aboutsummaryrefslogtreecommitdiff
path: root/package
diff options
context:
space:
mode:
authorGravatar Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>2007-09-18 13:02:25 +0000
committerGravatar Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>2007-09-18 13:02:25 +0000
commitacf1168bcac651877d11241ef373081c178d4f1a (patch)
treef870ed5da69ceef939d3af015c9de39d928be45f /package
parentbe10c4a8c935671cca3064f556091dc247f5960a (diff)
downloadbuildroot-acf1168bcac651877d11241ef373081c178d4f1a.tar.gz
buildroot-acf1168bcac651877d11241ef373081c178d4f1a.tar.bz2
- bump version to 2.4.9
Diffstat (limited to 'package')
-rw-r--r--package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch59387
-rw-r--r--package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-natt.patch131
-rw-r--r--package/openswan/openswan-2.4.9-001-oswlog.patch (renamed from package/openswan/openswan-2.4.7-001-oswlog.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-002-oswlog.patch (renamed from package/openswan/openswan-2.4.7-002-oswlog.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-003-spi.patch (renamed from package/openswan/openswan-2.4.7-003-spi.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-004-alloc.patch (renamed from package/openswan/openswan-2.4.7-004-alloc.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-005-pluto.patch (renamed from package/openswan/openswan-2.4.7-005-pluto.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-006-linux-include.patch (renamed from package/openswan/openswan-2.4.7-006-linux-include.patch)0
-rw-r--r--package/openswan/openswan-2.4.9-010-susv3-legacy.patch (renamed from package/openswan/openswan-2.4.7-010-susv3-legacy.patch)0
-rw-r--r--package/openswan/openswan.mk8
10 files changed, 59523 insertions, 3 deletions
diff --git a/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch b/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch
new file mode 100644
index 0000000000..3cf64c337b
--- /dev/null
+++ b/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch
@@ -0,0 +1,59387 @@
+packaging/utils/kernelpatch 2.6
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/README.openswan-2 Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,112 @@
++*
++* RCSID $Id: README.openswan-2,v 1.1 2003/12/10 01:07:49 mcr Exp $
++*
++
++ ****************************************
++ * IPSEC for Linux, Release 2.xx series *
++ ****************************************
++
++
++
++1. Files
++
++The contents of linux/net/ipsec/ (see below) join the linux kernel source tree.
++as provided for higher up.
++
++The programs/ directory contains the user-level utilities which you need
++to run IPSEC. See the top-level top/INSTALL to compile and install them.
++
++The testing/ directory contains test scripts.
++
++The doc/ directory contains -- what else -- documentation.
++
++1.1. Kernel files
++
++The following are found in net/ipsec/:
++
++Makefile The Makefile
++Config.in The configuration script for make menuconfig
++defconfig Configuration defaults for first time.
++
++radij.c General-purpose radix-tree operations
++
++ipsec_ipcomp.c IPCOMP encapsulate/decapsulate code.
++ipsec_ah.c Authentication Header (AH) encapsulate/decapsulate code.
++ipsec_esp.c Encapsulated Security Payload (ESP) encap/decap code.
++
++pfkey_v2.c PF_KEYv2 socket interface code.
++pfkey_v2_parser.c PF_KEYv2 message parsing and processing code.
++
++ipsec_init.c Initialization code, /proc interface.
++ipsec_radij.c Interface with the radix tree code.
++ipsec_netlink.c Interface with the netlink code.
++ipsec_xform.c Routines and structures common to transforms.
++ipsec_tunnel.c The outgoing packet processing code.
++ipsec_rcv.c The incoming packet processing code.
++ipsec_md5c.c Somewhat modified RSADSI MD5 C code.
++ipsec_sha1.c Somewhat modified Steve Reid SHA-1 C code.
++
++sysctl_net_ipsec.c /proc/sys/net/ipsec/* variable definitions.
++
++version.c symbolic link to project version.
++
++radij.h Headers for radij.c
++
++ipcomp.h Headers used by IPCOMP code.
++
++ipsec_radij.h Interface with the radix tree code.
++ipsec_netlink.h Headers used by the netlink interface.
++ipsec_encap.h Headers defining encapsulation structures.
++ipsec_xform.h Transform headers.
++ipsec_tunnel.h Headers used by tunneling code.
++ipsec_ipe4.h Headers for the IP-in-IP code.
++ipsec_ah.h Headers common to AH transforms.
++ipsec_md5h.h RSADSI MD5 headers.
++ipsec_sha1.h SHA-1 headers.
++ipsec_esp.h Headers common to ESP transfroms.
++ipsec_rcv.h Headers for incoming packet processing code.
++
++1.2. User-level files.
++
++The following are found in utils/:
++
++eroute.c Create an "extended route" source code
++spi.c Set up Security Associations source code
++spigrp.c Link SPIs together source code.
++tncfg.c Configure the tunneling features of the virtual interface
++ source code
++klipsdebug.c Set/reset klips debugging features source code.
++version.c symbolic link to project version.
++
++eroute.8 Create an "extended route" manual page
++spi.8 Set up Security Associations manual page
++spigrp.8 Link SPIs together manual page
++tncfg.8 Configure the tunneling features of the virtual interface
++ manual page
++klipsdebug.8 Set/reset klips debugging features manual page
++
++eroute.5 /proc/net/ipsec_eroute format manual page
++spi.5 /proc/net/ipsec_spi format manual page
++spigrp.5 /proc/net/ipsec_spigrp format manual page
++tncfg.5 /proc/net/ipsec_tncfg format manual page
++klipsdebug.5 /proc/net/ipsec_klipsdebug format manual page
++version.5 /proc/net/ipsec_version format manual page
++pf_key.5 /proc/net/pf_key format manual page
++
++Makefile Utilities makefile.
++
++*.8 Manpages for the respective utils.
++
++
++1.3. Test files
++
++The test scripts are locate in testing/ and and documentation is found
++at doc/src/umltesting.html. Automated testing via "make check" is available
++provided that the User-Mode-Linux patches are available.
++
++*
++* $Log: README.openswan-2,v $
++* Revision 1.1 2003/12/10 01:07:49 mcr
++* documentation for additions.
