summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2001-01-26 11:34:09 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2001-01-26 11:34:09 +0000
commita35fc8c0e0c41c0e6a4d15f10830e55a41173829 (patch)
tree395f7779b596a1ca851896ab70168d28a0f46039 /sbin/isakmpd
parent357f350df412081108ea92adbc0dd739527481df (diff)
Move in foreign OS support. The OpenBSD repository is now the official
isakmpd home.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/sysdep/common/blf.h79
-rw-r--r--sbin/isakmpd/sysdep/common/cast.h22
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile62
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/Makefile48
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/arc4random.c176
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/blowfish.c774
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/cast.c29
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/md5.c390
-rw-r--r--sbin/isakmpd/sysdep/common/libsysdep/sha1.c171
-rw-r--r--sbin/isakmpd/sysdep/common/md5.h71
-rw-r--r--sbin/isakmpd/sysdep/common/sha1.h16
-rw-r--r--sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep66
-rw-r--r--sbin/isakmpd/sysdep/freebsd/Makefile.sysdep78
-rw-r--r--sbin/isakmpd/sysdep/freebsd/sysdep-os.h68
-rw-r--r--sbin/isakmpd/sysdep/freebsd/sysdep.c205
-rw-r--r--sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep77
-rw-r--r--sbin/isakmpd/sysdep/linux/Makefile.sysdep86
-rw-r--r--sbin/isakmpd/sysdep/linux/README16
-rw-r--r--sbin/isakmpd/sysdep/linux/klips.c687
-rw-r--r--sbin/isakmpd/sysdep/linux/klips.h56
-rw-r--r--sbin/isakmpd/sysdep/linux/sys/queue.h337
-rw-r--r--sbin/isakmpd/sysdep/linux/sysdep-os.h51
-rw-r--r--sbin/isakmpd/sysdep/linux/sysdep.c165
-rw-r--r--sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep66
-rw-r--r--sbin/isakmpd/sysdep/netbsd/Makefile.sysdep82
-rw-r--r--sbin/isakmpd/sysdep/netbsd/sysdep-os.h38
-rw-r--r--sbin/isakmpd/sysdep/netbsd/sysdep.c194
-rw-r--r--sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep60
-rw-r--r--sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep57
-rw-r--r--sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h42
-rw-r--r--sbin/isakmpd/sysdep/openbsd-encap/sysdep.c204
-rw-r--r--sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep67
32 files changed, 4540 insertions, 0 deletions
diff --git a/sbin/isakmpd/sysdep/common/blf.h b/sbin/isakmpd/sysdep/common/blf.h
new file mode 100644
index 00000000000..042668138bc
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/blf.h
@@ -0,0 +1,79 @@
+/* $OpenBSD: blf.h,v 1.1 2001/01/26 11:33:59 niklas Exp $ */
+/*
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _BLF_H_
+#define _BLF_H_
+
+#ifndef __P
+#define __P(args) args
+#endif
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initalized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+
+/* Blowfish context */
+typedef struct BlowfishContext {
+ u_int32_t S[4][256]; /* S-Boxes */
+ u_int32_t P[BLF_N + 2]; /* Subkeys */
+} blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void Blowfish_encipher __P((blf_ctx *, u_int32_t *, u_int32_t *));
+void Blowfish_decipher __P((blf_ctx *, u_int32_t *, u_int32_t *));
+void Blowfish_initstate __P((blf_ctx *));
+void Blowfish_expand0state __P((blf_ctx *, const u_int8_t *, u_int16_t));
+void Blowfish_expandstate
+ __P((blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t));
+
+/* Standard Blowfish */
+
+void blf_key __P((blf_ctx *, const u_int8_t *, u_int16_t));
+void blf_enc __P((blf_ctx *, u_int32_t *, u_int16_t));
+void blf_dec __P((blf_ctx *, u_int32_t *, u_int16_t));
+
+/* Converts u_int8_t to u_int32_t */
+u_int32_t Blowfish_stream2word __P((const u_int8_t *, u_int16_t , u_int16_t *));
+
+#endif
diff --git a/sbin/isakmpd/sysdep/common/cast.h b/sbin/isakmpd/sysdep/common/cast.h
new file mode 100644
index 00000000000..c130986ee64
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/cast.h
@@ -0,0 +1,22 @@
+/* $OpenBSD: cast.h,v 1.1 2001/01/26 11:34:00 niklas Exp $ */
+/*
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ */
+
+#ifndef _CAST_H_
+#define _CAST_H_
+
+typedef struct {
+ u_int32_t xkey[32]; /* Key, after expansion */
+ int rounds; /* Number of rounds to use, 12 or 16 */
+} cast_key;
+
+void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes);
+void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock);
+void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock);
+
+#endif /* ifndef _CAST_H_ */
+
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile b/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile
new file mode 100644
index 00000000000..88874133a7b
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/GNUmakefile
@@ -0,0 +1,62 @@
+# $Id: GNUmakefile,v 1.1 2001/01/26 11:34:00 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+.CURDIR:= $(shell pwd)
+
+LIB= sysdep
+SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c
+NOMAN=
+CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+
+lib${LIB}.a: ${SRCS:%.c=%.o}
+ ar cq $@ ${SRCS:%.c=%.o}
+
+clean:
+ rm -f lib${LIB}.a ${SRCS:%.c=%.o}
+
+cleandir: clean cleandepend
+
+depend: .depend
+
+.depend: ${SRCS}
+ @rm -f .depend
+ ${MKDEP} ${CFLAGS} ${SRCS} > .depend
+
+cleandepend:
+ rm -f .depend
+
+ifneq ($(findstring clean,$(MAKECMDGOALS)),clean)
+-include .depend
+endif
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/Makefile b/sbin/isakmpd/sysdep/common/libsysdep/Makefile
new file mode 100644
index 00000000000..3604b6059ad
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/Makefile
@@ -0,0 +1,48 @@
+# $Id: Makefile,v 1.1 2001/01/26 11:34:00 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+OPSYS!= uname -s
+
+LIB= sysdep
+SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c
+NOPROFILE=
+NOPIC=
+NOMAN=
+.if ${OPSYS} == "NetBSD"
+CPPFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+.else
+CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+.endif
+
+.include <bsd.lib.mk>
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c b/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c
new file mode 100644
index 00000000000..fffc2c1d8b2
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/arc4random.c
@@ -0,0 +1,176 @@
+/* $OpenBSD: arc4random.c,v 1.1 2001/01/26 11:34:00 niklas Exp $ */
+
+/*
+ * Arc4 random number generator for OpenBSD.
+ * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Modification and redistribution in source and binary forms is
+ * permitted provided that due credit is given to the author and the
+ * OpenBSD project (for instance by leaving this copyright notice
+ * intact).
+ */
+
+/*
+ * This code is derived from section 17.1 of Applied Cryptography,
+ * second edition, which describes a stream cipher allegedly
+ * compatible with RSA Labs "RC4" cipher (the actual description of
+ * which is a trade secret). The same algorithm is used as a stream
+ * cipher called "arcfour" in Tatu Ylonen's ssh package.
+ *
+ * Here the stream cipher has been modified always to include the time
+ * when initializing the state. That makes it impossible to
+ * regenerate the same random sequence twice, so this can't be used
+ * for encryption, but will generate good random numbers.
+ *
+ * RC4 is a registered trademark of RSA Laboratories.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+struct arc4_stream {
+ u_int8_t i;
+ u_int8_t j;
+ u_int8_t s[256];
+};
+
+int rs_initialized;
+static struct arc4_stream rs;
+
+static inline void
+arc4_init(as)
+ struct arc4_stream *as;
+{
+ int n;
+
+ for (n = 0; n < 256; n++)
+ as->s[n] = n;
+ as->i = 0;
+ as->j = 0;
+}
+
+static inline void
+arc4_addrandom(as, dat, datlen)
+ struct arc4_stream *as;
+ u_char *dat;
+ int datlen;
+{
+ int n;
+ u_int8_t si;
+
+ as->i--;
+ for (n = 0; n < 256; n++) {
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si + dat[n % datlen]);
+ as->s[as->i] = as->s[as->j];
+ as->s[as->j] = si;
+ }
+}
+
+static void
+arc4_stir(as)
+ struct arc4_stream *as;
+{
+ int fd;
+ struct {
+ struct timeval tv;
+ u_int8_t rnd[128 - sizeof(struct timeval)];
+ } rdat;
+
+ gettimeofday(&rdat.tv, NULL);
+ fd = open("/dev/arandom", O_RDONLY);
+ if (fd >= 0) {
+ read(fd, rdat.rnd, sizeof(rdat.rnd));
+ close(fd);
+ }
+ /* fd < 0? Ah, what the heck. We'll just take whatever was on the
+ * stack... */
+
+ arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+}
+
+static inline u_int8_t
+arc4_getbyte(as)
+ struct arc4_stream *as;
+{
+ u_int8_t si, sj;
+
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si);
+ sj = as->s[as->j];
+ as->s[as->i] = sj;
+ as->s[as->j] = si;
+ return (as->s[(si + sj) & 0xff]);
+}
+
+static inline u_int32_t
+arc4_getword(as)
+ struct arc4_stream *as;
+{
+ u_int32_t val;
+ val = arc4_getbyte(as) << 24;
+ val |= arc4_getbyte(as) << 16;
+ val |= arc4_getbyte(as) << 8;
+ val |= arc4_getbyte(as);
+ return val;
+}
+
+void
+arc4random_stir()
+{
+ if (!rs_initialized) {
+ arc4_init(&rs);
+ rs_initialized = 1;
+ }
+ arc4_stir(&rs);
+}
+
+void
+arc4random_addrandom(dat, datlen)
+ u_char *dat;
+ int datlen;
+{
+ if (!rs_initialized)
+ arc4random_stir();
+ arc4_addrandom(&rs, dat, datlen);
+}
+
+u_int32_t
+arc4random()
+{
+ if (!rs_initialized)
+ arc4random_stir();
+ return arc4_getword(&rs);
+}
+
+#if 0
+/*-------- Test code for i386 --------*/
+#include <stdio.h>
+#include <machine/pctr.h>
+int
+main(int argc, char **argv)
+{
+ const int iter = 1000000;
+ int i;
+ pctrval v;
+
+ v = rdtsc();
+ for (i = 0; i < iter; i++)
+ arc4random();
+ v = rdtsc() - v;
+ v /= iter;
+
+ printf("%qd cycles\n", v);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c b/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c
new file mode 100644
index 00000000000..d2ce5dfcea4
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/blowfish.c
@@ -0,0 +1,774 @@
+/* $OpenBSD: blowfish.c,v 1.1 2001/01/26 11:34:01 niklas Exp $ */
+/*
+ * Blowfish block cipher for OpenBSD
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+#if 0
+#include <stdio.h> /* used for debugging */
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include <blf.h>
+
+#undef inline
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+/* Function for Feistel Networks */
+
+#define F(bc, x) ((((bc)->S[0][((x) & 0xFF000000) >> 24] \
+ + (bc)->S[1][((x) &0xFF0000 ) >> 16]) \
+ ^ (bc)->S[2][((x) & 0xFF00) >> 8]) \
+ + (bc)->S[3][(x) & 0x00FF])
+
+#define BLFRND(bc,i,j,n) (i ^= F(bc,j) ^ (bc)->P[n])
+
+void
+Blowfish_encipher(c, xl, xr)
+ blf_ctx *c;
+ u_int32_t *xl;
+ u_int32_t *xr;
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ Xl ^= c->P[0];
+ BLFRND(c, Xr, Xl, 1); BLFRND(c, Xl, Xr, 2);
+ BLFRND(c, Xr, Xl, 3); BLFRND(c, Xl, Xr, 4);
+ BLFRND(c, Xr, Xl, 5); BLFRND(c, Xl, Xr, 6);
+ BLFRND(c, Xr, Xl, 7); BLFRND(c, Xl, Xr, 8);
+ BLFRND(c, Xr, Xl, 9); BLFRND(c, Xl, Xr, 10);
+ BLFRND(c, Xr, Xl, 11); BLFRND(c, Xl, Xr, 12);
+ BLFRND(c, Xr, Xl, 13); BLFRND(c, Xl, Xr, 14);
+ BLFRND(c, Xr, Xl, 15); BLFRND(c, Xl, Xr, 16);
+
+ *xl = Xr ^ c->P[17];
+ *xr = Xl;
+}
+
+void
+Blowfish_decipher(c, xl, xr)
+ blf_ctx *c;
+ u_int32_t *xl;
+ u_int32_t *xr;
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ Xl ^= c->P[17];
+ BLFRND(c, Xr, Xl, 16); BLFRND(c, Xl, Xr, 15);
+ BLFRND(c, Xr, Xl, 14); BLFRND(c, Xl, Xr, 13);
+ BLFRND(c, Xr, Xl, 12); BLFRND(c, Xl, Xr, 11);
+ BLFRND(c, Xr, Xl, 10); BLFRND(c, Xl, Xr, 9);
+ BLFRND(c, Xr, Xl, 8); BLFRND(c, Xl, Xr, 7);
+ BLFRND(c, Xr, Xl, 6); BLFRND(c, Xl, Xr, 5);
+ BLFRND(c, Xr, Xl, 4); BLFRND(c, Xl, Xr, 3);
+ BLFRND(c, Xr, Xl, 2); BLFRND(c, Xl, Xr, 1);
+
+ *xl = Xr ^ c->P[0];
+ *xr = Xl;
+}
+
+void
+Blowfish_initstate(c)
+ blf_ctx *c;
+{
+
+/* P-box and S-box tables initialized with digits of Pi */
+
+ const blf_ctx initstate =
+
+ { {
+ {
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+ 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+ 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+ 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+ 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+ 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+ 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+ 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+ 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+ 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+ 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+ 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+ 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+ 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+ 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+ 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+ 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+ 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+ 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+ 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+ 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+ 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+ 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+ 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+ 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+ 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+ 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+ 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+ 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+ 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+ 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+ 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+ 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+ 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+ 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+ 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+ 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+ 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+ 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+ 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+ 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+ 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+ 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+ {
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+ 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+ 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+ 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+ 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+ 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+ 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+ 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+ 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+ 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+ 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+ 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+ 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+ 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+ 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+ 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+ 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+ 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+ 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+ 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+ 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+ 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+ 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+ 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+ 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+ 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+ 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+ 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+ 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+ 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+ 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+ 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+ 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+ 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+ 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+ 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+ 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+ 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+ 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+ 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+ 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+ 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+ 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+ {
