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
dnl Need to recover ssldir - test above runs in subshell
ssldir=$ac_cv_openssldir
if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
# Try to use $ssldir/lib if it exists, otherwise
# $ssldir
if test -d "$ssldir/lib" ; then
LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$ssldir/lib $LDFLAGS"
fi
else
LDFLAGS="-L$ssldir $saved_LDFLAGS"
if test ! -z "$need_dash_r" ; then
LDFLAGS="-R$ssldir $LDFLAGS"
fi
fi
# Try to use $ssldir/include if it exists, otherwise
# $ssldir
if test -d "$ssldir/include" ; then
CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
else
CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
fi
fi
fi
LIBS="-lc $saved_LIBS -lcrypto"
AM_CONDITIONAL(USE_LIBCRYPTO, true)
#
# Check for dlopen, which might be needed by libcrypto. If present, use
# dynamic libraries.
#
have_dl=yes
AC_CHECK_LIB(dl, dlopen, , [have_dl=no])
if test $have_dl = yes; then
LIBS="$LIBS -ldl"
fi
# Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_CHECK_HEADERS([arpa/inet.h fcntl.h memory.h netdb.h netinet/in.h stddef.h stdlib.h string.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_TYPE_MODE_T
AC_TYPE_OFF_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM
AC_MSG_CHECKING(whether sockaddr_in.sin_len is defined)
AC_TRY_RUN([
#include <sys/types.h>
#include <netinet/in.h>
main()
{
struct sockaddr_in foo;
foo.sin_len = 0;
return 0;
}
],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(USE_OLD_SOCKADDR, 1, [Old Sockaddr Definition])
AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])]
)
AC_MSG_CHECKING(whether in_port_t is defined)
AC_TRY_RUN([
#include <sys/types.h>
#include <netinet/in.h>
main()
{
in_port_t foo;
return 0;
}
],
[AC_MSG_RESULT(yes)],
[AC_DEFINE([in_port_t], u_int16_t, [Not defined in <sys/types.h>])
AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])]
)
AC_MSG_CHECKING(whether in_addr_t is defined)
AC_TRY_RUN([
#include <sys/types.h>
#include <netinet/in.h>
main()
{
in_addr_t foo;
return 0;
}
],
[AC_MSG_RESULT(yes)],
[AC_DEFINE([in_addr_t], u_int32_t, [Not defined in <sys/types.h>])
AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])]
)
AC_MSG_CHECKING(whether SA_LEN is defined)
AC_TRY_RUN([
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#if !defined SA_LEN
# error _SA_LEN not defined
#endif
main() { return 0;}
],
[AC_MSG_RESULT(yes)],
[AC_DEFINE([DEFINE_SA_LEN], 1, [Sockaddr Length])
AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])]
)
AC_MSG_CHECKING(whether LIST_FIRST is defined)
AC_TRY_RUN([
#include <sys/queue.h>
#if !defined LIST_FIRST
# error LIST_FIRST not defined
#endif
main() { return 0;}
],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(DEFINE_EXTRA_QUEUE_FUNCTIONS, 1,
[Use missing queue.h definitions])
AC_MSG_RESULT(no)],
[AC_MSG_ERROR([cannot cross-compile, bailing out])]
)
# Checks for library functions.
AC_FUNC_CLOSEDIR_VOID
AC_PROG_GCC_TRADITIONAL
AC_FUNC_MEMCMP
AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([bzero gettimeofday inet_ntoa memmove memset mkfifo select socket strcasecmp strcspn strdup strerror strncasecmp strspn strstr strtol strtoul tzset strlcpy])
# Optional Arguments
AC_ARG_ENABLE(tripledes,
[ --enable-tripledes Enable support of 3DES [yes]],
[], [enable_tripledes=yes])
AC_CACHE_CHECK([whether to use 3DES], enable_tripledes, [enable_tripledes=yes])
if test $enable_tripledes = yes; then
AC_DEFINE(USE_TRIPLEDES, 1, [3DES Support])
fi
#
# APPSUPPORT is define implicitely when a client of APPSUPPORT is defined.
#
enable_appsupport=no;
AC_ARG_ENABLE(iec90_5,
[ --enable-iec90-5 Enable support of IEC 57-61850-90-5 [yes]],
[], [enable_iec90_5=yes])
AC_CACHE_CHECK([whether to support IEC 57-61850-90-5],
enable_iec90_5,
[enable_iec90_5=no])
if test $enable_iec90_5 = yes; then
AC_DEFINE(IEC90_5_SUPPORT, 1, [IEC 57-61850-90-5 Support])
AC_DEFINE(GDOI_APP_SUPPORT, 1, [GDOI Application Interface support])
enable_appsupport=yes;
fi
AM_CONDITIONAL(IEC90_5_SUPPORT, test $enable_iec90_5 = yes)
AM_CONDITIONAL(GDOI_APP_SUPPORT, test $enable_appsupport = yes)
AC_ARG_ENABLE(srtp,
[ --enable-srtp Enable support of SRTP [no]],
[], [enable_srtp=no])
AC_CACHE_CHECK([whether to support SRTP],
enable_srtp,
[enable_srtp=no])
if test $enable_srtp = yes; then
AC_DEFINE(SRTP_SUPPORT, 1, [SRTP Support])
AC_DEFINE(GDOI_APP_SUPPORT, 1, [GDOI Application Interface support])
enable_appsupport=yes;
fi
AM_CONDITIONAL(SRTP_SUPPORT, test $enable_srtp = yes)
AM_CONDITIONAL(GDOI_APP_SUPPORT, test $enable_appsupport = yes)
AC_ARG_ENABLE(aggressive,
[ --enable-aggressive Enable support of Phase 1 Aggressive Mode [no]],
[], [enable_aggressive=no])
AC_CACHE_CHECK([whether to use Phase 1 Agressive Mode], enable_aggressive,
[enable_aggressive=no])
if test $enable_aggressive = yes; then
AC_DEFINE(USE_AGGRESSIVE, 1, [Phase 1 Agressive Support])
fi
AM_CONDITIONAL(USE_AGGRESSIVE, test $enable_aggressive = yes)
AC_ARG_ENABLE(debug,
[ --enable-debug Enable debug [yes]],
[], [enable_debug=yes])
AC_CACHE_CHECK([whether to use debug], enable_debug, [enable_debug=yes])
if test $enable_debug = yes; then
AC_DEFINE(USE_DEBUG, 1, [Debugging])
fi
AC_OUTPUT(Makefile src/Makefile app_client/Makefile)

5
samples/iec90-5/CVS/Entries Normal file
View file

@ -0,0 +1,5 @@
/START_CLIENT/1.1.2.1/Mon Dec 12 23:49:35 2011//TIEC90-5
/START_KS/1.1.2.1/Mon Dec 12 23:49:35 2011//TIEC90-5
/gdoi_client.conf/1.1.2.1/Mon Dec 12 23:49:35 2011//TIEC90-5
/gdoi_ks.conf/1.1.2.1/Mon Dec 12 23:49:35 2011//TIEC90-5
D

1
samples/iec90-5/CVS/Repository Normal file
View file

@ -0,0 +1 @@
gdoi/samples/iec90-5

1
samples/iec90-5/CVS/Root Normal file
View file

@ -0,0 +1 @@
:ext:bew@irp-view12.cisco.com:/nfs/cscbz/gdoi/gdoicvs

1
samples/iec90-5/CVS/Tag Normal file
View file

@ -0,0 +1 @@
TIEC90-5

6
samples/iec90-5/START_CLIENT Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
# $Id: START_CLIENT,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/START_CLIENT,v $
DIR=../..
${DIR}/src/gdoid -d -n -DA=99 -f/tmp/isakmpd.fifo -cgdoi_client.conf

19
samples/iec90-5/START_KS Executable file
View file

@ -0,0 +1,19 @@
#!/bin/sh
# $Id: START_KS,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/START_KS,v $
#
# Create a second loopback. The syntax varies per system. Uncomment the
# appropriate line below.
# For OS X, use the following line
ifconfig lo0 127.0.0.2 alias
#
# For Linux, use the following line
# ifconfig lo:1 127.0.0.2
#
# For BSD, use the following line
# ifconfig lo1 127.0.0.2
#
DIR=../..
${DIR}/src/gdoid -d -n -DA=99 -f/tmp/isakmpd2.fifo -cgdoi_ks.conf

73
samples/iec90-5/gdoi_client.conf Normal file
View file

@ -0,0 +1,73 @@
# $Id: gdoi_client.conf,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/gdoi_client.conf,v $
#
# A configuration sample for testing GDOI over loopback interfaces.
# This is the client (group member) side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.1
check-interval= 60
GDOI-application-client-support= 1
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.2= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
#Connections= Group-1234
#
# Make passive for TIDP becasuse we don't start until the client asks for
# keys.
#
Passive-Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 127.0.0.1
Address= 127.0.0.2
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
ID-type= IEC90_5
OID= 61850_UDP_ADDR_GOOSE
Address= 239.192.1.1
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,30:120
# Group mode description
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE

94
samples/iec90-5/gdoi_ks.conf Normal file
View file

@ -0,0 +1,94 @@
# $Id: gdoi_ks.conf,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/gdoi_ks.conf,v $
#
# A configuration sample for testing GDOI over loopback interfaces.
# This is the key server side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.2
#GDOI-application-client-support= 1
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.1= ISAKMP-peer-client
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Passive-Connections= Group-1234
[ISAKMP-peer-client]
Phase= 1
Transport= udp
Local-address= 127.0.0.2
Address= 127.0.0.1
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
Configuration= IEC90_5_group_1
ID-type= IEC90_5
OID= 61850_UDP_ADDR_GOOSE
Address= 239.192.1.1
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,30:120
[LIFE_120_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 120,90:180
# GDOI description
# Group mode description
[IEC90_5_group_1]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Crypto-protocol= PROTO_IEC90_5
#
# No SA-KEK is defined for the loopback sample.
# Rekey messages don't always work across the loopbacks.
#
SA-TEKS= GROUP1-TEK1
# Src-ID and Dst-ID are the addresses/posrts for the UDP packet.
[GROUP1-TEK1]
Src-ID= Group-tek1-src
Dst-ID= Group-tek1-dst
[Group-tek1-src]
ID-type= IPV4_ADDR
Address= 172.19.137.42
Port= 1024
[Group-tek1-dst]
ID-type= IPV4_ADDR
Address= 239.192.1.1
Port= 1024

7
samples/loopback/CVS/Entries Normal file
View file

@ -0,0 +1,7 @@
/START_CLIENT/1.3/Tue Oct 11 17:57:25 2005//TIEC90-5
/START_KS/1.4/Wed Mar 21 20:02:55 2007//TIEC90-5
/gdoi_client.conf/1.4/Tue Oct 11 17:57:25 2005//TIEC90-5
/gdoi_ks.conf/1.5.2.1/Mon Dec 5 20:26:53 2011//TIEC90-5
/sample_output_client/1.3/Fri Jul 25 03:56:19 2003//TIEC90-5
/sample_output_ks/1.3/Fri Jul 25 03:56:20 2003//TIEC90-5
D

1
samples/loopback/CVS/Repository Normal file
View file

@ -0,0 +1 @@
gdoi/samples/loopback

1
samples/loopback/CVS/Root Normal file
View file

@ -0,0 +1 @@
:ext:bew@irp-view12.cisco.com:/nfs/cscbz/gdoi/gdoicvs

1
samples/loopback/CVS/Tag Normal file
View file

@ -0,0 +1 @@
TIEC90-5

5
samples/loopback/START_CLIENT Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
# $Id: START_CLIENT,v 1.3 2005/10/11 17:57:25 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/loopback/START_CLIENT,v $
../../src/gdoid -d -n -DA=59 -f/tmp/isakmpd.fifo -cgdoi_client.conf

18
samples/loopback/START_KS Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
# $Id: START_KS,v 1.4 2007/03/21 20:02:55 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/loopback/START_KS,v $
#
# Create a second loopback. The syntax varies per system. Uncomment the
# appropriate line below.
# For OS X, use the following line
# ifconfig lo0 127.0.0.2 alias
#
# For Linux, use the following line
# ifconfig lo:1 127.0.0.2
#
# For BSD, use the following line
# ifconfig lo1 127.0.0.2
#
../../src/gdoid -d -n -DA=59 -f/tmp/isakmpd2.fifo -cgdoi_ks.conf

69
samples/loopback/gdoi_client.conf Normal file
View file

@ -0,0 +1,69 @@
# $Id: gdoi_client.conf,v 1.4 2005/10/11 17:57:25 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/loopback/gdoi_client.conf,v $
#
# A configuration sample for testing GDOI over loopback interfaces.
# This is the client (group member) side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.1
check-interval= 60
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.2= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 127.0.0.1
Address= 127.0.0.2
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,30:120
# Group mode description
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE

110
samples/loopback/gdoi_ks.conf Normal file
View file

@ -0,0 +1,110 @@
# $Id: gdoi_ks.conf,v 1.5.2.1 2011/12/05 20:26:53 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/loopback/gdoi_ks.conf,v $
#
# A configuration sample for testing GDOI over loopback interfaces.
# This is the key server side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.2
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.1= ISAKMP-peer-client
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Passive-Connections= Group-1234
[ISAKMP-peer-client]
Phase= 1
Transport= udp
Local-address= 127.0.0.2
Address= 127.0.0.1
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
Configuration= Default-group-mode
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Group mode description
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
# Mark this as an IPsec group. TEKs can then be either ESP or AH.
Crypto-protocol= PROTO_IPSEC_ESP
SA-TEKS= GROUP1-TEK1
GROUP-POLICY= GROUP1-GP
[GROUP1-GP]
ATD= 60
DTD= 90
SID-SIZE= 16
# Src-ID and Dst-ID are the addresses for the IP ESP packet.
[GROUP1-TEK1]
Src-ID= Group-tek1-src
Dst-ID= Group-tek1-dst
TEK_Suite= GDOI-ESP-3DES-SHA-SUITE
[Group-tek1-src]
ID-type= IPV4_ADDR
Address= 172.19.137.42
Port= 1024
[Group-tek1-dst]
ID-type= IPV4_ADDR
Address= 239.192.1.1
Port= 1024
# Main mode transforms
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,30:120
[LIFE_120_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 120,90:180
# GDOI description
[GDOI-ESP-3DES-SHA-SUITE]
PROTOCOL_ID= IPSEC_ESP
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_120_SECS
ADDRESS_PRESERVATION= DESTINATION_ONLY
SA_DIRECTION= RECEIVER_ONLY
# Certificates stored in PEM format
# NOTE: Directory name must have trailing "/"!
#[X509-certificates]
#CA-directory= /Some/Directory

3332
samples/loopback/sample_output_client Normal file
View file

File diff suppressed because it is too large Load diff

3408
samples/loopback/sample_output_ks Normal file
View file

File diff suppressed because it is too large Load diff

11
samples/three-clients/CVS/Entries Normal file
View file

@ -0,0 +1,11 @@
/START_CLIENT1/1.3/Tue Oct 11 17:57:26 2005//TIEC90-5
/START_CLIENT2/1.3/Tue Oct 11 17:57:26 2005//TIEC90-5
/START_CLIENT3/1.3/Tue Oct 11 17:57:27 2005//TIEC90-5
/START_KS/1.3/Tue Oct 11 17:57:27 2005//TIEC90-5
/gdoi_client1.conf/1.4/Tue Oct 11 17:57:27 2005//TIEC90-5
/gdoi_client2.conf/1.4/Tue Oct 11 17:57:28 2005//TIEC90-5
/gdoi_client3.conf/1.4/Tue Oct 11 17:57:28 2005//TIEC90-5
/gdoi_ks.conf/1.6/Tue Jan 25 00:15:50 2011//TIEC90-5
/sample_output_client1/1.3/Tue Oct 11 17:57:28 2005//TIEC90-5
/sample_output_ks/1.3/Tue Oct 11 17:57:28 2005//TIEC90-5
D

1
samples/three-clients/CVS/Repository Normal file
View file

@ -0,0 +1 @@
gdoi/samples/three-clients

1
samples/three-clients/CVS/Root Normal file
View file

@ -0,0 +1 @@
:ext:bew@irp-view12.cisco.com:/nfs/cscbz/gdoi/gdoicvs

1
samples/three-clients/CVS/Tag Normal file
View file

@ -0,0 +1 @@
TIEC90-5

5
samples/three-clients/START_CLIENT1 Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
# $Id: START_CLIENT1,v 1.3 2005/10/11 17:57:26 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/START_CLIENT1,v $
../../src/gdoid -d -n -p848 -DA=99 -f/tmp/isakmpd.fifo -cgdoi_client1.conf

5
samples/three-clients/START_CLIENT2 Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
# $Id: START_CLIENT2,v 1.3 2005/10/11 17:57:26 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/START_CLIENT2,v $
../../src/gdoid -d -n -p848 -DA=99 -f/tmp/isakmpd.fifo -cgdoi_client2.conf

5
samples/three-clients/START_CLIENT3 Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
# $Id: START_CLIENT3,v 1.3 2005/10/11 17:57:27 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/START_CLIENT3,v $
../../src/gdoid -d -n -p848 -DA=99 -f/tmp/isakmpd.fifo -cgdoi_client3.conf

5
samples/three-clients/START_KS Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
# $Id: START_KS,v 1.3 2005/10/11 17:57:27 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/START_KS,v $
../../src/gdoid -d -n -p848 -DA=99 -f/tmp/isakmpd2.fifo -cgdoi_ks.conf

102
samples/three-clients/gdoi_client1.conf Normal file
View file

@ -0,0 +1,102 @@
# $Id: gdoi_client1.conf,v 1.4 2005/10/11 17:57:27 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/gdoi_client1.conf,v $
#
# A configuration sample for testing GDOI between systems passing IPSec policy.
# This is an example of a group member.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.0.224.37
check-interval= 60
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.0.224.44= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 10.0.224.37
Address= 10.0.224.44
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Suites= GM-ESP
[GM-ESP]
PROTOCOL_ID= IPSEC_ESP

102
samples/three-clients/gdoi_client2.conf Normal file
View file

@ -0,0 +1,102 @@
# $Id: gdoi_client2.conf,v 1.4 2005/10/11 17:57:28 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/gdoi_client2.conf,v $
#
# A configuration sample for testing GDOI between systems passing IPSec policy.
# This is an example of a group member.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.0.224.40
check-interval= 60
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.0.224.44= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 10.0.224.40
Address= 10.0.224.44
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Suites= GM-ESP
[GM-ESP]
PROTOCOL_ID= IPSEC_ESP

102
samples/three-clients/gdoi_client3.conf Normal file
View file

@ -0,0 +1,102 @@
# $Id: gdoi_client3.conf,v 1.4 2005/10/11 17:57:28 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/gdoi_client3.conf,v $
#
# A configuration sample for testing GDOI between systems passing IPSec policy.
# This is an example of a group member.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.0.224.41
check-interval= 60
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.0.224.44= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 10.0.224.41
Address= 10.0.224.44
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Suites= GM-ESP
[GM-ESP]
PROTOCOL_ID= IPSEC_ESP

194
samples/three-clients/gdoi_ks.conf Normal file
View file

@ -0,0 +1,194 @@
# $Id: gdoi_ks.conf,v 1.6 2011/01/25 00:15:50 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/gdoi_ks.conf,v $
#
# A configuration sample for testing GDOI between systems passing IPSec policy.
# This is an example of the key server.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.0.224.44
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.0.224.37= GDOI-group-member-1
10.0.224.40= GDOI-group-member-2
10.0.224.41= GDOI-group-member-3
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. Since this is the key server, it will wait for the group
# members to register usig these connections.
[Phase 2]
Passive-Connections= IPsec-group-policy
[GDOI-group-member-1]
Phase= 1
Transport= udp
Local-address= 10.0.224.44
Address= 10.0.224.37
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[GDOI-group-member-2]
Phase= 1
Transport= udp
Local-address= 10.0.224.44
Address= 10.0.224.40
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[GDOI-group-member-3]
Phase= 1
Transport= udp
Local-address= 10.0.224.44
Address= 10.0.224.41
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[IPsec-group-policy]
Phase= 2
ISAKMP-peer= GDOI-group-member
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# GDOI description
# 3DES
[GDOI-ESP-TRANSFORM-3DES-SHA]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_60_SECS
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
SA-KEK= GROUP1-KEK
SA-TEKS= GROUP1-TEK1,GROUP1-TEK2
[GROUP1-KEK]
Src-ID= Group-kek-src
Dst-ID= Group-kek-dst
ENCRYPTION_ALGORITHM= 3DES
SIG_HASH_ALGORITHM= SHA
SIG_ALGORITHM= RSA
RSA-Keypair= /usr/local/gdoid/rsakeys.der
REKEY_PERIOD= 30
[Group-kek-src]
ID-type= IPV4_ADDR
Address= 10.0.224.44
Port= 848
[Group-kek-dst]
ID-type= IPV4_ADDR
Address= 239.10.1.1
Port= 848
# Src-ID and Dst-ID are the addresses for the IP ESP packet.
[GROUP1-TEK1]
Crypto-protocol= PROTO_IPSEC_ESP
Src-ID= Group-tek1-src
Dst-ID= Group-tek1-dst
TEK_Suite= GDOI-ESP-3DES-SHA-SUITE
[Group-tek1-src]
ID-type= IPV4_ADDR
Address= 10.0.224.37
Port= 0
[Group-tek1-dst]
ID-type= IPV4_ADDR
Address= 239.1.1.1
Port= 0
# Src-ID and Dst-ID are the addresses for the IP ESP packet.
[GROUP1-TEK2]
Src-ID= Group-tek2-src
Dst-ID= Group-tek2-dst
TEK_Suite= GDOI-ESP-3DES-SHA-SUITE
[Group-tek2-src]
ID-type= IPV4_ADDR
Address= 10.0.224.40
Port= 0
[Group-tek2-dst]
ID-type= IPV4_ADDR
Address= 239.1.1.2
Port= 0
[GDOI-ESP-3DES-SHA-SUITE]
Protocols= GDOI-ESP-3DES-SHA
[GDOI-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= GDOI-ESP-TRANSFORM-3DES-SHA
# Certificates stored in PEM format
[X509-certificates]
CA-directory= /etc/gdoid/ca/
Cert-directory= /etc/gdoid/certs/
Private-key= /etc/gdoid/private/local.key

1110
samples/three-clients/sample_output_client1 Normal file
View file

File diff suppressed because it is too large Load diff

3022
samples/three-clients/sample_output_ks Normal file
View file

File diff suppressed because it is too large Load diff

214
src/Makefile.am Normal file
View file

@ -0,0 +1,214 @@
# $Id: Makefile.am,v 1.3.4.3 2011/12/12 23:15:28 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2002 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
#
# Makefile.am for gdoid.
#
bin_PROGRAMS = gdoid
BUILT_C_FILES = exchange_num.c ipsec_num.c isakmp_num.c gdoi_num.c \
ipsec_fld.c isakmp_fld.c gdoi_fld.c
BUILT_H_FILES = exchange_num.h ipsec_num.h isakmp_num.h gdoi_num.h \
ipsec_fld.h isakmp_fld.h gdoi_fld.h
BUILT_SOURCES = ${BUILT_C_FILES} ${BUILT_H_FILES}
noinst_HEADERS = app.h attribute.h cert.h conf.h connection.h \
constants.h cookie.h crypto.h dh.h doi.h dyn.h \
exchange.h field.h gdoi.h gdoi_phase2.h gmp_util.h hash.h \
if.h ike_aggressive.h ike_auth.h ike_main_mode.h \
ike_phase_1.h init.h ipsec.h ipsec_doi.h isakmp.h \
isakmp_doi.h libcrypto.h log.h math_2n.h math_ec2n.h \
math_group.h math_mp.h message.h pcap.h pf_encap.h \
pf_key_v2.h prf.h sa.h sysdep.h timer.h transport.h udp.h \
ui.h util.h x509.h
gdoid_SOURCES = ${BUILT_C_FILES}\
udp.c app.c attribute.c cert.c connection.c \
constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \
field.c gmp_util.c hash.c if.c ike_auth.c \
ike_aggressive.c ike_main_mode.c ike_phase_1.c \
init.c ipsec.c \
isakmpd.c isakmp_doi.c libcrypto.c \
log.c message.c math_2n.c math_ec2n.c math_group.c \
prf.c sa.c timer.c transport.c ui.c util.c \
gdoi_phase2.c gdoi_doi.c gdoi_rekey.c
man_MANS= gdoid.8 gdoid.conf.5
CLEANFILES= exchange_num.c exchange_num.h ipsec_num.c ipsec_num.h \
isakmp_num.c isakmp_num.h ipsec_fld.c ipsec_fld.h \
isakmp_fld.c isakmp_fld.h \
gdoi_fld.c gdoi_fld.h gdoi_num.c gdoi_num.h
DISTCLEANFILES= cscope.files cscope.out
EXTRA_DIST= ${man_MANS} genconstants.sh genfields.sh \
exchange_num.cst ipsec_num.cst isakmp_num.cst gdoi_num.cst \
ipsec_fld.fld isakmp_fld.fld gdoi_fld.fld gdoi_app_num.cst
#
# Compilation variables
#
CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP -D_BSD_SOURCE
#
# Generated targets
#
exchange_num.c exchange_num.h: genconstants.sh exchange_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/exchange_num
ipsec_fld.c ipsec_fld.h: genfields.sh ipsec_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/ipsec_fld
ipsec_num.c ipsec_num.h: genconstants.sh ipsec_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/ipsec_num
isakmp_fld.c isakmp_fld.h: genfields.sh isakmp_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/isakmp_fld
isakmp_num.c isakmp_num.h: genconstants.sh isakmp_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/isakmp_num
gdoi_fld.c gdoi_fld.h: genfields.sh gdoi_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/gdoi_fld
gdoi_num.c gdoi_num.h: genconstants.sh gdoi_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/gdoi_num
#
# Extra sources to add based on the results of running "configure".
#
if USE_AGGRESSIVE
gdoid_SOURCES+= ike_aggressive.c
endif
if USE_LIBCRYPTO
gdoid_SOURCES+= x509.c
CFLAGS+= -DUSE_LIBCRYPTO -DUSE_X509
CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL
endif
if HAVE_PF_KEY_V2
gdoid_SOURCES+= pf_key_v2.c key_api.c
CFLAGS+= -DUSE_PF_KEY_V2
endif
if GDOI_APP_SUPPORT
noinst_HEADERS+= gdoi_app_client.h
gdoid_SOURCES+= gdoi_app_client.c
BUILT_C_FILES+= gdoi_app_num.c
BUILT_H_FILES+= gdoi_app_num.h
CFLAGS+= -DGDOI_APP_SUPPORT
CLEANFILES+= gdoi_app_num.c gdoi_app_num.h
EXTRA_DIST+= gdoi_app_num.cst
gdoi_app_num.c gdoi_app_num.h: genconstants.sh gdoi_app_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/gdoi_app_num
endif
if SRTP_SUPPORT
noinst_HEADERS+= gdoi_srtp_attr.h gdoi_srtp_protos.h gdoi_srtp.h
BUILT_C_FILES+= srtp_num.c
BUILT_H_FILES+= srtp_num.h
gdoid_SOURCES+= gdoi_srtp.c
CFLAGS+= -DSRTP_SUPPORT
CLEANFILES+= srtp_num.c srtp_num.h
EXTRA_DIST+= srtp_num.cst
srtp_num.c srtp_num.h: genconstants.sh srtp_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/srtp_num
endif
if IEC90_5_SUPPORT
noinst_HEADERS+= gdoi_iec90_5.h gdoi_iec90_5_protos.h gdoi_app_iec90_5_attr.h
BUILT_C_FILES+= iec90_5_num.c iec90_5_fld.c
BUILT_H_FILES+= iec90_5_num.h iec90_5_fld.h
gdoid_SOURCES+= gdoi_iec90_5.c
CFLAGS+= -DIEC90_5_SUPPORT
CLEANFILES+= iec90_5_num.c iec90_5_fld.c iec90_5_num.h iec90_5_fld.h
EXTRA_DIST+= iec90_5_num.cst iec90_5_fld.fld
iec90_5_num.c iec90_5_num.h: genconstants.sh iec90_5_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/iec90_5_num
iec90_5_fld.c iec90_5_fld.h: genfields.sh iec90_5_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/iec90_5_fld
endif
#
# Extra rules
#
install-data-local:
${mkinstalldirs} /etc/gdoid
${mkinstalldirs} /etc/gdoid/ca
#
# Remove generated .h and .c files from the distribution.
#
dist-hook:
(cd ${distdir}; rm -f ${BUILT_SOURCES})

