KAME racoon as of 2004/4/12

crypto/dist/kame/racoon/auth_gssapi.h

@@ -0,0 +1,92 @@
+/*	$KAME: auth_gssapi.h,v 1.1 2004/03/18 00:27:56 sakane Exp $	*/
+
+/*
+ * Copyright 2000 Wasabi Systems, Inc.
+ * All rights reserved.
+ *
+ * This software was written by Frank van der Linden of Wasabi Systems
+ * for Zembu Labs, Inc. http://www.zembu.com/
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Wasabi Systems for
+ *	Zembu Labs, Inc. http://www.zembu.com/
+ * 4. The name of Wasabi Systems, Inc. may not be used to endorse
+ *    or promote products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL WASABI SYSTEMS, INC
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef __FreeBSD__
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+#define GSSAPI_DEF_NAME         "ike"
+
+struct ph1handle;
+struct isakmpsa;
+
+struct gssapi_ph1_state {
+	int gsscnt;			/* # of token we're working on */
+	int gsscnt_p;			/* # of token we're working on */
+
+	gss_buffer_desc gss[3];		/* gss-api tokens. */
+					/* NOTE: XXX this restricts the max # */
+					/* to 3. More should never happen */
+
+	gss_buffer_desc gss_p[3];
+
+	gss_ctx_id_t gss_context;	/* context for gss_init_sec_context */
+
+	OM_uint32 gss_status;		/* retval from gss_init_sec_context */
+	gss_cred_id_t gss_cred;		/* acquired credentials */
+
+	int gss_flags;
+#define GSSFLAG_ID_SENT		0x0001
+#define GSSFLAG_ID_RCVD		0x0001
+};
+
+#define	gssapi_get_state(ph)						\
+	((struct gssapi_ph1_state *)((ph)->gssapi_state))
+
+#define	gssapi_set_state(ph, st)					\
+	(ph)->gssapi_state = (st)
+
+#define	gssapi_more_tokens(ph)						\
+	((gssapi_get_state(ph)->gss_status & GSS_S_CONTINUE_NEEDED) != 0)
+
+int gssapi_get_itoken __P((struct ph1handle *, int *));
+int gssapi_get_rtoken __P((struct ph1handle *, int *));
+int gssapi_save_received_token __P((struct ph1handle *, vchar_t *));
+int gssapi_get_token_to_send __P((struct ph1handle *, vchar_t **));
+int gssapi_get_itokens __P((struct ph1handle *, vchar_t **));
+int gssapi_get_rtokens __P((struct ph1handle *, vchar_t **));
+vchar_t *gssapi_wraphash __P((struct ph1handle *));
+vchar_t *gssapi_unwraphash __P((struct ph1handle *));
+void gssapi_set_id_sent __P((struct ph1handle *));
+int gssapi_id_sent __P((struct ph1handle *));
+void gssapi_set_id_rcvd __P((struct ph1handle *));
+int gssapi_id_rcvd __P((struct ph1handle *));
+void gssapi_free_state __P((struct ph1handle *));
+vchar_t *gssapi_get_default_id __P((struct ph1handle *));

crypto/dist/kame/racoon/configure

@@ -3826,7 +3826,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
   egrep "yes" >/dev/null 2>&1; then
   rm -rf conftest*
   echo "$ac_t""no" 1>&6
-        echo "WARNING: missing/crypto/sha2 is not compatible with this openssl."
+        echo "WARNING: racoon sha2 library is not compatible with recent openssl(0.9.6b or above)."
         echo "WARNING: sha2 disabled."
 else
   rm -rf conftest*

crypto/dist/kame/racoon/configure.in

@@ -664,7 +664,7 @@ AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
 yes
 #endif],
 [AC_MSG_RESULT(no)
-        echo "WARNING: missing/crypto/sha2 is not compatible with this openssl."
+        echo "WARNING: racoon sha2 library is not compatible with recent openssl(0.9.6b or above)."
         echo "WARNING: sha2 disabled."],
 [AC_MSG_RESULT(yes)
  AC_DEFINE(WITH_SHA2)

crypto/dist/kame/racoon/crypto_openssl.h

@@ -1,4 +1,4 @@
-/*	$KAME: crypto_openssl.h,v 1.28 2003/06/29 04:46:14 sakane Exp $	*/
+/*	$KAME: crypto_openssl.h,v 1.29 2004/04/07 01:12:46 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -57,7 +57,7 @@ extern int eay_check_pkcs7sign __P((vchar_t *, vchar_t *, vchar_t *));
 