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+ 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+ 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+ 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+ 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+ 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+ 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+ 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+ 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+ 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+ 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+ 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+ 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+ 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+ 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+ 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+ 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+ 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+ 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+ 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+ 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+ 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+ 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+ 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+ 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+ 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+ 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+ 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+ 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+ 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+ 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+ 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+ 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+ 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+ 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+ 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+ 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+ 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+ 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+ 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+ 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+ 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+ 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+ {
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+ 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+ 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+ 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+ 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+ 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+ 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+ 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+ 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+ 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+ 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+ 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+ 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+ 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+ 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+ 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+ 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+ 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+ 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+ 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+ 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+ 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+ 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+ 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+ 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+ 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+ 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+ 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+ 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+ 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+ 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+ 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+ 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+ 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+ 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+ 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+ 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+ 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+ 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+ 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+ 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+ 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+ 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+ },
+ {
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+ 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+ 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+ 0x9216d5d9, 0x8979fb1b
+ } };
+
+ *c = initstate;
+
+}
+
+#ifdef __STDC__
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current)
+#else
+u_int32_t
+Blowfish_stream2word(data, databytes, current)
+ const u_int8_t *data;
+ u_int16_t databytes;
+ u_int16_t *current;
+#endif
+{
+ u_int8_t i;
+ u_int16_t j;
+ u_int32_t temp;
+
+ temp = 0x00000000;
+ j = *current;
+
+ for (i = 0; i < 4; i++, j++) {
+ if (j >= databytes)
+ j = 0;
+ temp = (temp << 8) | data[j];
+ }
+
+ *current = j;
+ return temp;
+}
+
+#if __STDC__
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expand0state(c, key, keybytes)
+ blf_ctx *c;
+ const u_int8_t *key;
+ u_int16_t keybytes;
+#endif
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+}
+
+
+#if __STDC__
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+ const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expandstate(c, data, databytes, key, keybytes)
+ blf_ctx *c;
+ const u_int8_t *data;
+ u_int16_t databytes;
+ const u_int8_t *key;
+ u_int16_t keybytes;
+#endif
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+
+}
+
+#if __STDC__
+void
+blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
+#else
+void
+blf_key(c, k, len)
+ blf_ctx *c;
+ const u_int8_t *k;
+ u_int16_t len;
+#endif
+{
+ /* Initalize S-boxes and subkeys with Pi */
+ Blowfish_initstate(c);
+
+ /* Transform S-boxes and subkeys with key */
+ Blowfish_expand0state(c, k, len);
+}
+
+#if __STDC__
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_enc(c, data, blocks)
+ blf_ctx *c;
+ u_int32_t *data;
+ u_int16_t blocks;
+#endif
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_encipher(c, d, d + 1);
+ d += 2;
+ }
+}
+
+#if __STDC__
+void
+blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_dec(c, data, blocks)
+ blf_ctx *c;
+ u_int32_t *data;
+ u_int16_t blocks;
+#endif
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_decipher(c, d, d + 1);
+ d += 2;
+ }
+}
+
+#if __STDC__
+void
+blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_ecb_encrypt(c, data, len)
+ blf_ctx *c;
+ u_int8_t *data;
+ u_int32_t len;
+#endif
+{
+ u_int32_t l, r;
+ u_int32_t i;
+
+ for (i = 0; i < len; i += 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_encipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ data += 8;
+ }
+}
+
+#if __STDC__
+void
+blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_ecb_decrypt(c, data, len)
+ blf_ctx *c;
+ u_int8_t *data;
+ u_int32_t len;
+#endif
+{
+ u_int32_t l, r;
+ u_int32_t i;
+
+ for (i = 0; i < len; i += 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ data += 8;
+ }
+}
+
+#if __STDC__
+void
+blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_cbc_encrypt(c, iv, data, len)
+ blf_ctx *c;
+ u_int8_t *iv;
+ u_int8_t *data;
+ u_int32_t len;
+#endif
+{
+ u_int32_t l, r;
+ u_int32_t i, j;
+
+ for (i = 0; i < len; i += 8) {
+ for (j = 0; j < 8; j++)
+ data[j] ^= iv[j];
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_encipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ iv = data;
+ data += 8;
+ }
+}
+
+#if __STDC__
+void
+blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
+#else
+void
+blf_cbc_decrypt(c, iva, data, len)
+ blf_ctx *c;
+ u_int8_t *iva;
+ u_int8_t *data;
+ u_int32_t len;
+#endif
+{
+ u_int32_t l, r;
+ u_int8_t *iv;
+ u_int32_t i, j;
+
+ iv = data + len - 16;
+ data = data + len - 8;
+ for (i = len - 8; i >= 8; i -= 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ for (j = 0; j < 8; j++)
+ data[j] ^= iv[j];
+ iv -= 8;
+ data -= 8;
+ }
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ for (j = 0; j < 8; j++)
+ data[j] ^= iva[j];
+}
+
+#if 0
+void
+report(u_int32_t data[], u_int16_t len)
+{
+ u_int16_t i;
+ for (i = 0; i < len; i += 2)
+ printf("Block %0hd: %08lx %08lx.\n",
+ i / 2, data[i], data[i + 1]);
+}
+void
+main(void)
+{
+
+ blf_ctx c;
+ char key[] = "AAAAA";
+ char key2[] = "abcdefghijklmnopqrstuvwxyz";
+
+ u_int32_t data[10];
+ u_int32_t data2[] =
+ {0x424c4f57l, 0x46495348l};
+
+ u_int16_t i;
+
+ /* First test */
+ for (i = 0; i < 10; i++)
+ data[i] = i;
+
+ blf_key(&c, (u_int8_t *) key, 5);
+ blf_enc(&c, data, 5);
+ blf_dec(&c, data, 1);
+ blf_dec(&c, data + 2, 4);
+ printf("Should read as 0 - 9.\n");
+ report(data, 10);
+
+ /* Second test */
+ blf_key(&c, (u_int8_t *) key2, strlen(key2));
+ blf_enc(&c, data2, 1);
+ printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
+ report(data2, 2);
+ blf_dec(&c, data2, 1);
+ report(data2, 2);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/cast.c b/sbin/isakmpd/sysdep/common/libsysdep/cast.c
new file mode 100644
index 00000000000..35509546ab7
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/cast.c
@@ -0,0 +1,29 @@
+/*
+ * Created by Martin Rinman, rinman@erlang.ericsson.se
+ * Copyright (C) 1998 Ericsson Radio Systems AB
+ */
+
+
+#include <assert.h>
+#include <sys/types.h>
+
+#include "cast.h"
+
+
+void
+cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes) {
+ assert("cast_setkey not implemented yet");
+}
+
+void
+cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) {
+ assert("cast_encrypt not implemented yet");
+}
+
+void
+cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) {
+ assert("cast_decrypt not implemented yet");
+}
+
+
+
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/md5.c b/sbin/isakmpd/sysdep/common/libsysdep/md5.c
new file mode 100644
index 00000000000..34e89fc2fed
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/md5.c
@@ -0,0 +1,390 @@
+/*
+ * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic
+ * changes to accomodate it in the kernel by ji.
+ */
+
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+rights reserved.
+
+License to copy and use this software is granted provided that it
+is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+Algorithm" in all material mentioning or referencing this software
+or this function.
+
+License is also granted to make and use derivative works provided
+that such works are identified as "derived from the RSA Data
+Security, Inc. MD5 Message-Digest Algorithm" in all material
+mentioning or referencing the derived work.
+
+RSA Data Security, Inc. makes no representations concerning either
+the merchantability of this software or the suitability of this
+software for any particular purpose. It is provided "as is"
+without express or implied warranty of any kind.
+
+These notices must be retained in any copies of any part of this
+documentation and/or software.
+ */
+
+/*
+ * Additions by JI
+ *
+ * HAVEMEMCOPY is defined if mem* routines are available
+ *
+ * HAVEHTON is defined if htons() and htonl() can be used
+ * for big/little endian conversions
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include "md5.h"
+
+#ifndef WIN32
+#include "endian.h" /* sets BYTE_ORDER, LITTLE_ENDIAN, and BIG_ENDIAN */
+#endif
+
+#define HAVEMEMCOPY 1 /* use ISO C's memcpy and memset */
+
+/* Constants for MD5Transform routine.
+ */
+
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+#define MD5Transform _MD5Transform
+
+static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define Encode MD5_memcpy
+#define Decode MD5_memcpy
+#else
+static void Encode PROTO_LIST
+ ((unsigned char *, UINT4 *, unsigned int));
+static void Decode PROTO_LIST
+ ((UINT4 *, unsigned char *, unsigned int));
+#endif
+
+#ifdef HAVEMEMCOPY
+#include <memory.h>
+#define MD5_memcpy memcpy
+#define MD5_memset memset
+#else
+#ifdef HAVEBCOPY
+#define MD5_memcpy(_a,_b,_c) memcpy((_a), (_b),(_c))
+#define MD5_memset(_a,_b,_c) memset((_a), '\0',(_c))
+#else
+static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
+static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
+#endif
+#endif
+static unsigned char PADDING[64] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.
+ */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+Rotation is separate from addition to prevent recomputation.
+ */
+#define FF(a, b, c, d, x, s, ac) { \
+ (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define GG(a, b, c, d, x, s, ac) { \
+ (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define HH(a, b, c, d, x, s, ac) { \
+ (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define II(a, b, c, d, x, s, ac) { \
+ (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+
+/* MD5 initialization. Begins an MD5 operation, writing a new context.
+ */
+void MD5Init (context)
+MD5_CTX *context; /* context */
+{
+ context->count[0] = context->count[1] = 0;
+ /* Load magic initialization constants.
+*/
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xefcdab89;
+ context->state[2] = 0x98badcfe;
+ context->state[3] = 0x10325476;
+}
+
+/* MD5 block update operation. Continues an MD5 message-digest
+ operation, processing another message block, and updating the
+ context.
+ */
+void MD5Update (context, input, inputLen)
+MD5_CTX *context; /* context */
+unsigned char *input; /* input block */
+unsigned int inputLen; /* length of input block */
+{
+ unsigned int i, index, partLen;
+
+ /* Compute number of bytes mod 64 */
+ index = (unsigned int)((context->count[0] >> 3) & 0x3F);
+
+ /* Update number of bits */
+ if ((context->count[0] += ((UINT4)inputLen << 3))
+ < ((UINT4)inputLen << 3))
+ context->count[1]++;
+ context->count[1] += ((UINT4)inputLen >> 29);
+
+ partLen = 64 - index;
+
+ /* Transform as many times as possible.
+*/
+ if (inputLen >= partLen) {
+ MD5_memcpy
+ ((POINTER)&context->buffer[index], (POINTER)input, partLen);
+ MD5Transform (context->state, context->buffer);
+
+ for (i = partLen; i + 63 < inputLen; i += 64)
+ MD5Transform (context->state, &input[i]);
+
+ index = 0;
+ }
+ else
+ i = 0;
+
+ /* Buffer remaining input */
+ MD5_memcpy
+ ((POINTER)&context->buffer[index], (POINTER)&input[i],
+ inputLen-i);
+}
+
+/* MD5 finalization. Ends an MD5 message-digest operation, writing the
+ the message digest and zeroizing the context.