820
src/Makefile.in Normal file
View file

@ -0,0 +1,820 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# $Id: Makefile.am,v 1.3.4.3 2011/12/12 23:15:28 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Makefile.am,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2002 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
#
# Makefile.am for gdoid.
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = gdoid$(EXEEXT)
#
# Extra sources to add based on the results of running "configure".
#
@USE_AGGRESSIVE_TRUE@am__append_1 = ike_aggressive.c
@USE_LIBCRYPTO_TRUE@am__append_2 = x509.c
@USE_LIBCRYPTO_TRUE@am__append_3 = -DUSE_LIBCRYPTO -DUSE_X509 \
@USE_LIBCRYPTO_TRUE@ -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL
@HAVE_PF_KEY_V2_TRUE@am__append_4 = pf_key_v2.c key_api.c
@HAVE_PF_KEY_V2_TRUE@am__append_5 = -DUSE_PF_KEY_V2
@GDOI_APP_SUPPORT_TRUE@am__append_6 = gdoi_app_client.h
@GDOI_APP_SUPPORT_TRUE@am__append_7 = gdoi_app_client.c
@GDOI_APP_SUPPORT_TRUE@am__append_8 = gdoi_app_num.c
@GDOI_APP_SUPPORT_TRUE@am__append_9 = gdoi_app_num.h
@GDOI_APP_SUPPORT_TRUE@am__append_10 = -DGDOI_APP_SUPPORT
@GDOI_APP_SUPPORT_TRUE@am__append_11 = gdoi_app_num.c gdoi_app_num.h
@GDOI_APP_SUPPORT_TRUE@am__append_12 = gdoi_app_num.cst
@SRTP_SUPPORT_TRUE@am__append_13 = gdoi_srtp_attr.h gdoi_srtp_protos.h gdoi_srtp.h
@SRTP_SUPPORT_TRUE@am__append_14 = srtp_num.c
@SRTP_SUPPORT_TRUE@am__append_15 = srtp_num.h
@SRTP_SUPPORT_TRUE@am__append_16 = gdoi_srtp.c
@SRTP_SUPPORT_TRUE@am__append_17 = -DSRTP_SUPPORT
@SRTP_SUPPORT_TRUE@am__append_18 = srtp_num.c srtp_num.h
@SRTP_SUPPORT_TRUE@am__append_19 = srtp_num.cst
@IEC90_5_SUPPORT_TRUE@am__append_20 = gdoi_iec90_5.h gdoi_iec90_5_protos.h gdoi_app_iec90_5_attr.h
@IEC90_5_SUPPORT_TRUE@am__append_21 = iec90_5_num.c iec90_5_fld.c
@IEC90_5_SUPPORT_TRUE@am__append_22 = iec90_5_num.h iec90_5_fld.h
@IEC90_5_SUPPORT_TRUE@am__append_23 = gdoi_iec90_5.c
@IEC90_5_SUPPORT_TRUE@am__append_24 = -DIEC90_5_SUPPORT
@IEC90_5_SUPPORT_TRUE@am__append_25 = iec90_5_num.c iec90_5_fld.c iec90_5_num.h iec90_5_fld.h
@IEC90_5_SUPPORT_TRUE@am__append_26 = iec90_5_num.cst iec90_5_fld.fld
subdir = src
DIST_COMMON = $(am__noinst_HEADERS_DIST) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man5dir)" \
"$(DESTDIR)$(man8dir)"
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am__gdoid_SOURCES_DIST = exchange_num.c ipsec_num.c isakmp_num.c \
gdoi_num.c ipsec_fld.c isakmp_fld.c gdoi_fld.c gdoi_app_num.c \
srtp_num.c iec90_5_num.c iec90_5_fld.c udp.c app.c attribute.c \
cert.c connection.c constants.c conf.c cookie.c crypto.c dh.c \
doi.c exchange.c field.c gmp_util.c hash.c if.c ike_auth.c \
ike_aggressive.c ike_main_mode.c ike_phase_1.c init.c ipsec.c \
isakmpd.c isakmp_doi.c libcrypto.c log.c message.c math_2n.c \
math_ec2n.c math_group.c prf.c sa.c timer.c transport.c ui.c \
util.c gdoi_phase2.c gdoi_doi.c gdoi_rekey.c x509.c \
pf_key_v2.c key_api.c gdoi_app_client.c gdoi_srtp.c \
gdoi_iec90_5.c
@GDOI_APP_SUPPORT_TRUE@am__objects_1 = gdoi_app_num.$(OBJEXT)
@SRTP_SUPPORT_TRUE@am__objects_2 = srtp_num.$(OBJEXT)
@IEC90_5_SUPPORT_TRUE@am__objects_3 = iec90_5_num.$(OBJEXT) \
@IEC90_5_SUPPORT_TRUE@ iec90_5_fld.$(OBJEXT)
am__objects_4 = exchange_num.$(OBJEXT) ipsec_num.$(OBJEXT) \
isakmp_num.$(OBJEXT) gdoi_num.$(OBJEXT) ipsec_fld.$(OBJEXT) \
isakmp_fld.$(OBJEXT) gdoi_fld.$(OBJEXT) $(am__objects_1) \
$(am__objects_2) $(am__objects_3)
@USE_AGGRESSIVE_TRUE@am__objects_5 = ike_aggressive.$(OBJEXT)
@USE_LIBCRYPTO_TRUE@am__objects_6 = x509.$(OBJEXT)
@HAVE_PF_KEY_V2_TRUE@am__objects_7 = pf_key_v2.$(OBJEXT) \
@HAVE_PF_KEY_V2_TRUE@ key_api.$(OBJEXT)
@GDOI_APP_SUPPORT_TRUE@am__objects_8 = gdoi_app_client.$(OBJEXT)
@SRTP_SUPPORT_TRUE@am__objects_9 = gdoi_srtp.$(OBJEXT)
@IEC90_5_SUPPORT_TRUE@am__objects_10 = gdoi_iec90_5.$(OBJEXT)
am_gdoid_OBJECTS = $(am__objects_4) udp.$(OBJEXT) app.$(OBJEXT) \
attribute.$(OBJEXT) cert.$(OBJEXT) connection.$(OBJEXT) \
constants.$(OBJEXT) conf.$(OBJEXT) cookie.$(OBJEXT) \
crypto.$(OBJEXT) dh.$(OBJEXT) doi.$(OBJEXT) exchange.$(OBJEXT) \
field.$(OBJEXT) gmp_util.$(OBJEXT) hash.$(OBJEXT) if.$(OBJEXT) \
ike_auth.$(OBJEXT) ike_aggressive.$(OBJEXT) \
ike_main_mode.$(OBJEXT) ike_phase_1.$(OBJEXT) init.$(OBJEXT) \
ipsec.$(OBJEXT) isakmpd.$(OBJEXT) isakmp_doi.$(OBJEXT) \
libcrypto.$(OBJEXT) log.$(OBJEXT) message.$(OBJEXT) \
math_2n.$(OBJEXT) math_ec2n.$(OBJEXT) math_group.$(OBJEXT) \
prf.$(OBJEXT) sa.$(OBJEXT) timer.$(OBJEXT) transport.$(OBJEXT) \
ui.$(OBJEXT) util.$(OBJEXT) gdoi_phase2.$(OBJEXT) \
gdoi_doi.$(OBJEXT) gdoi_rekey.$(OBJEXT) $(am__objects_5) \
$(am__objects_6) $(am__objects_7) $(am__objects_8) \
$(am__objects_9) $(am__objects_10)
gdoid_OBJECTS = $(am_gdoid_OBJECTS)
gdoid_LDADD = $(LDADD)
DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
am__depfiles_maybe = depfiles
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = $(gdoid_SOURCES)
DIST_SOURCES = $(am__gdoid_SOURCES_DIST)
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(man_MANS)
am__noinst_HEADERS_DIST = app.h attribute.h cert.h conf.h connection.h \
constants.h cookie.h crypto.h dh.h doi.h dyn.h exchange.h \
field.h gdoi.h gdoi_phase2.h gmp_util.h hash.h if.h \
ike_aggressive.h ike_auth.h ike_main_mode.h ike_phase_1.h \
init.h ipsec.h ipsec_doi.h isakmp.h isakmp_doi.h libcrypto.h \
log.h math_2n.h math_ec2n.h math_group.h math_mp.h message.h \
pcap.h pf_encap.h pf_key_v2.h prf.h sa.h sysdep.h timer.h \
transport.h udp.h ui.h util.h x509.h gdoi_app_client.h \
gdoi_srtp_attr.h gdoi_srtp_protos.h gdoi_srtp.h gdoi_iec90_5.h \
gdoi_iec90_5_protos.h gdoi_app_iec90_5_attr.h
HEADERS = $(noinst_HEADERS)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
#
# Compilation variables
#
CFLAGS = @CFLAGS@ -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP -D_BSD_SOURCE \
$(am__append_3) $(am__append_5) $(am__append_10) \
$(am__append_17) $(am__append_24)
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
BUILT_C_FILES = exchange_num.c ipsec_num.c isakmp_num.c gdoi_num.c \
ipsec_fld.c isakmp_fld.c gdoi_fld.c $(am__append_8) \
$(am__append_14) $(am__append_21)
BUILT_H_FILES = exchange_num.h ipsec_num.h isakmp_num.h gdoi_num.h \
ipsec_fld.h isakmp_fld.h gdoi_fld.h $(am__append_9) \
$(am__append_15) $(am__append_22)
BUILT_SOURCES = ${BUILT_C_FILES} ${BUILT_H_FILES}
noinst_HEADERS = app.h attribute.h cert.h conf.h connection.h \
constants.h cookie.h crypto.h dh.h doi.h dyn.h exchange.h \
field.h gdoi.h gdoi_phase2.h gmp_util.h hash.h if.h \
ike_aggressive.h ike_auth.h ike_main_mode.h ike_phase_1.h \
init.h ipsec.h ipsec_doi.h isakmp.h isakmp_doi.h libcrypto.h \
log.h math_2n.h math_ec2n.h math_group.h math_mp.h message.h \
pcap.h pf_encap.h pf_key_v2.h prf.h sa.h sysdep.h timer.h \
transport.h udp.h ui.h util.h x509.h $(am__append_6) \
$(am__append_13) $(am__append_20)
gdoid_SOURCES = ${BUILT_C_FILES} udp.c app.c attribute.c cert.c \
connection.c constants.c conf.c cookie.c crypto.c dh.c doi.c \
exchange.c field.c gmp_util.c hash.c if.c ike_auth.c \
ike_aggressive.c ike_main_mode.c ike_phase_1.c init.c ipsec.c \
isakmpd.c isakmp_doi.c libcrypto.c log.c message.c math_2n.c \
math_ec2n.c math_group.c prf.c sa.c timer.c transport.c ui.c \
util.c gdoi_phase2.c gdoi_doi.c gdoi_rekey.c $(am__append_1) \
$(am__append_2) $(am__append_4) $(am__append_7) \
$(am__append_16) $(am__append_23)
man_MANS = gdoid.8 gdoid.conf.5
CLEANFILES = exchange_num.c exchange_num.h ipsec_num.c ipsec_num.h \
isakmp_num.c isakmp_num.h ipsec_fld.c ipsec_fld.h isakmp_fld.c \
isakmp_fld.h gdoi_fld.c gdoi_fld.h gdoi_num.c gdoi_num.h \
$(am__append_11) $(am__append_18) $(am__append_25)
DISTCLEANFILES = cscope.files cscope.out
EXTRA_DIST = ${man_MANS} genconstants.sh genfields.sh exchange_num.cst \
ipsec_num.cst isakmp_num.cst gdoi_num.cst ipsec_fld.fld \
isakmp_fld.fld gdoi_fld.fld gdoi_app_num.cst $(am__append_12) \
$(am__append_19) $(am__append_26)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
.SUFFIXES: .c .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign src/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_PROGRAMS)'; for p in $$list; do \
p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
if test -f $$p \
; then \
f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
$(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
rm -f "$(DESTDIR)$(bindir)/$$f"; \
done
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
gdoid$(EXEEXT): $(gdoid_OBJECTS) $(gdoid_DEPENDENCIES)
@rm -f gdoid$(EXEEXT)
$(LINK) $(gdoid_OBJECTS) $(gdoid_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connection.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constants.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cookie.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/doi.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exchange.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exchange_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/field.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_app_client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_app_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_doi.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_fld.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_iec90_5.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_phase2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_rekey.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdoi_srtp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gmp_util.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iec90_5_fld.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iec90_5_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/if.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_aggressive.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_main_mode.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_phase_1.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipsec.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipsec_fld.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipsec_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/isakmp_doi.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/isakmp_fld.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/isakmp_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/isakmpd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key_api.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/math_2n.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/math_ec2n.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/math_group.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pf_key_v2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srtp_num.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transport.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ui.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
install-man5: $(man5_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
5*) ;; \
*) ext='5' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
done
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
5*) ;; \
*) ext='5' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
done
install-man8: $(man8_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
8*) ;; \
*) ext='8' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
done
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
8*) ;; \
*) ext='8' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
done
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(PROGRAMS) $(MANS) $(HEADERS)
installdirs:
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am
clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
info: info-am
info-am:
install-data-am: install-data-local install-man
install-dvi: install-dvi-am
install-exec-am: install-binPROGRAMS
install-html: install-html-am
install-info: install-info-am
install-man: install-man5 install-man8
install-pdf: install-pdf-am
install-ps: install-ps-am
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-binPROGRAMS uninstall-man
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
clean-generic ctags dist-hook distclean distclean-compile \
distclean-generic distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-binPROGRAMS \
install-data install-data-am install-data-local install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-man5 install-man8 install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-man \
uninstall-man5 uninstall-man8
#
# Generated targets
#
exchange_num.c exchange_num.h: genconstants.sh exchange_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/exchange_num
ipsec_fld.c ipsec_fld.h: genfields.sh ipsec_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/ipsec_fld
ipsec_num.c ipsec_num.h: genconstants.sh ipsec_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/ipsec_num
isakmp_fld.c isakmp_fld.h: genfields.sh isakmp_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/isakmp_fld
isakmp_num.c isakmp_num.h: genconstants.sh isakmp_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/isakmp_num
gdoi_fld.c gdoi_fld.h: genfields.sh gdoi_fld.fld
/bin/sh ${srcdir}/genfields.sh ${srcdir}/gdoi_fld
gdoi_num.c gdoi_num.h: genconstants.sh gdoi_num.cst
/bin/sh ${srcdir}/genconstants.sh ${srcdir}/gdoi_num
@GDOI_APP_SUPPORT_TRUE@gdoi_app_num.c gdoi_app_num.h: genconstants.sh gdoi_app_num.cst
@GDOI_APP_SUPPORT_TRUE@ /bin/sh ${srcdir}/genconstants.sh ${srcdir}/gdoi_app_num
@SRTP_SUPPORT_TRUE@srtp_num.c srtp_num.h: genconstants.sh srtp_num.cst
@SRTP_SUPPORT_TRUE@ /bin/sh ${srcdir}/genconstants.sh ${srcdir}/srtp_num
@IEC90_5_SUPPORT_TRUE@iec90_5_num.c iec90_5_num.h: genconstants.sh iec90_5_num.cst
@IEC90_5_SUPPORT_TRUE@ /bin/sh ${srcdir}/genconstants.sh ${srcdir}/iec90_5_num
@IEC90_5_SUPPORT_TRUE@iec90_5_fld.c iec90_5_fld.h: genfields.sh iec90_5_fld.fld
@IEC90_5_SUPPORT_TRUE@ /bin/sh ${srcdir}/genfields.sh ${srcdir}/iec90_5_fld
#
# Extra rules
#
install-data-local:
${mkinstalldirs} /etc/gdoid
${mkinstalldirs} /etc/gdoid/ca
#
# Remove generated .h and .c files from the distribution.
#
dist-hook:
(cd ${distdir}; rm -f ${BUILT_SOURCES})
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

71
src/app.c Normal file
View file

@ -0,0 +1,71 @@
/* $Id: app.c,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/app.c,v $ */
/* $OpenBSD: app.c,v 1.6 1999/05/01 20:43:42 niklas Exp $ */
/* $EOM: app.c,v 1.6 1999/05/01 20:21:06 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
/*
* XXX This is just a wrapper module for now. Later we might handle many
* applications simultaneously but right now, we assume one system-dependent
* one only.
*/
#include "sysdep.h"
#include "app.h"
#include "log.h"
int app_socket;
/* Set this to not get any applications setup. */
int app_none = 0;
/* Initialize applications. */
void
app_init ()
{
if (app_none)
return;
app_socket = sysdep_app_open ();
if (app_socket == -1)
log_fatal ("app_init: cannot open connection to application");
}
void
app_handler ()
{
sysdep_app_handler (app_socket);
}

50
src/app.h Normal file
View file

@ -0,0 +1,50 @@
/* $Id: app.h,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/app.h,v $ */
/* $OpenBSD: app.h,v 1.5 1999/04/19 19:54:54 niklas Exp $ */
/* $EOM: app.h,v 1.4 1999/04/02 00:58:16 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _APP_H_
#define _APP_H_
extern int app_socket;
extern int app_none;
extern void app_conf_init_hook (void);
extern void app_handler (void);
extern void app_init (void);
#endif /* _APP_H_ */

123
src/attribute.c Normal file
View file

@ -0,0 +1,123 @@
/* $Id: attribute.c,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/attribute.c,v $ */
/* $OpenBSD: attribute.c,v 1.8 2000/02/25 17:23:38 niklas Exp $ */
/* $EOM: attribute.c,v 1.10 2000/02/20 19:58:36 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/types.h>
#include <string.h>
#include "sysdep.h"
#include "attribute.h"
#include "conf.h"
#include "log.h"
#include "isakmp.h"
#include "util.h"
u_int8_t *
attribute_set_basic (u_int8_t *buf, u_int16_t type, u_int16_t value)
{
SET_ISAKMP_ATTR_TYPE (buf, ISAKMP_ATTR_MAKE (1, type));
SET_ISAKMP_ATTR_LENGTH_VALUE (buf, value);
return buf + ISAKMP_ATTR_VALUE_OFF;
}
u_int8_t *
attribute_set_var (u_int8_t *buf, u_int16_t type, u_int8_t *value,
u_int16_t len)
{
SET_ISAKMP_ATTR_TYPE (buf, ISAKMP_ATTR_MAKE (0, type));
SET_ISAKMP_ATTR_LENGTH_VALUE (buf, len);
memcpy (buf + ISAKMP_ATTR_VALUE_OFF, value, len);
return buf + ISAKMP_ATTR_VALUE_OFF + len;
}
/*
* Execute a function FUNC taking an attribute type, value, length and ARG
* as arguments for each attribute in the area of ISAKMP attributes located
* at BUF, sized SZ. If any invocation fails, the processing aborts with a
* -1 return value. If all goes well return zero.
*/
int
attribute_map (u_int8_t *buf, size_t sz,
int (*func) (u_int16_t, u_int8_t *, u_int16_t, void *),
void *arg)
{
u_int8_t *attr;
int fmt;
u_int16_t type;
u_int8_t *value;
u_int16_t len;
for (attr = buf; attr < buf + sz; attr = value + len)
{
if (attr + ISAKMP_ATTR_VALUE_OFF > buf + sz)
return -1;
type = GET_ISAKMP_ATTR_TYPE (attr);
fmt = ISAKMP_ATTR_FORMAT (type);
type = ISAKMP_ATTR_TYPE (type);
value
= attr + (fmt ? ISAKMP_ATTR_LENGTH_VALUE_OFF : ISAKMP_ATTR_VALUE_OFF);
len = (fmt ? ISAKMP_ATTR_LENGTH_VALUE_LEN
: GET_ISAKMP_ATTR_LENGTH_VALUE (attr));
if (value + len > buf + sz)
return -1;
if (func (type, value, len, arg))
return -1;
}
return 0;
}
int
attribute_set_constant (char *section, char *tag, struct constant_map *map,
int attr_class, u_int8_t **attr)
{
char *name;
int value;
name = conf_get_str (section, tag);
if (!name)
{
LOG_DBG ((LOG_MISC, 70,
"attribute_set_constant: no %s in the %s section", tag,
section));
return -1;
}
value = constant_value (map, name);
*attr = attribute_set_basic (*attr, attr_class, value);
return 0;
}

56
src/attribute.h Normal file
View file

@ -0,0 +1,56 @@
/* $Id: attribute.h,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/attribute.h,v $ */
/* $OpenBSD: attribute.h,v 1.3 1998/11/17 11:10:07 niklas Exp $ */
/* $EOM: attribute.h,v 1.2 1998/09/29 21:51:07 niklas Exp $ */
/*
* Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _ATTRIBUTE_H_
#define _ATTRIBUTE_H_
#include <sys/types.h>
struct constant_map;
extern int attribute_map (u_int8_t *, size_t,
int (*) (u_int16_t, u_int8_t *, u_int16_t, void *),
void *);
extern u_int8_t *attribute_set_basic (u_int8_t *, u_int16_t, u_int16_t);
extern int attribute_set_constant (char *, char *, struct constant_map *,
int, u_int8_t **);
extern u_int8_t *attribute_set_var (u_int8_t *, u_int16_t, u_int8_t *,
u_int16_t);
#endif /* _ATTRIBUTE_H_ */

139
src/cert.c Normal file
View file

@ -0,0 +1,139 @@
/* $Id: cert.c,v 1.4 2003/10/14 22:40:24 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/cert.c,v $ */
/* $OpenBSD: cert.c,v 1.16 2000/10/07 06:57:08 niklas Exp $ */
/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
* Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/param.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "sysdep.h"
#include "isakmp_num.h"
#include "log.h"
#include "cert.h"
#ifdef USE_X509
#include "x509.h"
#include <openssl/ssl.h>
#endif
struct cert_handler cert_handler[] = {
#ifdef USE_X509
{
ISAKMP_CERTENC_X509_SIG,
x509_cert_init, x509_cert_get, x509_cert_validate,
x509_cert_insert, x509_cert_free,
x509_certreq_validate, x509_certreq_decode, x509_free_aca,
x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects
},
#endif
};
/* Initialize all certificate handlers */
int
cert_init (void)
{
int i, err = 1;
for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ())
err = 0;
return err;
}
struct cert_handler *
cert_get (u_int16_t id)
{
int i;
for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
if (id == cert_handler[i].id)
return &cert_handler[i];
return 0;
}
/* Decode a CERTREQ and return a parsed structure. */
struct certreq_aca *
certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen)
{
struct cert_handler *handler;
struct certreq_aca aca, *ret;
handler = cert_get (type);
if (!handler)
return 0;
aca.id = type;
aca.handler = handler;
if (datalen > 0)
{
aca.data = handler->certreq_decode (data, datalen);
if (!aca.data)
return 0;
}
else
aca.data = 0;
ret = malloc (sizeof aca);
if (!ret)
{
log_error ("certreq_decode: malloc (%d) failed", sizeof aca);
handler->free_aca (aca.data);
return 0;
}
memcpy (ret, &aca, sizeof aca);
return ret;
}
void
cert_free_subjects (int n, u_int8_t **id, u_int32_t *len)
{
int i;
for (i = 0; i < n; i++)
free (id[i]);
free (id);
free (len);
}

88
src/cert.h Normal file
View file

@ -0,0 +1,88 @@
/* $Id: cert.h,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/cert.h,v $ */
/* $OpenBSD: cert.h,v 1.6 2000/10/07 06:57:08 niklas Exp $ */
/* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
* Copyright (c) 2000 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _CERT_H_
#define _CERT_H_
#include <sys/param.h>
#include <sys/types.h>
#include <sys/queue.h>
/*
* CERT handler for each kind of certificate:
*
* cert_init - Initialize CERT handler - called only once
* cert_get - Get a certificate in internal representation from raw data
* cert_validate - validated a certificate, if it returns != 0 we can use it.
* cert_insert - inserts cert into memory storage, we can retrieve with
* cert_obtain.
*/
struct cert_handler {
u_int16_t id; /* ISAKMP Cert Encoding ID */
int (*cert_init) (void);
void *(*cert_get) (u_int8_t *, u_int32_t);
int (*cert_validate) (void *);
int (*cert_insert) (int, void *);
void (*cert_free) (void *);
int (*certreq_validate) (u_int8_t *, u_int32_t);
void *(*certreq_decode) (u_int8_t *, u_int32_t);
void (*free_aca) (void *);
int (*cert_obtain) (u_int8_t *, size_t, void *, u_int8_t **, u_int32_t *);
int (*cert_get_key) (void *, void *);
int (*cert_get_subjects) (void *, int *, u_int8_t ***, u_int32_t **);
};
/* the acceptable authority of cert request */
struct certreq_aca {
TAILQ_ENTRY (certreq_aca) link;
u_int16_t id;
struct cert_handler *handler;
void *data; /* if NULL everything is acceptable */
};
struct certreq_aca *certreq_decode (u_int16_t, u_int8_t *, u_int32_t);
void cert_free_subjects (int, u_int8_t **, u_int32_t *);
struct cert_handler *cert_get (u_int16_t);
int cert_init (void);
#endif /* _CERT_H_ */

