8 files changed, 71 insertions, 57 deletions

diff --git a/Source/lib/asn1/pem.c b/Source/lib/asn1/pem.c
index 24c71c61f..b02268dd9 100755
--- a/Source/lib/asn1/pem.c
+++ b/Source/lib/asn1/pem.c
@@ -172,7 +172,7 @@ static status_t pem_decrypt(chunk_t *blob, chunk_t *iv, char *passphrase)
 	
 	/* build key from passphrase and IV */
 	hasher = hasher_create(HASH_MD5);
-	hash.len = hasher->get_block_size(hasher);
+	hash.len = hasher->get_hash_size(hasher);
 	hash.ptr = alloca(hash.len);
 	hasher->get_hash(hasher, pass, NULL);
 	hasher->get_hash(hasher, *iv, hash.ptr);
diff --git a/Source/lib/crypto/hashers/hasher.h b/Source/lib/crypto/hashers/hasher.h
index a4d6f14d7..24683c01b 100644
--- a/Source/lib/crypto/hashers/hasher.h
+++ b/Source/lib/crypto/hashers/hasher.h
@@ -109,12 +109,12 @@ struct hasher_t {
 	void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
 	
 	/**
-	 * @brief Get the block size of this hashing function.
+	 * @brief Get the size of the resulting hash.
 	 * 
 	 * @param this			calling object
-	 * @return				block size in bytes
+	 * @return				hash size in bytes
 	 */
-	size_t (*get_block_size) (hasher_t *this);
+	size_t (*get_hash_size) (hasher_t *this);
 	
 	/**
 	 * @brief Resets the hashers state, which allows
diff --git a/Source/lib/crypto/hashers/md5_hasher.c b/Source/lib/crypto/hashers/md5_hasher.c
index 8d6361139..bd3ab0c62 100644
--- a/Source/lib/crypto/hashers/md5_hasher.c
+++ b/Source/lib/crypto/hashers/md5_hasher.c
@@ -346,9 +346,9 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha
 }
 	
 /**
- * Implementation of hasher_t.get_block_size.
+ * Implementation of hasher_t.get_hash_size.
  */
-static size_t get_block_size(private_md5_hasher_t *this)
+static size_t get_hash_size(private_md5_hasher_t *this)
 {
 	return BLOCK_SIZE_MD5;
 }
@@ -383,7 +383,7 @@ md5_hasher_t *md5_hasher_create()
 
 	this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
 	this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
-	this->public.hasher_interface.get_block_size = (size_t (*) (hasher_t*))get_block_size;
+	this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
 	this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
 	this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
 	
diff --git a/Source/lib/crypto/hashers/sha1_hasher.c b/Source/lib/crypto/hashers/sha1_hasher.c
index b66e75ada..2b82ef4ba 100644
--- a/Source/lib/crypto/hashers/sha1_hasher.c
+++ b/Source/lib/crypto/hashers/sha1_hasher.c
@@ -220,9 +220,9 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h
 }
 	
 /**
- * Implementation of hasher_t.get_block_size.
+ * Implementation of hasher_t.get_hash_size.
  */
-static size_t get_block_size(private_sha1_hasher_t *this)
+static size_t get_hash_size(private_sha1_hasher_t *this)
 {
 	return BLOCK_SIZE_SHA1;
 }
@@ -258,7 +258,7 @@ sha1_hasher_t *sha1_hasher_create()
 	
 	this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
 	this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
-	this->public.hasher_interface.get_block_size = (size_t (*) (hasher_t*))get_block_size;
+	this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
 	this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
 	this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
 	
diff --git a/Source/lib/crypto/hmac.c b/Source/lib/crypto/hmac.c
index 84d6044fd..bb8880770 100644
--- a/Source/lib/crypto/hmac.c
+++ b/Source/lib/crypto/hmac.c
@@ -70,7 +70,7 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
 	 * 
 	 */
 	