+ */
+void MD5Final (digest, context)
+unsigned char digest[16]; /* message digest */
+MD5_CTX *context; /* context */
+{
+ unsigned char bits[8];
+ unsigned int index, padLen;
+
+ /* Save number of bits */
+ Encode (bits, context->count, 8);
+
+ /* Pad out to 56 mod 64.
+*/
+ index = (unsigned int)((context->count[0] >> 3) & 0x3f);
+ padLen = (index < 56) ? (56 - index) : (120 - index);
+ MD5Update (context, PADDING, padLen);
+
+ /* Append length (before padding) */
+ MD5Update (context, bits, 8);
+
+ if (digest != NULL) /* Bill Simpson's padding */
+ {
+ /* store state in digest */
+ Encode (digest, context->state, 16);
+
+ /* Zeroize sensitive information.
+ */
+ MD5_memset ((POINTER)context, 0, sizeof (*context));
+ }
+}
+
+/* MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform (state, block)
+UINT4 state[4];
+unsigned char block[64];
+{
+ UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+ Decode (x, block, 64);
+
+ /* Round 1 */
+ FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+ FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+ FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+ FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+ FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+ FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+ FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+ FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+ FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+ FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+ FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+ FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+ FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+ FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+ FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+ FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+ /* Round 2 */
+ GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+ GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+ GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+ GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+ GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+ GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
+ GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+ GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+ GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+ GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+ GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+ GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+ GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+ GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+ GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+ GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+ /* Round 3 */
+ HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+ HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+ HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+ HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+ HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+ HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+ HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+ HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+ HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+ HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+ HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+ HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
+ HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+ HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+ HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+ HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+ /* Round 4 */
+ II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+ II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+ II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+ II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+ II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+ II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+ II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+ II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+ II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+ II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+ II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+ II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+ II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+ II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+ II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+ II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+
+ /* Zeroize sensitive information.
+*/
+ MD5_memset ((POINTER)x, 0, sizeof (x));
+}
+
+#if BYTE_ORDER != LITTLE_ENDIAN
+
+/* Encodes input (UINT4) into output (unsigned char). Assumes len is
+ a multiple of 4.
+ */
+static void Encode (output, input, len)
+unsigned char *output;
+UINT4 *input;
+unsigned int len;
+{
+ unsigned int i, j;
+
+ for (i = 0, j = 0; j < len; i++, j += 4) {
+ output[j] = (unsigned char)(input[i] & 0xff);
+ output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
+ output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
+ output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
+ }
+}
+
+/* Decodes input (unsigned char) into output (UINT4). Assumes len is
+ a multiple of 4.
+ */
+static void Decode (output, input, len)
+UINT4 *output;
+unsigned char *input;
+unsigned int len;
+{
+ unsigned int i, j;
+
+ for (i = 0, j = 0; j < len; i++, j += 4)
+ output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
+ (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+}
+
+#endif
+
+#ifndef HAVEMEMCOPY
+#ifndef HAVEBCOPY
+/* Note: Replace "for loop" with standard memcpy if possible.
+ */
+
+static void MD5_memcpy (output, input, len)
+POINTER output;
+POINTER input;
+unsigned int len;
+{
+ unsigned int i;
+
+ for (i = 0; i < len; i++)
+
+ output[i] = input[i];
+}
+
+/* Note: Replace "for loop" with standard memset if possible.
+ */
+static void MD5_memset (output, value, len)
+POINTER output;
+int value;
+unsigned int len;
+{
+ unsigned int i;
+
+ for (i = 0; i < len; i++)
+ ((char *)output)[i] = (char)value;
+}
+#endif
+#endif
+
diff --git a/sbin/isakmpd/sysdep/common/libsysdep/sha1.c b/sbin/isakmpd/sysdep/common/libsysdep/sha1.c
new file mode 100644
index 00000000000..19db0c468d7
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/libsysdep/sha1.c
@@ -0,0 +1,171 @@
+/*
+SHA-1 in C
+By Steve Reid <steve@edmweb.com>
+100% Public Domain
+
+Test Vectors (from FIPS PUB 180-1)
+"abc"
+ A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+A million repetitions of "a"
+ 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+*/
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#include <string.h>
+
+#include "sha1.h"
+#ifndef WIN32
+ #include "endian.h" /* sets BYTE_ORDER, LITTLE_ENDIAN, and BIG_ENDIAN */
+#endif
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+ |(rol(block->l[i],8)&0x00FF00FF))
+#elif BYTE_ORDER == BIG_ENDIAN
+#define blk0(i) block->l[i]
+#else
+#error "Endianness not defined!"
+#endif
+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+ ^block->l[(i+2)&15]^block->l[i&15],1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+void SHA1Transform(unsigned long state[5], unsigned char buffer[64])
+{
+unsigned long a, b, c, d, e;
+typedef union {
+ unsigned char c[64];
+ unsigned long l[16];
+} CHAR64LONG16;
+CHAR64LONG16* block;
+#ifdef SHA1HANDSOFF
+static CHAR64LONG16 workspace;
+ block = &workspace;
+ memcpy(block, buffer, 64);
+#else
+ block = (CHAR64LONG16*)buffer;
+#endif
+ /* Copy context->state[] to working vars */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ /* 4 rounds of 20 operations each. Loop unrolled. */
+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+ /* Add the working vars back into context.state[] */
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ /* Wipe variables */
+ a = b = c = d = e = 0;
+}
+
+
+/* SHA1Init - Initialize new context */
+
+void SHA1Init(SHA1_CTX* context)
+{
+ /* SHA1 initialization constants */
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xEFCDAB89;
+ context->state[2] = 0x98BADCFE;
+ context->state[3] = 0x10325476;
+ context->state[4] = 0xC3D2E1F0;
+ context->count[0] = context->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+
+void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len)
+{
+unsigned int i;
+unsigned long j;
+
+ j = context->count[0];
+ if ((context->count[0] += len << 3) < j) context->count[1] += (len>>29)+1;
+ j = (j >> 3) & 63;
+ if ((j + len) > 63) {
+ memcpy(&context->buffer[j], data, (i = 64-j));
+ SHA1Transform(context->state, context->buffer);
+ for ( ; i + 63 < len; i += 64) {
+ SHA1Transform(context->state, &data[i]);
+ }
+ j = 0;
+ }
+ else i = 0;
+ memcpy(&context->buffer[j], &data[i], len - i);
+}
+
+
+/* Add padding and return the message digest. */
+
+void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
+{
+unsigned long i, j;
+unsigned char finalcount[8];
+
+ for (i = 0; i < 8; i++) {
+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
+ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
+ }
+ SHA1Update(context, (unsigned char *)"\200", 1);
+ while ((context->count[0] & 504) != 448) {
+ SHA1Update(context, (unsigned char *)"\0", 1);
+ }
+ SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+ for (i = 0; i < 20; i++) {
+ digest[i] = (unsigned char)
+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+ }
+ /* Wipe variables */
+ i = j = 0;
+ memset(context->buffer, '\0', 64);
+ memset(context->state, '\0', 20);
+ memset(context->count, '\0', 8);
+ memset(&finalcount, '\0', 8);
+#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
+ SHA1Transform(context->state, context->buffer);
+#endif
+}
diff --git a/sbin/isakmpd/sysdep/common/md5.h b/sbin/isakmpd/sysdep/common/md5.h
new file mode 100644
index 00000000000..88b24ff94f8
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/md5.h
@@ -0,0 +1,71 @@
+/* GLOBAL.H - RSAREF types and constants
+ */
+
+/* PROTOTYPES should be set to one if and only if the compiler supports
+ function argument prototyping.
+ The following makes PROTOTYPES default to 0 if it has not already
+ been defined with C compiler flags.
+ */
+#ifndef PROTOTYPES
+#define PROTOTYPES 1
+#endif
+
+/* POINTER defines a generic pointer type */
+typedef unsigned char *POINTER;
+
+/* UINT2 defines a two byte word */
+typedef unsigned short int UINT2;
+
+/* UINT4 defines a four byte word */
+typedef unsigned long int UINT4;
+
+/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
+ If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
+ returns an empty list.
+ */
+
+#if PROTOTYPES
+#define PROTO_LIST(list) list
+#else
+#define PROTO_LIST(list) ()
+#endif
+
+
+/* MD5.H - header file for MD5C.C
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+rights reserved.
+
+License to copy and use this software is granted provided that it
+is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+Algorithm" in all material mentioning or referencing this software
+or this function.
+
+License is also granted to make and use derivative works provided
+that such works are identified as "derived from the RSA Data
+Security, Inc. MD5 Message-Digest Algorithm" in all material
+mentioning or referencing the derived work.
+
+RSA Data Security, Inc. makes no representations concerning either
+the merchantability of this software or the suitability of this
+software for any particular purpose. It is provided "as is"
+without express or implied warranty of any kind.
+
+These notices must be retained in any copies of any part of this
+documentation and/or software.
+ */
+
+/* MD5 context. */
+typedef struct {
+ UINT4 state[4]; /* state (ABCD) */
+ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
+ unsigned char buffer[64]; /* input buffer */
+} MD5_CTX;
+
+void MD5Init PROTO_LIST ((MD5_CTX *));
+void MD5Update PROTO_LIST
+ ((MD5_CTX *, unsigned char *, unsigned int));
+void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+
+#define _MD5_H_
diff --git a/sbin/isakmpd/sysdep/common/sha1.h b/sbin/isakmpd/sysdep/common/sha1.h
new file mode 100644
index 00000000000..fb675715ef8
--- /dev/null
+++ b/sbin/isakmpd/sysdep/common/sha1.h
@@ -0,0 +1,16 @@
+/*
+SHA-1 in C
+By Steve Reid <steve@edmweb.com>
+100% Public Domain
+*/
+
+typedef struct {
+ unsigned long state[5];
+ unsigned long count[2];
+ unsigned char buffer[64];
+} SHA1_CTX;
+
+void SHA1Transform(unsigned long state[5], unsigned char buffer[64]);
+void SHA1Init(SHA1_CTX* context);
+void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
+void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
diff --git a/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep
new file mode 100644
index 00000000000..eba18c46c3d
--- /dev/null
+++ b/sbin/isakmpd/sysdep/freebsd/GNUmakefile.sysdep
@@ -0,0 +1,66 @@
+# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:01 niklas Exp $
+
+#
+# Copyright (c) 1999 Håkan Olsson. All rights reserved.
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+LIBGMP:= /usr/lib/libgmp.a
+LIBCRYPTO:= /usr/lib/libcrypto.a
+LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
+LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
+
+LDADD+= -lgmp ${LIBSYSDEP}
+DPADD+= ${LIBGMP} ${LIBSYSDEP}
+
+FEATURES= debug tripledes blowdish cast ec aggressive
+# Not yet
+#FEATURES+= policy x509
+
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+
+USE_LIBCRYPTO= defined
+
+# hack libsysdep.a dependency
+${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
+ cd ${LIBSYSDEPDIR} &&
+ ${MAKE} --no-print-directory ${MAKEFLAGS} \
+ CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
+
+depend: ${LIBSYSDEPDIR}/.depend
+
+ifeq ($(findstring clean, $(MAKECMDGOALS)), clean)
+SUBDIR+= sysdep/common/libsysdep
+MAKEFLAGS+= --no-print-directory
+endif
+
diff --git a/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep b/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep
new file mode 100644
index 00000000000..ff3064c1872
--- /dev/null
+++ b/sbin/isakmpd/sysdep/freebsd/Makefile.sysdep
@@ -0,0 +1,78 @@
+# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:03 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER INN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+# Override default features
+FEATURES= tripledes blowfish cast ec aggressive debug
+
+.if defined(TOPDIR)
+LIBSYSDEPDIR= ${TOPDIR}/sysdep/common/libsysdep
+.else
+LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep
+.endif
+
+LDADD+= -lgmp ${LIBSYSDEPDIR}/libsysdep.a -L/usr/local/lib
+DPADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a
+
+CFLAGS+= -I${.CURDIR}/sysdep/common -I/usr/include \
+ -I/usr/local/include -I/usr/local/include/openssl
+
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+
+USE_LIBCRYPTO= defined
+
+# This is a hack in order to make sure libsysdep is built before the
+# linkstage of isakmpd. As a side effect the link is always done even if
+# not necessary. Well, I just don't care.