1019
src/conf.c Normal file
View file

File diff suppressed because it is too large Load diff

98
src/conf.h Normal file
View file

@ -0,0 +1,98 @@
/* $Id: conf.h,v 1.3 2003/08/15 23:24:03 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/conf.h,v $ */
/* $OpenBSD: conf.h,v 1.14 2001/01/27 12:03:31 niklas Exp $ */
/* $EOM: conf.h,v 1.13 2000/09/18 00:01:47 ho Exp $ */
/*
* Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
* Copyright (c) 2000 Håkan Olsson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _CONF_H_
#define _CONF_H_
#include <sys/types.h>
#include <sys/queue.h>
#include <stdio.h>
#define CONFIG_FILE "/etc/gdoid/gdoid.conf"
/* Default values for autogenerated part of our configuration. */
#define CONF_DFLT_TAG_LIFE_MAIN_MODE "LIFE_MAIN_MODE"
#define CONF_DFLT_TYPE_LIFE_MAIN_MODE "SECONDS"
#define CONF_DFLT_VAL_LIFE_MAIN_MODE "3600,60:86400"
#define CONF_DFLT_TAG_LIFE_QUICK_MODE "LIFE_QUICK_MODE"
#define CONF_DFLT_TYPE_LIFE_QUICK_MODE "SECONDS"
#define CONF_DFLT_VAL_LIFE_QUICK_MODE "1200,60:86400"
#define CONF_DFLT_VAL_BLF_KEYLEN "128,96:192"
#define CONF_DFLT_RETRANSMITS "3"
#define CONF_DFLT_EXCH_MAX_TIME "120"
#define CONF_DFLT_X509_CA_DIR "/etc/gdoid/ca/"
#define CONF_DFLT_X509_CERT_DIR "/etc/gdoid/certs/"
#define CONF_DFLT_X509_PRIVATE_KEY "/etc/gdoid/private/local.key"
#define CONF_DFLT_KEYNOTE_CRED_DIR "/etc/gdoid/keynote/"
struct conf_list_node {
TAILQ_ENTRY (conf_list_node) link;
char *field;
};
struct conf_list {
int cnt;
TAILQ_HEAD (conf_list_fields_head, conf_list_node) fields;
};
extern char *conf_path;
extern int conf_begin (void);
extern int conf_decode_base64 (u_int8_t *out, u_int32_t *len, u_char *buf);
extern int conf_end (int, int);
extern void conf_free_list (struct conf_list *);
extern int conf_get_line (FILE *, char *, u_int32_t);
extern struct conf_list *conf_get_list (char *, char *);
extern struct conf_list *conf_get_tag_list (char *);
extern int conf_get_num (char *, char *, int);
extern char *conf_get_str (char *, char *);
extern void conf_init (void);
extern int conf_match_num (char *, char *, int);
extern void conf_reinit (void);
extern int conf_remove (int, char *, char *);
extern int conf_remove_section (int, char *);
extern int conf_set (int, char *, char *, char *, int, int);
extern void conf_report (void);
#endif /* _CONF_H_ */

618
src/connection.c Normal file
View file

@ -0,0 +1,618 @@
/* $Id: connection.c,v 1.6.2.1 2011/10/18 03:26:54 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/connection.c,v $ */
/* $OpenBSD: connection.c,v 1.17 2001/03/14 21:13:24 tholo Exp $ */
/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
* Copyright (c) 1999 Hakan Olsson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/queue.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <string.h>
#include "sysdep.h"
#include "conf.h"
#include "connection.h"
#include "doi.h"
#include "ipsec.h"
#include "gdoi_phase2.h"
/* XXX isakmp.h only required for compare_ids(). */
#include "isakmp.h"
#include "log.h"
#include "timer.h"
#include "util.h"
/* How often should we check that connections we require to be up, are up? */
#define CHECK_INTERVAL 60
struct connection
{
TAILQ_ENTRY (connection) link;
char *name;
struct event *ev;
};
struct connection_passive
{
TAILQ_ENTRY (connection_passive) link;
char *name;
u_int8_t *local_id, *remote_id, *group_id;
size_t local_sz, remote_sz, group_sz;
#if 0
/* XXX Potential additions to 'connection_passive'. */
char *isakmp_peer;
struct sa *sa; /* XXX "Soft" ref to active sa? */
struct timeval sa_expiration; /* XXX *sa may expire. */
#endif
};
TAILQ_HEAD (connection_head, connection) connections;
TAILQ_HEAD (passive_head, connection_passive) connections_passive;
/*
* This is where we setup all the connections we want there right from the
* start.
*/
void
connection_init ()
{
struct conf_list *conns, *attrs;
struct conf_list_node *conn, *attr = NULL;
/*
* Passive connections normally include: all "active" connections that
* are not flagged "Active-Only", plus all connections listed in
* the 'Passive-Connections' list.
*/
TAILQ_INIT (&connections);
TAILQ_INIT (&connections_passive);
conns = conf_get_list ("Phase 2", "Connections");
if (conns)
{
for (conn = TAILQ_FIRST (&conns->fields); conn;
conn = TAILQ_NEXT (conn, link))
{
if (connection_setup (conn->field))
log_print ("connection_init: could not setup \"%s\"", conn->field);
/* XXX Break/abort here if connection_setup failed? */
/*
* XXX This code (i.e. the attribute lookup) seems like a
* likely candidate for factoring out into a function of its
* own.
*/
attrs = conf_get_list (conn->field, "Flags");
if (attrs)
for (attr = TAILQ_FIRST (&attrs->fields); attr;
attr = TAILQ_NEXT (attr, link))
if (strcasecmp ("active-only", attr->field) == 0)
break;
if (!attrs || (attrs && !attr))
if (connection_record_passive (conn->field))
log_print ("connection_init: could not record "
"connection \"%s\"", conn->field);
if (attrs)
conf_free_list (attrs);
}
conf_free_list (conns);
}
conns = conf_get_list ("Phase 2", "Passive-Connections");
if (conns)
{
for (conn = TAILQ_FIRST (&conns->fields); conn;
conn = TAILQ_NEXT (conn, link))
if (connection_record_passive (conn->field))
log_print ("connection_init: could not record passive "
"connection \"%s\"", conn->field);
conf_free_list (conns);
}
}
/* Check the connection in VCONN and schedule another check later. */
static void
connection_checker (void *vconn)
{
struct timeval now;
struct connection *conn = vconn;
gettimeofday (&now, 0);
now.tv_sec += conf_get_num ("General", "check-interval", CHECK_INTERVAL);
conn->ev
= timer_add_event ("connection_checker", connection_checker, conn, &now);
if (!conn->ev)
log_print ("connection_checker: could not add timer event");
sysdep_connection_check (conn->name);
}
/* Find the connection named NAME. */
static struct connection *
connection_lookup (char *name)
{
struct connection *conn;
for (conn = TAILQ_FIRST (&connections); conn; conn = TAILQ_NEXT (conn, link))
if (strcasecmp (conn->name, name) == 0)
return conn;
return 0;
}
/* Does the connection named NAME exist? */
int
connection_exist (char *name)
{
return (connection_lookup (name) != NULL);
}
/* Find the passive connection named NAME. */
static struct connection_passive *
connection_passive_lookup_by_name (char *name)
{
struct connection_passive *conn;
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
if (strcasecmp (conn->name, name) == 0)
return conn;
return 0;
}
/*
* IDs of different types cannot be the same.
* XXX Rename to ipsec_compare_id, and move to ipsec.c ?
*/
int
compare_ids (u_int8_t *id1, u_int8_t *id2, size_t idlen)
{
int id1_type, id2_type;
id1_type = GET_ISAKMP_ID_TYPE (id1);
id2_type = GET_ISAKMP_ID_TYPE (id2);
return id1_type == id2_type
? memcmp (id1 + ISAKMP_ID_DATA_OFF, id2 + ISAKMP_ID_DATA_OFF,
idlen - ISAKMP_ID_DATA_OFF) : -1;
}
/* Find the connection named with matching IDs. */
char *
connection_passive_lookup_by_ids (u_int8_t *id1, u_int8_t *id2)
{
struct connection_passive *conn;
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
if (conn->remote_id == NULL)
continue;
/*
* If both IDs match what we have saved, return the name. Don't bother
* in which order they are.
*/
if ((compare_ids (id1, conn->local_id, conn->local_sz) == 0
&& compare_ids (id2, conn->remote_id, conn->remote_sz) == 0)
|| (compare_ids (id1, conn->remote_id, conn->remote_sz) == 0
&& compare_ids (id2, conn->local_id, conn->local_sz) == 0))
{
LOG_DBG ((LOG_MISC, 60,
"connection_passive_lookup_by_ids: returned \"%s\"",
conn->name));
return conn->name;
}
}
/* In the road warrior case, we do not know the remote ID. In that
* case we will just match against the local ID.
*/
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
if (conn->remote_id != NULL)
continue;
if (compare_ids (id1, conn->local_id, conn->local_sz) == 0
|| compare_ids (id2, conn->local_id, conn->local_sz) == 0)
{
LOG_DBG ((LOG_MISC, 60,
"connection passive_lookup_by_ids: returned \"%s\""
" only matched local id", conn->name));
return conn->name;
}
}
LOG_DBG ((LOG_MISC, 60,
"connection_passive_lookup_by_ids: no match"));
return 0;
}
/* Find the connection named with matching group ID. */
char *
connection_passive_lookup_by_group_id (u_int8_t *id1)
{
struct connection_passive *conn;
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
/*
* If the group ID matches what we have saved, return the name.
*/
if (compare_ids (id1, conn->group_id, conn->group_sz) == 0)
{
LOG_DBG ((LOG_MISC, 60,
"connection_passive_lookup_by_group_id: returned \"%s\"",
conn->name));
return conn->name;
}
}
LOG_DBG ((LOG_MISC, 60,
"connection_passive_lookup_by_group_id: no match"));
return 0;
}
/*
* Setup NAME to be a connection that should be up "always", i.e. if it dies,
* for whatever reason, it should be tried to be brought up, over and over
* again.
*/
int
connection_setup (char *name)
{
struct connection *conn = 0;
struct timeval now;
/* Check for trials to add duplicate connections. */
if (connection_lookup (name))
{
LOG_DBG ((LOG_MISC, 10, "connection_setup: cannot add \"%s\" twice",
name));
return 0;
}
conn = calloc (1, sizeof *conn);
if (!conn)
{
log_error ("connection_setup: calloc (1, %d) failed", sizeof *conn);
goto fail;
}
conn->name = strdup (name);
if (!conn->name)
{
log_error ("connection_setup: strdup (\"%s\") failed", name);
goto fail;
}
gettimeofday (&now, 0);
conn->ev
= timer_add_event ("connection_checker", connection_checker, conn, &now);
if (!conn->ev)
{
log_print ("connection_setup: could not add timer event");
goto fail;
}
TAILQ_INSERT_TAIL (&connections, conn, link);
return 0;
fail:
if (conn)
{
if (conn->name)
free (conn->name);
free (conn);
}
return -1;
}
int
connection_record_passive_ipsec (char *name, char *local_id, char *remote_id)
{
struct connection_passive *conn;
local_id = conf_get_str (name, "Local-ID");
if (!local_id)
{
log_print ("connection_record_passive: "
"\"Local-ID\" is missing from section [%s]",
name);
return -1;
}
/* If the remote id lookup fails we defer it to later */
remote_id = conf_get_str (name, "Remote-ID");
conn = calloc (1, sizeof *conn);
if (!conn)
{
log_error ("connection_record_passive: calloc (1, %d) failed",
sizeof *conn);
return -1;
}
conn->name = strdup (name);
if (!conn->name)
{
log_error ("connection_record_passive: strdup (\"%s\") failed", name);
goto fail;
}
/* XXX IPSec DOI-specific. */
conn->local_id = ipsec_build_id (local_id, &conn->local_sz);
if (!conn->local_id)
goto fail;
if (remote_id)
{
conn->remote_id = ipsec_build_id (remote_id, &conn->remote_sz);
if (!conn->remote_id)
goto fail;
}
else
conn->remote_id = NULL;
TAILQ_INSERT_TAIL (&connections_passive, conn, link);
LOG_DBG ((LOG_MISC, 60,
"connection_record_passive: passive connection \"%s\" "
"added", conn->name));
return 0;
fail:
if (conn->local_id)
free (conn->local_id);
if (conn->name)
free (conn->name);
free (conn);
return -1;
}
int
connection_record_passive_gdoi (char *name, char *group_id)
{
struct connection_passive *conn;
conn = calloc (1, sizeof *conn);
if (!conn)
{
log_error ("connection_record_passive: calloc (1, %d) failed",
sizeof *conn);
return -1;
}
conn->name = strdup (name);
if (!conn->name)
{
log_error ("connection_record_passive: strdup (\"%s\") failed", name);
goto fail;
}
conn->group_id = group_build_id (group_id, &conn->group_sz);
if (!conn->group_id)
goto fail;
TAILQ_INSERT_TAIL (&connections_passive, conn, link);
LOG_DBG ((LOG_MISC, 60,
"connection_record_passive: passive connection \"%s\" "
"added", conn->name));
return 0;
fail:
if (conn->group_id)
free (conn->group_id);
if (conn->name)
free (conn->name);
free (conn);
return -1;
}
int
connection_record_passive (char *name)
{
if (connection_passive_lookup_by_name (name))
{
LOG_DBG ((LOG_MISC, 10,
"connection_record_passive: cannot add \"%s\" twice",
name));
return 0;
}
if (connection_record_passive_gdoi (name, name))
{
log_print ("connection_record_passive: "
"\"ID-type\" missing from section [%s]", name);
return -1;
}
return 0;
}
/* Remove the connection named NAME. */
void
connection_teardown (char *name)
{
struct connection *conn;
conn = connection_lookup (name);
if (!conn)
return;
TAILQ_REMOVE (&connections, conn, link);
timer_remove_event (conn->ev);
free (conn->name);
free (conn);
}
/* Remove the passive connection named NAME. */
void
connection_passive_teardown (char *name)
{
struct connection_passive *conn;
conn = connection_passive_lookup_by_name (name);
if (!conn)
return;
TAILQ_REMOVE (&connections_passive, conn, link);
free (conn->name);
free (conn->local_id);
free (conn->remote_id);
free (conn);
}
void
connection_report (void)
{
struct connection *conn;
struct timeval now;
#ifdef USE_DEBUG
struct connection_passive *pconn;
struct doi *doi = doi_lookup (ISAKMP_DOI_ISAKMP);
#endif
gettimeofday (&now, 0);
for (conn = TAILQ_FIRST (&connections); conn; conn = TAILQ_NEXT (conn, link))
LOG_DBG ((LOG_REPORT, 0,
"connection_report: connection %s next check %ld seconds",
(conn->name ? conn->name : "<unnamed>"),
conn->ev->expiration.tv_sec - now.tv_sec));
#ifdef USE_DEBUG
for (pconn = TAILQ_FIRST (&connections_passive); pconn;
pconn = TAILQ_NEXT (pconn, link))
LOG_DBG ((LOG_REPORT, 0,
"connection_report: passive connection %s %s", pconn->name,
doi->decode_ids ("local_id: %s, remote_id: %s",
pconn->local_id, pconn->local_sz,
pconn->remote_id, pconn->remote_sz, 1)));
#endif
}
/* Reinitialize all connections (SIGHUP handling). */
void
connection_reinit (void)
{
struct connection *conn, *next;
struct connection_passive *pconn, *pnext;
LOG_DBG ((LOG_MISC, 30,
"connection_reinit: reinitializing connection list"));
/* Remove all present connections. */
for (conn = TAILQ_FIRST (&connections); conn; conn = next)
{
next = TAILQ_NEXT (conn, link);
connection_teardown (conn->name);
}
for (pconn = TAILQ_FIRST (&connections_passive); pconn; pconn = pnext)
{
pnext = TAILQ_NEXT (pconn, link);
connection_passive_teardown (pconn->name);
}
/* Setup new connections, as the (new) config directs. */
connection_init ();
}

120
src/connection.h Normal file
View file

@ -0,0 +1,120 @@
/* $Id: connection.h,v 1.2.4.1 2011/10/18 03:26:54 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/connection.h,v $ */
/* $OpenBSD: connection.h,v 1.3 1999/07/07 22:12:20 niklas Exp $ */
/* $EOM: connection.h,v 1.6 1999/06/07 00:10:48 ho Exp $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
* Copyright (c) 1999 Hakan Olsson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
/*
* The connection module deals with connections that should always be up.
*/
#ifndef _CONNECTION_H_
#define _CONNECTION_H_
#include <sys/types.h>
extern int connection_exist (char *);
extern void connection_init (void);
extern char *connection_passive_lookup_by_ids (u_int8_t *, u_int8_t *);
extern char *connection_passive_lookup_by_group_id (u_int8_t *);
extern void connection_reinit (void);
extern void connection_report (void);
extern int connection_setup (char *);
extern int connection_record_passive (char *);
extern void connection_teardown (char *);
#endif /* _CONNECTION_H_ */

109
src/constants.c Normal file
View file

@ -0,0 +1,109 @@
/* $Id: constants.c,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/constants.c,v $ */
/* $OpenBSD: constants.c,v 1.6 1999/04/19 19:54:53 niklas Exp $ */
/* $EOM: constants.c,v 1.7 1999/04/02 00:57:31 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <stdio.h>
#include <string.h>
#include "sysdep.h"
#include "constants.h"
int
constant_value (struct constant_map *map, char *name)
{
struct constant_map *entry = map;
for (entry = map; entry->name; entry++)
if (strcasecmp (entry->name, name) == 0)
return entry->value;
return 0;
}
char *
constant_lookup (struct constant_map *map, int value)
{
struct constant_map *entry = map;
for (entry = map; entry->name; entry++)
if (entry->value == value)
return entry->name;
return 0;
}
struct constant_map *
constant_link_lookup (struct constant_map *map, int value)
{
struct constant_map *entry = map;
for (entry = map; entry->name; entry++)
if (entry->value == value)
return entry->link;
return 0;
}
char *
constant_name (struct constant_map *map, int value)
{
static char tmp[32]; /* XXX Ugly, I know. */
char *retval = constant_lookup (map, value);
if (!retval)
{
snprintf (tmp, 32, "<Unknown %d>", value);
return tmp;
}
return retval;
}
char *
constant_name_maps (struct constant_map **maps, int value)
{
static char tmp[32]; /* XXX Ugly, I know. */
char *retval;
struct constant_map **map;
for (map = maps; *map; map++)
{
retval = constant_lookup (*map, value);
if (retval)
return retval;
}
snprintf (tmp, 32, "<Unknown %d>", value);
return tmp;
}

55
src/constants.h Normal file
View file

@ -0,0 +1,55 @@
/* $Id: constants.h,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/constants.h,v $ */
/* $OpenBSD: constants.h,v 1.4 1998/11/20 07:34:06 niklas Exp $ */
/* $EOM: constants.h,v 1.5 1998/11/20 07:17:01 niklas Exp $ */
/*
* Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _CONSTANTS_H_
#define _CONSTANTS_H_
struct constant_map {
int value;
char *name;
struct constant_map *link;
};
struct constant_map *constant_link_lookup (struct constant_map *, int);
extern char *constant_lookup (struct constant_map *, int);
extern char *constant_name (struct constant_map *, int);
extern char *constant_name_maps (struct constant_map **, int);
extern int constant_value (struct constant_map *, char *);
#endif /* _CONSTANTS_H_ */

132
src/cookie.c Normal file
View file

@ -0,0 +1,132 @@
/* $Id: cookie.c,v 1.4 2007/03/21 20:02:55 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/cookie.c,v $ */
/* $OpenBSD: cookie.c,v 1.6 1999/08/05 22:40:37 niklas Exp $ */
/* $EOM: cookie.c,v 1.21 1999/08/05 15:00:04 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <string.h>
#include "sysdep.h"
#include "cookie.h"
#include "exchange.h"
#include "hash.h"
#include "log.h"
#include "timer.h"
#include "transport.h"
#include "util.h"
#define COOKIE_EVENT_FREQ 360
#define COOKIE_SECRET_SIZE 16
void cookie_secret_reset (void);
u_int8_t cookie_secret[COOKIE_SECRET_SIZE];
/*
* Generate an anti-clogging token (a protection against an attacker forcing
* us to keep state for a flood of connection requests) a.k.a. a cookie
* at BUF, LEN bytes long. The cookie will be generated by hashing of
* information found, among otherplaces, in transport T and exchange
* EXCHANGE.
*/
void
cookie_gen (struct transport *t, struct exchange *exchange, u_int8_t *buf,
size_t len)
{
struct hash* hash = hash_get (HASH_SHA1);
struct sockaddr *name;
int name_len;
hash->Init (hash->ctx);
(*t->vtbl->get_dst) (t, &name, &name_len);
hash->Update (hash->ctx, (u_int8_t *)name, name_len);
(*t->vtbl->get_src) (t, &name, &name_len);
hash->Update (hash->ctx, (u_int8_t *)name, name_len);
if (exchange->initiator)
{
u_int8_t tmpsecret[COOKIE_SECRET_SIZE];
getrandom (tmpsecret, COOKIE_SECRET_SIZE);
hash->Update (hash->ctx, tmpsecret, COOKIE_SECRET_SIZE);
}
else
{
hash->Update (hash->ctx, exchange->cookies + ISAKMP_HDR_ICOOKIE_OFF,
ISAKMP_HDR_ICOOKIE_LEN);
hash->Update (hash->ctx, cookie_secret, COOKIE_SECRET_SIZE);
}
hash->Final ((unsigned char *)hash->digest, hash->ctx);
memcpy (buf, hash->digest, len);
}
/*
* Reset the secret which is used for the responder cookie.
* As responder we do not want to keep state in the cookie
* exchange, which means when the cookie secret is reset,
* our cookie response has timed out.
*/
void
cookie_secret_reset (void)
{
getrandom (cookie_secret, COOKIE_SECRET_SIZE);
}
/*
* Handle the cookie reset event, and reschedule with timer.
*/
void
cookie_reset_event (void *arg)
{
struct timeval now;
cookie_secret_reset ();
gettimeofday (&now, 0);
now.tv_sec += COOKIE_EVENT_FREQ;
timer_add_event ("cookie_reset_event", cookie_reset_event, arg, &now);
}
void
cookie_init (void)
{
/* Start responder cookie resets. */
cookie_reset_event (0);
}

54
src/cookie.h Normal file
View file

@ -0,0 +1,54 @@
/* $Id: cookie.h,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/cookie.h,v $ */
/* $OpenBSD: cookie.h,v 1.3 1998/11/17 11:10:09 niklas Exp $ */
/* $EOM: cookie.h,v 1.5 1998/08/05 09:21:43 niklas Exp $ */
/*
* Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _COOKIE_H_
#define _COOKIE_H_
#include <sys/types.h>
#include <sys/socket.h>
struct exchange;
struct transport;
extern void cookie_gen (struct transport *, struct exchange *, u_int8_t *,
size_t);
extern void cookie_init (void);
extern void cookie_reset_event (void *);
#endif /* _COOKIE_H_ */