-	u_int8_t buffer[this->h->get_block_size(this->h)];
+	u_int8_t buffer[this->h->get_hash_size(this->h)];
 	chunk_t inner;
 	
 	if (out == NULL)
@@ -82,7 +82,7 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
 	{
 		/* append and do outer hash */
 		inner.ptr = buffer;
-		inner.len = this->h->get_block_size(this->h);
+		inner.len = this->h->get_hash_size(this->h);
 		
 		/* complete inner */
 		this->h->get_hash(this->h, data, buffer);
@@ -109,7 +109,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
 	}
 	else
 	{
-		out->len = this->h->get_block_size(this->h);
+		out->len = this->h->get_hash_size(this->h);
 		out->ptr = malloc(out->len);
 		this->hmac.get_mac(&(this->hmac), data, out->ptr);
 	}
@@ -120,7 +120,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
  */
 static size_t get_block_size(private_hmac_t *this)
 {
-	return this->h->get_block_size(this->h);
+	return this->h->get_hash_size(this->h);
 }
 
 /**
diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c
index 6b6988b62..6601b6cda 100644
--- a/Source/lib/crypto/rsa/rsa_public_key.c
+++ b/Source/lib/crypto/rsa/rsa_public_key.c
@@ -272,7 +272,7 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 		return NOT_SUPPORTED;	
 	}
 	
-	if (pos + hasher->get_block_size(hasher) != em.ptr + em.len)
+	if (pos + hasher->get_hash_size(hasher) != em.ptr + em.len)
 	{
 		/* bad length */
 		free(em.ptr);
diff --git a/Source/patches/strongswan-2.7.0.patch b/Source/patches/strongswan-2.7.0.patch
index 6f3ba1b27..b21e1013b 100644
--- a/Source/patches/strongswan-2.7.0.patch
+++ b/Source/patches/strongswan-2.7.0.patch
@@ -1,6 +1,6 @@
-diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-charon/Makefile.inc
+diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc
 --- strongswan-2.7.0/Makefile.inc	2006-01-25 18:23:15.000000000 +0100
-+++ strongswan-2.7.0-charon/Makefile.inc	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/Makefile.inc	2006-04-28 08:56:38.000000000 +0200
 @@ -84,6 +84,8 @@
  FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
  LIBDIR=$(DESTDIR)$(FINALLIBDIR)
@@ -20,9 +20,9 @@ diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-charon/Makefile.inc
  # Default PKCS11 library
  # Uncomment this line if using OpenSC <= 0.9.6
  PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
-diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-charon/programs/Makefile
+diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile
 --- strongswan-2.7.0/programs/Makefile	2006-04-17 13:04:45.000000000 +0200
-+++ strongswan-2.7.0-charon/programs/Makefile	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/Makefile	2006-04-28 08:56:38.000000000 +0200
 @@ -32,6 +32,10 @@
  SUBDIRS+=showpolicy
  endif
@@ -34,9 +34,9 @@ diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-charon/programs/M
  def:
  	@echo "Please read doc/intro.html or INSTALL before running make"
  	@false
-diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-charon/programs/ipsec/ipsec.in
+diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in
 --- strongswan-2.7.0/programs/ipsec/ipsec.in	2006-03-09 21:09:33.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/ipsec/ipsec.in	2006-04-27 09:27:27.000000000 +0200
++++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in	2006-04-28 08:56:38.000000000 +0200
 @@ -26,6 +26,7 @@
  export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
  