+GENERATED+= sysdep-target
+sysdep-target:
+ cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS}
+
+# Kludge around much strange behaviour in /usr/share/mk/bsd.*/mk, don't build certpatch
+SUBDIR=
+
+.if make(clean)
+SUBDIR+= sysdep/common/libsysdep
+.endif
+
+# Kludge around bug in /usr/share/mk/bsd.subdir.mk
+NO_REGRESS= defined
+
+# Kludge around bug/feature in /usr/share/mk/bsd.man.mk
+MAN8= isakmpd.8
+MAN5= isakmpd.conf.5 isakmpd.policy.5
+
+obj:
+ mkdir obj
diff --git a/sbin/isakmpd/sysdep/freebsd/sysdep-os.h b/sbin/isakmpd/sysdep/freebsd/sysdep-os.h
new file mode 100644
index 00000000000..23809ef5bed
--- /dev/null
+++ b/sbin/isakmpd/sysdep/freebsd/sysdep-os.h
@@ -0,0 +1,68 @@
+/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:03 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#ifndef _SYSDEP_OS_H_
+
+#define _SYSDEP_OS_H_
+
+#define KAME
+
+#include <netinet6/ipsec.h>
+
+/* We need in_addr_t, in_port_t & socklen_t. */
+typedef u_int32_t in_addr_t;
+typedef u_int16_t in_port_t;
+typedef u_int32_t socklen_t;
+
+#if 0
+/* OpenSSL differs from OpenBSD very slightly... */
+
+#define SHA1Init SHA1_Init
+#define SHA1Update SHA1_Update
+#define SHA1Final SHA1_Final
+
+#define cast_key CAST_KEY
+#define cast_setkey(k, d, l) CAST_set_key ((k), (l), (d))
+#define cast_encrypt(k, i, o) do { \
+ memcpy ((o), (i), BLOCKSIZE); \
+ CAST_encrypt ((CAST_LONG *)(o), (k)); \
+}
+#define cast_decrypt(k, i, o) do { \
+ memcpy ((o), (i), BLOCKSIZE); \
+ CAST_decrypt ((CAST_LONG *)(o), (k)); \
+}
+#endif
+
+#endif /* _SYSDEP_OS_H_ */
diff --git a/sbin/isakmpd/sysdep/freebsd/sysdep.c b/sbin/isakmpd/sysdep/freebsd/sysdep.c
new file mode 100644
index 00000000000..257401acf83
--- /dev/null
+++ b/sbin/isakmpd/sysdep/freebsd/sysdep.c
@@ -0,0 +1,205 @@
+/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:03 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "sysdep.h"
+
+#include "util.h"
+
+#ifdef NEED_SYSDEP_APP
+#include "app.h"
+#include "conf.h"
+#include "ipsec.h"
+
+#ifdef USE_PF_KEY_V2
+#include "pf_key_v2.h"
+#define KEY_API(x) pf_key_v2_##x
+#else
+#include <net/encap.h>
+#include "pf_encap.h"
+#define KEY_API(x) pf_encap_##x
+#endif
+
+#endif NEED_SYSDEP_APP
+#include "log.h"
+
+extern char *__progname;
+
+/*
+ * An as strong as possible random number generator, reverting to a
+ * deterministic pseudo-random one if regrand is set.
+ */
+u_int32_t
+sysdep_random ()
+{
+ return random();
+}
+
+/* Return the basename of the command used to invoke us. */
+char *
+sysdep_progname ()
+{
+ return __progname;
+}
+
+/* As regress/ use this file I protect the sysdep_app_* stuff like this. */
+#ifdef NEED_SYSDEP_APP
+/*
+ * Prepare the application we negotiate SAs for (i.e. the IPsec stack)
+ * for communication. We return a file descriptor useable to select(2) on.
+ */
+int
+sysdep_app_open ()
+{
+ return KEY_API(open) ();
+}
+
+/*
+ * When select(2) has noticed our application needs attendance, this is what
+ * gets called. FD is the file descriptor causing the alarm.
+ */
+void
+sysdep_app_handler (int fd)
+{
+ KEY_API (handler) (fd);
+}
+
+/* Check that the connection named NAME is active, or else make it active. */
+void
+sysdep_connection_check (char *name)
+{
+ KEY_API (connection_check) (name);
+}
+
+/*
+ * Generate a SPI for protocol PROTO and the source/destination pair given by
+ * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
+ */
+u_int8_t *
+sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
+ int srclen, struct sockaddr *dst, int dstlen)
+{
+ if (app_none)
+ {
+ *sz = IPSEC_SPI_SIZE;
+ /* XXX should be random instead I think. */
+ return strdup ("\x12\x34\x56\x78");
+ }
+ return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen);
+}
+
+/* Force communication on socket FD to go in the clear. */
+int
+sysdep_cleartext (int fd)
+{
+#if 0
+ int level;
+#endif
+
+ if (app_none)
+ return 0;
+
+#if 0
+ /*
+ * Need to bypass system security policy, so I can send and
+ * receive key management datagrams in the clear.
+ */
+ level = IPSEC_LEVEL_BYPASS;
+ if (setsockopt (fd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level, sizeof level)
+ == -1)
+ {
+ log_error ("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_AUTH_LEVEL, ...) failed", fd);
+ return -1;
+ }
+ if (setsockopt (fd, IPPROTO_IP, IP_ESP_TRANS_LEVEL, (char *)&level,
+ sizeof level) == -1)
+ {
+ log_error ("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_ESP_TRANS_LEVEL, ...) "
+ "failed", fd);
+ return -1;
+ }
+ if (setsockopt (fd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, (char *)&level,
+ sizeof level) == -1)
+ {
+ log_error("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, ...) "
+ "failed", fd);
+ return -1;
+ }
+#endif
+ return 0;
+}
+
+int
+sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (delete_spi) (sa, proto, incoming);
+}
+
+int
+sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (enable_sa) (sa, isakmp_sa);
+}
+
+int
+sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1,
+ struct proto *proto2, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (group_spis) (sa, proto1, proto2, incoming);
+}
+
+int
+sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (set_spi) (sa, proto, incoming);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep
new file mode 100644
index 00000000000..6c694f49a28
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep
@@ -0,0 +1,77 @@
+# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:04 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+# In order for this to work, invocations need to set FREESWAN to the
+# directory where FreeS/WAN is installed.
+
+ifndef FREESWAN
+FREESWAN= /usr/src/freeswan
+endif
+
+BINDIR= /usr/local/sbin
+# Partly good for RedHat 5.2, but man(1) does not find them so I have it
+# disabled for now.
+#MANDIR= /var/catman/cat
+#MAN5= isakmpd.conf.0
+#MAN8= isakmpd.0
+NOMAN=
+
+LIBGMP= ${FREESWAN}/gmp/libgmp.a
+LIBDES= ${FREESWAN}/libdes/libdes.a
+LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep
+LIBSYSDEP= ${LIBSYSDEPDIR}/libsysdep.a
+
+FEATURES= tripledes blowfish cast ec aggressive debug
+
+SRCS+= klips.c
+
+LDADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES} -ldl
+DPADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES}
+
+CFLAGS+= -I${FREESWAN}/gmp -I${FREESWAN}/libdes \
+ -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \
+ -I${.CURDIR}/sysdep/common -DSYMBOL_PREFIX='"_"'
+
+HAVE_DLOPEN= defined
+
+${LIBSYSDEP}:
+ cd ${LIBSYSDEPDIR}; \
+ ${MAKE} --no-print-directory ${MAKEFLAGS} CFLAGS="${CFLAGS}" MKDEP="${MKDEP}"
+
+ifneq ($(findstring install,$(MAKECMDGOALS)),install)
+SUBDIR+= sysdep/common/libsysdep
+# The regress/ subdir is completely broken in the linux environment
+SUBDIR:= $(filter-out regress,${SUBDIR})
+endif
diff --git a/sbin/isakmpd/sysdep/linux/Makefile.sysdep b/sbin/isakmpd/sysdep/linux/Makefile.sysdep
new file mode 100644
index 00000000000..94ae607a2c6
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/Makefile.sysdep
@@ -0,0 +1,86 @@
+# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:04 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+# In order for this to work, invocations need to set FREESWAN to the
+# directory where FreeS/WAN is installed.
+
+BINDIR= /usr/local/sbin
+# Partly good for RedHat 5.2, but man(1) does not find them so I have it
+# disabled for now.
+#MANDIR= /var/catman/cat
+#MAN5= isakmpd.conf.0
+#MAN8= isakmpd.0
+NOMAN=
+
+IPSEC_SRCS= klips.c
+
+LDADD+= ${.CURDIR}/sysdep/common/libsysdep/libsysdep.a \
+ ${FREESWAN}/gmp/libgmp.a
+DPADD+= ${.CURDIR}/sysdep/common/libsysdep/libsysdep.a \
+ ${FREESWAN}/gmp/libgmp.a
+
+CFLAGS+= ${DEBUG} -I${FREESWAN}/gmp -I${FREESWAN}/libdes \
+ -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \
+ -I${.CURDIR}/sysdep/common
+
+# XXX Is this test correct? Is the prefix "_" on ELF-systems too?
+HAVE_DLOPEN= defined
+LDADD+= -ldl
+DPADD+= /usr/lib/libdl.a
+CFLAGS+= -DSYMBOL_PREFIX='"_"'
+
+#USE_LIBCRYPTO= defined
+#USE_KEYNOTE= defined
+
+.ifndef USE_LIBCRYPTO
+DESLIB= ${FREESWAN}/libdes/libdes.a
+DESLIBDEP= ${FREESWAN}/libdes/libdes.a
+.endif
+
+# This is a hack in order to make sure libsysdep is built before the
+# linkstage of isakmpd. As a side effect the link is always done even if
+# not necessary. Well, I just don't care.
+GENERATED+= sysdep-target
+sysdep-target:
+ cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS}
+
+.if make(clean)
+SUBDIR+= sysdep/common/libsysdep
+.endif
+
+# The regress/ subdir is completely broken in the linux environment
+.if !make(install)
+SUBDIR:= ${SUBDIR:Nregress}
+.endif
diff --git a/sbin/isakmpd/sysdep/linux/README b/sbin/isakmpd/sysdep/linux/README
new file mode 100644
index 00000000000..6238820e91d
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/README
@@ -0,0 +1,16 @@
+$Id: README,v 1.1 2001/01/26 11:34:04 niklas Exp $
+
+Currently, you have to manually configure any ipsec interfaces and do the
+association betweent these and the physical ones. This is done like
+this in FreeS/WAN:
+
+ipsec tncfg --attach --virtual ipsec0 --physical eth0
+ifconfig ipsec0 A.B.C.D netmask E.F.G.H
+
+Then there is one special configuration option in the IPSec-connection
+sections for Phase 2 of the configuration file, named Next-hop, which
+should be set to the next hop's IP address along the way to the peer:
+
+Next-hop= I.J.K.L
+
+This is specific to the way FreeS/WAN works.