307
src/crypto.c Normal file
View file

@ -0,0 +1,307 @@
/* $Id: crypto.c,v 1.4 2007/03/21 20:02:56 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/crypto.c,v $ */
/* $OpenBSD: crypto.c,v 1.11 2001/02/24 04:42:48 angelos Exp $ */
/* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */
/*
* Copyright (c) 1998 Niels Provos. All rights reserved.
* Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/param.h>
#include <stdlib.h>
#include <string.h>
#include "sysdep.h"
#include "crypto.h"
#include "log.h"
enum cryptoerr des1_init (struct keystate *, u_int8_t *, u_int16_t);
enum cryptoerr des3_init (struct keystate *, u_int8_t *, u_int16_t);
enum cryptoerr aes128_init (struct keystate *, u_int8_t *, u_int16_t);
enum cryptoerr blf_init (struct keystate *, u_int8_t *, u_int16_t);
enum cryptoerr cast_init (struct keystate *, u_int8_t *, u_int16_t);
void des1_encrypt (struct keystate *, u_int8_t *, u_int16_t);
void des1_decrypt (struct keystate *, u_int8_t *, u_int16_t);
void des3_encrypt (struct keystate *, u_int8_t *, u_int16_t);
void des3_decrypt (struct keystate *, u_int8_t *, u_int16_t);
void aes128_encrypt (struct keystate *, u_int8_t *, u_int16_t);
void aes128_decrypt (struct keystate *, u_int8_t *, u_int16_t);
void blf_encrypt (struct keystate *, u_int8_t *, u_int16_t);
void blf_decrypt (struct keystate *, u_int8_t *, u_int16_t);
void cast1_encrypt (struct keystate *, u_int8_t *, u_int16_t);
void cast1_decrypt (struct keystate *, u_int8_t *, u_int16_t);
struct crypto_xf transforms[] = {
#ifdef USE_DES
{
DES_CBC, "Data Encryption Standard (CBC-Mode)", 8, 8, BLOCKSIZE, 0,
des1_init,
des1_encrypt, des1_decrypt
},
#endif
#ifdef USE_TRIPLEDES
{
TRIPLEDES_CBC, "Triple-DES (CBC-Mode)", 24, 24, BLOCKSIZE, 0,
des3_init,
des3_encrypt, des3_decrypt
},
#endif
{
AES_CBC_128, "128-bit AES (CBC-Mode)", 16, 16, AES128_BLOCKSIZE, 0,
aes128_init,
aes128_encrypt, aes128_decrypt
},
};
#define DC (void *)
enum cryptoerr
des1_init (struct keystate *ks, u_int8_t *key, u_int16_t len)
{
/* des_set_key returns -1 for parity problems, and -2 for weak keys */
des_set_odd_parity (DC key);
switch (des_set_key (DC key, ks->ks_des[0]))
{
case -2:
return EWEAKKEY;
default:
return EOKAY;
}
}
void
des1_encrypt (struct keystate *ks, u_int8_t *d, u_int16_t len)
{
des_cbc_encrypt (DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_ENCRYPT);
}
void
des1_decrypt (struct keystate *ks, u_int8_t *d, u_int16_t len)
{
des_cbc_encrypt (DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_DECRYPT);
}
#ifdef USE_TRIPLEDES
enum cryptoerr
des3_init (struct keystate *ks, u_int8_t *key, u_int16_t len)
{
des_set_odd_parity (DC key);
des_set_odd_parity (DC (key + 8));
des_set_odd_parity (DC (key + 16));
/* As of the draft Tripe-DES does not check for weak keys */
des_set_key (DC key, ks->ks_des[0]);
des_set_key (DC (key + 8), ks->ks_des[1]);
des_set_key (DC (key + 16), ks->ks_des[2]);
return EOKAY;
}
void
des3_encrypt (struct keystate *ks, u_int8_t *data, u_int16_t len)
{
u_int8_t iv[MAXBLK];
memcpy (iv, ks->riv, ks->xf->blocksize);
des_ede3_cbc_encrypt (DC data, DC data, len, ks->ks_des[0], ks->ks_des[1],
ks->ks_des[2], DC iv, DES_ENCRYPT);
}
void
des3_decrypt (struct keystate *ks, u_int8_t *data, u_int16_t len)
{
u_int8_t iv[MAXBLK];
memcpy (iv, ks->riv, ks->xf->blocksize);
des_ede3_cbc_encrypt (DC data, DC data, len, ks->ks_des[0], ks->ks_des[1],
ks->ks_des[2], DC iv, DES_DECRYPT);
}
#undef DC
#endif /* USE_TRIPLEDES */
enum cryptoerr
aes128_init (struct keystate *ks, u_int8_t *key, u_int16_t len)
{
AES_set_encrypt_key(key, 128, &ks->ks_aes[0]);
AES_set_decrypt_key(key, 128, &ks->ks_aes[1]);
return EOKAY;
}
void
aes128_encrypt (struct keystate *ks, u_int8_t *data, u_int16_t len)
{
u_int8_t iv[MAXBLK];
memcpy (iv, ks->riv, ks->xf->blocksize);
AES_cbc_encrypt((unsigned char *) data, (unsigned char *) data, len,
&ks->ks_aes[0], iv, AES_ENCRYPT);
}
void
aes128_decrypt (struct keystate *ks, u_int8_t *data, u_int16_t len)
{
u_int8_t iv[MAXBLK];
memcpy (iv, ks->riv, ks->xf->blocksize);
AES_cbc_encrypt((unsigned char *) data, (unsigned char *) data, len,
&ks->ks_aes[1], iv, AES_DECRYPT);
}
struct crypto_xf *
crypto_get (enum transform id)
{
int i;
for (i = 0; i < sizeof transforms / sizeof transforms[0]; i++)
if (id == transforms[i].id)
return &transforms[i];
return 0;
}
struct keystate *
crypto_init (struct crypto_xf *xf, u_int8_t *key, u_int16_t len,
enum cryptoerr *err)
{
struct keystate *ks;
if (len < xf->keymin || len > xf->keymax)
{
LOG_DBG ((LOG_CRYPTO, 10, "crypto_init: invalid key length %d", len));
*err = EKEYLEN;
return 0;
}
ks = calloc (1, sizeof *ks);
if (!ks)
{
log_error ("crypto_init: calloc (1, %d) failed", sizeof *ks);
*err = ENOCRYPTO;
return 0;
}
ks->xf = xf;
/* Setup the IV. */
ks->riv = ks->iv;
ks->liv = ks->iv2;
LOG_DBG_BUF ((LOG_CRYPTO, 40, "crypto_init: key", key, len));
*err = xf->init (ks, key, len);
if (*err != EOKAY)
{
LOG_DBG ((LOG_CRYPTO, 30, "crypto_init: weak key found for %s",
xf->name));
free (ks);
return 0;
}
return ks;
}
void
crypto_update_iv (struct keystate *ks)
{
u_int8_t *tmp;
tmp = ks->riv;
ks->riv = ks->liv;
ks->liv = tmp;
LOG_DBG_BUF ((LOG_CRYPTO, 50, "crypto_update_iv: updated IV", ks->riv,
ks->xf->blocksize));
}
void
crypto_init_iv (struct keystate *ks, u_int8_t *buf, size_t len)
{
memcpy (ks->riv, buf, len);
LOG_DBG_BUF ((LOG_CRYPTO, 50, "crypto_update_iv: initialized IV", ks->riv,
len));
}
void
crypto_encrypt (struct keystate *ks, u_int8_t *buf, u_int16_t len)
{
LOG_DBG_BUF ((LOG_CRYPTO, 10, "crypto_encrypt: before encryption", buf,
len));
ks->xf->encrypt (ks, buf, len);
memcpy (ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize);
LOG_DBG_BUF ((LOG_CRYPTO, 30, "crypto_encrypt: after encryption", buf,
len));
}
void
crypto_decrypt (struct keystate *ks, u_int8_t *buf, u_int16_t len)
{
LOG_DBG_BUF ((LOG_CRYPTO, 10, "crypto_decrypt: before decryption", buf,
len));
/*
* XXX There is controversy about the correctness of updating the IV
* like this.
*/
memcpy (ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize);
ks->xf->decrypt (ks, buf, len);;
LOG_DBG_BUF ((LOG_CRYPTO, 30, "crypto_decrypt: after decryption", buf,
len));
}
/* Make a copy of the keystate pointed to by OKS. */
struct keystate *
crypto_clone_keystate (struct keystate *oks)
{
struct keystate *ks;
ks = malloc (sizeof *ks);
if (!ks)
{
log_error ("crypto_clone_keystate: malloc (%d) failed", sizeof *ks);
return 0;
}
memcpy (ks, oks, sizeof *ks);
if (oks->riv == oks->iv)
{
ks->riv = ks->iv;
ks->liv = ks->iv2;
}
else
{
ks->riv = ks->iv2;
ks->liv = ks->iv;
}
return ks;
}

148
src/crypto.h Normal file
View file

@ -0,0 +1,148 @@
/* $Id: crypto.h,v 1.4 2007/03/21 20:02:56 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/crypto.h,v $ */
/* $OpenBSD: crypto.h,v 1.4 2000/10/16 23:28:04 niklas Exp $ */
/* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $ */
/*
* Copyright (c) 1998 Niels Provos. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _CRYPTO_H_
#define _CRYPTO_H_
#include <openssl/des.h>
#include <openssl/aes.h>
#define USE_32BIT
#if defined (USE_64BIT)
#define XOR64(x,y) *(u_int64_t *)(x) ^= *(u_int64_t *)(y);
#define SET64(x,y) *(u_int64_t *)(x) = *(u_int64_t *)(y);
#elif defined (USE_32BIT)
#define XOR64(x,y) *(u_int32_t *)(x) ^= *(u_int32_t *)(y); \
*(u_int32_t *)((u_int8_t *)(x) + 4) ^= *(u_int32_t *)((u_int8_t *)(y) + 4);
#define SET64(x,y) *(u_int32_t *)(x) = *(u_int32_t *)(y); \
*(u_int32_t *)((u_int8_t *)(x) + 4) = *(u_int32_t *)((u_int8_t *)(y) + 4);
#else
#define XOR8(x,y,i) (x)[i] ^= (y)[i];
#define XOR64(x,y) XOR8(x,y,0); XOR8(x,y,1); XOR8(x,y,2); XOR8(x,y,3); \
XOR8(x,y,4); XOR8(x,y,5); XOR8(x,y,6); XOR8(x,y,7);
#define SET8(x,y,i) (x)[i] = (y)[i];
#define SET64(x,y) SET8(x,y,0); SET8(x,y,1); SET8(x,y,2); SET8(x,y,3); \
SET8(x,y,4); SET8(x,y,5); SET8(x,y,6); SET8(x,y,7);
#endif /* USE_64BIT */
#define SET_32BIT_BIG(x,y) (x)[3]= (y); (x)[2]= (y) >> 8; \
(x)[1] = (y) >> 16; (x)[0]= (y) >> 24;
#define GET_32BIT_BIG(x) (u_int32_t)(x)[3] | ((u_int32_t)(x)[2] << 8) | \
((u_int32_t)(x)[1] << 16)| ((u_int32_t)(x)[0] << 24);
/*
* This is standard for all block ciphers we use at the moment.
* Theoretically this could increase in future, e.g. for TwoFish.
* Keep MAXBLK uptodate
*/
#define BLOCKSIZE 8
#define AES128_BLOCKSIZE 16
#define MAXBLK AES128_BLOCKSIZE
struct keystate {
struct crypto_xf *xf; /* Back pointer */
u_int16_t ebytes; /* Number of encrypted bytes */
u_int16_t dbytes; /* Number of decrypted bytes */
time_t life; /* Creation time */
u_int8_t iv[MAXBLK]; /* Next IV to use */
u_int8_t iv2[MAXBLK];
u_int8_t *riv, *liv;
union {
des_key_schedule desks[3];
AES_KEY aeskey[2]; /* [0] for encryption, [1] for decryption */
} keydata;
};
#define ks_des keydata.desks
#define ks_aes keydata.aeskey
/*
* Information about the cryptotransform.
*
* XXX - In regards to the IV (Initialization Vector) the drafts are
* completly fucked up and specify a MUST as how it is derived, so
* we also have to provide for that. I just don't know where.
* Furthermore is this enum needed at all? It seems to be Oakley IDs
* only anyhow, and we already have defines for that in ipsec_doi.h.
*/
enum transform {
DES_CBC=1, /* This is a MUST */
IDEA_CBC=2, /* Licensed, DONT use */
BLOWFISH_CBC=3,
RC5_R16_B64_CBC=4, /* Licensed, DONT use */
TRIPLEDES_CBC=5, /* This is a SHOULD */
CAST_CBC=6,
AES_CBC_128=7,
};
enum cryptoerr {
EOKAY, /* No error */
ENOCRYPTO, /* A none crypto related error, see errno */
EWEAKKEY, /* A weak key was found in key setup */
EKEYLEN, /* The key length was invalid for the cipher */
};
struct crypto_xf {
enum transform id; /* Oakley ID */
char *name; /* Transform Name */
u_int16_t keymin, keymax; /* Possible Keying Bytes */
u_int16_t blocksize; /* Need to keep IV in the state */
struct keystate *state; /* Key information, can also be passed sep. */
enum cryptoerr (*init) (struct keystate *, u_int8_t *, u_int16_t);
void (*encrypt) (struct keystate *, u_int8_t *, u_int16_t);
void (*decrypt) (struct keystate *, u_int8_t *, u_int16_t);
};
extern struct keystate *crypto_clone_keystate (struct keystate *);
extern void crypto_decrypt (struct keystate *, u_int8_t *, u_int16_t);
extern void crypto_encrypt (struct keystate *, u_int8_t *, u_int16_t);
extern struct crypto_xf *crypto_get (enum transform);
extern struct keystate *crypto_init (struct crypto_xf *, u_int8_t *,
u_int16_t, enum cryptoerr *);
extern void crypto_init_iv (struct keystate *, u_int8_t *, size_t);
extern void crypto_update_iv (struct keystate *);
#endif /* _CRYPTO_H_ */

90
src/dh.c Normal file
View file

@ -0,0 +1,90 @@
/* $Id: dh.c,v 1.2 2002/05/10 04:25:11 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/dh.c,v $ */
/* $OpenBSD: dh.c,v 1.6 2001/04/09 22:09:51 ho Exp $ */
/* $EOM: dh.c,v 1.5 1999/04/17 23:20:22 niklas Exp $ */
/*
* Copyright (c) 1998 Niels Provos. All rights reserved.
* Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/param.h>
#include "sysdep.h"
#include "math_group.h"
#include "dh.h"
#include "log.h"
/*
* Returns the length of our exchange value.
*/
int
dh_getlen (struct group *group)
{
return group->getlen (group);
}
/*
* Creates the exchange value we are offering to the other party.
* Each time this function is called a new value is created, that
* means the application has to save the exchange value itself,
* dh_create_exchange should only be called once.
*/
int
dh_create_exchange (struct group *group, u_int8_t *buf)
{
if (group->setrandom (group, group->c))
return -1;
if (group->operation (group, group->a, group->gen, group->c))
return -1;
group->getraw (group, group->a, buf);
return 0;
}
/*
* Creates the Diffie-Hellman shared secret in 'secret', where 'exchange'
* is the exchange value offered by the other party. No length verification
* is done for the value, the application has to do that.
*/
int
dh_create_shared (struct group *group, u_int8_t *secret, u_int8_t *exchange)
{
if (group->setraw (group, group->b, exchange, group->getlen (group)))
return -1;
if (group->operation (group, group->a, group->b, group->c))
return -1;
group->getraw (group, group->a, secret);
return 0;
}

51
src/dh.h Normal file
View file

@ -0,0 +1,51 @@
/* $Id: dh.h,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/dh.h,v $ */
/* $OpenBSD: dh.h,v 1.4 1999/04/19 21:22:49 niklas Exp $ */
/* $EOM: dh.h,v 1.4 1999/04/17 23:20:24 niklas Exp $ */
/*
* Copyright (c) 1998 Niels Provos. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _DH_H_
#define _DH_H_
#include <sys/types.h>
struct group;
int dh_getlen (struct group *);
int dh_create_exchange (struct group *, u_int8_t *);
int dh_create_shared (struct group *, u_int8_t *, u_int8_t *);
#endif /* _DH_H_ */

70
src/doi.c Normal file
View file

@ -0,0 +1,70 @@
/* $Id: doi.c,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/doi.c,v $ */
/* $OpenBSD: doi.c,v 1.5 1999/04/19 19:54:53 niklas Exp $ */
/* $EOM: doi.c,v 1.4 1999/04/02 00:57:36 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/param.h>
#include "sysdep.h"
#include "doi.h"
static LIST_HEAD (doi_list, doi) doi_tab;
void
doi_init ()
{
LIST_INIT (&doi_tab);
}
struct doi *
doi_lookup (u_int8_t doi_id)
{
struct doi *doi;
for (doi = LIST_FIRST (&doi_tab); doi && doi->id != doi_id;
doi = LIST_NEXT (doi, link))
;
return doi;
}
void
doi_register (struct doi *doi)
{
LIST_INSERT_HEAD (&doi_tab, doi, link);
}

110
src/doi.h Normal file
View file

@ -0,0 +1,110 @@
/* $Id: doi.h,v 1.6 2011/10/18 02:53:59 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/doi.h,v $ */
/* $OpenBSD: doi.h,v 1.9 2000/08/03 07:23:00 niklas Exp $ */
/* $EOM: doi.h,v 1.29 2000/07/02 18:47:15 provos Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _DOI_H_
#define _DOI_H_
#ifndef NULL
#define NULL ((void *)0)
#endif
#include <sys/types.h>
#include <sys/queue.h>
struct exchange;
struct keystate;
struct message;
struct payload;
struct proto;
struct sa;
/* XXX This structure needs per-field commenting. */
struct doi {
LIST_ENTRY (doi) link;
u_int8_t id;
/* Size of DOI-specific exchange data. */
size_t exchange_size;
/* Size of DOI-specific security association data. */
size_t sa_size;
/* Size of DOI-specific protocol data. */
size_t proto_size;
#ifdef USE_DEBUG
int (*debug_attribute) (u_int16_t, u_int8_t *, u_int16_t, void *);
#endif
void (*delete_spi) (struct sa *, struct proto *, int);
u_int16_t *(*exchange_script) (u_int8_t);
void (*finalize_exchange) (struct message *);
void (*free_exchange_data) (void *);
void (*free_proto_data) (void *);
void (*free_sa_data) (void *);
struct keystate *(*get_keystate) (struct message *);
u_int8_t *(*get_spi) (size_t *, u_int8_t, struct message *);
int (*handle_leftover_payload) (struct message *, u_int8_t,
struct payload *);
int (*informational_post_hook) (struct message *);
int (*informational_pre_hook) (struct message *);
int (*is_attribute_incompatible) (u_int16_t, u_int8_t *, u_int16_t, void *);
void (*proto_init) (struct proto *, char *);
void (*setup_situation) (u_int8_t *);
size_t (*situation_size) (void);
u_int8_t (*spi_size) (u_int8_t);
int (*validate_attribute) (u_int16_t, u_int8_t *, u_int16_t, void *);
int (*validate_exchange) (u_int8_t);
int (*validate_id_information) (u_int8_t, u_int8_t *, u_int8_t *, size_t,
struct exchange *);
int (*validate_key_information) (u_int8_t *, size_t);
int (*validate_notification) (u_int16_t);
int (*validate_proto) (u_int8_t);
int (*validate_situation) (u_int8_t *, size_t *);
int (*validate_transform_id) (u_int8_t, u_int8_t);
int (*initiator) (struct message *msg);
int (*responder) (struct message *msg);
char *(*decode_ids) (char *, u_int8_t *, size_t, u_int8_t *, size_t, int);
void (*postprocess_sa) (struct sa *);
};
extern void doi_init (void);
extern struct doi *doi_lookup (u_int8_t);
extern void doi_register (struct doi *);
#endif /* _DOI_H_ */

57
src/dyn.h Normal file
View file

@ -0,0 +1,57 @@
/* $Id: dyn.h,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/dyn.h,v $ */
/* $OpenBSD: dyn.h,v 1.1 1999/08/28 11:54:55 niklas Exp $ */
/* $EOM: dyn.h,v 1.1 1999/08/12 22:34:27 niklas Exp $ */
/*
* Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _DYN_H_
#define _DYN_H_
#ifdef SYMBOL_PREFIX
#define SYM(x) SYMBOL_PREFIX #x
#else
#define SYM(x) #x
#endif
struct dynload_script {
enum { LOAD, SYM, EOS } op;
char *name;
void **ptr;
};
int dyn_load (struct dynload_script *);
#endif /* _DYN_H_ */

1834
src/exchange.c Normal file
View file

File diff suppressed because it is too large Load diff

215
src/exchange.h Normal file
View file

@ -0,0 +1,215 @@
/* $Id: exchange.h,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/exchange.h,v $ */
/* $OpenBSD: exchange.h,v 1.18 2001/02/24 03:59:55 angelos Exp $ */
/* $EOM: exchange.h,v 1.28 2000/09/28 12:54:28 niklas Exp $ */
/*
* Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _EXCHANGE_H_
#define _EXCHANGE_H_
#include <sys/param.h>
#include <sys/types.h>
#include <sys/queue.h>
#include "exchange_num.h"
#include "isakmp.h"
/* Remove an exchange if it has not been fully negotiated in this time. */
#define EXCHANGE_MAX_TIME 120
struct crypto_xf;
struct certreq_aca;
struct doi;
struct event;
struct keystate;
struct message;
struct payload;
struct transport;
struct sa;
struct exchange {
/* Link to exchanges with the same hash value. */
LIST_ENTRY (exchange) link;
/* A name of the SAs this exchange will result in. XXX non unique? */
char *name;
/* A name of the major policy deciding offers and acceptable proposals. */
char *policy;
/*
* A function with a polymorphic argument called after the exchange
* has been run to its end, successfully. The 2nd argument is true
* if the finalization hook is called due to the exchange not running
* to its end normally.
*/
void (*finalize) (struct exchange *, void *, int);
void *finalize_arg;
/* When several SA's are being negotiated we keep them here. */
TAILQ_HEAD (sa_head, sa) sa_list;
/*
* The event that will occur when it has taken too long time to try to
* run the exchange and which will trigger auto-destruction.
*/
struct event *death;
/*
* Both initiator and responder cookies.
* XXX For code clarity we might split this into two fields.
*/
u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN];
/* The message ID signifying phase 2 exchanges. */
u_int8_t message_id[ISAKMP_HDR_MESSAGE_ID_LEN];
/* The exchange type we are using. */
u_int8_t type;
/* Phase is 1 for ISAKMP SA exchanges, and 2 for application ones. */
u_int8_t phase;
/* The "step counter" of the exchange, starting from zero. */
u_int8_t step;
/* 1 if we are the initiator, 0 if we are the responder. */
u_int8_t initiator;
/* Various flags, look below for descriptions. */
u_int32_t flags;
/* The DOI that is to handle DOI-specific issues for this exchange. */
struct doi *doi;
/*
* A "program counter" into the script that validate message contents for
* this exchange.
*/
int16_t *exch_pc;
/* The last message received, used for checking for duplicates. */
struct message *last_received;
/* The last message sent, to be acked when something new is received. */
struct message *last_sent;
/*
* If some message is queued up for sending, we want to be able to remove
* it from the queue, when the exchange is deleted.
*/
struct message *in_transit;
/*
* Initiator's & responder's nonces respectively, with lengths.
* XXX Should this be in the DOI-specific parts instead?
*/
u_int8_t *nonce_i;
size_t nonce_i_len;
u_int8_t *nonce_r;
size_t nonce_r_len;
/* The ID payload contents for the initiator & responder, respectively. */
u_int8_t *id_i;
size_t id_i_len;
u_int8_t *id_r;
size_t id_r_len;
/* Policy session identifier, where applicable */
int policy_id;
/* Crypto info needed to encrypt/decrypt packets in this exchange. */
struct crypto_xf *crypto;
int key_length;
struct keystate *keystate;
/*
* Received certificate - used to verify signatures on packet,
* stored here for later policy processing.
* a type of ISAKMP_CERTENC_NONE implies pre-shared key.
*/
int recv_certtype, recv_certlen;
void *recv_cert;
void *recv_key;
/* ACQUIRE sequence number */
u_int32_t seq;
/* XXX This is no longer necessary, it is covered by policy. */
/* Acceptable authorities for cert requests */
TAILQ_HEAD (aca_head, certreq_aca) aca_list;
/* DOI-specific opaque data. */
void *data;
};
/* The flag bits. */
#define EXCHANGE_FLAG_I_COMMITTED 1
#define EXCHANGE_FLAG_HE_COMMITTED 2
#define EXCHANGE_FLAG_COMMITTED (EXCHANGE_FLAG_I_COMMITTED \
| EXCHANGE_FLAG_HE_COMMITTED)
#define EXCHANGE_FLAG_ENCRYPT 4
extern int exchange_add_certs (struct message *);
extern void exchange_finalize (struct message *);
extern void exchange_free (struct exchange *);
extern void exchange_free_aca_list (struct exchange *);
extern void exchange_establish (char *name,
void (*) (struct exchange *, void *, int),
void *);
extern void exchange_establish_p1 (struct transport *, u_int8_t, u_int32_t,
char *, void *,
void (*) (struct exchange *, void *, int),
void *);
extern void exchange_establish_p2 (struct sa *, u_int8_t, char *, void *,
void (*) (struct exchange *, void *, int),
void *);
extern int exchange_gen_nonce (struct message *, size_t);
extern void exchange_init (void);
extern struct exchange *exchange_lookup (u_int8_t *, int);
extern struct exchange *exchange_lookup_by_name (char *, int);
extern struct exchange *exchange_lookup_from_icookie (u_int8_t *);
extern void exchange_report (void);
extern void exchange_run (struct message *);
extern int exchange_save_nonce (struct message *);
extern int exchange_save_certreq (struct message *);
extern u_int16_t *exchange_script (struct exchange *);
extern struct exchange *exchange_setup_p1 (struct message *, u_int32_t);
extern struct exchange *exchange_setup_p2 (struct message *, u_int8_t);
extern void exchange_upgrade_p1 (struct message *);
#endif /* _EXCHANGE_H_ */

50
src/exchange_num.cst Normal file
View file

@ -0,0 +1,50 @@
# $Id: exchange_num.cst,v 1.2 2002/05/10 04:25:12 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/exchange_num.cst,v $
# $OpenBSD: exchange_num.cst,v 1.3 1998/11/17 11:10:10 niklas Exp $
# $EOM: exchange_num.cst,v 1.1 1998/08/05 09:23:32 niklas Exp $
#
# Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by Ericsson Radio Systems.
# 4. The name of the author may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# This code was written under funding by Ericsson Radio Systems.
#
# Special exchange script symbols.
EXCHANGE_SCRIPT
# Special type signifying PAYLOAD_HASH or PALOAD_SIG must be present.
AUTH -1
# Special type signifying PAYLOAD_NOTIFY or PALOAD_DELETE must be present.
INFO -2
# Switch roles at this point in the exchange.
SWITCH -3
# End of script
END -4
.