@@ -95,9 +95,9 @@ diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-charon/prog
  	exit 0
  	;;
  update)
-diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-charon/programs/pluto/Makefile
+diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile
 --- strongswan-2.7.0/programs/pluto/Makefile	2006-01-25 18:22:19.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/pluto/Makefile	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/pluto/Makefile	2006-04-28 08:56:38.000000000 +0200
 @@ -170,6 +170,11 @@
    LIBSPLUTO+= -ldl
  endif
@@ -110,28 +110,42 @@ diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-charon/prog
  # This compile option activates the leak detective
  ifeq ($(USE_LEAK_DETECTIVE),true)
    DEFINES+= -DLEAK_DETECTIVE
-diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-charon/programs/pluto/demux.c
+diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c
 --- strongswan-2.7.0/programs/pluto/demux.c	2005-02-18 22:08:59.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/pluto/demux.c	2006-04-27 09:25:22.000000000 +0200
-@@ -1229,6 +1229,15 @@
++++ strongswan-2.7.0-patched/programs/pluto/demux.c	2006-04-28 08:56:13.000000000 +0200
+@@ -1196,6 +1196,21 @@
+ 	}
+ #endif
+ 
++#ifdef IKEV2
++#define IKEV2_VERSION_OFFSET	17
++#define IKEV2_VERSION		0x20
++
++    /* ignore IKEv2 packets - they will be handled by charon */
++    if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET
++    &&  md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION)
++    {
++	DBG(DBG_CONTROLMORE,
++	    DBG_log("  ignoring IKEv2 packet")
++	)
++	return FALSE;
++    }
++#endif /* IKEV2 */
++
+     return TRUE;
+ }
+ 
+@@ -1229,6 +1244,7 @@
  	if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
  	{
  	    struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
-+#ifdef IKEV2
-+	    if ((hdr->isa_version >> ISA_MAJ_SHIFT) == 0x2 &&
-+			(hdr->isa_version & ISA_MIN_MASK) == 0x0)
-+	    {
-+		/* IKEv2 is handled from charon, ignore */
-+		return;
-+	    }
-+	    else 
-+#endif /* IKEV2 */
++
  	    if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
  	    {
  		SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
-diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-charon/programs/starter/Makefile
+diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile
 --- strongswan-2.7.0/programs/starter/Makefile	2006-02-17 20:34:02.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/Makefile	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/Makefile	2006-04-28 08:56:38.000000000 +0200
 @@ -34,6 +34,11 @@
    DEFINES+= -DLEAK_DETECTIVE
  endif
@@ -156,9 +170,9 @@ diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-charon/pr
  DISTSRC=$(OBJS:.o=.c)
  DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
  DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
-diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-charon/programs/starter/args.c
+diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c
 --- strongswan-2.7.0/programs/starter/args.c	2006-04-17 12:32:36.000000000 +0200
-+++ strongswan-2.7.0-charon/programs/starter/args.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/args.c	2006-04-28 08:56:38.000000000 +0200
 @@ -86,6 +86,10 @@
  
  static const char *LST_keyexchange[] = {
@@ -170,9 +184,9 @@ diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-charon/prog
       NULL
  };
  
-diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-charon/programs/starter/files.h
+diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h
 --- strongswan-2.7.0/programs/starter/files.h	2006-02-04 19:52:58.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/files.h	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/files.h	2006-04-28 08:56:38.000000000 +0200
 @@ -37,8 +37,15 @@
  #define SECRETS_FILE	IPSEC_CONFDIR"/ipsec.secrets"
  
@@ -191,9 +205,9 @@ diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-charon/pro
  