diff --git a/sbin/isakmpd/sysdep/linux/klips.c b/sbin/isakmpd/sysdep/linux/klips.c
new file mode 100644
index 00000000000..cd042d7f718
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/klips.c
@@ -0,0 +1,687 @@
+/* $Id: klips.c,v 1.1 2001/01/26 11:34:04 niklas Exp $ */
+
+/*
+ * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#include <asm/types.h>
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <linux/sockios.h>
+#include <net/route.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+
+#include <freeswan.h>
+#include <net/ipsec/radij.h>
+#include <net/ipsec/ipsec_encap.h>
+#include <net/ipsec/ipsec_netlink.h>
+#include <net/ipsec/ipsec_xform.h>
+#include <net/ipsec/ipsec_ipe4.h>
+#include <net/ipsec/ipsec_ah.h>
+#include <net/ipsec/ipsec_esp.h>
+
+#include "sysdep.h"
+
+#include "conf.h"
+#include "exchange.h"
+#include "hash.h"
+#include "ipsec.h"
+#include "ipsec_doi.h"
+#include "ipsec_num.h"
+#include "isakmp.h"
+#include "log.h"
+#include "klips.h"
+#include "sa.h"
+#include "timer.h"
+#include "transport.h"
+
+#define KLIPS_DEVICE "/dev/ipsec"
+
+#define PROC_ROUTE_FILE "/proc/net/route"
+#define PROC_ROUTE_FMT "%16s %128s %128s %X %d %d %d %128s %d %d %d\n"
+
+/* XXX Maybe these are available through some system-supplied define? */
+#define AH_NEW_XENCAP_LEN (3 * sizeof(u_short) + 2 * sizeof(u_char))
+#define ESP_NEW_XENCAP_LEN sizeof (struct espblkrply_edata)
+#define EMT_GRPSPIS_COMPLEN (sizeof (((struct encap_msghdr *)0)->em_rel[0]))
+
+/* How often should we check that connections we require to be up, are up? */
+#define KLIPS_CHECK_FREQ 60
+
+static int klips_socket;
+
+/* Open the KLIPS device. */
+int
+klips_open ()
+{
+ int fd;
+
+ fd = open (KLIPS_DEVICE, O_RDWR);
+ if (fd == -1)
+ {
+ log_error ("klips_open: open (\"%s\", O_RDWR) failed", KLIPS_DEVICE);
+ return -1;
+ }
+ klips_socket = fd;
+ return fd;
+}
+
+/* Write a KLIPS request down to the kernel. */
+static int
+klips_write (struct encap_msghdr *em)
+{
+ ssize_t n;
+
+ em->em_magic = EM_MAGIC;
+ em->em_version = 0;
+
+ LOG_DBG_BUF ((LOG_SYSDEP, 30, "klips_write: em", (u_int8_t *)em,
+ em->em_msglen));
+ n = write (klips_socket, em, em->em_msglen);
+ if (n == -1)
+ {
+ log_error ("write (%d, ...) failed", klips_socket);
+ return -1;
+ }
+ if ((size_t)n != em->em_msglen)
+ {
+ log_error ("write (%d, ...) returned prematurely", klips_socket);
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * Generate a SPI for protocol PROTO and the source/destination pair given by
+ * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
+ */
+u_int8_t *
+klips_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, int srclen,
+ struct sockaddr *dst, int dstlen)
+{
+ u_int8_t *spi;
+ u_int32_t spinum;
+
+ *sz = IPSEC_SPI_SIZE;
+ spi = malloc (*sz);
+ if (!spi)
+ return 0;
+ do
+ spinum = sysdep_random ();
+ while (spinum < IPSEC_SPI_LOW);
+ spinum = htonl (spinum);
+ memcpy (spi, &spinum, *sz);
+
+ LOG_DBG_BUF ((LOG_SYSDEP, 50, "klips_get_spi: spi", spi, *sz));
+
+ return spi;
+}
+
+/* Group 2 SPIs in a chain. XXX Not fully implemented yet. */
+int
+klips_group_spis (struct sa *sa, struct proto *proto1, struct proto *proto2,
+ int incoming)
+{
+ struct encap_msghdr *emsg = 0;
+ struct sockaddr *dst;
+ int dstlen;
+
+ emsg = calloc (1, EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN);
+ if (!emsg)
+ return -1;
+
+ emsg->em_msglen = EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN;
+ emsg->em_type = EMT_GRPSPIS;
+
+ /*
+ * XXX The code below is wrong if we are in tunnel mode.
+ * The fix is to reorder stuff so the IP-in-IP SA will always come
+ * upfront, and if there are two such, one is dropped.
+ */
+ memcpy (&emsg->em_rel[0].emr_spi, proto1->spi[incoming],
+ sizeof emsg->em_rel[0].emr_spi);
+ memcpy (&emsg->em_rel[1].emr_spi, proto2->spi[incoming],
+ sizeof emsg->em_rel[1].emr_spi);
+ if (incoming)
+ sa->transport->vtbl->get_src (sa->transport, &dst, &dstlen);
+ else
+ sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen);
+ emsg->em_rel[0].emr_dst
+ = emsg->em_rel[1].emr_dst = ((struct sockaddr_in *)dst)->sin_addr;
+ /* XXX What if IPCOMP etc. comes along? */
+ emsg->em_rel[0].emr_proto
+ = proto1->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH;
+ emsg->em_rel[1].emr_proto
+ = proto2->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH;
+
+ if (klips_write (emsg))
+ goto cleanup;
+ free (emsg);
+
+ LOG_DBG ((LOG_SYSDEP, 50, "klips_group_spis: done"));
+
+ return 0;
+
+ cleanup:
+ if (emsg)
+ free (emsg);
+ return -1;
+}
+
+/* Store/update a SPI with full information into the kernel. */
+int
+klips_set_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ struct encap_msghdr *emsg = 0;
+ struct ipsec_proto *iproto = proto->data;
+ struct sockaddr *dst, *src;
+ int dstlen, srclen, keylen, hashlen;
+ size_t len;
+ struct ipe4_xdata *ip4x;
+
+ /* Actually works for all. */
+ struct espblkrply_edata *edx;
+
+ /* Actually works for all. */
+ struct ahhmacmd5_edata *amx;
+
+ switch (proto->proto)
+ {
+ case IPSEC_PROTO_IPSEC_ESP:
+ keylen = ipsec_esp_enckeylength (proto);
+ hashlen = ipsec_esp_authkeylength (proto);
+ len = EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN;
+ emsg = calloc (1, len);
+ if (!emsg)
+ return -1;
+
+ emsg->em_proto = IPPROTO_ESP;
+
+ edx = (struct espblkrply_edata *)emsg->em_dat;
+
+ /* Funny expression due to I just want one switch. */
+ switch (proto->id | (iproto->auth << 8))
+ {
+ case IPSEC_ESP_DES:
+ case IPSEC_ESP_DES_IV32:
+ case IPSEC_ESP_DES_IV64:
+ emsg->em_alg = XF_ESPDES;
+ break;
+
+ case IPSEC_ESP_3DES:
+ emsg->em_alg = XF_ESP3DES;
+ break;
+
+ case IPSEC_ESP_DES | (IPSEC_AUTH_HMAC_MD5 << 8):
+ case IPSEC_ESP_DES_IV32 | (IPSEC_AUTH_HMAC_MD5 << 8):
+ case IPSEC_ESP_DES_IV64 | (IPSEC_AUTH_HMAC_MD5 << 8):
+ emsg->em_alg = XF_ESPDESMD596;
+ break;
+
+ case IPSEC_ESP_3DES | (IPSEC_AUTH_HMAC_MD5 << 8):
+ emsg->em_alg = XF_ESP3DESMD596;
+ break;
+
+ case IPSEC_ESP_DES | (IPSEC_AUTH_HMAC_SHA << 8):
+ case IPSEC_ESP_DES_IV32 | (IPSEC_AUTH_HMAC_SHA << 8):
+ case IPSEC_ESP_DES_IV64 | (IPSEC_AUTH_HMAC_SHA << 8):
+ emsg->em_alg = XF_ESPDESSHA196;
+ break;
+
+ case IPSEC_ESP_3DES | (IPSEC_AUTH_HMAC_SHA << 8):
+ emsg->em_alg = XF_ESP3DESSHA196;
+ break;
+
+ default:
+ LOG_DBG ((LOG_SYSDEP, 10,
+ "klips_set_spi: Unsupported enc/auth alg negotiated"));
+ return -1;
+ }
+
+ /* XXX What if we have a protocol requiring IV? */
+ edx->eme_ivlen = EMT_ESPDES_IV_SZ;
+ edx->eme_klen = keylen;
+ edx->ame_klen = hashlen;
+#if 0
+ /* I have reason to believe Shared-SADB won't work at all in KLIPS. */
+ edx->eme_ooowin
+ = conf_get_str ("General", "Shared-SADB") ? 0 : iproto->replay_window;
+#else
+ edx->eme_ooowin = iproto->replay_window;
+#endif
+ /*
+ * XXX Pluto sets the unused by KLIPS flag EME_INITIATOR in
+ * edx->eme_flags, if the party is the initiator. Should we too?
+ */
+ edx->eme_flags = 0;
+ memcpy (edx->eme_key, iproto->keymat[incoming], keylen);
+ if (iproto->auth)
+ memcpy (edx->ame_key, iproto->keymat[incoming] + keylen, hashlen);
+ break;
+
+ case IPSEC_PROTO_IPSEC_AH:
+ hashlen = ipsec_ah_keylength (proto);
+ len = EMT_SETSPI_FLEN + AH_NEW_XENCAP_LEN + hashlen;
+ emsg = calloc (1, len);
+ if (!emsg)
+ return -1;
+
+ emsg->em_proto = IPPROTO_AH;
+
+ amx = (struct ahhmacmd5_edata *)emsg->em_dat;
+
+ switch (proto->id)
+ {
+ case IPSEC_AH_MD5:
+ emsg->em_alg = XF_AHHMACMD5;
+ break;
+
+ case IPSEC_AH_SHA:
+ emsg->em_alg = XF_AHHMACSHA1;
+ break;
+
+ default:
+ /* XXX Log? */
+ goto cleanup;
+ }
+
+ /* XXX Should we be able to send in different lengths here? */
+ amx->ame_alen = amx->ame_klen = hashlen;
+#if 0
+ /* I have reason to believe Shared-SADB won't work at all in KLIPS. */
+ amx->ame_ooowin
+ = conf_get_str ("General", "Shared-SADB") ? 0 : iproto->replay_window;
+#else
+ amx->ame_ooowin = iproto->replay_window;
+#endif
+ amx->ame_replayp = amx->ame_ooowin > 0;
+ memcpy (amx->ame_key, iproto->keymat[incoming], hashlen);
+ break;
+
+ default:
+ /* XXX Log? */
+ goto cleanup;
+ }
+
+ emsg->em_msglen = len;
+ emsg->em_type = EMT_SETSPI;
+ memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi);
+ emsg->em_flags = incoming ? EMT_INBOUND : 0;
+
+ /*
+ * XXX Addresses has to be thought through. Assumes IPv4.
+ */
+ sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen);
+ sa->transport->vtbl->get_src (sa->transport, &src, &srclen);
+ emsg->em_dst
+ = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr;
+
+ /*
+ * Klips does not know about expirations, thus we need to do them inside
+ * isakmpd.
+ */
+ if (sa->seconds)
+ if (sa_setup_expirations (sa))
+ goto cleanup;
+
+ LOG_DBG ((LOG_SYSDEP, 10, "klips_set_spi: proto %d dst %s SPI 0x%x",
+ emsg->em_proto, inet_ntoa (emsg->em_dst), htonl (emsg->em_spi)));
+ if (klips_write (emsg))
+ goto cleanup;
+ free (emsg);
+
+ /* If we are tunneling we have to setup an IP in IP tunnel too. */
+ if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL)
+ {
+ len = EMT_SETSPI_FLEN + EMT_IPE4_ULEN;
+ emsg = calloc (1, len);
+ if (!emsg)
+ goto cleanup;
+
+ emsg->em_proto = IPPROTO_IPIP;
+ emsg->em_msglen = len;
+ emsg->em_type = EMT_SETSPI;
+ /*
+ * XXX Code in Pluto suggests this is not possible, but that we have
+ * to have a unique SPI for the IP4 SA.
+ */
+ memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi);
+ emsg->em_flags = 0;
+ emsg->em_alg = XF_IP4;
+
+ ip4x = (struct ipe4_xdata *)emsg->em_dat;
+ ip4x->i4_dst = emsg->em_dst
+ = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr;
+ ip4x->i4_src
+ = ((struct sockaddr_in *)(incoming ? dst : src))->sin_addr;
+
+ LOG_DBG ((LOG_SYSDEP, 10, "klips_set_spi: proto %d dst %s SPI 0x%x",
+ emsg->em_proto, inet_ntoa (emsg->em_dst),
+ htonl (emsg->em_spi)));
+ if (klips_write (emsg))
+ goto cleanup;
+ free (emsg);
+
+ /*
+ * Grouping the IP-in-IP SA with the IPSec one means we must be careful
+ * in klips_group_spis so that we'll remove duplicate IP-in-IP SAs
+ * and get everything grouped in the right order.
+ *
+ * XXX Could we not share code with klips_group_spis here?
+ */
+ emsg = calloc (1, EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN);
+ if (!emsg)
+ goto cleanup;
+
+ emsg->em_msglen = EMT_GRPSPIS_FLEN + 2 * EMT_GRPSPIS_COMPLEN;
+ emsg->em_type = EMT_GRPSPIS;
+
+ memcpy (&emsg->em_rel[0].emr_spi, proto->spi[incoming],
+ sizeof emsg->em_rel[0].emr_spi);
+ memcpy (&emsg->em_rel[1].emr_spi, proto->spi[incoming],
+ sizeof emsg->em_rel[1].emr_spi);
+ emsg->em_rel[0].emr_dst = emsg->em_rel[1].emr_dst
+ = ((struct sockaddr_in *)(incoming ? src : dst))->sin_addr;
+
+ emsg->em_rel[0].emr_proto = IPPROTO_IPIP;
+ /* XXX What if IPCOMP etc. comes along? */
+ emsg->em_rel[1].emr_proto
+ = proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH;
+
+ if (klips_write (emsg))
+ goto cleanup;
+ free (emsg);
+ }
+
+ LOG_DBG ((LOG_SYSDEP, 50, "klips_set_spi: done"));
+
+ return 0;
+
+ cleanup:
+ /* XXX Cleanup the potential SAs we have setup. */
+ if (emsg)
+ free (emsg);
+ return -1;
+}
+
+/*
+ * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO
+ * of the IKE security association SA.