++*
++*
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/crypto/ciphers/aes/test_main.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,41 @@
++#include <stdio.h>
++#include <string.h>
++#include <sys/types.h>
++#include "aes_cbc.h"
++#define AES_BLOCK_SIZE 16
++#define KEY_SIZE 128 /* bits */
++#define KEY "1234567890123456"
++#define STR "hola guaso como estaisss ... 012"
++#define STRSZ (sizeof(STR)-1)
++
++#define EMT_AESCBC_BLKLEN AES_BLOCK_SIZE
++#define AES_CONTEXT_T aes_context
++#define EMT_ESPAES_KEY_SZ 16
++int pretty_print(const unsigned char *buf, int count) {
++ int i=0;
++ for (;i<count;i++) {
++ if (i%8==0) putchar(' ');
++ if (i%16==0) putchar('\n');
++ printf ("%02hhx ", buf[i]);
++ }
++ putchar('\n');
++ return i;
++}
++//#define SIZE STRSZ/2
++#define SIZE STRSZ
++int main() {
++ int ret;
++ char buf0[SIZE+1], buf1[SIZE+1];
++ char IV[AES_BLOCK_SIZE]="\0\0\0\0\0\0\0\0" "\0\0\0\0\0\0\0\0";
++ aes_context ac;
++ AES_set_key(&ac, KEY, KEY_SIZE);
++ //pretty_print((char *)&ac.aes_e_key, sizeof(ac.aes_e_key));
++ memset(buf0, 0, sizeof (buf0));
++ memset(buf1, 0, sizeof (buf1));
++ ret=AES_cbc_encrypt(&ac, STR, buf0, SIZE, IV, 1);
++ pretty_print(buf0, SIZE);
++ printf("size=%d ret=%d\n%s\n", SIZE, ret, buf0);
++ ret=AES_cbc_encrypt(&ac, buf0, buf1, SIZE, IV, 0);
++ printf("size=%d ret=%d\n%s\n", SIZE, ret, buf1);
++ return 0;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/crypto/ciphers/aes/test_main_mac.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,30 @@
++#include <stdio.h>
++#include <sys/types.h>
++#include <string.h>
++#include "aes.h"
++#include "aes_xcbc_mac.h"
++#define STR "Hola guasssso c|mo estais ...012"
++void print_hash(const __u8 *hash) {
++ printf("%08x %08x %08x %08x\n",
++ *(__u32*)(&hash[0]),
++ *(__u32*)(&hash[4]),
++ *(__u32*)(&hash[8]),
++ *(__u32*)(&hash[12]));
++}
++int main(int argc, char *argv[]) {
++ aes_block key= { 0xdeadbeef, 0xceedcaca, 0xcafebabe, 0xff010204 };
++ __u8 hash[16];
++ char *str = argv[1];
++ aes_context_mac ctx;
++ if (str==NULL) {
++ fprintf(stderr, "pasame el str\n");
++ return 255;
++ }
++ AES_xcbc_mac_set_key(&ctx, (__u8 *)&key, sizeof(key));
++ AES_xcbc_mac_hash(&ctx, str, strlen(str), hash);
++ print_hash(hash);
++ str[2]='x';
++ AES_xcbc_mac_hash(&ctx, str, strlen(str), hash);
++ print_hash(hash);
++ return 0;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/crypto/aes.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,97 @@
++// I retain copyright in this code but I encourage its free use provided
++// that I don't carry any responsibility for the results. I am especially
++// happy to see it used in free and open source software. If you do use
++// it I would appreciate an acknowledgement of its origin in the code or
++// the product that results and I would also appreciate knowing a little
++// about the use to which it is being put. I am grateful to Frank Yellin
++// for some ideas that are used in this implementation.
++//
++// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
++//
++// This is an implementation of the AES encryption algorithm (Rijndael)
++// designed by Joan Daemen and Vincent Rijmen. This version is designed
++// to provide both fixed and dynamic block and key lengths and can also
++// run with either big or little endian internal byte order (see aes.h).
++// It inputs block and key lengths in bytes with the legal values being
++// 16, 24 and 32.
++
++/*
++ * Modified by Jari Ruusu, May 1 2001
++ * - Fixed some compile warnings, code was ok but gcc warned anyway.
++ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
++ * - Major name space cleanup: Names visible to outside now begin
++ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
++ * - Removed C++ and DLL support as part of name space cleanup.
++ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
++ * - Merged precomputed constant tables to aes.c file.
++ * - Removed data alignment restrictions for portability reasons.
++ * - Made block and key lengths accept bit count (128/192/256)
++ * as well byte count (16/24/32).
++ * - Removed all error checks. This change also eliminated the need
++ * to preinitialize the context struct to zero.
++ * - Removed some totally unused constants.
++ */
++
++#ifndef _AES_H
++#define _AES_H
++
++#if defined(__linux__) && defined(__KERNEL__)
++# include <linux/types.h>
++#else
++# include <sys/types.h>
++#endif
++
++// CONFIGURATION OPTIONS (see also aes.c)
++//
++// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or
++// leave this undefined for dynamically variable block size (this will
++// result in much slower code).
++// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If
++// left undefined a slower version providing variable block length is compiled
++
++#define AES_BLOCK_SIZE 16
++
++// The number of key schedule words for different block and key lengths
++// allowing for method of computation which requires the length to be a
++// multiple of the key length
++//
++// Nk = 4 6 8
++// -------------
++// Nb = 4 | 60 60 64
++// 6 | 96 90 96
++// 8 | 120 120 120
++
++#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32)
++#define AES_KS_LENGTH 120
++#define AES_RC_LENGTH 29
++#else
++#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE
++#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8
++#endif
++
++typedef struct
++{
++ u_int32_t aes_Nkey; // the number of words in the key input block
++ u_int32_t aes_Nrnd; // the number of cipher rounds
++ u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule
++ u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule
++#if !defined(AES_BLOCK_SIZE)
++ u_int32_t aes_Ncol; // the number of columns in the cipher state
++#endif
++} aes_context;
++
++// THE CIPHER INTERFACE
++
++#if !defined(AES_BLOCK_SIZE)
++extern void aes_set_blk(aes_context *, const int);
++#endif
++extern void aes_set_key(aes_context *, const unsigned char [], const int, const int);
++extern void aes_encrypt(const aes_context *, const unsigned char [], unsigned char []);
++extern void aes_decrypt(const aes_context *, const unsigned char [], unsigned char []);
++
++// The block length inputs to aes_set_block and aes_set_key are in numbers
++// of bytes or bits. The calls to subroutines must be made in the above
++// order but multiple calls can be made without repeating earlier calls
++// if their parameters have not changed.