  #define DYNIP_DIR       "/var/run/dynip"
  #define INFO_FILE       "/var/run/ipsec.info"
-diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-charon/programs/starter/invokecharon.c
+diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c
 --- strongswan-2.7.0/programs/starter/invokecharon.c	1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/invokecharon.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/invokecharon.c	2006-04-28 08:56:38.000000000 +0200
 @@ -0,0 +1,174 @@
 +/* strongSwan charon launcher
 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
@@ -369,9 +383,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-cha
 +    }
 +    return -1;
 +}
-diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-charon/programs/starter/invokecharon.h
+diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h
 --- strongswan-2.7.0/programs/starter/invokecharon.h	1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/invokecharon.h	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/invokecharon.h	2006-04-28 08:56:38.000000000 +0200
 @@ -0,0 +1,31 @@
 +/* strongSwan charon launcher
 + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
@@ -404,9 +418,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-cha
 +
 +#endif /* _STARTER_CHARON_H_ */
 +
-diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-charon/programs/starter/invokepluto.c
+diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c
 --- strongswan-2.7.0/programs/starter/invokepluto.c	2006-02-17 22:41:50.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/invokepluto.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/invokepluto.c	2006-04-28 08:56:38.000000000 +0200
 @@ -54,7 +54,7 @@
  		, PLUTO_RESTART_DELAY);
  	    alarm(PLUTO_RESTART_DELAY);   // restart in 5 sec
@@ -434,9 +448,9 @@ diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-char
  		{
  		    DBG(DBG_CONTROL,
  			DBG_log("pluto (%d) started", _pluto_pid)
-diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-charon/programs/starter/starter.c
+diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c
 --- strongswan-2.7.0/programs/starter/starter.c	2006-02-15 19:37:46.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/starter.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/starter.c	2006-04-28 08:56:38.000000000 +0200
 @@ -37,6 +37,7 @@
  #include "files.h"
  #include "starterwhack.h"
@@ -650,9 +664,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-charon/p
  		}
  	    }
  	}
-diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-charon/programs/starter/starterstroke.c
+diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c
 --- strongswan-2.7.0/programs/starter/starterstroke.c	1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/starterstroke.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/starterstroke.c	2006-04-28 08:56:38.000000000 +0200
 @@ -0,0 +1,161 @@
 +/* Stroke for charon is the counterpart to whack from pluto
 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
@@ -815,9 +829,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-ch
 +	free(msg);
 +	return res;
 +}
-diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-charon/programs/starter/starterstroke.h
+diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h
 --- strongswan-2.7.0/programs/starter/starterstroke.h	1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.7.0-charon/programs/starter/starterstroke.h	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/starterstroke.h	2006-04-28 08:56:38.000000000 +0200
 @@ -0,0 +1,27 @@
 +/* Stroke for charon is the counterpart to whack from pluto
 + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
@@ -846,9 +860,9 @@ diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-ch
 +extern int starter_stroke_initiate_conn(starter_conn_t *conn);
 +
 +#endif /* _STARTER_STROKE_H_ */
-diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-charon/programs/starter/starterwhack.c
+diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c
 --- strongswan-2.7.0/programs/starter/starterwhack.c	2006-04-17 12:32:36.000000000 +0200
-+++ strongswan-2.7.0-charon/programs/starter/starterwhack.c	2006-04-27 09:25:22.000000000 +0200
++++ strongswan-2.7.0-patched/programs/starter/starterwhack.c	2006-04-28 08:56:38.000000000 +0200
 @@ -54,7 +54,7 @@
  static int
  send_whack_msg (whack_message_t *msg)
diff --git a/Source/testing/hasher_test.c b/Source/testing/hasher_test.c
index 55a4b75d9..9130a2092 100644
--- a/Source/testing/hasher_test.c
+++ b/Source/testing/hasher_test.c
@@ -72,7 +72,7 @@ void test_md5_hasher(protected_tester_t *tester)
 	abcd.ptr = "abcdefghijklmnopqrstuvwxyz";
 	abcd.len = strlen(abcd.ptr);
 	
-	tester->assert_true(tester, hasher->get_block_size(hasher) == 16, "block size");
+	tester->assert_true(tester, hasher->get_hash_size(hasher) == 16, "block size");
 	
 	/* simple hashing, using empty */
 	hasher->get_hash(hasher, empty, hash_buffer);
@@ -137,7 +137,7 @@ void test_sha1_hasher(protected_tester_t *tester)
 	aaa.ptr = "aaaaaaaaaa"; /* 10 a's */
 	aaa.len = 10;
 	
-	tester->assert_true(tester, hasher->get_block_size(hasher) == 20, "block size");
+	tester->assert_true(tester, hasher->get_hash_size(hasher) == 20, "block size");
 	
 	/* simple hashing, using "abc" */
 	hasher->get_hash(hasher, abc, hash_buffer);