+ */
+int
+klips_delete_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ struct encap_msghdr *emsg = 0;
+ struct sockaddr *dst;
+ int dstlen;
+ struct ipsec_proto *iproto = proto->data;
+
+ emsg = calloc (1, EMT_SETSPI_FLEN);
+ if (!emsg)
+ return -1;
+
+ emsg->em_msglen = EMT_SETSPI_FLEN;
+ emsg->em_type = EMT_DELSPI;
+
+ memcpy (&emsg->em_spi, proto->spi[incoming], sizeof emsg->em_spi);
+ if (incoming)
+ sa->transport->vtbl->get_src (sa->transport, &dst, &dstlen);
+ else
+ sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen);
+ emsg->em_dst = ((struct sockaddr_in *)dst)->sin_addr;
+ /* XXX What if IPCOMP etc. comes along? */
+ emsg->em_proto
+ = (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ? IPPROTO_IPIP
+ : proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH);
+
+ if (klips_write (emsg))
+ goto cleanup;
+ free (emsg);
+
+ LOG_DBG ((LOG_SYSDEP, 50, "klips_delete_spi: done"));
+
+ return 0;
+
+ cleanup:
+ if (emsg)
+ free (emsg);
+ return -1;
+}
+
+int
+klips_hex_decode (char *src, u_char *dst, int dstsize)
+{
+ char *p, *pe;
+ u_char *q, *qe, ch, cl;
+
+ pe = src + strlen (src);
+ qe = dst + dstsize;
+
+ for (p = src, q = dst; p < pe && q < qe && isxdigit ((int)*p); p += 2)
+ {
+ ch = tolower (p[0]);
+ cl = tolower (p[1]);
+
+ if ((ch >= '0') && (ch <= '9'))
+ ch -= '0';
+ else if ((ch >= 'a') && (ch <= 'f'))
+ ch -= 'a' - 10;
+ else
+ return -1;
+
+ if ((cl >= '0') && (cl <= '9'))
+ cl -= '0';
+ else if ((cl >= 'a') && (cl <= 'f'))
+ cl -= 'a' - 10;
+ else
+ return -1;
+
+ *q++ = (ch << 4) | cl;
+ }
+
+ return (int)(q - dst);
+}
+
+/* Consult kernel routing table for next-hop lookup. From dugsong@monkey.org */
+u_long
+klips_route_get (u_long dst)
+{
+ FILE *f;
+ char buf[BUFSIZ];
+ char ifbuf[16], netbuf[128], gatebuf[128], maskbuf[128];
+ int i, iflags, refcnt, use, metric, mss, win, irtt;
+ u_long ret, gate, net, mask;
+
+ if ((f = fopen (PROC_ROUTE_FILE, "r")) == NULL)
+ return dst;
+
+ ret = dst;
+
+ while (fgets (buf, sizeof buf, f) != NULL)
+ {
+ i = sscanf (buf, PROC_ROUTE_FMT, ifbuf, netbuf, gatebuf, &iflags,
+ &refcnt, &use, &metric, maskbuf, &mss, &win, &irtt);
+ if (i < 10 || !(iflags & RTF_UP))
+ continue;
+
+ klips_hex_decode (netbuf, (u_char *)&net, sizeof net);
+ klips_hex_decode (gatebuf, (u_char *)&gate, sizeof gate);
+ klips_hex_decode (maskbuf, (u_char *)&mask, sizeof mask);
+
+ net = htonl (net);
+ gate = htonl (gate);
+ mask = htonl (mask);
+
+ if ((dst & mask) == net)
+ {
+ if (gate != INADDR_ANY)
+ ret = gate;
+ break;
+ }
+ }
+
+ fclose (f);
+ return ret;
+}
+
+/* Enable a flow given a SA. */
+int
+klips_enable_sa (struct sa *sa, struct sa *isakmp_sa)
+{
+ struct ipsec_sa *isa = sa->data;
+ struct sockaddr *dst;
+ int dstlen;
+ struct proto *proto = TAILQ_FIRST (&sa->protos);
+ struct ipsec_proto *iproto = proto->data;
+ struct encap_msghdr emsg;
+ int s = -1;
+ struct rtentry rt;
+
+ sa->transport->vtbl->get_dst (sa->transport, &dst, &dstlen);
+
+ /* XXX Is this needed? */
+ memset (&emsg, '\0', sizeof emsg);
+
+ emsg.em_msglen = sizeof emsg;
+ emsg.em_type = EMT_RPLACEROUTE;
+
+ memcpy (&emsg.em_erspi, proto->spi[0], sizeof emsg.em_erspi);
+ emsg.em_erdst = ((struct sockaddr_in *)dst)->sin_addr;
+
+ LOG_DBG ((LOG_SYSDEP, 50, "klips_enable_sa: src %x %x dst %x %x",
+ ntohl (isa->src_net), ntohl (isa->src_mask), ntohl (isa->dst_net),
+ ntohl (isa->dst_mask)));
+
+ /* XXX Magic constant from Pluto (26 = AF_ISDN in BSD). */
+ emsg.em_eaddr.sen_family = emsg.em_emask.sen_family = 26;
+ emsg.em_eaddr.sen_type = SENT_IP4;
+ /* XXX Magic constant from Pluto. */
+ emsg.em_emask.sen_type = 255;
+ emsg.em_eaddr.sen_len = emsg.em_emask.sen_len
+ = sizeof (struct sockaddr_encap);
+
+ emsg.em_eaddr.sen_ip_src.s_addr = isa->src_net;
+ emsg.em_emask.sen_ip_src.s_addr = isa->src_mask;
+ emsg.em_eaddr.sen_ip_dst.s_addr = isa->dst_net;
+ emsg.em_emask.sen_ip_dst.s_addr = isa->dst_mask;
+
+ /* XXX What if IPCOMP etc. comes along? */
+ emsg.em_erproto
+ = (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ? IPPROTO_IPIP
+ : proto->proto == IPSEC_PROTO_IPSEC_ESP ? IPPROTO_ESP : IPPROTO_AH);
+
+ if (klips_write (&emsg))
+ {
+ emsg.em_type = EMT_SETEROUTE;
+ if (klips_write (&emsg))
+ goto cleanup;
+ }
+
+ s = socket (PF_INET, SOCK_DGRAM, AF_UNSPEC);
+ if (s == -1)
+ {
+ log_error ("klips_enable_sa: "
+ "socket(PF_INET, SOCK_DGRAM, AF_UNSPEC) failed");
+ goto cleanup;
+ }
+
+ memset (&rt, '\0', sizeof rt);
+ rt.rt_dst.sa_family = AF_INET;
+ ((struct sockaddr_in *)&rt.rt_dst)->sin_addr.s_addr = isa->dst_net;
+ rt.rt_genmask.sa_family = AF_INET;
+ ((struct sockaddr_in *)&rt.rt_genmask)->sin_addr.s_addr = isa->dst_mask;
+ rt.rt_gateway.sa_family = AF_INET;
+
+ ((struct sockaddr_in *)&rt.rt_gateway)->sin_addr.s_addr
+ = klips_route_get (emsg.em_erdst.s_addr);
+
+ rt.rt_flags = RTF_UP | RTF_GATEWAY;
+ /* XXX What if we have multiple interfaces? */
+ rt.rt_dev = "ipsec0";
+
+ if (ioctl (s, SIOCDELRT, &rt) == -1 && errno != ESRCH)
+ {
+ log_error ("klips_enable_sa: ioctl (%d, SIOCDELRT, %p) failed", s, &rt);
+ goto cleanup;
+ }
+
+ if (ioctl (s, SIOCADDRT, &rt) == -1)
+ {
+ log_error ("klips_enable_sa: ioctl (%d, SIOCADDRT, %p) failed", s, &rt);
+ goto cleanup;
+ }
+
+ close (s);
+ return 0;
+
+ cleanup:
+ if (s != -1)
+ close (s);
+ return -1;
+}
+
+static void
+klips_stayalive (struct exchange *exchange, void *vconn, int fail)
+{
+ char *conn = vconn;
+ struct sa *sa;
+
+ /* XXX What if it is phase 1? */
+ sa = sa_lookup_by_name (conn, 2);
+ if (sa)
+ sa->flags |= SA_FLAG_STAYALIVE;
+}
+
+/* Establish the connection in VCONN and set the stayalive flag for it. */
+void
+klips_connection_check (char *conn)
+{
+ if (!sa_lookup_by_name (conn, 2))
+ {
+ LOG_DBG ((LOG_SYSDEP, 70, "klips_connection_check: SA for %s missing",
+ conn));
+ exchange_establish (conn, klips_stayalive, conn);
+ }
+ else
+ LOG_DBG ((LOG_SYSDEP, 70, "klips_connection_check: SA for %s exists",
+ conn));
+}
diff --git a/sbin/isakmpd/sysdep/linux/klips.h b/sbin/isakmpd/sysdep/linux/klips.h
new file mode 100644
index 00000000000..fdc1fcbe369
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/klips.h
@@ -0,0 +1,56 @@
+/* $Id: klips.h,v 1.1 2001/01/26 11:34:04 niklas Exp $ */
+
+/*
+ * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#ifndef _KLIPS_H_
+#define _KLIPS_H_
+
+#include <sys/types.h>
+#include <sys/queue.h>
+
+struct proto;
+struct sa;
+struct sockaddr;
+
+extern void klips_connection_check (char *);
+extern int klips_delete_spi (struct sa *, struct proto *, int);
+extern int klips_enable_sa (struct sa *, struct sa *);
+extern u_int8_t *klips_get_spi (size_t *, u_int8_t, struct sockaddr *, int,
+ struct sockaddr *, int);
+extern int klips_group_spis (struct sa *, struct proto *, struct proto *,
+ int);
+extern int klips_open (void);
+extern int klips_set_spi (struct sa *, struct proto *, int);
+
+#endif /* _KLIPS_H_ */
diff --git a/sbin/isakmpd/sysdep/linux/sys/queue.h b/sbin/isakmpd/sysdep/linux/sys/queue.h
new file mode 100644
index 00000000000..6af6f7418bd
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/sys/queue.h
@@ -0,0 +1,337 @@
+/* $OpenBSD: queue.h,v 1.3 2001/01/26 11:34:05 niklas Exp $ */
+/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
+
+/*
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef _SYS_QUEUE_H_
+#define _SYS_QUEUE_H_
+
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+
+/*
+ * This file defines four types of data structures: lists, simple queues,
+ * tail queues, and circular queues.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before
+ * or after an existing element or at the head of the list. A list
+ * may only be traversed in the forward direction.
+ *
+ * A simple queue is headed by a pair of pointers, one the head of the
+ * list and the other to the tail of the list. The elements are singly
+ * linked to save space, so only elements can only be removed from the
+ * head of the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A simple queue may only be traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+/*
+ * List definitions.
+ */
+#define LIST_HEAD(name, type) \
+struct name { \
+ struct type *lh_first; /* first element */ \
+}
+
+#define LIST_ENTRY(type) \
+struct { \
+ struct type *le_next; /* next element */ \
+ struct type **le_prev; /* address of previous next element */ \
+}
+
+#define LIST_FIRST(head) ((head)->lh_first)
+#define LIST_NEXT(elm, field) ((elm)->field.le_next)
+#define LIST_END(head) NULL
+
+/*
+ * List functions.
+ */
+#define LIST_INIT(head) do { \
+ (head)->lh_first = NULL; \
+} while (0)
+
+#define LIST_INSERT_AFTER(listelm, elm, field) do { \
+ if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
+ (listelm)->field.le_next->field.le_prev = \
+ &(elm)->field.le_next; \
+ (listelm)->field.le_next = (elm); \
+ (elm)->field.le_prev = &(listelm)->field.le_next; \
+} while (0)
+
+#define LIST_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.le_prev = (listelm)->field.le_prev; \
+ (elm)->field.le_next = (listelm); \
+ *(listelm)->field.le_prev = (elm); \
+ (listelm)->field.le_prev = &(elm)->field.le_next; \
+} while (0)
+
+#define LIST_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.le_next = (head)->lh_first) != NULL) \
+ (head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+ (head)->lh_first = (elm); \
+ (elm)->field.le_prev = &(head)->lh_first; \
+} while (0)
+
+#define LIST_REMOVE(elm, field) do { \
+ if ((elm)->field.le_next != NULL) \
+ (elm)->field.le_next->field.le_prev = \
+ (elm)->field.le_prev; \
+ *(elm)->field.le_prev = (elm)->field.le_next; \
+} while (0)
+
+/*
+ * Simple queue definitions.
+ */
+#define SIMPLEQ_HEAD(name, type) \
+struct name { \
+ struct type *sqh_first; /* first element */ \
+ struct type **sqh_last; /* addr of last next element */ \
+}
+
+#define SIMPLEQ_ENTRY(type) \
+struct { \
+ struct type *sqe_next; /* next element */ \
+}
+
+/*
+ * Simple queue functions.