266
src/field.c Normal file
View file

@ -0,0 +1,266 @@
/* $Id: field.c,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/field.c,v $ */
/* $OpenBSD: field.c,v 1.8 2000/02/25 17:23:39 niklas Exp $ */
/* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "sysdep.h"
#include "constants.h"
#include "field.h"
#include "log.h"
#include "util.h"
static char *field_debug_raw (u_int8_t *, size_t, struct constant_map **);
static char *field_debug_num (u_int8_t *, size_t, struct constant_map **);
static char *field_debug_mask (u_int8_t *, size_t, struct constant_map **);
static char *field_debug_ign (u_int8_t *, size_t, struct constant_map **);
static char *field_debug_cst (u_int8_t *, size_t, struct constant_map **);
/* Contents must match the enum in struct field. */
static char *(*decode_field[]) (u_int8_t *, size_t, struct constant_map **) = {
field_debug_raw,
field_debug_num,
field_debug_mask,
field_debug_ign,
field_debug_cst
};
/*
* Return a string showing the hexadecimal contents of the LEN-sized buffer
* BUF. MAPS should be zero and is only here because the API requires it.
*/
static char *
field_debug_raw (u_int8_t *buf, size_t len, struct constant_map **maps)
{
char *retval, *p;
if (len == 0)
return 0;
retval = malloc (3 + len * 2);
if (!retval)
return 0;
strcpy (retval, "0x");
p = retval + 2;
while (len--)
{
sprintf (p, "%02x", *buf++);
p += 2;
}
return retval;
}
/*
* Convert the unsigned LEN-sized number at BUF of network byteorder to a
* 32-bit unsigned integer of host byteorder pointed to by VAL.
*/
static int
extract_val (u_int8_t *buf, size_t len, u_int32_t *val)
{
switch (len)
{
case 1:
*val = *buf;
break;
case 2:
*val = decode_16 (buf);
break;
case 4:
*val = decode_32 (buf);
break;
default:
return -1;
}
return 0;
}
/*
* Return a textual representation of the unsigned number pointed to by BUF
* which is LEN octets long. MAPS should be zero and is only here because
* the API requires it.
*/
static char *
field_debug_num (u_int8_t *buf, size_t len, struct constant_map **maps)
{
char *retval;
u_int32_t val;
if (extract_val (buf, len, &val))
return 0;
/* 3 decimal digits are enough to represent each byte. */
retval = malloc (3 * len);
snprintf (retval, 3 * len, "%u", val);
return retval;
}
/*
* Return the symbolic names of the flags pointed to by BUF which is LEN
* octets long, using the constant maps MAPS.
*/
static char *
field_debug_mask (u_int8_t *buf, size_t len, struct constant_map **maps)
{
u_int32_t val;
u_int32_t bit;
char *retval, *new_buf, *name;
size_t buf_sz;
if (extract_val (buf, len, &val))
return 0;
/* Size for brackets, two spaces and a NUL terminator. */
buf_sz = 4;
retval = malloc (buf_sz);
if (!retval)
return 0;
strcpy (retval, "[ ");
for (bit = 1; bit; bit <<= 1)
{
if (val & bit)
{
name = constant_name_maps (maps, bit);
buf_sz += strlen (name) + 1;
new_buf = realloc (retval, buf_sz);
if (!new_buf)
{
free (retval);
return 0;
}
retval = new_buf;
strcat (retval, name);
strcat (retval, " ");
}
}
strcat (retval, "]");
return retval;
}
/*
* Just a dummy needed to skip the unused LEN sized space at BUF. MAPS
* should be zero and is only here because the API requires it.
*/
static char *
field_debug_ign (u_int8_t *buf, size_t len, struct constant_map **maps)
{
return 0;
}
/*
* Return the symbolic name of a constant pointed to by BUF which is LEN
* octets long, using the constant maps MAPS.
*/
static char *
field_debug_cst (u_int8_t *buf, size_t len, struct constant_map **maps)
{
u_int32_t val;
if (extract_val (buf, len, &val))
return 0;
return strdup (constant_name_maps (maps, val));
}
/* Pretty-print a field from BUF as described by F. */
void
field_dump_field (struct field *f, u_int8_t *buf)
{
char *value;
value = decode_field[(int)f->type] (buf + f->offset, f->len, f->maps);
if (value)
{
LOG_DBG ((LOG_MESSAGE, 70, "%s: %s", f->name, value));
free (value);
}
}
/* Pretty-print all the fields of BUF as described in FIELDS. */
void
field_dump_payload (struct field *fields, u_int8_t *buf)
{
struct field *field;
for (field = fields; field->name; field++)
field_dump_field (field, buf);
}
/* Return the numeric value of the field F of BUF. */
u_int32_t
field_get_num (struct field *f, u_int8_t *buf)
{
u_int32_t val;
if (extract_val (buf + f->offset, f->len, &val))
return 0;
return val;
}
/* Stash the number VAL into BUF's field F. */
void
field_set_num (struct field *f, u_int8_t *buf, u_int32_t val)
{
switch (f->len)
{
case 1:
buf[f->offset] = val;
break;
case 2:
encode_16 (buf + f->offset, val);
break;
case 4:
encode_32 (buf + f->offset, val);
break;
}
}
/* Stash BUF's raw field F into VAL. */
void
field_get_raw (struct field *f, u_int8_t *buf, u_int8_t *val)
{
memcpy (val, buf + f->offset, f->len);
}
/* Stash the buffer VAL into BUF's field F. */
void
field_set_raw (struct field *f, u_int8_t *buf, u_int8_t *val)
{
memcpy (buf + f->offset, val, f->len);
}

60
src/field.h Normal file
View file

@ -0,0 +1,60 @@
/* $Id: field.h,v 1.2 2002/05/10 04:25:12 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/field.h,v $ */
/* $OpenBSD: field.h,v 1.3 1998/11/17 11:10:10 niklas Exp $ */
/* $EOM: field.h,v 1.3 1998/08/02 20:25:01 niklas Exp $ */
/*
* Copyright (c) 1998 Niklas Hallqvist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Ericsson Radio Systems.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#ifndef _FIELD_H_
#define _FIELD_H_
#include <sys/types.h>
struct field {
char *name;
int offset;
size_t len;
enum { raw, num, mask, ign, cst } type;
struct constant_map **maps;
};
extern void field_dump_field (struct field *, u_int8_t *);
extern void field_dump_payload (struct field *, u_int8_t *);
extern u_int32_t field_get_num (struct field *, u_int8_t *);
extern void field_get_raw (struct field *, u_int8_t *, u_int8_t *);
extern void field_set_num (struct field *, u_int8_t *, u_int32_t);
extern void field_set_raw (struct field *, u_int8_t *, u_int8_t *);
#endif /* _FIELD_H_ */

177
src/gdoi.h Normal file
View file

@ -0,0 +1,177 @@
/* $Id: gdoi.h,v 1.10.2.2 2011/12/05 20:26:54 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/gdoi.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
#ifndef _GDOI_H_
#define _GDOI_H_
#include <netinet/in.h>
#include <hash.h>
#include "transport.h"
#ifdef USE_X509
#include <openssl/rsa.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#endif
#define KEK_SPI_SIZE 16
#define AES128_LENGTH 16
#define GCM_SALT_LENGTH 4
#define FALSE 0
#define TRUE 1
/*
* Partial KEK information to pass as the next KEK. We only support channging
* the SPI and encryption keys now, not the entire policy.
*/
struct next_gdoi_kek {
u_int8_t spi[KEK_SPI_SIZE];
u_int8_t *encrypt_iv;
u_int8_t *encrypt_key; /* 3DES keys are stored as one value */
};
struct deleted_sa {
TAILQ_ENTRY (deleted_sa) link;
u_int32_t doi;
u_int8_t protocol_type;
u_int8_t spi[KEK_SPI_SIZE];
};
/*
* Group KEK in-memory structure.
*/
struct gdoi_kek {
TAILQ_ENTRY (gdoi_kek) link;
#define CREATE_NEW_KEK 0x01
#define SEND_NEW_KEK 0x02
#define CLEANING_UP 0x04
#define USE_EXCH_ONLY 0x08
u_int32_t flags;
u_int8_t *group_id;
u_int32_t group_id_len;
in_addr_t src_addr;
in_addr_t dst_addr;
u_int16_t sport;
u_int16_t dport;
u_int8_t spi[KEK_SPI_SIZE];
u_int32_t current_seq_num;
u_int32_t replay_bitmap;
u_int16_t encrypt_alg;
u_int16_t sig_hash_alg;
u_int16_t sig_alg;
u_int8_t *encrypt_iv;
u_int8_t *encrypt_key; /* 3DES keys are stored as one value */
u_int32_t encrypt_key_len; /* Only used for AES. Stored in bytes */
u_int8_t *signature_key;
u_int16_t signature_key_modulus_size; /* The "size" of the key in bits */
u_int32_t signature_key_len; /* Actual key size in bytes (PKCS#1 encaps) */
struct next_gdoi_kek next_kek_policy; /* Send this info in a rekey message */
#ifdef USE_X509
RSA *rsa_keypair;
#endif
u_int32_t tek_timer_interval;
u_int32_t kek_timer_interval;
struct event *tek_lifetime_ev; /* Periodic TEK rekey timer (create new TEKS)*/
struct event *kek_lifeime_ev; /* Periodic KEK rekey timer (new KEK keys) */
int recv_sock;
int send_sock;
struct transport *send_transport;
struct exchange *send_exchange;
struct sockaddr_in recv_addr; /* Sender socket to join group */
struct sockaddr_in send_addr; /* Sender socket to send to group */
char *exchange_name;
struct ip_mreq mreq;
u_int16_t atd, dtd;
/* GM SID variables */
u_int32_t sid_length;
u_int32_t number_sids;
#define MAX_GM_SIDS 5
u_int32_t sids[MAX_GM_SIDS];
u_int32_t number_sids_needed;
/* KS SID variables */
u_int64_t sid_counter;
TAILQ_HEAD (deleted_sa_head, deleted_sa) deleted_sa_list;
};
extern int (*gdoi_rekey_initiator[]) (struct message *);
extern int (*gdoi_rekey_responder[]) (struct message *);
void gdoi_rekey_init(void);
void gdoi_phase2_init(void);
struct gdoi_kek *gdoi_get_kek (u_int8_t *, size_t, int);
int gdoi_read_keypair (u_int8_t *, struct gdoi_kek *);
int gdoi_store_pubkey (u_int8_t *, int, struct gdoi_kek *);
int gdoi_kek_rekey_start (struct gdoi_kek *);
int gdoi_rekey_start (struct gdoi_kek *);
int gdoi_rekey_listen (struct gdoi_kek *);
int gdoi_rekey_setup_exchange (struct gdoi_kek *);
struct gdoi_kek *gdoi_get_kek_by_cookies (u_int8_t *);
struct gdoi_kek *gdoi_get_kek_by_transport (struct transport *);
struct gdoi_kek *gdoi_get_kek_by_name (char *);
u_int8_t *gdoi_build_tek_id_internal (int, struct in_addr, struct in_addr,
uint16_t, size_t *);
enum hashes xlate_gdoi_hash (u_int16_t);
#endif /* _GDOI_H_ */

693
src/gdoi_app_client.c Normal file
View file

@ -0,0 +1,693 @@
/* $Id: gdoi_app_client.c,v 1.1.4.3 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_app_client.c,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* gdoi_app_client.c - Code to send/receive messages from GDOI
* applications.
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/uio.h>
#ifdef NOT_LINUX
#include <sys/sockio.h>
#endif
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
#include <sys/un.h>
#include "log.h"
#include "util.h"
#include "string.h"
#include "transport.h"
#include "attribute.h"
#include "message.h"
#include "exchange.h"
#include "sa.h"
#include "gdoi_num.h"
#include "gdoi_app_num.h"
#include "gdoi_app_client.h"
#ifdef IEC90_5_SUPPORT
#include "gdoi_phase2.h" /* To get struct gdoi_kd_decode_arg */
#include "gdoi_iec90_5_protos.h"
#endif
#ifdef SRTP_SUPPORT
#include "gdoi_phase2.h" /* To get struct gdoi_kd_decode_arg */
#include "gdoi_srtp_protos.h"
#endif
#define FALSE 0
#define TRUE 1
#define APP_CLIENT_PIPE "/tmp/apps_to_gdoi"
extern int sigpiped;
#define ATTR_SIZE (50 * ISAKMP_ATTR_VALUE_OFF)
struct gdoi_app_group_info_type {
struct cmd_header hdr;
int group_id;
char address[7]; /* Possible address for ID type, depends on app type */
char pipe_name[80];
};
struct gdoi_app_transport {
struct transport transport;
struct gdoi_app_group_info_type gdoi_app_group_info;
int s;
int return_s;
int listening_socket_only;
int master_client_transport; /* One on which to accept connections */
};
void gdoi_app_remove (struct transport *);
static void gdoi_app_report(struct transport *);
static int gdoi_app_fd_set(struct transport *, fd_set *, int);
static int gdoi_app_fd_isset(struct transport *, fd_set *);
static void gdoi_app_handle_message(struct transport *);
static struct transport_vtbl gdoi_app_transport_vtbl = {
{ 0 }, "app",
NULL,
gdoi_app_remove,
gdoi_app_report,
gdoi_app_fd_set,
gdoi_app_fd_isset,
gdoi_app_handle_message,
/* gdoi_app_send_message */ NULL,
/* gdoi_app_get_dst */ NULL,
/* gdoi_app_get_src */ NULL
};
void
gdoi_app_client_init (void)
{
int s, ret;
struct gdoi_app_transport *t = 0;
struct sockaddr_un pipe;
mode_t old_umask;
int on = 1;
/*
* Add the GDOI Application method to the transport list
*/
transport_method_add (&gdoi_app_transport_vtbl);
/*
* Create the IPC socket, and add it as a transport session.
*/
t = malloc (sizeof *t);
if (!t)
{
log_print ("gdoi_app_client_init: malloc (%d) failed", sizeof *t);
return;
}
t->transport.vtbl = &gdoi_app_transport_vtbl;
s = socket (AF_LOCAL, SOCK_STREAM, 0);
if (s < 0)
{
log_error ("gdoi_app_client_init: socket failed");
return;
}
ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on));
if (ret < 0)
{
log_error ("gdoi_app_client_init: bind failed");
return;
}
/*
* Make sure it's not left over from another run.
*/
unlink(APP_CLIENT_PIPE);
/*
* The mode of the pipe must be readable by all, so we need to adjust
* our umask accordingly.
*/
old_umask = umask(0044);
bzero(&pipe, sizeof(struct sockaddr_un));
pipe.sun_family = AF_LOCAL;
strncpy(pipe.sun_path, APP_CLIENT_PIPE, sizeof(pipe.sun_path)-1);
ret = bind(s, (struct sockaddr *) &pipe, SUN_LEN(&pipe));
if (ret < 0)
{
log_error ("gdoi_app_client_init: bind failed");
return;
}
/*
* Reset the process umask for security reasons.
*/
(void) umask(old_umask);
ret = listen(s, 1024);
if (ret < 0)
{
log_error ("listen failed");
return;
}
/*
* Set the open socket in the transport structure.
*/
t->s = s;
t->return_s = 0;
t->listening_socket_only = TRUE;
t->master_client_transport = TRUE;
transport_add (&t->transport);
transport_reference (&t->transport);
t->transport.flags |= TRANSPORT_LISTEN;
}
void
gdoi_app_remove (struct transport *t)
{
free (t);
}
static void
gdoi_app_report (struct transport *t)
{
log_print ("gdoi_app_report: Got Here!");
}
/*
* Set transport T's socket in FDS, return a value useable by select(2)
* as the number of file descriptors to check.
*/
static int
gdoi_app_fd_set (struct transport *t, fd_set *fds, int bit)
{
struct gdoi_app_transport *u = (struct gdoi_app_transport *)t;
if (bit)
FD_SET (u->s, fds);
else {
/*
* Hack! Asssume both sockets need to be cleared.
* BEW: But this code doesn't seem to be getting called when the pipe is
* closed .... need to diagnose.
*/
log_print ("gdoi_app_fd_set: Clearing sockets.");
FD_CLR (u->s, fds);
FD_CLR (u->return_s, fds);
}
return u->s + 1;
}
/* Check if transport T's socket is set in FDS. */
static int
gdoi_app_fd_isset (struct transport *t, fd_set *fds)
{
struct gdoi_app_transport *u = (struct gdoi_app_transport *)t;
return FD_ISSET (u->s, fds);
}
int gdoi_app_decode_attribute (u_int16_t type, u_int8_t *value, u_int16_t len,
void *arg)
{
struct gdoi_app_group_info_type *ptr =
(struct gdoi_app_group_info_type *) arg;
switch (type)
{
case GDOI_CLIENT_ATTR_GROUP_ID:
ptr->group_id = htonl(decode_32(value));
break;
case GDOI_CLIENT_ATTR_GROUP_ADDRESS:
if (len < 7) { /* Largest address is MAC address (6 octets) */
memcpy(ptr->address, value, len);
ptr->address[len] = 0; /* Terminate the string */
} else {
log_print ("gdoi_app_decode_attribute: Bad address length %d\n", len);
return -1;
}
break;
case GDOI_CLIENT_ATTR_RETURN_PIPE:
memcpy(ptr->pipe_name, value, len);
ptr->pipe_name[len] = 0; /* Terminate the string */
break;
default:
log_print ("gdoi_app_decode_attribute: Attribute not valid: %d",
type);
return -1;
}
return 0;
}
extern LIST_HEAD (transport_list, transport) transport_list;
struct gdoi_app_transport *
gdoi_app_transport_search (int gid)
{
struct transport *t;
struct gdoi_app_transport *u;
for (t = LIST_FIRST (&transport_list); t; t = LIST_NEXT (t, link)) {
if (t->flags & TRANSPORT_LISTEN) {
/*
* Restrict the search to GDOI application transports.
* NOTE: This logic only allows on application client per group.
*/
if (!strcmp(t->vtbl->name, gdoi_app_transport_vtbl.name)) {
u = (struct gdoi_app_transport *)t;
if (gid == u->gdoi_app_group_info.group_id) {
/*
* Got it!
*/
return u;
}
}
}
}
return NULL;
}
/*
* For now, just stuff the info into a global struct. We can't yet
* correlate an incoming msg with a finished GDOI session anyway, so
* have to restrict ourselves to one connection at a time.
*/
int
gdoi_app_parse_msg (char *msg, int msg_len, struct gdoi_app_transport *u)
{
struct cmd_header *hdr = (struct cmd_header *)msg;
/*
* Sanity check the header
*/
if (hdr->version != 1)
{
log_error("App header unsupported version: %d\n", hdr->version);
return -1;
}
u->gdoi_app_group_info.hdr.version = hdr->version;
if (hdr->command != COMMAND_REQUEST)
{
log_error("App header unsupported command: %d\n", hdr->command);
return -1;
}
u->gdoi_app_group_info.hdr.command = hdr->command;
u->gdoi_app_group_info.hdr.app_proto = hdr->app_proto;
u->gdoi_app_group_info.hdr.sequence = hdr->sequence;
u->gdoi_app_group_info.hdr.pid = hdr->pid;
attribute_map (((u_int8_t *)msg + sizeof(struct cmd_header)),
(msg_len - sizeof(struct cmd_header)),
gdoi_app_decode_attribute,
&u->gdoi_app_group_info);
return 0;
}
int
connect_to_client (char *out_fn)
{
int s, ret;
struct sockaddr_un pipe;
s = socket (AF_LOCAL, SOCK_STREAM, 0);
if (s < 0)
{
log_error("socket open failed");
return -1;
}
bzero(&pipe, sizeof(struct sockaddr_un));
pipe.sun_family = AF_LOCAL;
strncpy(pipe.sun_path, out_fn, sizeof(pipe.sun_path)-1);
ret = connect(s, (struct sockaddr *) &pipe, sizeof(pipe));
if (ret < 0)
{
log_error("connect failed: %s\n", out_fn);
return -1;
}
return s;
}
/*
* Clone a listen transport U, record a destination RADDR for outbound use.
*/
static struct transport *
group_app_clone (struct gdoi_app_transport *u, int new_socket)
{
struct transport *t;
struct gdoi_app_transport *u2;
t = malloc (sizeof *u);
if (!t)
{
log_error ("group_app_clone: malloc (%d) failed", sizeof *u);
return 0;
}
u2 = (struct gdoi_app_transport *)t;
memcpy (u2, u, sizeof *u);
u2->s = new_socket;
u2->master_client_transport = FALSE;
transport_add (t);
t->flags |= TRANSPORT_LISTEN;
return t;
}
/*
* A message has arrived on transport T's socket. If T is single-ended,
* clone it into a double-ended transport which we will use from now on.
* Package the message as we want it and continue processing in the message
* module.
*/
static void
gdoi_app_handle_message (struct transport *t)
{
struct gdoi_app_transport *u = (struct gdoi_app_transport *)t;
struct transport *client_t;
struct gdoi_app_transport *client_u;
struct sockaddr_un from;
int from_len = sizeof(from);
struct message *msg;
struct msghdr sock_msg;
struct iovec iov[1];
int c;
char data_in[80];
char name[80];
int ret, count;
struct cmd_header *hdr;
if (u->master_client_transport)
{
/*
* Do accepts on this one.
*
* Accept happens after the select has woken.
* Only do this is this is a new connection on the listening socket.
*/
c = accept(u->s, (struct sockaddr *) &from, (socklen_t *)&from_len);
if (c < 0)
{
log_error ("gdoi_app_handle_message: accept failed");
return;
}
/*
* Make a specialized GDOI Application transport structure out of the
* incoming transport.
*/
client_t = group_app_clone (u, c);
if (!client_t)
{
log_error("gdoi_app_handle_message: group_app_clone failed");
return;
}
client_u = (struct gdoi_app_transport *)client_t;
} else {
client_t = t;
client_u = u;
c = u->s;
}
/*
* Read and process the message.
*/
sock_msg.msg_name = NULL;
sock_msg.msg_namelen = 0;
sock_msg.msg_control = 0;
sock_msg.msg_controllen = 0;
iov[0].iov_base = data_in;
iov[0].iov_len = 80;
sock_msg.msg_iov = iov;
sock_msg.msg_iovlen = 1;
count = recvmsg (c, &sock_msg, 0);
if (count < 0)
{
log_error("gdoi_app_handle_message: recvmsg failed");
return;
}
if (count == 0)
{
/*
* Assume the problem comes from the transmit pipe closing down.
*/
log_print("gdoi_app_handle_message: "
"app pipe assumed closed. Deleting pipes to/from client");
ret = close(client_u->s);
if (ret < 0)
{
log_error("gdoi_app_handle_message: close of s failed");
}
ret = close(client_u->return_s);
if (ret < 0)
{
log_error("gdoi_app_handle_message: close of return_s failed");
}
transport_release(client_t);
return;
}
ret = gdoi_app_parse_msg (data_in, count, client_u);
if (ret < 0)
{
return;
}
if (u->master_client_transport)
{
/*
* If we just created this transport, connect back to the client.
*/
client_u->return_s =
connect_to_client(&client_u->gdoi_app_group_info.pipe_name[0]);
if (client_u->return_s< 0)
{
log_error("gdoi_app_handle_message: connect_to_client failed");
return;
}
client_u->listening_socket_only = FALSE;
}
msg = message_alloc (client_t, (u_int8_t *)data_in, count);
if (!msg)
{
log_error("message_alloc failed");
return;
}
/*
* Kick off IKE based on the group-id passed in the message using msg.
*
* HACK! Require a policy named "Group-XXXXX" where XXXXX is the number
* of the group. This makes it easy to find the right phase 1 to kick off.
* We need to first parse the message to find the group id.
*
* BUG: We should handle re-transmissions gracefully. E.g., don't force a
* re-registration if one is already in progress.
*/
sprintf(name, "Group-%d", client_u->gdoi_app_group_info.group_id);
hdr = malloc(sizeof(struct cmd_header));
if (!hdr) {
log_error("gdoi_app_handle_message: failed to allocated hdr bytes");
return;
}
hdr->pid = client_u->gdoi_app_group_info.hdr.pid;
hdr->sequence = client_u->gdoi_app_group_info.hdr.sequence;
log_print ("gdoi_app_handle_message: Starting exchange %s", name);
exchange_establish(name, 0, 0);
}
/*
* Deliver the application data back to the correct application.
*/
int
gdoi_app_deliver_app_data (u_int32_t type, struct sa *sa)
{
u_int8_t *attr_start, *attr;
char *buf;
struct cmd_header *hdr;
struct gdoi_app_transport *client_u;
struct proto *proto;
int buf_len;
int ret;
int gid;
proto = TAILQ_FIRST (&sa->protos);
if (!proto)
{
log_error ("gdoi_app_deliver_app_data: Application SA proto data missing");
return -1;
}
/*
* Find the first transport asking for key info for this group using the
* special group name semantic. This is to deal with the HACK! in
* gdoi_app_handle_message().
*/
if (strncmp(sa->name, "Group-", 6))
{
log_error ("gdoi_app_deliver_app_data: Invalid group name: %s\n",
sa->name);
return -1;
}
sscanf(sa->name, "Group-%d", &gid);
client_u = gdoi_app_transport_search(gid);
if (!client_u)
{
log_error ("gdoi_app_deliver_app_data: No transport found for "
"group id %d\n", gid);
return -1;
}
if (type != client_u->gdoi_app_group_info.hdr.app_proto) {
log_error ("gdoi_app_deliver_app_data: Protocol mismatch! "
"Expected:%d, Given by upper layer::%d\n",
client_u->gdoi_app_group_info.hdr.app_proto, type);
return -1;
}
if (!(void *)proto->data)
{
log_error ("gdoi_app_deliver_app_data: Application SA TEK data missing");
return -1;
}
/*
* Allocate a block for building attributes. It's sized large enough
* so that we think it will avoid buffer overflows....
*/
attr_start = attr = calloc(1, ATTR_SIZE);
if (!attr_start)
{
log_error ("gdoi_app_deliver_app_data: malloc failed");
return -1;
}
/*
* Call an Application-specific function to fill in the rest of the
* attributes.
*/
switch (type) {
#ifdef SRTP_SUPPORT
case GDOI_PROTO_SRTP:
attr = gdoi_srtp_add_attributes(attr, sa);
break;
#endif
#ifdef IEC90_5_SUPPORT
case GDOI_PROTO_IEC90_5:
attr = gdoi_iec90_5_add_attributes(attr, sa);
break;
#endif
default:
log_error ("gdoi_app_deliver_app_data: No attribute support for "
"protocol %d", type);
return -1;
}
/*
* Format the return message. Copy many of the fields from the originating
* header to ensure they are the same.
*/
buf_len = sizeof(struct cmd_header) + (attr - attr_start);
buf = malloc(buf_len);
hdr = (struct cmd_header *) buf;
hdr->version = client_u->gdoi_app_group_info.hdr.version;
hdr->command = COMMAND_REPLY;
hdr->app_proto = type;
hdr->sequence = client_u->gdoi_app_group_info.hdr.sequence;
hdr->pid = client_u->gdoi_app_group_info.hdr.pid;
hdr->ret_errno = 0;
memcpy(buf + sizeof(struct cmd_header), attr_start, (attr - attr_start));
free(attr_start);
/*
* Send the message.
*/
ret = send(client_u->return_s, buf, buf_len, 0);
if (ret < 0)
{
log_error ("gdoi_app_deliver_app_data: send failed");
return -1;
}
return 0;
}

80
src/gdoi_app_client.h Normal file
View file

@ -0,0 +1,80 @@
/* $Id: gdoi_app_client.h,v 1.1.4.3 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_app_client.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* gdoi_app_client.h - Socket defintions for communication with GDOI
* applications.
*/
struct cmd_header {
short version;
short command;
#define COMMAND_REPLY 3
#define COMMAND_REQUEST 5
u_int32_t app_proto;
int ret_errno;
int sequence;
int pid;
};
extern void gdoi_app_client_init(void);
extern int gdoi_app_deliver_app_data(u_int32_t, struct sa *);

77
src/gdoi_app_iec90_5_attr.h Normal file
View file

@ -0,0 +1,77 @@
/* $Id: gdoi_app_iec90_5_attr.h,v 1.1.2.1 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_app_iec90_5_attr.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* SRTP COMMAND_GET Attributes
*
* Used for passing TEK attributes and in betweeen GDOI and the GDOI app
* Attributes based on draft-baugher-msec-gdoi-srtp-00.txt.
*
* Attributes must be in range 1-99.
*/
#define IEC90_5_OID 1
#define IEC90_5_LIFETIME_SECS 2
#define IEC90_5_KEYID 3
#define IEC90_5_AUTH_ALG 4
#define IEC90_5_AUTH_KEY_SIZE 5
#define IEC90_5_AUTH_KEY 6

76
src/gdoi_app_num.cst Normal file
View file

@ -0,0 +1,76 @@
# $Id: gdoi_app_num.cst,v 1.1.4.3 2011/12/12 20:43:47 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_app_num.cst,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
# GDOI APPLICATION SA attributes
# GENERIC ATTRIBUTES COMMON TO ALL APPS
GDOI_CLIENT_ATTR
GROUP_ID 101
RETURN_PIPE 102
GROUP_ADDRESS 103
.
# Values in this list must be mutually exclusive to the IPSEC_PROTO list in
# ipsec_num.cst.
GDOI_PROTO
SRTP 100
IEC90_5 101
.