 /* RSA */
 extern vchar_t *eay_rsa_sign __P((vchar_t *, vchar_t *));
-extern int eay_rsa_verify __P((vchar_t *, vchar_t *, vchar_t *));
+extern int eay_rsa_verify __P((vchar_t *, vchar_t *, EVP_PKEY *));
 
 /* ASN.1 */
 extern vchar_t *eay_get_pkcs1privkey __P((char *));

crypto/dist/kame/racoon/dhgroup.h

@@ -1,4 +1,4 @@
-/*	$KAME: dhgroup.h,v 1.2 2001/12/12 18:23:41 sakane Exp $	*/
+/*	$KAME: dhgroup.h,v 1.3 2003/12/14 04:13:11 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -53,7 +53,7 @@
 	"83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
 	"670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF"
 
-/* draft-ietf-ipsec-ike-modp-groups-03.txt */
+/* RFC 3526 */
 #define OAKLEY_PRIME_MODP2048 \
 	"FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
 	"29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \

crypto/dist/kame/racoon/isakmp_var.h

@@ -1,4 +1,4 @@
-/*	$KAME: isakmp_var.h,v 1.21 2003/05/29 08:59:51 sakane Exp $	*/
+/*	$KAME: isakmp_var.h,v 1.22 2004/03/03 05:39:59 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -41,6 +41,13 @@ typedef struct { /* i_cookie + r_cookie */
 	cookie_t r_ck;
 } isakmp_index;
 
+/* Temporary structure to make payload construction easier
+ */
+struct isakmp_construct{
+	caddr_t		buff;
+	u_int8_t	*np;
+};
+
 struct isakmp_gen;
 struct sched;
 
@@ -94,9 +101,10 @@ extern int isakmp_newcookie __P((caddr_t, struct sockaddr *, struct sockaddr *))
 extern int isakmp_p2ph __P((vchar_t **, struct isakmp_gen *));
 
 extern u_int32_t isakmp_newmsgid2 __P((struct ph1handle *));
-extern caddr_t set_isakmp_header __P((vchar_t *, struct ph1handle *, int));
+extern struct isakmp_construct set_isakmp_header __P((vchar_t *, struct ph1handle *));
 extern caddr_t set_isakmp_header2 __P((vchar_t *, struct ph2handle *, int));
 extern caddr_t set_isakmp_payload __P((caddr_t, vchar_t *, int));
+extern struct isakmp_construct set_isakmp_payload_c __P((struct isakmp_construct, vchar_t *, int));
 
 #ifdef HAVE_PRINT_ISAKMP_C
 extern void isakmp_printpacket __P((vchar_t *, struct sockaddr *,

crypto/dist/kame/racoon/oakley.h

@@ -1,4 +1,4 @@
-/*	$KAME: oakley.h,v 1.29 2003/06/27 12:02:41 sakane Exp $	*/
+/*	$KAME: oakley.h,v 1.30 2003/12/14 04:13:11 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -76,11 +76,11 @@
 #define   OAKLEY_ATTR_GRP_DESC_EC2N155		3
 #define   OAKLEY_ATTR_GRP_DESC_EC2N185		4
 #define   OAKLEY_ATTR_GRP_DESC_MODP1536		5
-#define   OAKLEY_ATTR_GRP_DESC_MODP2048		42048	/* these value are */
-#define   OAKLEY_ATTR_GRP_DESC_MODP3072		43072	/* make consensus  */
-#define   OAKLEY_ATTR_GRP_DESC_MODP4096		44096	/* at the bake off */
-#define   OAKLEY_ATTR_GRP_DESC_MODP8192		48192	/* in helsinki     */
-#define   OAKLEY_ATTR_GRP_DESC_MODP6144		46144	/* XXX */
+#define   OAKLEY_ATTR_GRP_DESC_MODP2048		14
+#define   OAKLEY_ATTR_GRP_DESC_MODP3072		15
+#define   OAKLEY_ATTR_GRP_DESC_MODP4096		16
+#define   OAKLEY_ATTR_GRP_DESC_MODP6144		17
+#define   OAKLEY_ATTR_GRP_DESC_MODP8192		18
 					/*	32768 - 65535 Private Use */
 #define OAKLEY_ATTR_GRP_TYPE		5 /* B */
 #define   OAKLEY_ATTR_GRP_TYPE_MODP		1