++
++#endif // _AES_H
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/crypto/aes_cbc.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,4 @@
++/* Glue header */
++#include "aes.h"
++int AES_set_key(aes_context *aes_ctx, const u_int8_t * key, int keysize);
++int AES_cbc_encrypt(aes_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt);
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/crypto/aes_xcbc_mac.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,12 @@
++#ifndef _AES_XCBC_MAC_H
++#define _AES_XCBC_MAC_H
++
++typedef u_int32_t aes_block[4];
++typedef struct {
++ aes_context ctx_k1;
++ aes_block k2;
++ aes_block k3;
++} aes_context_mac;
++int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen);
++int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]);
++#endif /* _AES_XCBC_MAC_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/crypto/cbc_generic.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,110 @@
++#ifndef _CBC_GENERIC_H
++#define _CBC_GENERIC_H
++/*
++ * CBC macro helpers
++ *
++ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ */
++
++/*
++ * Heavily inspired in loop_AES
++ */
++#define CBC_IMPL_BLK16(name, ctx_type, addr_type, enc_func, dec_func) \
++int name(ctx_type *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \
++ int ret=ilen, pos; \
++ const u_int32_t *iv_i; \
++ if ((ilen) % 16) return 0; \
++ if (encrypt) { \
++ pos=0; \
++ while(pos<ilen) { \
++ if (pos==0) \
++ iv_i=(const u_int32_t*) iv; \
++ else \
++ iv_i=(const u_int32_t*) (out-16); \
++ *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \
++ *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \
++ *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8])); \
++ *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12])); \
++ enc_func(ctx, (addr_type) out, (addr_type) out); \
++ in+=16; \
++ out+=16; \
++ pos+=16; \
++ } \
++ } else { \
++ pos=ilen-16; \
++ in+=pos; \
++ out+=pos; \
++ while(pos>=0) { \
++ dec_func(ctx, (const addr_type) in, (addr_type) out); \
++ if (pos==0) \
++ iv_i=(const u_int32_t*) (iv); \
++ else \
++ iv_i=(const u_int32_t*) (in-16); \
++ *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \
++ *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \
++ *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; \
++ *((u_int32_t *)(&out[12])) ^= iv_i[3]; \
++ in-=16; \
++ out-=16; \
++ pos-=16; \
++ } \
++ } \
++ return ret; \
++}
++#define CBC_IMPL_BLK8(name, ctx_type, addr_type, enc_func, dec_func) \
++int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \
++ int ret=ilen, pos; \
++ const u_int32_t *iv_i; \
++ if ((ilen) % 8) return 0; \
++ if (encrypt) { \
++ pos=0; \
++ while(pos<ilen) { \
++ if (pos==0) \
++ iv_i=(const u_int32_t*) iv; \
++ else \
++ iv_i=(const u_int32_t*) (out-8); \
++ *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \
++ *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \
++ enc_func(ctx, (addr_type)out, (addr_type)out); \
++ in+=8; \
++ out+=8; \
++ pos+=8; \
++ } \
++ } else { \
++ pos=ilen-8; \
++ in+=pos; \
++ out+=pos; \
++ while(pos>=0) { \
++ dec_func(ctx, (const addr_type)in, (addr_type)out); \
++ if (pos==0) \
++ iv_i=(const u_int32_t*) (iv); \
++ else \
++ iv_i=(const u_int32_t*) (in-8); \
++ *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \
++ *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \
++ in-=8; \
++ out-=8; \
++ pos-=8; \
++ } \
++ } \
++ return ret; \
++}
++#define CBC_DECL(name, ctx_type) \
++int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt)
++/*
++Eg.:
++CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
++CBC_DECL(AES_cbc_encrypt, aes_context);
++*/
++#endif /* _CBC_GENERIC_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/crypto/des.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,298 @@
++/* crypto/des/des.org */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
++ *
++ * Always modify des.org since des.h is automatically generated from
++ * it during SSLeay configuration.
++ *
++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
++ */
++
++#ifndef HEADER_DES_H
++#define HEADER_DES_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++
++/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
++ * %20 speed up (longs are 8 bytes, int's are 4). */
++/* Must be unsigned int on ia64/Itanium or DES breaks badly */
++
++#ifdef __KERNEL__
++#include <linux/types.h>
++#else
++#include <sys/types.h>
++#endif
++
++#ifndef DES_LONG
++#define DES_LONG u_int32_t
++#endif
++
++typedef unsigned char des_cblock[8];
++typedef struct { des_cblock ks; } des_key_schedule[16];
++
++#define DES_KEY_SZ (sizeof(des_cblock))
++#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
++
++#define DES_ENCRYPT 1
++#define DES_DECRYPT 0
++
++#define DES_CBC_MODE 0
++#define DES_PCBC_MODE 1
++
++#define des_ecb2_encrypt(i,o,k1,k2,e) \
++ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
++
++#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
++ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
++
++#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
++ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
++
++#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
++ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
++
++#define C_Block des_cblock
++#define Key_schedule des_key_schedule
++#ifdef KERBEROS
++#define ENCRYPT DES_ENCRYPT
++#define DECRYPT DES_DECRYPT
++#endif
++#define KEY_SZ DES_KEY_SZ
++#define string_to_key des_string_to_key
++#define read_pw_string des_read_pw_string
++#define random_key des_random_key
++#define pcbc_encrypt des_pcbc_encrypt
++#define set_key des_set_key
++#define key_sched des_key_sched
++#define ecb_encrypt des_ecb_encrypt
++#define cbc_encrypt des_cbc_encrypt
++#define ncbc_encrypt des_ncbc_encrypt
++#define xcbc_encrypt des_xcbc_encrypt
++#define cbc_cksum des_cbc_cksum
++#define quad_cksum des_quad_cksum
++
++/* For compatibility with the MIT lib - eay 20/05/92 */
++typedef des_key_schedule bit_64;
++#define des_fixup_key_parity des_set_odd_parity
++#define des_check_key_parity check_parity
++
++extern int des_check_key; /* defaults to false */
++extern int des_rw_mode; /* defaults to DES_PCBC_MODE */
++
++/* The next line is used to disable full ANSI prototypes, if your
++ * compiler has problems with the prototypes, make sure this line always
++ * evaluates to true :-) */
++#if defined(MSDOS) || defined(__STDC__)
++#undef NOPROTO
++#endif
++#ifndef NOPROTO
++char *des_options(void);
++void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
++ des_key_schedule ks1,des_key_schedule ks2,
++ des_key_schedule ks3, int enc);
++DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
++ long length,des_key_schedule schedule,des_cblock *ivec);
++void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
++ des_key_schedule schedule,des_cblock *ivec,int enc);
++void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
++ des_key_schedule schedule,des_cblock *ivec,int enc);
++void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
++ des_key_schedule schedule,des_cblock *ivec,
++ des_cblock *inw,des_cblock *outw,int enc);
++void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
++ long length,des_key_schedule schedule,des_cblock *ivec,int enc);
++void des_ecb_encrypt(des_cblock *input,des_cblock *output,
++ des_key_schedule ks,int enc);
++void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
++void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
++void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
++ des_key_schedule ks2, des_key_schedule ks3);
++void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
++ des_key_schedule ks2, des_key_schedule ks3);
++void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output,
++ long length, des_key_schedule ks1, des_key_schedule ks2,
++ des_key_schedule ks3, des_cblock *ivec, int enc);
++void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
++ long length, des_key_schedule ks1, des_key_schedule ks2,
++ des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
++void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
++ long length, des_key_schedule ks1, des_key_schedule ks2,
++ des_key_schedule ks3, des_cblock *ivec, int *num);
++
++void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
++ des_cblock (*out_white));
++
++int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
++ des_cblock *iv);
++int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
++ des_cblock *iv);
++char *des_fcrypt(const char *buf,const char *salt, char *ret);
++#ifdef PERL5
++char *des_crypt(const char *buf,const char *salt);
++#else
++/* some stupid compilers complain because I have declared char instead
++ * of const char */
++#ifndef __KERNEL__
++#ifdef HEADER_DES_LOCL_H
++char *crypt(const char *buf,const char *salt);
++#else /* HEADER_DES_LOCL_H */
++char *crypt(void);
++#endif /* HEADER_DES_LOCL_H */
++#endif /* __KERNEL__ */
++#endif /* PERL5 */
++void des_ofb_encrypt(unsigned char *in,unsigned char *out,
++ int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
++void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
++ des_key_schedule schedule,des_cblock *ivec,int enc);
++DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
++ long length,int out_count,des_cblock *seed);
++void des_random_seed(des_cblock key);
++void des_random_key(des_cblock ret);
++int des_read_password(des_cblock *key,char *prompt,int verify);
++int des_read_2passwords(des_cblock *key1,des_cblock *key2,
++ char *prompt,int verify);
++int des_read_pw_string(char *buf,int length,char *prompt,int verify);
++void des_set_odd_parity(des_cblock *key);
++int des_is_weak_key(des_cblock *key);
++int des_set_key(des_cblock *key,des_key_schedule schedule);
++int des_key_sched(des_cblock *key,des_key_schedule schedule);
++void des_string_to_key(char *str,des_cblock *key);
++void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
++void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
++ des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
++void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
++ des_key_schedule schedule, des_cblock *ivec, int *num);
++int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
++
++/* Extra functions from Mark Murray <mark@grondar.za> */
++/* The following functions are not in the normal unix build or the
++ * SSLeay build. When using the SSLeay build, use RAND_seed()
++ * and RAND_bytes() instead. */
++int des_new_random_key(des_cblock *key);
++void des_init_random_number_generator(des_cblock *key);
++void des_set_random_generator_seed(des_cblock *key);
++void des_set_sequence_number(des_cblock new_sequence_number);
++void des_generate_random_block(des_cblock *block);
++
++#else
++
++char *des_options();
++void des_ecb3_encrypt();
++DES_LONG des_cbc_cksum();
++void des_cbc_encrypt();
++void des_ncbc_encrypt();
++void des_xcbc_encrypt();
++void des_cfb_encrypt();
++void des_ede3_cfb64_encrypt();
++void des_ede3_ofb64_encrypt();
++void des_ecb_encrypt();
++void des_encrypt();
++void des_encrypt2();
++void des_encrypt3();
++void des_decrypt3();
++void des_ede3_cbc_encrypt();
++int des_enc_read();
++int des_enc_write();
++char *des_fcrypt();
++#ifdef PERL5
++char *des_crypt();
++#else
++char *crypt();
++#endif
++void des_ofb_encrypt();
++void des_pcbc_encrypt();
++DES_LONG des_quad_cksum();
++void des_random_seed();
++void des_random_key();
++int des_read_password();
++int des_read_2passwords();
++int des_read_pw_string();
++void des_set_odd_parity();
++int des_is_weak_key();
++int des_set_key();
++int des_key_sched();
++void des_string_to_key();
++void des_string_to_2keys();
++void des_cfb64_encrypt();
++void des_ofb64_encrypt();
++int des_read_pw();
++void des_xwhite_in2out();
++
++/* Extra functions from Mark Murray <mark@grondar.za> */
++/* The following functions are not in the normal unix build or the
++ * SSLeay build. When using the SSLeay build, use RAND_seed()
++ * and RAND_bytes() instead. */
++#ifdef FreeBSD
++int des_new_random_key();
++void des_init_random_number_generator();
++void des_set_random_generator_seed();
++void des_set_sequence_number();
++void des_generate_random_block();
++#endif
++
++#endif
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/des/des_locl.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,515 @@
++/* crypto/des/des_locl.org */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
++ *
++ * Always modify des_locl.org since des_locl.h is automatically generated from
++ * it during SSLeay configuration.
++ *
++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
++ */
++
++#ifndef HEADER_DES_LOCL_H
++#define HEADER_DES_LOCL_H
++
++#if defined(WIN32) || defined(WIN16)
++#ifndef MSDOS
++#define MSDOS
++#endif
++#endif
++
++#include "crypto/des.h"
++
++#ifndef DES_DEFAULT_OPTIONS
++/* the following is tweaked from a config script, that is why it is a
++ * protected undef/define */
++#ifndef DES_PTR
++#define DES_PTR
++#endif
++
++/* This helps C compiler generate the correct code for multiple functional
++ * units. It reduces register dependancies at the expense of 2 more
++ * registers */
++#ifndef DES_RISC1
++#define DES_RISC1
++#endif
++
++#ifndef DES_RISC2
++#undef DES_RISC2
++#endif
++
++#if defined(DES_RISC1) && defined(DES_RISC2)
++YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
++#endif
++
++/* Unroll the inner loop, this sometimes helps, sometimes hinders.
++ * Very mucy CPU dependant */
++#ifndef DES_UNROLL
++#define DES_UNROLL
++#endif
++
++/* These default values were supplied by
++ * Peter Gutman <pgut001@cs.auckland.ac.nz>
++ * They are only used if nothing else has been defined */
++#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
++/* Special defines which change the way the code is built depending on the
++ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
++ even newer MIPS CPU's, but at the moment one size fits all for
++ optimization options. Older Sparc's work better with only UNROLL, but
++ there's no way to tell at compile time what it is you're running on */
++
++#if defined( sun ) /* Newer Sparc's */
++ #define DES_PTR
++ #define DES_RISC1
++ #define DES_UNROLL
++#elif defined( __ultrix ) /* Older MIPS */
++ #define DES_PTR
++ #define DES_RISC2
++ #define DES_UNROLL
++#elif defined( __osf1__ ) /* Alpha */
++ #define DES_PTR
++ #define DES_RISC2
++#elif defined ( _AIX ) /* RS6000 */
++ /* Unknown */
++#elif defined( __hpux ) /* HP-PA */
++ /* Unknown */
++#elif defined( __aux ) /* 68K */
++ /* Unknown */
++#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
++ #define DES_UNROLL
++#elif defined( __sgi ) /* Newer MIPS */
++ #define DES_PTR
++ #define DES_RISC2
++ #define DES_UNROLL
++#elif defined( i386 ) /* x86 boxes, should be gcc */
++ #define DES_PTR
++ #define DES_RISC1
++ #define DES_UNROLL
++#endif /* Systems-specific speed defines */
++#endif
++
++#endif /* DES_DEFAULT_OPTIONS */
++
++#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */
++#include <stdlib.h>
++#include <errno.h>
++#include <time.h>
++#include <io.h>
++#ifndef RAND
++#define RAND
++#endif
++#undef NOPROTO
++#endif
++
++#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
++#ifndef __KERNEL__
++#include <string.h>
++#else
++#include <linux/string.h>
++#endif
++#endif
++
++#ifndef RAND
++#define RAND
++#endif
++
++#ifdef linux
++#undef RAND
++#endif
++
++#ifdef MSDOS
++#define getpid() 2
++#define RAND
++#undef NOPROTO
++#endif
++
++#if defined(NOCONST)
++#define const
++#endif
++
++#ifdef __STDC__
++#undef NOPROTO
++#endif
++
++#ifdef RAND
++#define srandom(s) srand(s)
++#define random rand
++#endif
++
++#define ITERATIONS 16
++#define HALF_ITERATIONS 8
++
++/* used in des_read and des_write */
++#define MAXWRITE (1024*16)
++#define BSIZE (MAXWRITE+4)
++
++#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
++ l|=((DES_LONG)(*((c)++)))<< 8L, \
++ l|=((DES_LONG)(*((c)++)))<<16L, \
++ l|=((DES_LONG)(*((c)++)))<<24L)
++
++/* NOTE - c is not incremented as per c2l */
++#define c2ln(c,l1,l2,n) { \
++ c+=n; \
++ l1=l2=0; \
++ switch (n) { \
++ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
++ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
++ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
++ case 5: l2|=((DES_LONG)(*(--(c)))); \
++ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
++ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
++ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
++ case 1: l1|=((DES_LONG)(*(--(c)))); \
++ } \
++ }
++
++#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
++
++/* replacements for htonl and ntohl since I have no idea what to do
++ * when faced with machines with 8 byte longs. */
++#define HDRSIZE 4
++
++#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
++ l|=((DES_LONG)(*((c)++)))<<16L, \
++ l|=((DES_LONG)(*((c)++)))<< 8L, \
++ l|=((DES_LONG)(*((c)++))))
++
++#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
++ *((c)++)=(unsigned char)(((l) )&0xff))
++
++/* NOTE - c is not incremented as per l2c */
++#define l2cn(l1,l2,c,n) { \
++ c+=n; \
++ switch (n) { \
++ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
++ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
++ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
++ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
++ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
++ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
++ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
++ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
++ } \
++ }
++
++#if defined(WIN32)
++#define ROTATE(a,n) (_lrotr(a,n))
++#else
++#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
++#endif
++
++/* Don't worry about the LOAD_DATA() stuff, that is used by
++ * fcrypt() to add it's little bit to the front */
++
++#ifdef DES_FCRYPT
++
++#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
++ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
++
++#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
++ t=R^(R>>16L); \
++ u=t&E0; t&=E1; \
++ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
++ tmp=(t<<16); t^=R^s[S+1]; t^=tmp
++#else
++#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
++#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
++ u=R^s[S ]; \
++ t=R^s[S+1]
++#endif
++
++/* The changes to this macro may help or hinder, depending on the
++ * compiler and the achitecture. gcc2 always seems to do well :-).