1213
src/gdoi_doi.c Normal file
View file

File diff suppressed because it is too large Load diff

135
src/gdoi_fld.fld Normal file
View file

@ -0,0 +1,135 @@
# $Id: gdoi_fld.fld,v 1.6.2.1 2011/10/18 03:26:55 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/gdoi_fld.fld,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
# Generic payload header.
GDOI_GEN
NEXT_PAYLOAD cst 1 isakmp_payload_cst
RESERVED ign 1
LENGTH num 2
.
# GDOI Security association payload.
GDOI_SA : GDOI_GEN
DOI num 4 group_doi_cst
SIT raw 4
SA_ATTR_NEXT num 2 isakmp_payload_cst
RES2 ign 2
.
# GDOI's situation
GDOI_SIT
SIT mask 4 gdoi_sit_cst
.
# SA_KEK payload beginning fields
GDOI_SA_KEK
PROTOCOL num 1
.
# SA_KEK payload ending fields
GDOI_SA_KEK_END
SPI raw 16
RESERVED2 num 4
POP_KEYLEN num 2
.
# SA_TEK payload beginning fields.
GDOI_SA_TEK : GDOI_GEN
PROT_ID num 1 gdoi_tek_prot_cst
.
GDOI_SA_TEK_ESP
IP_PROT num 1
.
# Identify part for part of the ESP protocol-specific payload for SA_TEK
# Also used for the the ID part of the KEK payload
GDOI_SA_ID
TYPE num 1 ipsec_id_cst
PORT num 2
DATA_LEN num 1
DATA raw
.
# GDOI SEQ payload.
GDOI_SEQ : GDOI_GEN
SEQ_NUM num 4
.
# GDOI GAP payload.
GDOI_GAP : GDOI_GEN gdoi_gap_fld
DATA raw
.
# KD key packet
GDOI_KD_PAK
KD_TYPE cst 1 gdoi_kd_type_cst
RESERVED ign 1
LENGTH num 2
SPI_SIZE num 1
.
# GDOI KD payload.
GDOI_KD : GDOI_GEN
NUM_PACKETS num 2
RES2 ign 2
.

609
src/gdoi_iec90_5.c Normal file
View file

@ -0,0 +1,609 @@
/* $Id: gdoi_iec90_5.c,v 1.1.2.1 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_iec90_5.c,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "attribute.h"
#include "conf.h"
#include "connection.h"
#include "doi.h"
#include "exchange.h"
#include "hash.h"
#include "gdoi_phase2.h"
#include "log.h"
#include "message.h"
#include "prf.h"
#include "sa.h"
#include "transport.h"
#include "util.h"
#include "gdoi_fld.h"
#include "ipsec_num.h"
#include "gdoi_num.h"
#include "gdoi_iec90_5.h"
#include "iec90_5_num.h"
#include "iec90_5_fld.h"
#include "gdoi.h"
#include "gdoi_app_iec90_5_attr.h"
int
iec90_5_get_id (char *section, size_t *id_sz, u_int8_t **buf)
{
int oid_type;
char *oid, *address;
struct in_addr ip_addr;
size_t id_asn_sz, id_buf_sz;
u_int8_t *id_buf;
oid = conf_get_str (section, "OID");
oid_type = constant_value (iec90_5_id_cst, oid);
switch (oid_type)
{
case IEC90_5_ID_61850_UDP_ADDR_GOOSE:
address = conf_get_str (section, "Address");
if (!address)
{
log_print ("iec90_5_get_id: section %s has no \"Address\" tag",
section);
return -1;
}
if (!inet_aton (address, &ip_addr))
{
log_print ("iec90_5_get_id: invalid address %s in section %s",
section, address);
return -1;
}
break;
default:
log_print ("iec90_5_get_id: Unkonwn or Unsupported IEC90_5 OID: %d\n",
oid_type);
return -1;
}
/*
* Format ID payload. See Clause 11.4.2 ("Identification Paylod") of 90-5.
* NOTE: This doesn't actually match that clause -- needs work.
*/
id_asn_sz = strlen(OID_61850_UDP_ADDR_GOOSE);
id_buf_sz = IEC90_5_ID_SZ + id_asn_sz;
id_buf = calloc(1, id_buf_sz);
if (!id_buf) {
log_print ("iec90_5_get_id: Calloc failed for %d bytes\n", id_buf_sz);
return -1;
}
SET_IEC90_5_ID_ID(id_buf, 0xa1);
SET_IEC90_5_ID_PAYLOAD_LEN(id_buf, id_buf_sz);
SET_IEC90_5_ID_TAG(id_buf, 0x80);
SET_IEC90_5_ID_OID_LEN(id_buf, id_asn_sz);
memcpy(&id_buf[IEC90_5_ID_SZ], OID_61850_UDP_ADDR_GOOSE, id_asn_sz);
*buf = id_buf;
*id_sz = id_buf_sz;
return 0;
}
int
iec90_5_validate_id_information (u_int8_t *buf)
{
LOG_DBG ((LOG_MESSAGE, 40,
"iec90_5_validate_id_information: Got an IEC90-5 ID"));
/*
* The ID payload is so complicated that it probably warrants some good
* format validation here.
*/
return 0;
}
/*
* Key server side
* Find the TEK-specific policy for an IEC90-5 type TEK.
*/
int gdoi_iec90_5_set_policy (char *conf_field, struct message *msg,
struct exchange *sa_exchange, u_int8_t *id_gdoi,
u_int16_t id_gdoi_sz)
{
struct sa *sa;
struct proto *proto;
struct iec90_5_proto *iec_proto;
u_int8_t *iec90_5_id;
/*
* Find the sa. The last SA in the list was just created for our use.
*/
sa = TAILQ_LAST (&sa_exchange->sa_list, sa_head);
if (!sa)
{
log_error ("gdoi_iec90_5_set_policy: No sa's in list!");
goto bail_out;
}
/*
* Initialize the SA
*/
if (gdoi_setup_sa (sa, &proto, IPSEC_PROTO_IEC90_5, sizeof(struct iec90_5_proto)))
{
goto bail_out;
}
iec_proto = proto->data;
/*
* TEK will need to include the ID ASN.1 included in the 1st GDOI message.
* Note: Need to adjust the starting point of the macros to the start of
* the IEC90-5 specific ID data.
*/
iec90_5_id = id_gdoi + 8;
iec_proto->oid_sz = GET_IEC90_5_ID_OID_LEN(iec90_5_id);
iec_proto->oid = calloc(1, iec_proto->oid_sz);
if (!iec_proto->oid) {
log_error ("gdoi_iec90_5_set_policy: Malloc failed %d bytes.");
goto bail_out;
}
memcpy(iec_proto->oid, &iec90_5_id[IEC90_5_ID_SZ], iec_proto->oid_sz);
/*
* BEW: Hardcode policy for now. It shoud be read in from the configuration.
*/
iec_proto->auth_alg = GDOI_KEK_HASH_ALG_SHA;
iec_proto->auth_key_size = HMAC_SHA_LENGTH;
iec_proto->next_auth_alg = 0;
iec_proto->next_auth_key_size = 0;
/*
* BEW: Assume SPI is 1 byte.
* Also, just send key_id NOT next key_id for now.
*/
proto->spi_sz[0] = 1;
proto->spi[0] = malloc(proto->spi_sz[0]);
if (!proto->spi[0])
{
log_error ("gdoi_iec90_5_set_policy: malloc failure -- SPI (%d bytes)",
proto->spi_sz[0]);
goto bail_out;
}
/*
* Choose a random SPI
*
* Write the SPI length & SPI.
*/
getrandom(proto->spi[0], proto->spi_sz[0]);
iec_proto->auth_key = malloc(iec_proto->auth_key_size);
if (!iec_proto->auth_key)
{
log_print ("gdoi_iec90_5_set_policy: malloc failed: auth key (%d)",
iec_proto->auth_key_size);
goto bail_out;
}
getrandom(iec_proto->auth_key, iec_proto->auth_key_size);
return 0;
bail_out:
return -1;
}
int
gdoi_iec90_5_get_policy_from_sa (struct sa *sa, u_int8_t **ret_buf,
size_t *ret_buf_sz)
{
u_int8_t *iec90_5_tek_buf = 0;
u_int8_t *iec90_5_tek_p2_buf = 0;
size_t iec90_5_tek_sz;
struct proto *proto;
struct iec90_5_proto *iec_proto;
char keyid;
proto = TAILQ_FIRST (&sa->protos);
iec_proto = proto->data;
iec90_5_tek_sz = IEC90_5_TEK_P1_SZ + iec_proto->oid_sz + IEC90_5_TEK_P2_SZ;
iec90_5_tek_buf = calloc(1, iec90_5_tek_sz);
if (!iec90_5_tek_buf) {
log_print ("gdoi_iec90_5_get_policy_from_sa: Failed to get %d bytes for "
"IEC90-5 TEK payload", iec90_5_tek_sz);
return -1;
}
/*
* IEC90-5 paylaod (approximtely)
*/
SET_IEC90_5_TEK_P1_TAG(iec90_5_tek_buf, 0x80);
SET_IEC90_5_TEK_P1_OID_SZ(iec90_5_tek_buf, iec_proto->oid_sz);
memcpy(iec90_5_tek_buf+IEC90_5_TEK_P1_SZ, iec_proto->oid, iec_proto->oid_sz);
iec90_5_tek_p2_buf = iec90_5_tek_buf + IEC90_5_TEK_P1_SZ + iec_proto->oid_sz;
if (1 == proto->spi_sz[0]) {
keyid = *proto->spi[0];
SET_IEC90_5_TEK_P2_CUR_KEY_ID(iec90_5_tek_p2_buf, keyid);
} else {
log_print ("gdoi_iec90_5_get_policy_from_sa: Improper SPI size %d!",
proto->spi_sz[0]);
return -1;
}
/*
* NOTE: The same values below need to be sent in the KD paylaod!
*/
SET_IEC90_5_TEK_P2_LT_ID(iec90_5_tek_p2_buf, 1);
SET_IEC90_5_TEK_P2_LT_V(iec90_5_tek_p2_buf, 1);
SET_IEC90_5_TEK_P2_RES(iec90_5_tek_p2_buf, 0);
SET_IEC90_5_TEK_P2_LT(iec90_5_tek_p2_buf, 3600);
SET_IEC90_5_TEK_P2_AUTH_ALG_ID(iec90_5_tek_p2_buf, 5);
SET_IEC90_5_TEK_P2_AUTH_ALG(iec90_5_tek_p2_buf, 2);
SET_IEC90_5_TEK_P2_KEY_LEN(iec90_5_tek_p2_buf, iec_proto->auth_key_size);
/*
* I don't get how the AES bits work when HMAC is used so am omitting them.
* Also omitting the next key stuff.
*/
*ret_buf = iec90_5_tek_buf;
*ret_buf_sz = iec90_5_tek_sz;
return 0;
}
/*
* Group member side (decode & store TEK values) Decode the SRTP type TEK
* and stuff into the SA.
*/
int
gdoi_iec90_5_decode_tek (struct message *msg, struct sa *sa,
u_int8_t *iec90_5_tek, size_t iec90_5_tek_len,
int create_proto)
{
u_int8_t *iec90_5_p2_tek;
struct proto *proto = NULL;
struct iec90_5_proto *iec_proto = NULL;
u_int8_t tmp_1byte;
/*
* Validate the SA.
*/
if (!sa)
{
log_error ("group_decode_esp_tek: No sa's in list!");
goto clean_up;
}
if (create_proto)
{
if (gdoi_setup_sa (sa, &proto, IPSEC_PROTO_IEC90_5,
sizeof(struct iec90_5_proto)))
{
goto clean_up;
}
}
else
{
proto = TAILQ_LAST(&sa->protos, proto_head);
}
/*
* Stuff the SRTP policy in the proto structure. (Can't use sa->data because
* that is initialized in sa_create(). sa->data is unused for SRTP.)
*/
iec_proto = (struct iec90_5_proto *) proto->data;
/*
* Process 1st part of TEK (OID)
*/
tmp_1byte = GET_IEC90_5_TEK_P1_TAG(iec90_5_tek);
if (0x80 != tmp_1byte) {
log_print ("gdoi_iec90_5_decode_tek: Wrong TEK ID %d\n", tmp_1byte);
goto clean_up;
}
iec_proto->oid_sz = GET_IEC90_5_TEK_P1_OID_SZ(iec90_5_tek);
iec_proto->oid = calloc(1, iec_proto->oid_sz);
if (!iec_proto->oid) {
log_print ("gdoi_iec90_5_decode_tek: calloc failed for OID size (%d)",
iec_proto->oid_sz);
goto clean_up;
}
memcpy(iec_proto->oid, iec90_5_tek+IEC90_5_TEK_P1_SZ, iec_proto->oid_sz);
/*
* Process 2nd part of TEK
*/
/* SPI */
iec90_5_p2_tek = iec90_5_tek + IEC90_5_TEK_P1_SZ + iec_proto->oid_sz;
proto->spi_sz[0] = 1; /* Hard code to match TEK */
proto->spi[0] = malloc(proto->spi_sz[0]);
if (!proto->spi[0])
{
log_error ("gdoi_iec90_5_decode_tek: malloc failure -- SPI (%d bytes)",
proto->spi_sz[0]);
goto clean_up;
}
*proto->spi[0] = GET_IEC90_5_TEK_P2_CUR_KEY_ID(iec90_5_p2_tek);
log_print(" SPI found (SA) %u (%01#x) for sa %#x",
*proto->spi[0], *proto->spi[0], sa);
/* Lifetime & Reserved byte */
tmp_1byte = GET_IEC90_5_TEK_P2_LT_ID(iec90_5_p2_tek);
if (1 != tmp_1byte) {
log_print ("gdoi_iec90_5_decode_tek: Wrong LT ID %d\n", tmp_1byte);
goto clean_up;
}
tmp_1byte = GET_IEC90_5_TEK_P2_RES(iec90_5_p2_tek);
if (0 != tmp_1byte) {
log_print ("gdoi_iec90_5_decode_tek: Wrong Reserved byte value %d\n",
tmp_1byte);
goto clean_up;
}
tmp_1byte = GET_IEC90_5_TEK_P2_LT_V(iec90_5_p2_tek);
if (1 != tmp_1byte) {
log_print ("gdoi_iec90_5_decode_tek: Wrong LT V %d\n", tmp_1byte);
goto clean_up;
}
iec_proto->lifetime_secs = GET_IEC90_5_TEK_P2_LT(iec90_5_p2_tek);
/* Authentication values */
tmp_1byte = GET_IEC90_5_TEK_P2_AUTH_ALG_ID(iec90_5_p2_tek);
if (5 != tmp_1byte) {
log_print ("gdoi_iec90_5_decode_tek: Wrong Auth value %d\n", tmp_1byte);
goto clean_up;
}
iec_proto->auth_alg = GET_IEC90_5_TEK_P2_AUTH_ALG(iec90_5_p2_tek);
iec_proto->auth_key_size = GET_IEC90_5_TEK_P2_KEY_LEN(iec90_5_p2_tek);
return 0;
clean_up:
if (proto)
{
proto_free(proto);
}
return -1;
}
/*
* Translate keys from the IEC90-5 proto into a generic structure
*/
int
gdoi_iec90_5_get_tek_keys (struct gdoi_kd_decode_arg *keys, struct proto *proto)
{
struct iec90_5_proto *iec_proto= (struct iec90_5_proto *) proto->data;
u_int8_t *kd_buf;
u_int32_t kd_sz;
/*
* Build a private KD attribute for IEC90-5.
*/
if (!iec_proto->auth_key_size) {
log_print ("gdoi_iec90_5_get_tek_keys: Warning: No keys to send!");
return 0;
}
kd_sz = IEC90_5_KD_SZ + iec_proto->auth_key_size;
kd_buf = calloc(1, kd_sz);
if (!kd_buf) {
log_print ("gdoi_iec90_5_get_tek_keys: Failed to get %d bytes for "
"IEC90-5 KD payload", kd_sz);
return -1;
}
/*
* Note: Most or all of these hard coded values should have come from policy
* stored in iec_proto.
*/
SET_IEC90_5_KD_LT_ID(kd_buf,1);
SET_IEC90_5_KD_LT_V(kd_buf,1);
SET_IEC90_5_KD_RES(kd_buf,0);
SET_IEC90_5_KD_LT(kd_buf, 3600);
SET_IEC90_5_KD_AUTH_ALG_ID(kd_buf, 5);
SET_IEC90_5_KD_AUTH_ALG(kd_buf, 2);
SET_IEC90_5_KD_KEY_LEN(kd_buf, iec_proto->auth_key_size);
memcpy(kd_buf + IEC90_5_KD_SZ, iec_proto->auth_key, iec_proto->auth_key_size);
keys->custom_kd_payload = kd_buf;
keys->custom_kd_payload_sz = kd_sz;
/* I have not idea which value to use for the payload type */
keys->custom_kd_payload_type = IEC90_5_KD_61850_ETHERENT_GOOSE_OR_SV;
return 0;
}
/*
* Group member side
* Validate and install keys gotten from the KD in the iec_proto structure.
*/
int
gdoi_iec90_5_install_keys (struct proto *proto, struct gdoi_kd_decode_arg *keys)
{
struct iec90_5_proto *iec_proto;
u_int8_t *kd_buf;
kd_buf = keys->custom_kd_payload;
if (proto->proto != IPSEC_PROTO_IEC90_5)
{
log_error ("gdoi_iec90_5_install_keys: IEC90_5 SA expected, got %d",
proto->proto);
return -1;
}
iec_proto = (struct iec90_5_proto *) proto->data;
if (!iec_proto)
{
log_error ("gdoi_iec90_5_install_keys: IEC90_5 SA TEK data missing");
return -1;
}
if (GET_IEC90_5_KD_KEY_LEN(kd_buf) != iec_proto->auth_key_size) {
log_print ("gdoi_iec90_5_install_keys: Auth key size doesn't match"
"key size sent in TEK");
return -1;
}
iec_proto->auth_key = malloc(iec_proto->auth_key_size);
if (!iec_proto->auth_key)
{
log_print ("gdoi_iec90_5_get_policy: malloc failed: auth key (%d)",
iec_proto->auth_key_size);
return -1;
}
memcpy(iec_proto->auth_key, kd_buf + IEC90_5_KD_SZ, iec_proto->auth_key_size);
/* No need to save policy already sent in the TEK payload */
return 0;
}
u_int8_t *
gdoi_iec90_5_add_attributes (u_int8_t *attr, struct sa *sa)
{
struct proto *proto = NULL;
struct iec90_5_proto *iec_proto = NULL;
proto = TAILQ_LAST(&sa->protos, proto_head);
iec_proto = (struct iec90_5_proto *) proto->data;
attr = attribute_set_var(attr, IEC90_5_OID, iec_proto->oid,
iec_proto->oid_sz);
attr = attribute_set_var(attr, IEC90_5_LIFETIME_SECS,
(u_int8_t *)&iec_proto->lifetime_secs,
sizeof(iec_proto->lifetime_secs));
attr = attribute_set_basic(attr, IEC90_5_KEYID, *proto->spi[0]);
attr = attribute_set_basic(attr, IEC90_5_AUTH_ALG, iec_proto->auth_alg);
attr = attribute_set_basic(attr, IEC90_5_AUTH_KEY_SIZE,
iec_proto->auth_key_size);
if (!iec_proto->auth_key)
{
log_print ("gdoi_iec90_5_add_attributes: Auth key missing!\n");
}
else
{
attr = attribute_set_var (attr, IEC90_5_AUTH_KEY, iec_proto->auth_key,
iec_proto->auth_key_size);
}
return attr;
}

154
src/gdoi_iec90_5.h Normal file
View file

@ -0,0 +1,154 @@
/* $Id: gdoi_iec90_5.h,v 1.1.2.1 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_iec90_5.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* IEC90-5 ID payload mappings.
*/
#define OID_61850_ETHERNET_GOOSE "1.2.840.10070.61850.8.1.1"
#define OID_61850_UDP_ADDR_GOOSE "1.2.840.10070.61850.8.1.2"
struct iec90_5_proto {
/*
* OID from the ID payload in GDOI message 1 that caused this SA to be
* generated.
* NOTE: Not sure at this point how it will be carried forward to
* replacement SAs (e.g., when the lifetime for this SA expires).
*/
u_int8_t *oid;
u_int8_t oid_sz;
/*
* policy fields
* NOTE: SPIs (i.e., key_ids) should be kept in the generic proto struct.
*/
u_int16_t auth_alg;
u_int16_t next_auth_alg;
u_int32_t lifetime_secs;
/*
* keying material fields
* Lengths indicate how many bytes in which the keys
* are stored, not the number of bits!
*/
u_int16_t auth_key_size;
u_int8_t *auth_key;
u_int16_t next_auth_key_size;
u_int8_t *next_auth_key;
};

76
src/gdoi_iec90_5_protos.h Normal file
View file

@ -0,0 +1,76 @@
/* $Id: gdoi_iec90_5_protos.h,v 1.1.2.1 2011/12/12 20:43:47 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_iec90_5_protos.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* IEC 90-5 functions referenced by the generic GDOI code
*/
int iec90_5_get_id(char *, size_t *, u_int8_t **);
int iec90_5_validate_id_information(u_int8_t *);
int gdoi_iec90_5_set_policy(char *, struct message *, struct exchange *, u_int8_t *,
u_int16_t);
int gdoi_iec90_5_get_policy_from_sa(struct sa *, u_int8_t **, size_t *);
int gdoi_iec90_5_decode_tek(struct message *, struct sa *, u_int8_t *, size_t, int);
int gdoi_iec90_5_get_tek_keys(struct gdoi_kd_decode_arg *, struct proto *);
int gdoi_iec90_5_install_keys(struct proto *, struct gdoi_kd_decode_arg *);
u_int8_t *gdoi_iec90_5_add_attributes(u_int8_t *, struct sa *);

162
src/gdoi_num.cst Normal file
View file

@ -0,0 +1,162 @@
# $Id: gdoi_num.cst,v 1.10.2.3 2011/12/12 20:43:47 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/gdoi_num.cst,v $
#
# The license applies to all software incorporated in the "Cisco GDOI reference
# implementation" except for those portions incorporating third party software
# specifically identified as being licensed under separate license.
#
#
# The Cisco Systems Public Software License, Version 1.0
# Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
# Subject to the following terms and conditions, Cisco Systems, Inc.,
# hereby grants you a worldwide, royalty-free, nonexclusive, license,
# subject to third party intellectual property claims, to create
# derivative works of the Licensed Code and to reproduce, display,
# perform, sublicense, distribute such Licensed Code and derivative works.
# All rights not expressly granted herein are reserved.
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
# 3. The names Cisco and "Cisco GDOI reference implementation" must not
# be used to endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# opensource@cisco.com.
# 4. Products derived from this software may not be called
# "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
# "Cisco GDOI reference implementation" appear in
# their name, without prior written permission of Cisco Systems, Inc.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
# SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
# LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
# PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
# LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
# LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
# EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
# AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
# THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
# (US$5,000).
#
# ====================================================================
# This software consists of voluntary contributions made by Cisco Systems,
# Inc. and many individuals on behalf of Cisco Systems, Inc. For more
# information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
#
# This product includes software developed by Ericsson Radio Systems.
#
#
# ISAKMP Group DOI numbers.
#
# GROUP DOI Identifier.
GROUP_DOI
GDOI 2
.
# GDOI Situation Types
GDOI_SIT
NO_SITUATION_DEFINED 0
.
# GDOI exchange types.
GDOI_EXCH
PULL_MODE 32
PUSH_MODE 33
.
# GDOI KEK attributes
GDOI_ATTR
KEK_MANAGEMENT_ALGORITHM 1
KEK_ALGORITHM 2
KEK_KEY_LENGTH 3
KEK_KEY_LIFETIME 4
SIG_HASH_ALGORITHM 5
SIG_ALGORITHM 6
SIG_KEY_LENGTH 7
KE_OAKLEY_GROUP 8
.
# GDOI KEK rekey encryption algorithms
GDOI_KEK_ALG
DES 1
3DES 2
AES 3
.
# GDOI KEK rekey signature algorithms
GDOI_KEK_SIG_ALG
RSA 1
DSS 2
ECDSS 3
ECDSA256 4
ECDSA384 5
ECDSA521 6
.
# GDOI KEK rekey signature hash algorithms
GDOI_KEK_HASH_ALG
MD5 1
SHA 2
SHA256 3
SHA384 3
SHA512 3
.
# GDOI TEK Protocol-id types
GDOI_TEK_PROT
RESERVED 0
PROTO_IPSEC_ESP 1
PROTO_IPSEC_AH 2
PROTO_SRTP 128
PROTO_IEC90_5 161
.
# GDOI GAP Attributes
GDOI_GAP
ACTIVATION_TIME_DELAY 1
DEACTIVATION_TIME_DELAY 2
SENDER_ID_REQUEST 3
.
# GDOI KD Key packet types
GDOI_KD_TYPE
TEK 1
KEK 2
LKH 3
SID 4
.
# TEK KD TEK Key Packet Attributes
GDOI_ATTR_KD_TEK
SECRECY_KEY 1
INTEGRITY_KEY 2
SOURCE_AUTH_KEY 3
.
# TEK KD KEK Key Packet Attributes
GDOI_ATTR_KD_KEK
SECRECY_KEY 1
SIGNATURE_KEY 2
.
# TEK SID Key Packet attributes
GDOI_ATTR_KD_SID
NUM_BITS 1
VALUE 2
.