+ */
+#define SIMPLEQ_INIT(head) do { \
+ (head)->sqh_first = NULL; \
+ (head)->sqh_last = &(head)->sqh_first; \
+} while (0)
+
+#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+ (head)->sqh_first = (elm); \
+} while (0)
+
+#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.sqe_next = NULL; \
+ *(head)->sqh_last = (elm); \
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+} while (0)
+
+#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+ (listelm)->field.sqe_next = (elm); \
+} while (0)
+
+#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do { \
+ if (((head)->sqh_first = (elm)->field.sqe_next) == NULL) \
+ (head)->sqh_last = &(head)->sqh_first; \
+} while (0)
+
+/*
+ * Tail queue definitions.
+ */
+#define TAILQ_HEAD(name, type) \
+struct name { \
+ struct type *tqh_first; /* first element */ \
+ struct type **tqh_last; /* addr of last next element */ \
+}
+
+#define TAILQ_ENTRY(type) \
+struct { \
+ struct type *tqe_next; /* next element */ \
+ struct type **tqe_prev; /* address of previous next element */ \
+}
+
+
+#define TAILQ_FIRST(head) ((head)->tqh_first)
+#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
+#define TAILQ_END(head) NULL
+#define TAILQ_LAST(head, headname) \
+ (*(((struct headname *)((head)->tqh_last))->tqh_last))
+#define TAILQ_PREV(elm, headname, field) \
+ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+
+/*
+ * Tail queue functions.
+ */
+#define TAILQ_INIT(head) do { \
+ (head)->tqh_first = NULL; \
+ (head)->tqh_last = &(head)->tqh_first; \
+} while (0)
+
+#define TAILQ_INSERT_HEAD(head, elm, field) do { \
+ if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
+ (head)->tqh_first->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (head)->tqh_first = (elm); \
+ (elm)->field.tqe_prev = &(head)->tqh_first; \
+} while (0)
+
+#define TAILQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.tqe_next = NULL; \
+ (elm)->field.tqe_prev = (head)->tqh_last; \
+ *(head)->tqh_last = (elm); \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+} while (0)
+
+#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+ (elm)->field.tqe_next->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (listelm)->field.tqe_next = (elm); \
+ (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
+} while (0)
+
+#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
+ (elm)->field.tqe_next = (listelm); \
+ *(listelm)->field.tqe_prev = (elm); \
+ (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
+} while (0)
+
+#define TAILQ_REMOVE(head, elm, field) do { \
+ if (((elm)->field.tqe_next) != NULL) \
+ (elm)->field.tqe_next->field.tqe_prev = \
+ (elm)->field.tqe_prev; \
+ else \
+ (head)->tqh_last = (elm)->field.tqe_prev; \
+ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+} while (0)
+
+/*
+ * Circular queue definitions.
+ */
+#define CIRCLEQ_HEAD(name, type) \
+struct name { \
+ struct type *cqh_first; /* first element */ \
+ struct type *cqh_last; /* last element */ \
+}
+
+#define CIRCLEQ_ENTRY(type) \
+struct { \
+ struct type *cqe_next; /* next element */ \
+ struct type *cqe_prev; /* previous element */ \
+}
+
+#define CIRCLEQ_FIRST(head) ((head)->cqh_first)
+#define CIRCLEQ_LAST(head) ((head)->cqh_last)
+#define CIRCLEQ_END(head) ((void *)(head))
+#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next)
+#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev)
+
+/*
+ * Circular queue functions.
+ */
+#define CIRCLEQ_INIT(head) do { \
+ (head)->cqh_first = (void *)(head); \
+ (head)->cqh_last = (void *)(head); \
+} while (0)
+
+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm)->field.cqe_next; \
+ (elm)->field.cqe_prev = (listelm); \
+ if ((listelm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (listelm)->field.cqe_next->field.cqe_prev = (elm); \
+ (listelm)->field.cqe_next = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm); \
+ (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
+ if ((listelm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (listelm)->field.cqe_prev->field.cqe_next = (elm); \
+ (listelm)->field.cqe_prev = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.cqe_next = (head)->cqh_first; \
+ (elm)->field.cqe_prev = (void *)(head); \
+ if ((head)->cqh_last == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (head)->cqh_first->field.cqe_prev = (elm); \
+ (head)->cqh_first = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.cqe_next = (void *)(head); \
+ (elm)->field.cqe_prev = (head)->cqh_last; \
+ if ((head)->cqh_first == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (head)->cqh_last->field.cqe_next = (elm); \
+ (head)->cqh_last = (elm); \
+} while (0)
+
+#define CIRCLEQ_REMOVE(head, elm, field) do { \
+ if ((elm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm)->field.cqe_prev; \
+ else \
+ (elm)->field.cqe_next->field.cqe_prev = \
+ (elm)->field.cqe_prev; \
+ if ((elm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm)->field.cqe_next; \
+ else \
+ (elm)->field.cqe_prev->field.cqe_next = \
+ (elm)->field.cqe_next; \
+} while (0)
+#endif /* !_SYS_QUEUE_H_ */
diff --git a/sbin/isakmpd/sysdep/linux/sysdep-os.h b/sbin/isakmpd/sysdep/linux/sysdep-os.h
new file mode 100644
index 00000000000..4d5362e0d2f
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/sysdep-os.h
@@ -0,0 +1,51 @@
+/* $Id: sysdep-os.h,v 1.3 2001/01/26 11:34:04 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#ifndef _SYSDEP_OS_H_
+#define _SYSDEP_OS_H_
+
+typedef u_int16_t in_port_t;
+typedef u_int32_t in_addr_t;
+
+#if 0
+/*
+ * Why -D__USE_GNU does not work in order to get this from stdio.h beats me.
+ */
+extern int asprintf __P((char **, const char *, ...));
+#endif
+
+#define DL_LAZY RTLD_LAZY
+
+#endif /* _SYSDEP_OS_H_ */
diff --git a/sbin/isakmpd/sysdep/linux/sysdep.c b/sbin/isakmpd/sysdep/linux/sysdep.c
new file mode 100644
index 00000000000..d96d6d86a10
--- /dev/null
+++ b/sbin/isakmpd/sysdep/linux/sysdep.c
@@ -0,0 +1,165 @@
+/* $Id: sysdep.c,v 1.3 2001/01/26 11:34:04 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <md5.h>
+#include <unistd.h>
+
+#include "sysdep.h"
+
+#ifdef NEED_SYSDEP_APP
+#include "app.h"
+#include "conf.h"
+#include "ipsec.h"
+#include "klips.h"
+#endif NEED_SYSDEP_APP
+#include "log.h"
+#include "sysdep.h"
+
+extern char *__progname;
+
+u_int32_t
+sysdep_random ()
+{
+ u_int32_t rndval;
+ u_char sig[16];
+ MD5_CTX ctx;
+ int fd, i;
+ struct {
+ struct timeval tv;
+ u_int rnd[(128 - sizeof (struct timeval)) / sizeof (u_int)];
+ } rdat;
+
+ fd = open ("/dev/urandom", O_RDONLY);
+ if (fd != -1)
+ {
+ read (fd, rdat.rnd, sizeof(rdat.rnd));
+ close (fd);
+ }
+ MD5Init (&ctx);
+ MD5Update (&ctx, (char *)&rdat, sizeof(rdat));
+ MD5Final (sig, &ctx);
+
+ rndval = 0;
+ for (i = 0; i < 4; i++)
+ {
+ u_int32_t *tmp = (u_int32_t *)&sig[i * 4];
+ rndval ^= *tmp;
+ }
+
+ return rndval;
+}
+
+char *
+sysdep_progname ()
+{
+ return __progname;
+}
+
+/* As regress/ use this file I protect the sysdep_app_* stuff like this. */
+#ifdef NEED_SYSDEP_APP
+int
+sysdep_app_open ()
+{
+ return klips_open ();
+}
+
+void
+sysdep_app_handler (int fd)
+{
+}
+
+/* Check that the connection named NAME is active, or else make it active. */
+void
+sysdep_connection_check (char *name)
+{
+ klips_connection_check (name);
+}
+
+/*
+ * Generate a SPI for protocol PROTO and the source/destination pair given by
+ * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
+ */
+u_int8_t *
+sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
+ int srclen, struct sockaddr *dst, int dstlen)
+{
+ if (app_none)
+ {
+ *sz = IPSEC_SPI_SIZE;
+ /* XXX should be random instead I think. */
+ return strdup ("\x12\x34\x56\x78");
+ }
+
+ return klips_get_spi (sz, proto, src, srclen, dst, dstlen);
+}
+
+int
+sysdep_cleartext (int fd)
+{
+ return 0;
+}
+
+int
+sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ return klips_delete_spi (sa, proto, incoming);
+}
+
+int
+sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa)
+{
+ return klips_enable_sa (sa, isakmp_sa);
+}
+
+int
+sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1,
+ struct proto *proto2, int incoming)
+{
+ return klips_group_spis (sa, proto1, proto2, incoming);
+}
+
+int
+sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ return klips_set_spi (sa, proto, incoming);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep
new file mode 100644
index 00000000000..ed85b505b62
--- /dev/null
+++ b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep
@@ -0,0 +1,66 @@
+# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:06 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+# Copyright (c) 2000 Håkan Olsson. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+LIBGMP:= /usr/pkg/lib/libgmp.a
+LIBCRYPTO:= /usr/lib/libcrypto.a
+
+LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
+LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
+
+LDADD+= ${LIBGMP} ${LIBSYSDEP}
+DPADD+= ${LIBGMP} ${LIBSYSDEP}
+
+FEATURES= debug tripledes blowfish cast ec aggressive
+# Not yet
+#FEATURES+= policy x509
+
+CFLAGS+= -DNO_RSA -DNO_RC5 -DNO_IDEA \
+ -I${.CURDIR}/sysdep/common -I/usr/include/openssl \
+ -I/usr/include/machine -I/usr/pkg/include
+
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+
+USE_LIBCRYPTO= defined
+#HAVE_DLOPEN= defined
+
+#
+# hack libsysdep.a dependency
+#
+${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
+ @cd ${LIBSYSDEPDIR} && \
+ ${MAKE} --no-print-directory ${MAKEFLAGS} \
+ CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
+
+depend: ${LIBSYSDEPDIR}/.depend
+
+ifeq ($(findstring clean, $(MAKECMDGOALS)), clean)
+SUBDIR+= sysdep/common/libsysdep
+MAKEFLAGS+= --no-print-directory
+endif
diff --git a/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep b/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep
new file mode 100644
index 00000000000..abb13f1d74b
--- /dev/null
+++ b/sbin/isakmpd/sysdep/netbsd/Makefile.sysdep
@@ -0,0 +1,82 @@
+# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:06 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+# Copyright (c) 2000 H\xe5kan Olsson. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER INN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+# Override default features
+FEATURES= tripledes blowfish cast ec aggressive debug
+# Not yet
+#FEATURES+= policy x509
+
+LIBGMP= /usr/pkg/lib/libgmp.a
+LIBCRYPTO= /usr/lib/libcrypto.a
+LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep
+
+LDADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a -lipsec
+DPADD+= ${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a ${LIBIPSEC}
+
+CFLAGS+= -DNO_RSA -DNO_IDEA -DNO_RC5 \
+ -I${.CURDIR}/sysdep/common
+.if exists(/usr/pkg/include/openssl/rsa.h)
+CFLAGS+= -I/usr/pkg/include/openssl
+.elif exists(/usr/include/openssl/rsa.h)
+CFLAGS+= -I/usr/include -I/usr/include/openssl
+.endif
+# mandatory for gmp
+CFLAGS+= -I/usr/pkg/include
+LDADD+= -L/usr/pkg/lib
+
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+
+USE_LIBCRYPTO= defined
+USE_GMP= defined
+
+# This is a hack in order to make sure libsysdep is built before the
+# linkstage of isakmpd. As a side effect the link is always done even if
+# not necessary. Well, I just don't care.