++ * Inspired by Dana How <how@isl.stanford.edu>
++ * DO NOT use the alternative version on machines with 8 byte longs.
++ * It does not seem to work on the Alpha, even when DES_LONG is 4
++ * bytes, probably an issue of accessing non-word aligned objects :-( */
++#ifdef DES_PTR
++
++/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
++ * is no reason to not xor all the sub items together. This potentially
++ * saves a register since things can be xored directly into L */
++
++#if defined(DES_RISC1) || defined(DES_RISC2)
++#ifdef DES_RISC1
++#define D_ENCRYPT(LL,R,S) { \
++ unsigned int u1,u2,u3; \
++ LOAD_DATA(R,S,u,t,E0,E1,u1); \
++ u2=(int)u>>8L; \
++ u1=(int)u&0xfc; \
++ u2&=0xfc; \
++ t=ROTATE(t,4); \
++ u>>=16L; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
++ u3=(int)(u>>8L); \
++ u1=(int)u&0xfc; \
++ u3&=0xfc; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
++ u2=(int)t>>8L; \
++ u1=(int)t&0xfc; \
++ u2&=0xfc; \
++ t>>=16L; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
++ u3=(int)t>>8L; \
++ u1=(int)t&0xfc; \
++ u3&=0xfc; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
++#endif
++#ifdef DES_RISC2
++#define D_ENCRYPT(LL,R,S) { \
++ unsigned int u1,u2,s1,s2; \
++ LOAD_DATA(R,S,u,t,E0,E1,u1); \
++ u2=(int)u>>8L; \
++ u1=(int)u&0xfc; \
++ u2&=0xfc; \
++ t=ROTATE(t,4); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
++ s1=(int)(u>>16L); \
++ s2=(int)(u>>24L); \
++ s1&=0xfc; \
++ s2&=0xfc; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
++ u2=(int)t>>8L; \
++ u1=(int)t&0xfc; \
++ u2&=0xfc; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
++ s1=(int)(t>>16L); \
++ s2=(int)(t>>24L); \
++ s1&=0xfc; \
++ s2&=0xfc; \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
++ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
++#endif
++#else
++#define D_ENCRYPT(LL,R,S) { \
++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
++ t=ROTATE(t,4); \
++ LL^= \
++ *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
++ *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
++#endif
++
++#else /* original version */
++
++#if defined(DES_RISC1) || defined(DES_RISC2)
++#ifdef DES_RISC1
++#define D_ENCRYPT(LL,R,S) {\
++ unsigned int u1,u2,u3; \
++ LOAD_DATA(R,S,u,t,E0,E1,u1); \
++ u>>=2L; \
++ t=ROTATE(t,6); \
++ u2=(int)u>>8L; \
++ u1=(int)u&0x3f; \
++ u2&=0x3f; \
++ u>>=16L; \
++ LL^=des_SPtrans[0][u1]; \
++ LL^=des_SPtrans[2][u2]; \
++ u3=(int)u>>8L; \
++ u1=(int)u&0x3f; \
++ u3&=0x3f; \
++ LL^=des_SPtrans[4][u1]; \
++ LL^=des_SPtrans[6][u3]; \
++ u2=(int)t>>8L; \
++ u1=(int)t&0x3f; \
++ u2&=0x3f; \
++ t>>=16L; \
++ LL^=des_SPtrans[1][u1]; \
++ LL^=des_SPtrans[3][u2]; \
++ u3=(int)t>>8L; \
++ u1=(int)t&0x3f; \
++ u3&=0x3f; \
++ LL^=des_SPtrans[5][u1]; \
++ LL^=des_SPtrans[7][u3]; }
++#endif
++#ifdef DES_RISC2
++#define D_ENCRYPT(LL,R,S) {\
++ unsigned int u1,u2,s1,s2; \
++ LOAD_DATA(R,S,u,t,E0,E1,u1); \
++ u>>=2L; \
++ t=ROTATE(t,6); \
++ u2=(int)u>>8L; \
++ u1=(int)u&0x3f; \
++ u2&=0x3f; \
++ LL^=des_SPtrans[0][u1]; \
++ LL^=des_SPtrans[2][u2]; \
++ s1=(int)u>>16L; \
++ s2=(int)u>>24L; \
++ s1&=0x3f; \
++ s2&=0x3f; \
++ LL^=des_SPtrans[4][s1]; \
++ LL^=des_SPtrans[6][s2]; \
++ u2=(int)t>>8L; \
++ u1=(int)t&0x3f; \
++ u2&=0x3f; \
++ LL^=des_SPtrans[1][u1]; \
++ LL^=des_SPtrans[3][u2]; \
++ s1=(int)t>>16; \
++ s2=(int)t>>24L; \
++ s1&=0x3f; \
++ s2&=0x3f; \
++ LL^=des_SPtrans[5][s1]; \
++ LL^=des_SPtrans[7][s2]; }
++#endif
++
++#else
++
++#define D_ENCRYPT(LL,R,S) {\
++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
++ t=ROTATE(t,4); \
++ LL^=\
++ des_SPtrans[0][(u>> 2L)&0x3f]^ \
++ des_SPtrans[2][(u>>10L)&0x3f]^ \
++ des_SPtrans[4][(u>>18L)&0x3f]^ \
++ des_SPtrans[6][(u>>26L)&0x3f]^ \
++ des_SPtrans[1][(t>> 2L)&0x3f]^ \
++ des_SPtrans[3][(t>>10L)&0x3f]^ \
++ des_SPtrans[5][(t>>18L)&0x3f]^ \
++ des_SPtrans[7][(t>>26L)&0x3f]; }
++#endif
++#endif
++
++ /* IP and FP
++ * The problem is more of a geometric problem that random bit fiddling.
++ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
++ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
++ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
++ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
++
++ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
++ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
++ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
++ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
++
++ The output has been subject to swaps of the form
++ 0 1 -> 3 1 but the odd and even bits have been put into
++ 2 3 2 0
++ different words. The main trick is to remember that
++ t=((l>>size)^r)&(mask);
++ r^=t;
++ l^=(t<<size);
++ can be used to swap and move bits between words.
++
++ So l = 0 1 2 3 r = 16 17 18 19
++ 4 5 6 7 20 21 22 23
++ 8 9 10 11 24 25 26 27
++ 12 13 14 15 28 29 30 31
++ becomes (for size == 2 and mask == 0x3333)
++ t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
++ 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
++ 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
++ 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
++
++ Thanks for hints from Richard Outerbridge - he told me IP&FP
++ could be done in 15 xor, 10 shifts and 5 ands.
++ When I finally started to think of the problem in 2D
++ I first got ~42 operations without xors. When I remembered
++ how to use xors :-) I got it to its final state.
++ */
++#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
++ (b)^=(t),\
++ (a)^=((t)<<(n)))
++
++#define IP(l,r) \
++ { \
++ register DES_LONG tt; \
++ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
++ PERM_OP(l,r,tt,16,0x0000ffffL); \
++ PERM_OP(r,l,tt, 2,0x33333333L); \
++ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
++ PERM_OP(r,l,tt, 1,0x55555555L); \
++ }
++
++#define FP(l,r) \
++ { \
++ register DES_LONG tt; \
++ PERM_OP(l,r,tt, 1,0x55555555L); \
++ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
++ PERM_OP(l,r,tt, 2,0x33333333L); \
++ PERM_OP(r,l,tt,16,0x0000ffffL); \
++ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
++ }
++
++extern const DES_LONG des_SPtrans[8][64];
++
++#ifndef NOPROTO
++void fcrypt_body(DES_LONG *out,des_key_schedule ks,
++ DES_LONG Eswap0, DES_LONG Eswap1);
++#else
++void fcrypt_body();
++#endif
++
++#endif
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/des/des_ver.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,60 @@
++/* crypto/des/des_ver.h */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++extern char *DES_version; /* SSLeay version string */
++extern char *libdes_version; /* old libdes version string */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/des/podd.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,75 @@
++/* crypto/des/podd.h */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++static const unsigned char odd_parity[256]={
++ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
++ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
++ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
++ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
++ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
++ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
++ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
++112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
++128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
++145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
++161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
++176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
++193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
++208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
++224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
++241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/des/sk.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,204 @@
++/* crypto/des/sk.h */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++static const DES_LONG des_skb[8][64]={
++{
++/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
++0x00000000L,0x00000010L,0x20000000L,0x20000010L,
++0x00010000L,0x00010010L,0x20010000L,0x20010010L,
++0x00000800L,0x00000810L,0x20000800L,0x20000810L,
++0x00010800L,0x00010810L,0x20010800L,0x20010810L,
++0x00000020L,0x00000030L,0x20000020L,0x20000030L,
++0x00010020L,0x00010030L,0x20010020L,0x20010030L,
++0x00000820L,0x00000830L,0x20000820L,0x20000830L,
++0x00010820L,0x00010830L,0x20010820L,0x20010830L,
++0x00080000L,0x00080010L,0x20080000L,0x20080010L,
++0x00090000L,0x00090010L,0x20090000L,0x20090010L,
++0x00080800L,0x00080810L,0x20080800L,0x20080810L,
++0x00090800L,0x00090810L,0x20090800L,0x20090810L,
++0x00080020L,0x00080030L,0x20080020L,0x20080030L,
++0x00090020L,0x00090030L,0x20090020L,0x20090030L,
++0x00080820L,0x00080830L,0x20080820L,0x20080830L,
++0x00090820L,0x00090830L,0x20090820L,0x20090830L,
++},{
++/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
++0x00000000L,0x02000000L,0x00002000L,0x02002000L,
++0x00200000L,0x02200000L,0x00202000L,0x02202000L,
++0x00000004L,0x02000004L,0x00002004L,0x02002004L,
++0x00200004L,0x02200004L,0x00202004L,0x02202004L,
++0x00000400L,0x02000400L,0x00002400L,0x02002400L,
++0x00200400L,0x02200400L,0x00202400L,0x02202400L,
++0x00000404L,0x02000404L,0x00002404L,0x02002404L,
++0x00200404L,0x02200404L,0x00202404L,0x02202404L,
++0x10000000L,0x12000000L,0x10002000L,0x12002000L,
++0x10200000L,0x12200000L,0x10202000L,0x12202000L,
++0x10000004L,0x12000004L,0x10002004L,0x12002004L,
++0x10200004L,0x12200004L,0x10202004L,0x12202004L,
++0x10000400L,0x12000400L,0x10002400L,0x12002400L,
++0x10200400L,0x12200400L,0x10202400L,0x12202400L,
++0x10000404L,0x12000404L,0x10002404L,0x12002404L,
++0x10200404L,0x12200404L,0x10202404L,0x12202404L,
++},{
++/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
++0x00000000L,0x00000001L,0x00040000L,0x00040001L,
++0x01000000L,0x01000001L,0x01040000L,0x01040001L,
++0x00000002L,0x00000003L,0x00040002L,0x00040003L,
++0x01000002L,0x01000003L,0x01040002L,0x01040003L,
++0x00000200L,0x00000201L,0x00040200L,0x00040201L,
++0x01000200L,0x01000201L,0x01040200L,0x01040201L,
++0x00000202L,0x00000203L,0x00040202L,0x00040203L,
++0x01000202L,0x01000203L,0x01040202L,0x01040203L,
++0x08000000L,0x08000001L,0x08040000L,0x08040001L,
++0x09000000L,0x09000001L,0x09040000L,0x09040001L,
++0x08000002L,0x08000003L,0x08040002L,0x08040003L,
++0x09000002L,0x09000003L,0x09040002L,0x09040003L,
++0x08000200L,0x08000201L,0x08040200L,0x08040201L,
++0x09000200L,0x09000201L,0x09040200L,0x09040201L,
++0x08000202L,0x08000203L,0x08040202L,0x08040203L,
++0x09000202L,0x09000203L,0x09040202L,0x09040203L,
++},{
++/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
++0x00000000L,0x00100000L,0x00000100L,0x00100100L,
++0x00000008L,0x00100008L,0x00000108L,0x00100108L,
++0x00001000L,0x00101000L,0x00001100L,0x00101100L,
++0x00001008L,0x00101008L,0x00001108L,0x00101108L,
++0x04000000L,0x04100000L,0x04000100L,0x04100100L,
++0x04000008L,0x04100008L,0x04000108L,0x04100108L,
++0x04001000L,0x04101000L,0x04001100L,0x04101100L,
++0x04001008L,0x04101008L,0x04001108L,0x04101108L,
++0x00020000L,0x00120000L,0x00020100L,0x00120100L,
++0x00020008L,0x00120008L,0x00020108L,0x00120108L,
++0x00021000L,0x00121000L,0x00021100L,0x00121100L,
++0x00021008L,0x00121008L,0x00021108L,0x00121108L,
++0x04020000L,0x04120000L,0x04020100L,0x04120100L,
++0x04020008L,0x04120008L,0x04020108L,0x04120108L,
++0x04021000L,0x04121000L,0x04021100L,0x04121100L,
++0x04021008L,0x04121008L,0x04021108L,0x04121108L,
++},{
++/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
++0x00000000L,0x10000000L,0x00010000L,0x10010000L,
++0x00000004L,0x10000004L,0x00010004L,0x10010004L,
++0x20000000L,0x30000000L,0x20010000L,0x30010000L,
++0x20000004L,0x30000004L,0x20010004L,0x30010004L,
++0x00100000L,0x10100000L,0x00110000L,0x10110000L,
++0x00100004L,0x10100004L,0x00110004L,0x10110004L,
++0x20100000L,0x30100000L,0x20110000L,0x30110000L,
++0x20100004L,0x30100004L,0x20110004L,0x30110004L,
++0x00001000L,0x10001000L,0x00011000L,0x10011000L,
++0x00001004L,0x10001004L,0x00011004L,0x10011004L,
++0x20001000L,0x30001000L,0x20011000L,0x30011000L,
++0x20001004L,0x30001004L,0x20011004L,0x30011004L,
++0x00101000L,0x10101000L,0x00111000L,0x10111000L,
++0x00101004L,0x10101004L,0x00111004L,0x10111004L,
++0x20101000L,0x30101000L,0x20111000L,0x30111000L,
++0x20101004L,0x30101004L,0x20111004L,0x30111004L,
++},{
++/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
++0x00000000L,0x08000000L,0x00000008L,0x08000008L,
++0x00000400L,0x08000400L,0x00000408L,0x08000408L,
++0x00020000L,0x08020000L,0x00020008L,0x08020008L,
++0x00020400L,0x08020400L,0x00020408L,0x08020408L,
++0x00000001L,0x08000001L,0x00000009L,0x08000009L,
++0x00000401L,0x08000401L,0x00000409L,0x08000409L,
++0x00020001L,0x08020001L,0x00020009L,0x08020009L,
++0x00020401L,0x08020401L,0x00020409L,0x08020409L,
++0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
++0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
++0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
++0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
++0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
++0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
++0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
++0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
++},{
++/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
++0x00000000L,0x00000100L,0x00080000L,0x00080100L,
++0x01000000L,0x01000100L,0x01080000L,0x01080100L,
++0x00000010L,0x00000110L,0x00080010L,0x00080110L,
++0x01000010L,0x01000110L,0x01080010L,0x01080110L,
++0x00200000L,0x00200100L,0x00280000L,0x00280100L,
++0x01200000L,0x01200100L,0x01280000L,0x01280100L,
++0x00200010L,0x00200110L,0x00280010L,0x00280110L,
++0x01200010L,0x01200110L,0x01280010L,0x01280110L,
++0x00000200L,0x00000300L,0x00080200L,0x00080300L,
++0x01000200L,0x01000300L,0x01080200L,0x01080300L,
++0x00000210L,0x00000310L,0x00080210L,0x00080310L,
++0x01000210L,0x01000310L,0x01080210L,0x01080310L,
++0x00200200L,0x00200300L,0x00280200L,0x00280300L,
++0x01200200L,0x01200300L,0x01280200L,0x01280300L,
++0x00200210L,0x00200310L,0x00280210L,0x00280310L,
++0x01200210L,0x01200310L,0x01280210L,0x01280310L,
++},{
++/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
++0x00000000L,0x04000000L,0x00040000L,0x04040000L,