5185
src/gdoi_phase2.c Normal file
View file

File diff suppressed because it is too large Load diff

178
src/gdoi_phase2.h Normal file
View file

@ -0,0 +1,178 @@
/* $Id: gdoi_phase2.h,v 1.7.2.2 2011/12/12 20:43:48 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/gdoi_phase2.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2011 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
#ifndef _GDOI_PHASE2_H_
#define _GDOI_PHASE2_H_
#include <arpa/inet.h> /* For struct in_addr */
#include "exchange.h" /* For struct exchange */
#define HMAC_SHA_LENGTH 20
#define HMAC_SHA256_LENGTH 32
#define HMAC_MD5_LENGTH 16
struct message;
extern int (*gdoi_phase2_initiator[]) (struct message *msg);
extern int (*gdoi_phase2_responder[]) (struct message *msg);
struct tekspi {
/* Link to the next SPI in the list */
TAILQ_ENTRY (tekspi) link;
/* SPI info */
u_int8_t spi_sz;
u_int8_t *spi;
};
/*
* Group-specific data to be linked into the exchange struct.
* XXX Should probably be two different structs, one for phase 1 and one
* for phase 2 parameters.
*
* NOTE: This must remain the same as the ipsec_exch structure except for the
* id payloads, or anything following the id payloads! A pointer of this
* type is given to ipsec_decode_attribute() which currently thinks it's
* a ipsec_exch structure.
*/
struct gdoi_exch {
u_int flags;
struct hash *hash;
struct ike_auth *ike_auth;
struct group *group;
u_int16_t prf_type;
u_int8_t pfs; /* 0 if no KEY_EXCH was proposed, 1 otherwise */
/*
* A copy of the initiator SA payload body for later computation of hashes.
* Phase 1 only.
*/
size_t sa_i_b_len;
u_int8_t *sa_i_b;
/* Diffie-Hellman values. */
size_t g_x_len;
u_int8_t *g_xi;
u_int8_t *g_xr;
u_int8_t* g_xy;
/* SKEYIDs. XXX Phase 1 only? */
size_t skeyid_len;
u_int8_t *skeyid;
u_int8_t *skeyid_d;
u_int8_t *skeyid_a;
u_int8_t *skeyid_e;
/* HASH_I & HASH_R. XXX Do these need to be saved here? */
u_int8_t *hash_i;
u_int8_t *hash_r;
/* KEYMAT */
size_t keymat_len;
/* Phase 2. */
u_int8_t *id_gdoi;
size_t id_gdoi_sz;
/* TEK Types */
u_int8_t teks_type; /* All TEKs must be of the same type */
/* Number of SIDs requested by a GM */
u_int8_t num_sids;
/* List of SPIs sent in the SA payload for sanity checking */
TAILQ_HEAD (spi_head, tekspi) spis;
};
struct gdoi_kd_decode_arg {
u_int8_t *sec_key;
u_int8_t *int_key;
size_t sec_key_sz;
size_t int_key_sz;
#ifdef IEC90_5_SUPPORT
u_int8_t *custom_kd_payload;
size_t custom_kd_payload_sz;
u_int8_t custom_kd_payload_type;
#endif
};
enum msg_type { REKEY, REGISTRATION };
void gdoi_init(void);
extern u_int8_t *group_build_id (char *, size_t *);
/*
* Generic GDOI functions referenced by the SRTP and IPSEC code.
*/
int gdoi_decode_kd_tek_attribute (u_int16_t, u_int8_t *, u_int16_t, void *);
u_int8_t *gdoi_grow_buf(u_int8_t *, size_t *, u_int8_t *, size_t);
int gdoi_get_id(char *, int *, struct in_addr *, struct in_addr *,
u_int16_t *);
int gdoi_current_sa (u_int8_t, struct sa *);
void gdoi_free_attr_payloads(void);
int gdoi_process_SA_payload (struct message *);
int gdoi_process_KD_payload (struct message *);
int gdoi_add_spi_to_list (struct exchange *, struct sa *);
int gdoi_setup_sa (struct sa *, struct proto **, int, int);
#endif /* _GDOI_PHASE2_H_ */

2162
src/gdoi_rekey.c Normal file
View file

File diff suppressed because it is too large Load diff

761
src/gdoi_srtp.c Normal file
View file

@ -0,0 +1,761 @@
/* $Id: gdoi_srtp.c,v 1.6.4.2 2011/12/05 20:31:07 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_srtp.c,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "attribute.h"
#include "conf.h"
#include "connection.h"
#include "doi.h"
#include "exchange.h"
#include "hash.h"
#include "gdoi_phase2.h"
#include "log.h"
#include "math_group.h"
#include "message.h"
#include "prf.h"
#include "sa.h"
#include "transport.h"
#include "util.h"
#include "gdoi_fld.h"
#include "gdoi_num.h"
#include "gdoi_srtp.h"
#include "gdoi_srtp_attr.h"
#include "srtp_num.h"
#include "ipsec_num.h"
#include "gdoi.h"
#define AES_128_LENGTH 16
#define SALT_112_LENGTH 14
#define SRC 1
#define DST 2
#define ATTR_SIZE (50 * ISAKMP_ATTR_VALUE_OFF)
/*
* BEW: Temp extern. ID handling should be moved to a new file.
*/
extern u_int8_t *gdoi_build_tek_id (char *section, size_t *sz);
int srtp_decode_attribute (u_int16_t type, u_int8_t *value, u_int16_t len,
void *arg)
{
struct srtp_proto *sa = (struct srtp_proto *) arg;
switch (type)
{
case SRTP_ATTR_CIPHER:
sa->cipher_type = decode_16(value);
break;
case SRTP_ATTR_CIPHER_MODE:
sa->cipher_mode = decode_16(value);
break;
case SRTP_ATTR_CIPHER_KEY_LENGTH:
sa->cipher_key_length = decode_16(value);
break;
default:
log_print ("srtp_decode_attribute: Attribute not valid: %d", type);
return -1;
}
return 0;
}
/*
* Group member side (decode & store TEK values)
* Key server side (save a copy of the SA in his own sa list for later use by
* the rekey message)
*
* Decode the SRTP type TEK and stuff into the SA.
*/
int
gdoi_srtp_decode_tek (struct message *msg, struct sa *sa, u_int8_t *srtp_tek,
size_t srtp_tek_len, int create_proto)
{
u_int8_t *cur_p;
struct proto *proto = NULL;
struct srtp_proto *sproto = NULL;
int id_type, id_len, temp_len;
/*
* Validate the SA.
*/
if (!sa)
{
log_error ("group_decode_esp_tek: No sa's in list!");
goto clean_up;
}
if (create_proto)
{
if (gdoi_setup_sa (sa, &proto, IPSEC_PROTO_SRTP,
sizeof(struct srtp_proto)))
{
goto clean_up;
}
}
else
{
proto = TAILQ_LAST(&sa->protos, proto_head);
}
/*
* Stuff the SRTP policy in the proto structure. (Can't use sa->data because
* that is initialized in sa_create(). sa->data is unused for SRTP.)
*/
sproto = (struct srtp_proto *) proto->data;
/*
* Get src_id fields
* We can use the ESP fields & types since they are defined identically.
*/
cur_p = srtp_tek;
id_type = GET_GDOI_SA_ID_TYPE(cur_p);
id_len = GET_GDOI_SA_ID_DATA_LEN(cur_p);
sproto->sport = ntohs(GET_GDOI_SA_ID_PORT(cur_p));
switch (id_type)
{
case IPSEC_ID_IPV4_ADDR:
if (id_len != 4)
{
log_error ("gdoi_srtp_decode_tek: Invalid length for src IP addr: %d",
id_len);
goto clean_up;
}
sproto->src_net = htonl(decode_32(cur_p+GDOI_SA_ID_DATA_OFF));
sproto->src_mask = htonl(0xffffffff);
break;
case IPSEC_ID_IPV4_ADDR_SUBNET:
if (id_len != 8)
{
log_error ("gdoi_srtp_decode_tek: Invalid length for src IP subnet:"
"%d", id_len);
goto clean_up;
}
sproto->src_net = htonl(decode_32(cur_p+GDOI_SA_ID_DATA_OFF));
sproto->src_mask = htonl(decode_32(cur_p+GDOI_SA_ID_DATA_OFF+4));
break;
default:
log_error ("gdoi_srtp_decode_tek: Unsupported src id type: %d", id_type);
goto clean_up;
}
cur_p = cur_p + GDOI_SA_ID_DATA_OFF + id_len;
/*
* Get dst_id fields. Only type ID_IPV4_ADDR is reasonable.
*/
sproto->dport = ntohs(GET_GDOI_SA_ID_PORT(cur_p));
id_len = GET_GDOI_SA_ID_DATA_LEN(cur_p);
if (id_len != 4)
{
log_error ("gdoi_srtp_decode_tek: Invalid length for dst IP addr: %d",
id_len);
goto clean_up;
}
sproto->dst_net = htonl(decode_32(cur_p + GDOI_SA_ID_DATA_OFF));
sproto->dst_mask = htonl(0xffffffff);
cur_p = cur_p + GDOI_SA_ID_DATA_OFF + id_len;
/*
* Get Replay Window, KD Rate, SRTP Lifeime, SRTCP Lifetime
*/
sproto->replay_window = *cur_p++;
sproto->kd_rate = *cur_p++;
sproto->srtp_lifetime = *cur_p++;
sproto->srtcp_lifetime = *cur_p++;
/*
* Get SPI
*/
proto->spi_sz[0]=*cur_p++;
proto->spi[0]= malloc(proto->spi_sz[0]);
if (!proto->spi[0])
{
log_print ("gdoi_srtp_decode_tek: malloc failed (%d)", proto->spi_sz[0]);
goto clean_up;
}
memcpy(proto->spi[0], cur_p, proto->spi_sz[0]);
switch(proto->spi_sz[0]) {
case 2:
log_print(" SPI found (SA) %u (%d) (%#x) for sa %#x",
decode_16(proto->spi[0]), decode_16(proto->spi[0]),
decode_16(proto->spi[0]), sa);
break;
case 4:
log_print(" SPI found (SA) %u (%d) (%#x) for sa %#x",
decode_32(proto->spi[0]), decode_32(proto->spi[0]),
decode_32(proto->spi[0]), sa);
break;
default:
log_print ("install_tek_keys: Unsupported spi size: %d", proto->spi[0]);
break;
}
cur_p += proto->spi_sz[0];
/*
* BEW: HACK! HACK! HACK!
* Assuming 128 bit AES & 112 bit master salt. Need to stuff it into the
* srtp_proto now. Normally it would come from the Cipher Suite.
*
* This is used in KD payload processing to verify that the length of the keys
* received in the KD payload are correct.
*/
sproto->master_key_len = AES_128_LENGTH;
sproto->master_salt_key_len = SALT_112_LENGTH;
temp_len = srtp_tek_len - (cur_p - srtp_tek);
attribute_map (cur_p, temp_len, srtp_decode_attribute, sproto);
return 0;
clean_up:
if (proto)
{
proto_free(proto);
}
return -1;
}
/*
* Key server side
* Find the TEK-specific policy for an SRTP type TEK.
*/
int gdoi_srtp_set_policy (char *conf_field, struct message *msg,
struct exchange *sa_exchange)
{
struct sa *sa;
struct proto *proto;
struct srtp_proto *sproto;
char *src_id, *dst_id;
int id;
struct in_addr addr;
struct in_addr mask;
uint16_t port;
/*
* Find the sa. The last SA in the list was just created for our use.
*/
sa = TAILQ_LAST (&sa_exchange->sa_list, sa_head);
if (!sa)
{
log_error ("gdoi_ipsec_get_policy: No sa's in list!");
goto bail_out;
}
/*
* Initialize the SA
*/
if (gdoi_setup_sa (sa, &proto, IPSEC_PROTO_SRTP, sizeof(struct srtp_proto)))
{
goto bail_out;
}
sproto = proto->data;
/*
* Start with the src/dst fields.
*/
src_id = conf_get_str (conf_field, "Src-ID");
if (!src_id)
{
log_print ("gdoi_ipsec_get_policy: "
"Src-ID missing");
goto bail_out;
}
if (gdoi_get_id (src_id, &id, &addr, &mask, &port))
{
goto bail_out;
}
sproto->src_net = htonl(addr.s_addr);
sproto->src_mask = htonl(mask.s_addr);
sproto->sport = ntohs(port);
dst_id = conf_get_str (conf_field, "Dst-ID");
if (!dst_id)
{
log_print ("gdoi_ipsec_get_policy: "
"Dst-ID missing");
goto bail_out;
}
if (gdoi_get_id (dst_id, &id, &addr, &mask, &port))
{
goto bail_out;
}
sproto->dst_net = htonl(addr.s_addr);
sproto->dst_mask = htonl(mask.s_addr);
sproto->dport = ntohs(port);
/*
* Replay Window
*/
sproto->replay_window=16; /* BEW: Temp hardcoded value */
/*
* KD Rate
*/
sproto->kd_rate=1; /* BEW: Temp hardcoded value */
/*
* SRTP Lifetime
*/
sproto->srtp_lifetime=16; /* BEW: Temp hardcoded value */
/*
* SRTCP Lifetime
*/
sproto->srtcp_lifetime=16; /* BEW: Temp hardcoded value */
/*
* BEW: Assume SPI is 2 bytes.
*/
proto->spi_sz[0] = 2;
proto->spi[0] = malloc(proto->spi_sz[0]);
if (!proto->spi[0])
{
log_error ("gdoi_srtp_get_policy: malloc failure -- SPI (%d bytes)",
proto->spi_sz[0]);
goto bail_out;
}
/*
* BEW: Choose a random SPI for now.
*
* Write the SPI length & SPI.
*/
getrandom(proto->spi[0], proto->spi_sz[0]);
/*
* BEW: Generate AES keys irrespective of Options and Crypto Suite for
* now.
*/
sproto->master_key_len = AES_128_LENGTH;
sproto->master_key = malloc(sproto->master_key_len);
if (!sproto->master_key)
{
log_print ("gdoi_srtp_get_policy: malloc failed: master key (%d)",
sproto->master_key_len);
goto bail_out;
}
getrandom(sproto->master_key, sproto->master_key_len);
sproto->master_salt_key_len = SALT_112_LENGTH;
sproto->master_salt_key = malloc(sproto->master_salt_key_len);
if (!sproto->master_salt_key)
{
log_print ("gdoi_srtp_get_policy: malloc failed: master key (%d)",
sproto->master_salt_key_len);
goto bail_out;
}
getrandom(sproto->master_salt_key, sproto->master_salt_key_len);
return 0;
bail_out:
return -1;
}
/*
* Group member side
* Validate and install keys gotten from the KD in the sproto structure.
*/
int
gdoi_srtp_install_keys (struct proto *proto, struct gdoi_kd_decode_arg *keys)
{
struct srtp_proto *sproto;
if (proto->proto != IPSEC_PROTO_SRTP)
{
log_error ("gdoi_srtp_install_keys: SRTP SA expected, got %d",
proto->proto);
return -1;
}
sproto = (struct srtp_proto *) proto->data;
if (!sproto)
{
log_error ("gdoi_srtp_install_keys: SRTP SA TEK data missing");
return -1;
}
/*
* Validate that the key length is correct & copy them.
*/
if (keys->sec_key_sz !=
(size_t)(sproto->master_key_len + sproto->master_salt_key_len))
{
log_error ("gdoi_srtp_install_tek_keys:"
"Wrong key length! Expected: %d, Actual: %d",
sproto->master_key_len+sproto->master_salt_key_len,
keys->sec_key_sz);
return -1;
}
/*
* Split the keying material into their repsective parts.
*/
sproto->master_key = malloc(sproto->master_key_len);
if (!sproto->master_key)
{
log_print ("gdoi_srtp_get_policy: malloc failed: master key (%d)",
sproto->master_key_len);
return -1;
}
memcpy(sproto->master_key, keys->sec_key, sproto->master_key_len);
sproto->master_salt_key = malloc(sproto->master_salt_key_len);
if (!sproto->master_salt_key)
{
log_print ("gdoi_srtp_get_policy: malloc failed: master key (%d)",
sproto->master_salt_key_len);
free(sproto->master_key);
return -1;
}
memcpy(sproto->master_salt_key, (keys->sec_key+sproto->master_key_len),
sproto->master_key_len);
return 0;
}
#ifdef NOTYET
/*
* Group member side
* Finalize the exchange -- send the key & policy info to the SRTP app.
*/
int
gdoi_srtp_deliver_keys (struct message *msg, struct sa *sa)
{
/*
* Give the keys to the client s/w.
*/
srtp_deliver_keys (sa);
return 0;
}
#endif
/*
* Translate keys from the SRTP proto into a generic structure
*/
int
gdoi_srtp_get_tek_keys (struct gdoi_kd_decode_arg *keys, struct proto *proto)
{
struct srtp_proto *sproto= (struct srtp_proto *) proto->data;
/*
* Concatenate the master key and master salt key.
*/
keys->sec_key_sz = sproto->master_key_len + sproto->master_salt_key_len;
keys->int_key_sz = 0;
if (keys->sec_key_sz)
{
keys->sec_key = malloc(keys->sec_key_sz);
if (!keys->sec_key)
{
return -1;
}
memcpy(keys->sec_key, sproto->master_key, sproto->master_key_len);
memcpy(keys->sec_key+sproto->master_key_len,
sproto->master_salt_key, sproto->master_salt_key_len);
}
return 0;
}
/*
* Out of an SA build the ID fields of a TEK payload. The caller is
* responsible for freeing the payload.
*/
static u_int8_t *
gdoi_srtp_build_tek_id_from_sa (struct sa *sa, int srcdst, size_t *sz)
{
struct proto *proto = TAILQ_FIRST (&sa->protos);
struct srtp_proto *sproto= (struct srtp_proto *) proto->data;
struct in_addr addr, mask;
u_int16_t port;
int id_type = 0;
switch (srcdst)
{
case SRC:
port = sproto->sport;
addr.s_addr = sproto->src_net;
mask.s_addr = sproto->src_mask;
break;
case DST:
port = sproto->dport;
addr.s_addr = sproto->dst_net;
mask.s_addr = sproto->dst_mask;
break;
default:
log_print ("gdoi_build_tek_id_from_sa: "
"Unsupported SRC/DST type (%d)", srcdst);
return 0;
}
id_type = (mask.s_addr == 0xffffffff) ? IPSEC_ID_IPV4_ADDR :
IPSEC_ID_IPV4_ADDR_SUBNET;
return gdoi_build_tek_id_internal (id_type, addr, mask, port, sz);
}
int
gdoi_srtp_get_policy_from_sa (struct sa *sa, u_int8_t **ret_buf,
size_t *ret_buf_sz)
{
u_int8_t *srtp_tek_buf = 0;
u_int8_t *buf = 0;
size_t sz, srtp_tek_sz;
u_int8_t *attr, *attr_start;
struct proto *proto;
struct srtp_proto *sproto;
proto = TAILQ_FIRST (&sa->protos);
sproto = proto->data;
/*
* Set the SRC/DST ID info
*/
srtp_tek_sz = 0;
srtp_tek_buf = NULL;
buf = gdoi_srtp_build_tek_id_from_sa (sa, SRC, &sz);
if (!buf)
{
goto bail_out;
}
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz, buf, sz);
free(buf);
buf = NULL;
buf = gdoi_srtp_build_tek_id_from_sa (sa, DST, &sz);
if (!buf)
{
goto bail_out;
}
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz, buf, sz);
free(buf);
buf = NULL;
/*
* Replay window, KD rate, SRTP lifetime, SRTCP lifetime
* 1 byte each
*/
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
&sproto->replay_window, 1);
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
&sproto->kd_rate, 1);
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
&sproto->srtp_lifetime, 1);
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
&sproto->srtcp_lifetime, 1);
/*
* Write out the SPI size and SPI for this TEK.
*/
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
&proto->spi_sz[0], 1);
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz,
(u_int8_t *)proto->spi[0], proto->spi_sz[0]);
/*
* BEGIN ATTRIBUTE PROCESSING
* Allocate a block for building attributes. It's sized large enough
* so that we think it will avoid buffer overflows....
*/
attr_start = attr = calloc(1, ATTR_SIZE);
if (!attr)
{
log_print ("gdoi_srtp_get_policy: "
"calloc(%d) failed", ATTR_SIZE);
goto bail_out;
}
/*
* Put the cipher into the payload as attributes
*/
attr = attribute_set_basic (attr, SRTP_ATTR_CIPHER, sproto->cipher_type);
attr = attribute_set_basic (attr, SRTP_ATTR_CIPHER_MODE,
sproto->cipher_mode);
attr = attribute_set_basic (attr, SRTP_ATTR_CIPHER_KEY_LENGTH,
sproto->cipher_key_length);
/*
* Add the attributes to the tek payload
*/
srtp_tek_buf = gdoi_grow_buf(srtp_tek_buf, &srtp_tek_sz, attr_start,
(attr - attr_start));
free (attr_start);
if (!srtp_tek_buf)
{
goto bail_out;
}
*ret_buf = srtp_tek_buf;
*ret_buf_sz = srtp_tek_sz;
return 0;
bail_out:
if (buf)
{
free (buf);
}
gdoi_free_attr_payloads();
return -1;
}
u_int8_t *
gdoi_srtp_add_attributes (u_int8_t *attr, struct sa *sa)
{
struct proto *proto = NULL;
struct srtp_proto *sproto = NULL;
proto = TAILQ_LAST(&sa->protos, proto_head);
sproto = (struct srtp_proto *) proto->data;
attr = attribute_set_basic (attr, SRTP_REPLAY_WINDOW, sproto->replay_window);
attr = attribute_set_basic (attr, SRTP_KD_RATE, sproto->kd_rate);
attr = attribute_set_basic (attr, SRTP_LIFETIME, sproto->srtp_lifetime);
attr = attribute_set_basic (attr, SRTP_SRTCP_LIFETIME, sproto->srtp_lifetime);
if (!sproto->master_key)
{
log_print ("gdoi_srtp_add_attributes: Master key missing!\n");
}
else
{
attr = attribute_set_var (attr, SRTP_MASTER_KEY,
sproto->master_key,
sproto->master_key_len);
}
if (!sproto->master_salt_key)
{
log_print ("gdoi_srtp_add_attributes: Master Salt key missing!\n");
}
else
{
attr = attribute_set_var (attr, SRTP_MASTER_SALT_KEY,
sproto->master_salt_key,
sproto->master_salt_key_len);
}
return attr;
}

154
src/gdoi_srtp.h Normal file
View file

@ -0,0 +1,154 @@
/* $Id: gdoi_srtp.h,v 1.4.4.2 2011/12/05 20:31:07 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_srtp.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
#define SRTP_SSRC_SIZE 2
struct srtp_proto {
/*
* traffic selector fields, modelled after IPsec's traffic selectors
*/
in_addr_t src_net;
in_addr_t src_mask;
in_addr_t dst_net;
in_addr_t dst_mask;
u_int8_t tproto;
u_int16_t sport;
u_int16_t dport;
/*
* policy fields
* NOTE: SPI is kept in the generic proto struct.
*/
u_int8_t replay_window;
u_int8_t kd_rate;
u_int8_t srtp_lifetime;
u_int8_t srtcp_lifetime;
u_int16_t cipher_type;
u_int16_t cipher_mode;
u_int16_t cipher_key_length;
/*
* keying material fields
*/
u_int16_t master_key_len;
u_int8_t *master_key;
u_int16_t master_salt_key_len;
u_int8_t *master_salt_key;
};

87
src/gdoi_srtp_attr.h Normal file
View file

@ -0,0 +1,87 @@
/* $Id: gdoi_srtp_attr.h,v 1.1.4.2 2011/12/05 20:31:08 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_srtp_attr.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* SRTP COMMAND_GET Attributes
*
* Used for passing TEK attributes and in betweeen GDOI and the GDOI app
* Attributes based on draft-baugher-msec-gdoi-srtp-00.txt.
*
* Attributes must be in range 1-99.
*/
#define SRTP_SOURCE_ID 1
#define SRTP_DEST_ID 2
#define SRTP_OPTIONS 3
#define SRTP_SSRC 4
#define SRTP_CRYPTO_SUITE 5
#define SRTP_REPLAY_WINDOW 6
#define SRTP_KD_RATE 7
#define SRTP_LIFETIME 8
#define SRTP_ROC 9
#define SRTP_SEQ 10
#define SRTP_MKI 11
#define SRTP_EKT_CIPHER 12
#define SRTP_EKT_SPI 13
#define SRTP_MASTER_KEY 14
#define SRTP_MASTER_SALT_KEY 15
#define SRTP_SRTCP_LIFETIME 16

76
src/gdoi_srtp_protos.h Normal file
View file

@ -0,0 +1,76 @@
/* $Id: gdoi_srtp_protos.h,v 1.1.4.2 2011/12/05 20:31:08 bew Exp $ */
/* $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/Attic/gdoi_srtp_protos.h,v $ */
/*
* The license applies to all software incorporated in the "Cisco GDOI reference
* implementation" except for those portions incorporating third party software
* specifically identified as being licensed under separate license.
*
*
* The Cisco Systems Public Software License, Version 1.0
* Copyright (c) 2001-2007 Cisco Systems, Inc. All rights reserved.
* Subject to the following terms and conditions, Cisco Systems, Inc.,
* hereby grants you a worldwide, royalty-free, nonexclusive, license,
* subject to third party intellectual property claims, to create
* derivative works of the Licensed Code and to reproduce, display,
* perform, sublicense, distribute such Licensed Code and derivative works.
* All rights not expressly granted herein are reserved.
* 1. Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
* 3. The names Cisco and "Cisco GDOI reference implementation" must not
* be used to endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* opensource@cisco.com.
* 4. Products derived from this software may not be called
* "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or
* "Cisco GDOI reference implementation" appear in
* their name, without prior written permission of Cisco Systems, Inc.
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT
* SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
* LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH
* PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH
* LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
* LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT
* EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU
* AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO
* THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US)
* (US$5,000).
*
* ====================================================================
* This software consists of voluntary contributions made by Cisco Systems,
* Inc. and many individuals on behalf of Cisco Systems, Inc. For more
* information on Cisco Systems, Inc., please see <http://www.cisco.com/>.
*
* This product includes software developed by Ericsson Radio Systems.
*/
/*
* SRTP functions referenced by the generic GDOI code
*/
int gdoi_srtp_set_policy(char *, struct message *, struct exchange *);
int gdoi_srtp_decode_tek(struct message *, struct sa *, u_int8_t *, size_t,
int);
int gdoi_srtp_install_keys (struct proto *proto,
struct gdoi_kd_decode_arg *keys);
int gdoi_srtp_deliver_keys(struct message *, struct sa *);
int gdoi_srtp_get_tek_keys(struct gdoi_kd_decode_arg *, struct proto *);
int gdoi_srtp_get_policy_from_sa(struct sa *, u_int8_t **, size_t *);
void srtp_client_init(void);
u_int8_t *gdoi_srtp_add_attributes(u_int8_t *attr, struct sa *sa);