+GENERATED+= sysdep-target
+sysdep-target:
+ cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS}
+
+.if make(clean) || make(cleandir)
+SUBDIR+= sysdep/common/libsysdep
+.endif
+
+# Kludge around bug in /usr/share/mk/bsd.subdir.mk
+NO_REGRESS= defined
+
+obj:
+ mkdir obj
+
+beforedepend:
+ rm -f ssl
+.if exists(/usr/pkg/include/openssl/rsa.h)
+ ln -sf /usr/pkg/include/openssl ssl
+.elif exists(/usr/include/openssl/rsa.h)
+ ln -sf /usr/include/openssl ssl
+.endif
diff --git a/sbin/isakmpd/sysdep/netbsd/sysdep-os.h b/sbin/isakmpd/sysdep/netbsd/sysdep-os.h
new file mode 100644
index 00000000000..1690da4a166
--- /dev/null
+++ b/sbin/isakmpd/sysdep/netbsd/sysdep-os.h
@@ -0,0 +1,38 @@
+/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:06 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ * Copyright (c) 2000 H\xe5kan Olsson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SYSDEP_OS_H_
+
+#define _SYSDEP_OS_H_
+
+#define KAME
+
+#include <netinet6/ipsec.h>
+
+#endif /* _SYSDEP_OS_H_ */
diff --git a/sbin/isakmpd/sysdep/netbsd/sysdep.c b/sbin/isakmpd/sysdep/netbsd/sysdep.c
new file mode 100644
index 00000000000..c1bf23dde14
--- /dev/null
+++ b/sbin/isakmpd/sysdep/netbsd/sysdep.c
@@ -0,0 +1,194 @@
+/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:06 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ * Copyright (c) 2000 H\xe5kan Olsson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "sysdep.h"
+
+#include "util.h"
+
+#ifdef NEED_SYSDEP_APP
+#include "app.h"
+#include "conf.h"
+#include "ipsec.h"
+
+#ifdef USE_PF_KEY_V2
+#include "pf_key_v2.h"
+#define KEY_API(x) pf_key_v2_##x
+#else
+#include <net/encap.h>
+#include "pf_encap.h"
+#define KEY_API(x) pf_encap_##x
+#endif
+
+#endif NEED_SYSDEP_APP
+#include "log.h"
+
+extern char *__progname;
+
+/*
+ * An as strong as possible random number generator, reverting to a
+ * deterministic pseudo-random one if regrand is set.
+ */
+u_int32_t
+sysdep_random ()
+{
+ return random();
+}
+
+/* Return the basename of the command used to invoke us. */
+char *
+sysdep_progname ()
+{
+ return __progname;
+}
+
+/* As regress/ use this file I protect the sysdep_app_* stuff like this. */
+#ifdef NEED_SYSDEP_APP
+/*
+ * Prepare the application we negotiate SAs for (i.e. the IPsec stack)
+ * for communication. We return a file descriptor useable to select(2) on.
+ */
+int
+sysdep_app_open ()
+{
+ return KEY_API(open) ();
+}
+
+/*
+ * When select(2) has noticed our application needs attendance, this is what
+ * gets called. FD is the file descriptor causing the alarm.
+ */
+void
+sysdep_app_handler (int fd)
+{
+ KEY_API (handler) (fd);
+}
+
+/* Check that the connection named NAME is active, or else make it active. */
+void
+sysdep_connection_check (char *name)
+{
+ KEY_API (connection_check) (name);
+}
+
+/*
+ * Generate a SPI for protocol PROTO and the source/destination pair given by
+ * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
+ */
+u_int8_t *
+sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
+ int srclen, struct sockaddr *dst, int dstlen)
+{
+ if (app_none)
+ {
+ *sz = IPSEC_SPI_SIZE;
+ /* XXX should be random instead I think. */
+ return strdup ("\x12\x34\x56\x78");
+ }
+ return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen);
+}
+
+/* Force communication on socket FD to go in the clear. */
+int
+sysdep_cleartext (int fd)
+{
+ char *buf;
+ char *policy[] = { "in bypass", "out bypass", NULL };
+ char **p;
+
+ if (app_none)
+ return 0;
+
+ /*
+ * Need to bypass system security policy, so I can send and
+ * receive key management datagrams in the clear.
+ */
+
+ for (p = policy; p && *p; p++)
+ {
+ buf = ipsec_set_policy (*p, strlen(*p));
+ if (buf == NULL)
+ {
+ log_error ("sysdep_cleartext: %s: %s", *p, ipsec_strerror());
+ return -1;
+ }
+
+ if (setsockopt(fd, IPPROTO_IP, IP_IPSEC_POLICY, buf,
+ ipsec_get_policylen(buf)) < 0)
+ {
+ log_error ("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_IPSEC_POLICY, ...) failed",
+ fd);
+ return -1;
+ }
+ free(buf);
+ }
+
+ return 0;
+}
+
+int
+sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (delete_spi) (sa, proto, incoming);
+}
+
+int
+sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (enable_sa) (sa, isakmp_sa);
+}
+
+int
+sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1,
+ struct proto *proto2, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (group_spis) (sa, proto1, proto2, incoming);
+}
+
+int
+sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (set_spi) (sa, proto, incoming);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep
new file mode 100644
index 00000000000..27a2ec0f8d3
--- /dev/null
+++ b/sbin/isakmpd/sysdep/openbsd-encap/GNUmakefile.sysdep
@@ -0,0 +1,60 @@
+# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:07 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+# Compile-time configuration of otherwise optional features
+FEATURES= tripledes blowfish cast policy x509 ec aggressive debug
+
+LIBGMP:= /usr/lib/libgmp.a
+LIBDES:= /usr/lib/libdes.a
+
+LDADD+= -lgmp
+DPADD+= ${LIBGMP}
+
+IPSEC_SRCS= pf_encap.c
+
+# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make.
+# Furthermore these defines should not happen for neither mips, powerpc nor vax
+# just like alpha.
+#ifneq (${MACHINE_ARCH},alpha)
+#HAVE_DLOPEN= defined
+#CFLAGS+= -DSYMBOL_PREFIX='"_"'
+#endif
+
+USE_LIBCRYPTO= defined
+
+ifndef USE_LIBCRYPTO
+DESLIB= -ldes
+DESLIBDEP= ${LIBDES}
+endif
diff --git a/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep b/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep
new file mode 100644
index 00000000000..b40a349f729
--- /dev/null
+++ b/sbin/isakmpd/sysdep/openbsd-encap/Makefile.sysdep
@@ -0,0 +1,57 @@
+# $Id: Makefile.sysdep,v 1.1 2001/01/26 11:34:08 niklas Exp $
+
+#
+# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+FEATURES+= gmp
+
+IPSEC_SRCS= pf_encap.c
+
+# Some OpenBSD systems do not provide dlopen(3).
+.if ${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "mips" && ${MACHINE_ARCH} != "powerpc" && ${MACHINE_ARCH} != "vax"
+HAVE_DLOPEN= defined
+CFLAGS+= -DSYMBOL_PREFIX='"_"'
+.endif
+
+#USE_LIBCRYPTO= defined
+#USE_KEYNOTE= defined
+
+.ifndef USE_LIBCRYPTO
+DESLIB= -ldes
+DESLIBDEP= ${LIBDES}
+
+# The apps/ and regress/ subdirs are broken in the openbsd-encap environment
+# unless libcrypto is available (and even then they are not tested).
+SUBDIR:= ${SUBDIR:Napps}
+NO_REGRESS= defined
+.endif
diff --git a/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h b/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h
new file mode 100644
index 00000000000..da5b6d4ed84
--- /dev/null
+++ b/sbin/isakmpd/sysdep/openbsd-encap/sysdep-os.h
@@ -0,0 +1,42 @@
+/* $Id: sysdep-os.h,v 1.1 2001/01/26 11:34:08 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#ifndef _SYSDEP_OS_H_
+#define _SYSDEP_OS_H_
+
+/* We need socklen_t. */
+typedef u_int32_t socklen_t;
+
+#endif /* _SYSDEP_OS_H_ */
diff --git a/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c b/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c
new file mode 100644
index 00000000000..1a1a1fa4832
--- /dev/null
+++ b/sbin/isakmpd/sysdep/openbsd-encap/sysdep.c
@@ -0,0 +1,204 @@
+/* $Id: sysdep.c,v 1.1 2001/01/26 11:34:08 niklas Exp $ */
+
+/*
+ * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Ericsson Radio Systems.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "sysdep.h"
+
+#include "util.h"
+
+#ifdef NEED_SYSDEP_APP
+#include "app.h"
+#include "conf.h"
+#include "ipsec.h"
+
+#ifdef USE_PF_KEY_V2
+#include "pf_key_v2.h"
+#define KEY_API(x) pf_key_v2_##x
+#else
+#include <net/encap.h>
+#include "pf_encap.h"
+#define KEY_API(x) pf_encap_##x
+#endif
+
+#endif NEED_SYSDEP_APP
+#include "log.h"
+
+extern char *__progname;
+
+/*
+ * An as strong as possible random number generator, reverting to a
+ * deterministic pseudo-random one if regrand is set.
+ */
+u_int32_t
+sysdep_random ()
+{
+ if (!regrand)
+ return arc4random ();
+ else
+ return random();
+}
+
+/* Return the basename of the command used to invoke us. */
+char *
+sysdep_progname ()
+{
+ return __progname;
+}
+
+/* As regress/ use this file I protect the sysdep_app_* stuff like this. */
+#ifdef NEED_SYSDEP_APP
+/*
+ * Prepare the application we negotiate SAs for (i.e. the IPsec stack)
+ * for communication. We return a file descriptor useable to select(2) on.
+ */
+int
+sysdep_app_open ()
+{
+ return KEY_API(open) ();
+}
+
+/*
+ * When select(2) has noticed our application needs attendance, this is what
+ * gets called. FD is the file descriptor causing the alarm.
+ */
+void
+sysdep_app_handler (int fd)
+{
+ KEY_API (handler) (fd);
+}
+
+/* Check that the connection named NAME is active, or else make it active. */
+void
+sysdep_connection_check (char *name)
+{
+ KEY_API (connection_check) (name);
+}
+
+/*
+ * Generate a SPI for protocol PROTO and the source/destination pair given by
+ * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ.
+ */
+u_int8_t *
+sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
+ int srclen, struct sockaddr *dst, int dstlen)
+{
+ if (app_none)
+ {
+ *sz = IPSEC_SPI_SIZE;
+ /* XXX should be random instead I think. */
+ return strdup ("\x12\x34\x56\x78");
+ }
+ return KEY_API (get_spi) (sz, proto, src, srclen, dst, dstlen);
+}
+
+/* Force communication on socket FD to go in the clear. */
+int
+sysdep_cleartext (int fd)
+{
+ int level;
+
+ if (app_none)
+ return 0;
+
+ /*
+ * Need to bypass system security policy, so I can send and
+ * receive key management datagrams in the clear.
+ */
+ level = IPSEC_LEVEL_BYPASS;
+ if (setsockopt (fd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level, sizeof level)
+ == -1)
+ {
+ log_error ("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_AUTH_LEVEL, ...) failed", fd);
+ return -1;
+ }
+ if (setsockopt (fd, IPPROTO_IP, IP_ESP_TRANS_LEVEL, (char *)&level,
+ sizeof level) == -1)
+ {
+ log_error ("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_ESP_TRANS_LEVEL, ...) "
+ "failed", fd);
+ return -1;
+ }
+ if (setsockopt (fd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, (char *)&level,
+ sizeof level) == -1)
+ {
+ log_error("sysdep_cleartext: "
+ "setsockopt (%d, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, ...) "
+ "failed", fd);
+ return -1;
+ }
+ return 0;
+}
+
+int
+sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (delete_spi) (sa, proto, incoming);
+}
+
+int
+sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (enable_sa) (sa, isakmp_sa);
+}
+
+int
+sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1,
+ struct proto *proto2, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (group_spis) (sa, proto1, proto2, incoming);
+}
+
+int
+sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming)
+{
+ if (app_none)
+ return 0;
+ return KEY_API (set_spi) (sa, proto, incoming);
+}
+#endif
diff --git a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep
new file mode 100644
index 00000000000..629c9d896f3
--- /dev/null
+++ b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep
@@ -0,0 +1,67 @@
+# $Id: GNUmakefile.sysdep,v 1.1 2001/01/26 11:34:07 niklas Exp $
+
+#
+# Copyright (c) 1999 Håkan Olsson. All rights reserved.
+# Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by Ericsson Radio Systems.
+# 4. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# This code was written under funding by Ericsson Radio Systems.
+#
+
+
+LIBGMP:= /usr/lib/libgmp.a
+LIBCRYPTO:= /usr/lib/libcrypto.a
+
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+
+CFLAGS+= -DHAVE_GETNAMEINFO
+
+# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make.
+# Furthermore these defines should not happen for neither mips, powerpc nor vax
+# just like alpha.
+ifneq (${MACHINE_ARCH},alpha)
+HAVE_DLOPEN= defined
+CFLAGS+= -DSYMBOL_PREFIX='"_"'
+endif
+
+USE_LIBCRYPTO= defined
+ifneq (${MACHINE_ARCH},alpha)
+ifneq (${MACHINE_ARCH},vax)
+ifneq (${MACHINE_ARCH},m88k)
+SRCS+= keynote_compat.c
+endif
+endif
+endif
+USE_KEYNOTE= defined
+
+ifndef USE_LIBCRYPTO
+DESLIB= -ldes
+DESLIBDEP= ${LIBDES}
+endif