250
src/gdoid.8 Normal file
View file

@ -0,0 +1,250 @@
.\" $OpenBSD: gdoid.8,v 1.24 2001/04/09 21:21:57 ho Exp $
.\" $EOM: gdoid.8,v 1.23 2000/05/02 00:30:23 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
.\" Copyright (c) 1999 Angelos D. Keromytis. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Ericsson Radio Systems.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" This code was written under funding by Ericsson Radio Systems.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd July 31, 1998
.Dt GDOID 8
.Os
.Sh NAME
.Nm gdoid
.Nd GDOI group key management daemon
.Sh SYNOPSIS
.Nm gdoid
.Op Fl c Ar config-file
.Op Fl d
.Op Fl D Ar class=level
.Op Fl f Ar fifo
.Op Fl i Ar pid-file
.Op Fl n
.Op Fl p Ar listen-port
.Op Fl P Ar local-port
.Op Fl L
.Op Fl l Ar packetlog-file
.Op Fl r Ar seed
.Op Fl R Ar report-file
.Sh DESCRIPTION
The
.Nm
daemon establishes security associations for encrypted
and/or authenticated group and multicast network traffic. At this moment,
this means
.Xr ipsec 4
traffic.
.Pp
The gdoid deamon acts in two roles: either as group controller/key server for
a group that distributes keys and policy, or as a group member.
.Pp
A group controller/key server (GCKS) has specific group policy and
cryptographic keys defined for group traffic. The GCKS listens for group
members to register with it. Once contacted by the group member,
it authenticates the group member
and then distributes the policy. Policy includes IPsec SA's, and also GDOI
rekey SAs. The policy is kept in a local configuration file.
.Pp
A group member is configured to register with a GCKS, to get the policy and
keys for a specific group. It too has a configuration file, but one with just
enough configuration to identity and authenticate itself to the GCKS.
If the group member is given IPsec SAs as part of the registreation, it will
try to load them into the kernel with a
.Dv PF_KEY
socket.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl c Ar config-file
If given, the
.Fl c
option specifies an alternate configuration file instead of
.Pa /etc/gdoid/gdoid.conf .
As this file may contain sensitive information, it must be readable
only by the user running the daemon.
.It Fl d
The
.Fl d
option is used to make the daemon run in the foreground, logging to stderr.
.It Xo Fl D
.Ar class Ns No = Ns Ar level
.Xc
Debugging class.
This argument is possible to specify many times.
It takes a parameter of the form
.Ar class Ns No = Ns Ar level
where both
.Ar class
and
.Ar level
are numbers.
.Ar class
denotes a debugging class, and
.Ar level
the level you want that debugging class to
limit debug printouts at (i.e., all debug printouts above the level specified
will not output anything).
If
.Ar class
is set to 'A',
then all debugging classes are set to the specified level.
.Pp
Valid values for
.Ar class
are as follows:
.Pp
.Bl -tag -width 1n -compact -offset indent
.It 0
Misc
.It 1
Transport
.It 2
Message
.It 3
Crypto
.It 4
Timer
.It 5
Sysdep
.It 6
SA
.It 7
Exchange
.It 8
Negotiation
.It 9
Policy
.It A
All
.El
.It Fl f Ar fifo
The
.Fl f
option specifies the
.Tn FIFO
(a.k.a. named pipe) where the daemon listens for
user requests.
If the path given is a dash
.Pq Sq \&- ,
.Nm
will listen to stdin instead.
.It Fl i Ar pid-file
By default the PID of the daemon process will be written to
.Pa /var/run/gdoid.pid .
This path can be overridden by specifying another one as the argument to the
.Fl i
option.
.It Fl n
When the
.Fl n
option is given, the kernel will not take part in the negotiations.
This is a non-destructive mode so to say, in that it won't alter any
SAs in the IPsec stack.
.It Fl p Ar listen-port
The
.Fl p
option specifies the listen port the daemon will bind to.
.It Fl P Ar local-port
On the other hand, the port specified to capital
.Fl P
will be what the daemon binds its local end to when acting as
initiator.
.It Fl L
Enable GDOI packet capture. When this option is given,
.Nm
will capture to file an unencrypted copy of the negotiation packets it
is sending and receiveing. This file can later be read by
.Xr tcpdump 8
and other utilities using
.Xr pcap 3 .
.It Fl l Ar packetlog-file
As option
.Fl L
above, but capture to a specified file.
.It Fl r Ar seed
If given a deterministic random number sequence will be used internally.
.It Fl R Ar report-file
When you signal
.Nm
a
.Dv SIGUSR1
it will report its internal state to a report file, normally
.Pa /var/run/gdoid.report ,
but this can be changed by feeding
the file name as an argument to the
.Fl R
flag.
.El
.Sh BUGS
The
.Fl P
flag does not do what we document, rather it does nothing.
.Sh FILES
.Bl -tag -width /var/run/gdoid.report
.It Pa /etc/gdoid/ca/
The directory where CA certificates can be found.
.It Pa /etc/gdoid/certs/
The directory where GDOI certificates can be found, both the local
certificate(s) and those of the peers, if a choice to have them kept
permanently has been made.
.It Pa /etc/gdoid/gdoid.conf
The configuration file. As this file can contain sensitive information
it must not be readable by anyone but the user running gdoid.
.It Pa /etc/gdoid/private/local.key
A local private key for certificate based authentication. There has
to be a certificate for this key in the certificate directory mentioned
above. Same mode requirements as gdoid.conf.
.It Pa /var/run/gdoid.fifo
The FIFO used to manually control
.Nm gdoid .
.It Pa /var/run/gdoid.pcap
The default GDOI packet capture file.
.It Pa /var/run/gdoid.report
The report file written when
.Dv SIGUSR1
is received.
.El
.Sh SEE ALSO
.Xr ipsec 4 ,
.Xr gdoid.conf 5 ,
.Xr openssl 8 ,
.Xr pcap 3 ,
.Xr photurisd 8 ,
.Xr ssl 8 ,
.Xr tcpdump 8 ,
.Sh HISTORY
The GDOI key management protocol is described in RFC 3547. It is based on
the ISAKMP/Oakley key management protocol is described in the RFCs
.%T RFC 2407 ,
.%T RFC 2408
and
.%T RFC 2409 .
This gdoid implementation was based on isakmpd, by Niklas Hallqvist and Niels Provos,
sponsored by Ericsson Radio Systems.

792
src/gdoid.conf.5 Normal file
View file

@ -0,0 +1,792 @@
.\" $Id: gdoid.conf.5,v 1.3 2005/10/11 17:57:36 bew Exp $
.\" $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/gdoid.conf.5,v $
.\"
.\" $OpenBSD: gdoid.conf.5,v 1.50 2001/04/05 23:04:53 ho Exp $
.\" $EOM: gdoid.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
.\" Copyright (c) 2000, 2001 Håkan Olsson. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Ericsson Radio Systems.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" This code was written under funding by Ericsson Radio Systems.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd August 15, 2003
.Dt GDOID.CONF 5
.Os
.Sh NAME
.Nm gdoid.conf
.Nd configuration file for gdoid
.Sh DESCRIPTION
.Nm
is the configuration file for the
.Nm gdoid
daemon managing security association and key management for the
IPSEC layer of the kernel's networking stack.
.Pp
The file is of a well known type of format called .INI style, named after
the suffix used by an overrated windowing environment for its configuration
files.
This format consists of sections, each beginning with a line looking like:
.Bd -literal
[Section name]
.Ed
Between the brackets is the name of the section following this section header.
Inside a section many tag/value pairs can be stored, each one looking like:
.Bd -literal
Tag=Value
.Ed
If the value needs more space than fits on a single line it's possible to
continue it on the next by ending the first with a backslash character
immediately before the newline character.
This method can extend a value for an arbitrary amount of lines.
.Pp
Comments can be put anywhere in the file by using a hash mark
.Pq Sq \&# .
Then the comment goes on to the end of the line.
.Pp
Often the right-hand side values consist of other section names.
This results in a tree structure.
Some values are treated as a list of several scalar values, such lists always
use comma as the separator.
Some values are formatted like this: X,Y:Z, which
is an offer/accept syntax, where X is a value we offer and Y:Z is a range of
accepted values, inclusive.
.Pp
.\"XXX Following empty .Ss works around a nroff bug, we want the new line."
.Ss
.Pp
.Ss Roots
.Bl -hang -width 12n
.It Em General
Generic global configuration parameters
.Bl -tag -width 12n
.It Em Retransmits
How many times should a message be retransmitted before giving up.
.It Em Check-interval
The interval between watchdog checks of connections we want up at all times.
.It Em Exchange-max-time
How many seconds should an exchange maximally take to setup
before we give up.
.It Em Listen-on
A list of IP-addresses OK to listen on.
This list is used as
a filter for the set of addresses the interfaces configured
provides.
This means that we won't see if an address given
here does not exist on this host, and thus no error is given for
that case.
.It Em Shared-SADB
If this tag is defined, whatever the value is, some semantics of
.Nm
are changed so that multiple instances can run on top of one SADB
and setup SAs with eachother.
Specifically this means replay
protection will not be asked for, and errors that can occur when
updating an SA with its parameters a 2nd time will be ignored.
.El
.It Em Phase 1
ISAKMP SA negotiation parameter root
.Bl -tag -width 12n
.It Em <IP-address>
A name of the ISAKMP peer at the given IP-address.
.It Em Default
A name of the default ISAKMP peer. Incoming
Phase 1 connections from other IP-addresses will use this peer name.
.It ""
This name is used as the section name for further information to be found.
Look at <ISAKMP-peer> below.
.El
.It Em Phase 2
IPsec SA negotiation parameter root
.Bl -tag -width 12n
.It Em Connections
A list of directed IPSec "connection" names that should be brought up
automatically, either on first use if the system supports it, or at
startup of the daemon.
These names are section names where further information can be found.
Look at <IPSec-connection> below.
Normally any connection mentioned here are treated as part of the
"Passive-connection" list we present below, however there is a
flag: "Active-only" that disables this behaviour.
This too is mentioned in the <IPSec-connection> section, in the "Flags" tag.
.It Em Passive-connections
A list of IPSec "connection" names we recognize and accept initiations for.
These names are section names where further information can be found.
Look at <IPSec-connection> below.
Currently only the Local-ID and Remote-ID tags
are looked at in those sections, as they are matched against the IDs given
by the initiator.
.El
.It Em X509-Certificates
.Bl -tag -width 12n
.It Em CA-directory
A directory containing PEM certificates of certification authorities
that we trust to sign other certificates.
The certificates in this directory are used for the actual X.509
authentication and for cross-referencing policies that refer to
Distinguished Names (DNs). Keeping a separate directory (as opposed
to integrating policies and X.509 CA certificates) allows for maintenance
of a list of "well known" CAs without actually having to trust all (or any)
of them.
.It Em Cert-directory
A directory containing PEM certificates that we trust to be valid.
These certificates are used in preference to those passed in messages and
are required to have a SubjectAltName extension.
.It Em Accept-self-signed
If this tag is defined, whatever the value is, certificates that
do not originate from a trusted CA but are self-signed will be
accepted.
.It Em Private-key
The private key matching the public key of our certificate (which should be
in the "Cert-directory", and have a subjectAltName matching our ID, so far
that is our IP-address).
.El
.El
.Ss Referred-to sections
.Bl -hang -width 12n
.It Em <ISAKMP-peer>
Parameters for negotiation with an ISAKMP peer
.Bl -tag -width 12n
.It Em Phase
The constant
.Li 1 ,
as ISAKMP-peers and Group-specification
really are handled by the same code inside gdoid.
.It Em Transport
The name of the transport protocol, defaults to
.Li UDP .
.It Em Port
In case of
.Li UDP ,
the
.Li UDP
port number to send to.
This is optional, the
default value is 500 which is the IANA-registered number for ISAKMP.
.It Em Local-address
The Local IP-address to use, if we are multi-homed, or have aliases.
.It Em Address
If existent, the IP-address of the peer.
.It Em Configuration
The name of the ISAKMP-configuration section to use.
Look at <ISAKMP-configuration> below.
.It Em Authentication
If existent, authentication data for this specific peer.
In the case of preshared key, this is the key value itself.
.It Em ID
If existent, the name of the section that describes the
local client ID that we should present to our peer.
If not present, it
defaults to the address of the local interface we are sending packets
over to the remote daemon.
Look at <Phase1-ID> below.
.It Em Remote-ID
If existent, the name of the section that describes the remote client
ID we expect the remote daemon to send us.
If not present, it defaults to the address of the remote daemon.
Look at <Phase1-ID> below.
.It Em Flags
A comma-separated list of flags controlling the further
handling of the ISAKMP SA.
Currently there are no specific ISAKMP SA flags defined.
.El
.It Em <Phase1-ID>
.Bl -tag -width 12n
.It Em ID-type
The ID type as given by the RFCs.
For Phase 1 this is currently
.Li IPV4_ADDR ,
.Li IPV4_ADDR_SUBNET ,
.Li FQDN ,
.Li USER_FQDN ,
or
.Li KEY_ID .
.It Em Address
If the ID-type is
.Li IPV4_ADDR ,
this tag should exist and be an IP-address.
.It Em Network
If the ID-type is
.Li IPV4_ADDR_SUBNET
this tag should exist and
be a network address.
.It Em Netmask
If the ID-type is
.Li IPV4_ADDR_SUBNET
this tag should exist and
be a network subnet mask.
.It Em Name
If the ID-type is
.Li FQDN ,
.Li USER_FQDN ,
or
.Li KEY_ID ,
this tag should exist and contain a domain name, user@domain, or
other identifying string respectively.
.El
.It Em <ISAKMP-configuration>
.Bl -tag -width 12n
.It Em DOI
The domain of interpretation as given by the RFCs.
Normally
.Li GDOI .
If unspecified, results in an error.
.It Em EXCHANGE_TYPE
The exchange type as given by the RFCs.
For main mode this is
.Li ID_PROT
and for aggressive mode it is
.Li AGGRESSIVE .
.It Em Transforms
A list of proposed transforms to use for protecting the
ISAKMP traffic.
These are actually names for sections
further describing the transforms.
Look at <ISAKMP-transform> below.
.El
.It Em <ISAKMP-transform>
.Bl -tag -width 12n
.It Em ENCRYPTION_ALGORITHM
The encryption algorithm as the RFCs name it, or ANY to denote that any
encryption algorithm proposed will be accepted.
.It Em KEY_LENGTH
For encryption algorithms with variable key length, this is
where the offered/accepted keylengths are described.
The value is of the offer-accept kind described above.
.It Em HASH_ALGORITHM
The hash algorithm as the RFCs name it, or ANY.
.It Em AUTHENTICATION_METHOD
The authentication method as the RFCs name it, or ANY.
.It Em GROUP_DESCRIPTION
The group used for Diffie-Hellman exponentiations, or ANY.
The name are symbolic, like
.Li MODP_768 , MODP_1024 , EC_155
and
.Li EC_185 .
.It Em PRF
The algorithm to use for the keyed pseudo-random function (used for key
derivation and authentication in Phase 1), or ANY.
.It Em Life
A list of lifetime descriptions, or ANY.
In the former case, each
element is in itself a name of the section that defines the lifetime.
Look at <Lifetime> below.
If it is set to ANY, then any type of
proposed lifetime type and value will be accepted.
.El
.It Em <Lifetime>
.Bl -tag -width 12n
.It Em LIFE_TYPE
.Li SECONDS
or
.Li KILOBYTES
depending on the type of the duration.
Notice that this field may NOT be set to ANY.
.It Em LIFE_DURATION
An offer/accept kind of value, see above.
Can also be set to ANY.
.El
.It Em <Group-specification>
.Bl -tag -width 12n
.It Em Phase
The constant
.Li 2 ,
as ISAKMP-peers and Group-specification
really are handled by the same code inside gdoid.
.It Em Configuration
The name of the Group-configuration section to use.
Look at <Group-configuration> below.
.It Em Group-ID
The name of the section that describes the
local group ID for which the <Group-configuration> is identified.
.El
.It Em <Group-configuration>
.Bl -tag -width 12n
.It Em DOI
The domain of interpretation as given by the RFCs. Should be
.Li GDOI .
.It Em EXCHANGE_TYPE
The exchange type as given by RFC 3549.
For GDOI Registration this is
.Li PULL_MODE .
.It Em SA-TEKS
On the key server only, a list of <Data-SA-policy> statements that describe
particular IPsec SAs.
.It Em SA-KEK
On the key server only, a single <Rekey-policy> statement that describes
the GDOI PUSH_MODE Rekey message.
.El
.It Em <Data-SA-policy>
The policy definition and keys associated with a Data SA. The keys (and in the
case of IPsec, the SPI) are used for the first use of the SA. If a GDOI rekey
message sends another SA based on this policy, it will replace the keys and
SPI with random values.
.Bl -tag -width 12n
.It Em Crypto-protocol
The protocol type used to protect the data. The only supported value is
PROTO_IPSEC_ESP.
.It Em Source-ID
The name of the section that describes the
source address or addresses that represent the sender of data packets.
Look at <IPSec-ID> below.
.It Em Dest-ID
The name of the section that describes the
destination address or addresses that represent the destination of data packets.
Look at <IPSec-ID> below.
.It Em SPI
The Security Parameter Index (SPI) value representing this SA.
.It Em TEK_Suite
The <IPSec-suite> which represents the IPsec policy to use for the packets
matching this SA.
.It Em DES_KEY1
When 3DES is specified in the TEK_Suite, this is the first of the three
3DES keys used when creating the SA.
.It Em DES_KEY2
When 3DES is specified in the TEK_Suite, this is the second of the three
3DES keys used when creating the SA.
.It Em DES_KEY3
When 3DES is specified in the TEK_Suite, this is the third of the three
3DES keys used when creating the SA.
.It Em AES_KEY
When AES is specified in the TEK_Suite, this is the
key used when creating the SA.
.It Em SHA_KEY
When SHA is specified in the TEK_Suite, this is the SHA key used for
packet authentication.
.El
.It Em <Rekey-policy>
.Bl -tag -width 12n
.It Em Source-ID
The name of the section that describes the
source address that represents the sender of rekey packets.
Look at <IPSec-ID> below.
.It Em Dest-ID
The name of the section that describes the
destination address that represents the destination of the rekey packets.
Look at <IPSec-ID> below.
.It Em SPI
The Security Parameter Index (SPI) value representing this SA. The SPI is the
same as the ISAKMP "cookie pair".
.It Em ENCRYPTION_ALGORITHM
The encryption algorithm used to protect the rekey message. Must be 3DES.
.It Em SIG_HASH_ALGORITHM
The cryptographic algorithm used to digest the rekey message. Must be SHA.
.It Em SIG_ALGORITHM
The cryptographic algorithm used to create a signature for the rekey message.
Must be RSA.
.It Em DES_IV
The value of an Initialization Vector used when the ENCRYPTION_ALGORITHM
requires one.
.It Em DES_KEY1
When 3DES is specified as the ENCRYPTION_ALGORITHM,
this is the first of the three
3DES keys used to encrypt the rekey message.
.It Em DES_KEY2
When 3DES is specified as the ENCRYPTION_ALGORITHM,
this is the second of the three
3DES keys used to encrypt the rekey message.
.It Em DES_KEY3
When 3DES is specified as the ENCRYPTION_ALGORITHM,
this is the third of the three
3DES keys used to encrypt the rekey message.
.It Em <RSA-Keypair>
The location in the file system of a DER-encoded keypair. The private key of
this keypair is used by the key server to sign messages. The public key of
this keypair is passed to group members for the purpose of verifying the
authenticity of rekey messages.
.It Em <REKEY_PERIOD>
The period between which rekey messages are sent. The rekey messages conatin
replacement SAs for those listed in the <Data-SA-policy> part of the
<Group-configuration>. The rekey period value works best when it is identical
to the lifetime of the IPSec SAs.
.El
.It Em <IPSec-suite>
.Bl -tag -width 12n
.It Em Protocols
A list of the protocols included in this protection suite.
Each of the list elements is a name of an <IPSec-protocol>
section.
See below.
.El
.It Em <IPSec-protocol>
.Bl -tag -width 12n
.It Em PROTOCOL_ID
The protocol as given by the RFCs.
Acceptable values today are
.Li IPSEC_AH
and
.Li IPSEC_ESP .
.It Em Transforms
A list of transforms usable for implementing the protocol.
Each of the list elements is a name of an <IPSec-transform>
section.
See below.
.It Em ReplayWindow
The size of the window used for replay protection.
This is normally left alone.
Look at the
.Nm ESP
and
.Nm AH
RFCs for a better description.
.El
.It Em <IPSec-transform>
.Bl -tag -width 12n
.It Em TRANSFORM_ID
The transform ID as given by the RFCs.
.It Em ENCAPSULATION_MODE
The encapsulation mode as given by the RFCs.
This means TRANSPORT or TUNNEL.
.It Em AUTHENTICATION_ALGORITHM
The optional authentication algorithm in the case of this
being an ESP transform.
.It Em GROUP_DESCRIPTION
An optional (provides PFS if present) Diffie-Hellman group
description.
The values are the same as GROUP_DESCRIPTION's
in <ISAKMP-transform> sections shown above.
.It Em Life
List of lifetimes, each element is a <Lifetime> section name.
.El
.It Em <IPSec-ID>
.Bl -tag -width 12n
.It Em ID-type
The ID type as given by the RFCs.
For IPSec this is currently
.Li IPV4_ADDR
or
.Li IPV4_ADDR_SUBNET .
.It Em Address
If the ID-type is
.Li IPV4_ADDR ,
this tag should exist and be an IP-address.
.It Em Network
If the ID-type is
.Li IPV4_ADDR_SUBNET
this tag should exist and
be a network address.
.It Em Netmask
If the ID-type is
.Li IPV4_ADDR_SUBNET
this tag should exist and
be a network subnet mask.
.It Em Protocol
If the ID-type is
.Li IPV4_ADDR
or
.Li IPV4_ADDR_SUBNET ,
this tag indicates what transport protocol should be transmitted over
the SA.
If left unspecified, all transport protocols between the two address
(ranges) will be sent (or permitted) over that SA.
.It Em Port
If the ID-type is
.Li IPV4_ADDR
or
.Li IPV4_ADDR_SUBNET ,
this tag indicates what source or destination port is allowed to be
transported over the SA (depending on whether this is a local or
remote ID).
If left unspecified, all ports of the given transport protocol
will be transmitted (or permitted) over the SA.
The Protocol tag must be specified in conjunction with this tag.
.El
.Sh EXAMPLES
.Pp
EXAMPLE 1: An example of a key server configuration file:
.Pp
.Bd -literal
#
# A configuration sample for testing GDOI.
# This is the key server side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.2
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.1= GDOI-loopback-1
127.0.0.3= GDOI-loopback-3
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Passive-Connections= Group-1234
[GDOI-loopback-1]
Phase= 1
Transport= udp
Local-address= 127.0.0.2
Address= 127.0.0.1
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[GDOI-loopback-3]
Phase= 1
Transport= udp
Local-address= 127.0.0.2
Address= 127.0.0.3
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
#ISAKMP-peer= GDOI-loopback-1
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_3600_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# GDOI description
########################
# 3DES
[GDOI-ESP-3DES-SHA-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_3600_SECS
# AES
[GDOI-ESP-AES-SHA-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_3600_SECS
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
#
SA-KEK= GROUP2-KEK
SA-TEKS= GROUP1-TEK1,GROUP1-TEK2
[GROUP2-KEK]
Src-ID= Group-kek-src
Dst-ID= Group-kek-dst
SPI= abcdefgh01234567
ENCRYPTION_ALGORITHM= 3DES
SIG_HASH_ALGORITHM= SHA
SIG_ALGORITHM= RSA
DES_IV= IVIVIVIV
DES_KEY1= ABCDEFGH
DES_KEY2= IJKLMNOP
DES_KEY3= QRSTUVWX
RSA-Keypair= /usr/local/gdoi/tests/rsakeys.der
REKEY_PERIOD= 30
[Group-kek-src]
ID-type= IPV4_ADDR
Address= 127.0.0.2
Port= 2400
[Group-kek-dst]
ID-type= IPV4_ADDR
#Address= 172.23.56.253
Address= 239.11.1.1
Port= 848
# Src-ID and Dst-ID are the addresses for the IP ESP packet.
[GROUP1-TEK1]
Crypto-protocol= PROTO_IPSEC_ESP
Src-ID= Group-tek1-src
Dst-ID= Group-tek1-dst
# SPI is 0x1122aabb
SPI= 287484603
TEK_Suite= GDOI-ESP-3DES-SHA-SUITE
DES_KEY1= ABCDEFGH
DES_KEY2= IJKLMNOP
DES_KEY3= QRSTUVWX
SHA_KEY= 12345678901234567890
[Group-tek1-src]
ID-type= IPV4_ADDR
Address= 172.19.137.42
Port= 1024
[Group-tek1-dst]
ID-type= IPV4_ADDR
Address= 239.192.1.1
Port= 1024
# Src-ID and Dst-ID are the addresses for the IP ESP packet.
[GROUP1-TEK2]
Src-ID= Group-tek2-src
Dst-ID= Group-tek2-dst
# SPI is 0x3344ccdd
SPI= 860146909
TEK_Suite= GDOI-ESP-AES-SHA-SUITE
AES_KEY= ABCDEFGHIJKLMNOP
SHA_KEY= 01234567890123456789
[Group-tek2-src]
ID-type= IPV4_ADDR
Address= 172.19.137.42
Port= 512
[Group-tek2-dst]
ID-type= IPV4_ADDR
Address= 239.192.1.2
Port= 512
[GDOI-ESP-3DES-SHA-SUITE]
Protocols= GDOI-ESP-3DES-SHA
[GDOI-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= GDOI-ESP-3DES-SHA-XF
[GDOI-ESP-AES-SHA-SUITE]
Protocols= GDOI-ESP-AES-SHA
[GDOI-ESP-AES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= GDOI-ESP-AES-SHA-XF
EXAMPLE 2: An example of a group member configuration file:
#
# A configuration sample for testing GDOI.
# This is the client (group member) side.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 127.0.0.1
check-interval= 86400
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.2= ISAKMP-peer-gcks
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[ISAKMP-peer-gcks]
Phase= 1
Transport= udp
Local-address= 127.0.0.1
Address= 127.0.0.2
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= ISAKMP-peer-gcks
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_3600_SECS
# Lifetimes
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
.Ed
.Sh SEE ALSO
.Xr ipsec 4 ,
.Xr gdoid 8

121
src/genconstants.sh Normal file
View file

@ -0,0 +1,121 @@
# $Id: genconstants.sh,v 1.2 2002/05/10 04:25:13 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/src/genconstants.sh,v $
# $OpenBSD: genconstants.sh,v 1.8 2001/01/27 12:03:32 niklas Exp $
# $EOM: genconstants.sh,v 1.6 1999/04/02 01:15:53 niklas Exp $
#
# Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by Ericsson Radio Systems.
# 4. The name of the author may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# This code was written under funding by Ericsson Radio Systems.
#
base=`basename $1`
upcased_name=`echo $base |tr a-z A-Z`
awk=${AWK:-awk}
locase_function='function locase (str) {
cmd = "echo " str " |tr A-Z a-z"
cmd | getline retval;
close (cmd);
return retval;
}'
$awk "
$locase_function
"'
BEGIN {
print "/* DO NOT EDIT-- this file is automatically generated. */\n"
print "#ifndef _'$upcased_name'_H_"
print "#define _'$upcased_name'_H_\n"
print "#include \"sysdep.h\"\n"
print "#include \"constants.h\"\n"
}
/^[#.]/ {
next
}
/^[^ ]/ {
prefix = $1
printf ("extern struct constant_map %s_cst[];\n\n", locase(prefix));
next
}
/^[ ]/ && $1 {
printf ("#define %s_%s %s\n", prefix, $1, $2)
next
}
{
print
}
END {
printf ("\n")
print "#endif /* _'$upcased_name'_H_ */"
}
' <$1.cst >$base.h
$awk "
$locase_function
"'
BEGIN {
print "/* DO NOT EDIT-- this file is automatically generated. */\n"
print "#include \"sysdep.h\"\n"
print "#include \"constants.h\""
print "#include \"'$base'.h\"\n"
}
/^#/ {
next
}
/^\./ {
print " { 0, 0 }\n};\n"
next
}
/^[^ ]/ {
prefix = $1
printf ("struct constant_map %s_cst[] = {\n", locase(prefix))
next
}
/^[ ]/ && $1 {
printf (" { %s_%s, \"%s\", %s }, \n", prefix, $1, $1, $3 ? $3 : 0)
next
}
{
print
}
' <$1.cst >$base.c

Some files were not shown because too many files have changed in this diff Show more