++0x00000002L,0x04000002L,0x00040002L,0x04040002L,
++0x00002000L,0x04002000L,0x00042000L,0x04042000L,
++0x00002002L,0x04002002L,0x00042002L,0x04042002L,
++0x00000020L,0x04000020L,0x00040020L,0x04040020L,
++0x00000022L,0x04000022L,0x00040022L,0x04040022L,
++0x00002020L,0x04002020L,0x00042020L,0x04042020L,
++0x00002022L,0x04002022L,0x00042022L,0x04042022L,
++0x00000800L,0x04000800L,0x00040800L,0x04040800L,
++0x00000802L,0x04000802L,0x00040802L,0x04040802L,
++0x00002800L,0x04002800L,0x00042800L,0x04042800L,
++0x00002802L,0x04002802L,0x00042802L,0x04042802L,
++0x00000820L,0x04000820L,0x00040820L,0x04040820L,
++0x00000822L,0x04000822L,0x00040822L,0x04040822L,
++0x00002820L,0x04002820L,0x00042820L,0x04042820L,
++0x00002822L,0x04002822L,0x00042822L,0x04042822L,
++}};
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/des/spr.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,204 @@
++/* crypto/des/spr.h */
++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ *
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to. The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ *
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * "This product includes cryptographic software written by
++ * Eric Young (eay@cryptsoft.com)"
++ * The word 'cryptographic' can be left out if the rouines from the library
++ * being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from
++ * the apps directory (application code) you must include an acknowledgement:
++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed. i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++const DES_LONG des_SPtrans[8][64]={
++{
++/* nibble 0 */
++0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
++0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
++0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
++0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
++0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
++0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
++0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
++0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
++0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
++0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
++0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
++0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
++0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
++0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
++0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
++0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
++},{
++/* nibble 1 */
++0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
++0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
++0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
++0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
++0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
++0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
++0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
++0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
++0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
++0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
++0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
++0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
++0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
++0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
++0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
++0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
++},{
++/* nibble 2 */
++0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
++0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
++0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
++0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
++0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
++0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
++0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
++0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
++0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
++0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
++0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
++0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
++0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
++0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
++0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
++0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
++},{
++/* nibble 3 */
++0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
++0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
++0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
++0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
++0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
++0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
++0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
++0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
++0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
++0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
++0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
++0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
++0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
++0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
++0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
++0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
++},{
++/* nibble 4 */
++0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
++0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
++0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
++0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
++0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
++0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
++0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
++0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
++0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
++0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
++0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
++0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
++0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
++0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
++0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
++0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
++},{
++/* nibble 5 */
++0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
++0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
++0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
++0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
++0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
++0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
++0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
++0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
++0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
++0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
++0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
++0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
++0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
++0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
++0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
++0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
++},{
++/* nibble 6 */
++0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
++0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
++0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
++0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
++0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
++0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
++0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
++0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
++0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
++0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
++0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
++0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
++0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
++0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
++0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
++0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
++},{
++/* nibble 7 */
++0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
++0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
++0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
++0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
++0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
++0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
++0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
++0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
++0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
++0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
++0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
++0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
++0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
++0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
++0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
++0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
++}};
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/mast.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,33 @@
++struct mast_callbacks {
++ int (*packet_encap)(struct device *mast, void *context,
++ struct sk_buff *skb, int flowref);
++ int (*link_inquire)(struct device *mast, void *context);
++};
++
++
++struct device *mast_init (int family,
++ struct mast_callbacks *callbacks,
++ unsigned int flags,
++ unsigned int desired_unit,
++ unsigned int max_flowref,
++ void *context);
++
++int mast_destroy(struct device *mast);
++
++int mast_recv(struct device *mast, struct sk_buff *skb, int flowref);
++
++/* free this skb as being useless, increment failure count. */
++int mast_toast(struct device *mast, struct sk_buff *skb, int flowref);
++
++int mast_linkstat (struct device *mast, int flowref,
++ int status);
++
++int mast_setreference (struct device *mast,
++ int defaultSA);
++
++int mast_setneighbor (struct device *mast,
++ struct sockaddr *source,
++ struct sockaddr *destination,
++ int flowref);
++
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,518 @@
++#ifndef _OPENSWAN_H
++/*
++ * header file for FreeS/WAN library functions
++ * Copyright (C) 1998, 1999, 2000 Henry Spencer.
++ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: openswan.h,v 1.93 2005/04/14 20:21:51 mcr Exp $
++ */
++#define _OPENSWAN_H /* seen it, no need to see it again */
++
++/* you'd think this should be builtin to compiler... */
++#ifndef TRUE
++#define TRUE 1
++#endif
++
++#ifndef FALSE
++#define FALSE 0
++#endif
++
++
++
++/*
++ * We've just got to have some datatypes defined... And annoyingly, just
++ * where we get them depends on whether we're in userland or not.
++ */
++/* things that need to come from one place or the other, depending */
++#ifdef __KERNEL__
++#include <linux/types.h>
++#include <linux/socket.h>
++#include <linux/in.h>
++#include <linux/string.h>
++#include <linux/ctype.h>
++#define user_assert(foo) /*nothing*/
++#else
++#include <sys/types.h>
++#include <netinet/in.h>
++#include <string.h>
++#include <ctype.h>
++#include <assert.h>
++#define user_assert(foo) assert(foo)
++#include <stdio.h>
++
++# define uint8_t u_int8_t
++# define uint16_t u_int16_t
++# define uint32_t u_int32_t
++# define uint64_t u_int64_t
++
++
++# define DEBUG_NO_STATIC static
++
++#endif
++
++#include <openswan/ipsec_param.h>
++
++
++/*
++ * Grab the kernel version to see if we have NET_21, and therefore
++ * IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
++ * we aren't really testing if the kernel has IPv6, but rather if the
++ * the include files do.
++ */
++#include <linux/version.h>
++#ifndef KERNEL_VERSION
++#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
++#define NET_21
++#endif
++
++#ifndef IPPROTO_COMP
++# define IPPROTO_COMP 108
++#endif /* !IPPROTO_COMP */
++
++#ifndef IPPROTO_INT
++# define IPPROTO_INT 61
++#endif /* !IPPROTO_INT */
++
++#ifdef CONFIG_KLIPS_DEBUG
++#ifndef DEBUG_NO_STATIC
++# define DEBUG_NO_STATIC
++#endif
++#else /* CONFIG_KLIPS_DEBUG */
++#ifndef DEBUG_NO_STATIC
++# define DEBUG_NO_STATIC static
++#endif
++#endif /* CONFIG_KLIPS_DEBUG */
++
++#if !defined(ESPINUDP_WITH_NON_IKE)
++#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
++#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
++#endif
++
++/*
++ * Basic data types for the address-handling functions.
++ * ip_address and ip_subnet are supposed to be opaque types; do not
++ * use their definitions directly, they are subject to change!
++ */
++
++/* first, some quick fakes in case we're on an old system with no IPv6 */
++#ifndef s6_addr16
++struct in6_addr {
++ union
++ {
++ __u8 u6_addr8[16];
++ __u16 u6_addr16[8];
++ __u32 u6_addr32[4];
++ } in6_u;
++#define s6_addr in6_u.u6_addr8
++#define s6_addr16 in6_u.u6_addr16
++#define s6_addr32 in6_u.u6_addr32
++};
++struct sockaddr_in6 {
++ unsigned short int sin6_family; /* AF_INET6 */
++ __u16 sin6_port; /* Transport layer port # */
++ __u32 sin6_flowinfo; /* IPv6 flow information */
++ struct in6_addr sin6_addr; /* IPv6 address */
++ __u32 sin6_scope_id; /* scope id (new in RFC2553) */
++};
++#endif /* !s6_addr16 */
++
++/* then the main types */
++typedef struct {
++ union {
++ struct sockaddr_in v4;
++ struct sockaddr_in6 v6;
++ } u;
++} ip_address;
++typedef struct {
++ ip_address addr;
++ int maskbits;
++} ip_subnet;
++
++/* and the SA ID stuff */
++#ifdef __KERNEL__
++typedef __u32 ipsec_spi_t;
++#else
++typedef u_int32_t ipsec_spi_t;
++#endif
++typedef struct { /* to identify an SA, we need: */
++ ip_address dst; /* A. destination host */
++ ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
++# define SPI_PASS 256 /* magic values... */
++# define SPI_DROP 257 /* ...for use... */
++# define SPI_REJECT 258 /* ...with SA_INT */
++# define SPI_HOLD 259
++# define SPI_TRAP 260
++# define SPI_TRAPSUBNET 261
++ int proto; /* C. protocol */
++# define SA_ESP 50 /* IPPROTO_ESP */
++# define SA_AH 51 /* IPPROTO_AH */
++# define SA_IPIP 4 /* IPPROTO_IPIP */
++# define SA_COMP 108 /* IPPROTO_COMP */
++# define SA_INT 61 /* IANA reserved for internal use */
++} ip_said;
++
++/* misc */
++typedef const char *err_t; /* error message, or NULL for success */
++struct prng { /* pseudo-random-number-generator guts */
++ unsigned char sbox[256];
++ int i, j;
++ unsigned long count;
++};
++
++
++/*
++ * definitions for user space, taken from freeswan/ipsec_sa.h
++ */
++typedef uint32_t IPsecSAref_t;
++
++#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
++
++#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
++#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
++
++#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
++
++/* GCC magic for use in function definitions! */
++#ifdef GCC_LINT
++# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
++# define NEVER_RETURNS __attribute__ ((noreturn))
++# define UNUSED __attribute__ ((unused))
++# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
++#else
++# define PRINTF_LIKE(n) /* ignore */
++# define NEVER_RETURNS /* ignore */
++# define UNUSED /* ignore */
++# define BLANK_FORMAT ""
++#endif
++
++
++
++
++
++/*
++ * new IPv6-compatible functions
++ */
++
++/* text conversions */
++err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
++size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
++#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
++err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
++err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
++size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
++/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
++#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
++err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
++size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
++#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
++size_t subnetporttot(const ip_subnet *src, int format, char *buf, size_t buflen);
++#define SUBNETPROTOTOT_BUF (SUBNETTOTO_BUF + ULTOT_BUF)
++err_t ttosa(const char *src, size_t srclen, ip_said *dst);
++size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
++#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
++err_t ttodata(const char *src, size_t srclen, int base, char *buf,
++ size_t buflen, size_t *needed);
++err_t ttodatav(const char *src, size_t srclen, int base,
++ char *buf, size_t buflen, size_t *needed,
++ char *errp, size_t errlen, unsigned int flags);
++#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
++#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
++#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
++
++size_t datatot(const char *src, size_t srclen, int format, char *buf,
++ size_t buflen);
++size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
++ size_t dstlen);
++size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
++ size_t mlen, char *dst, size_t dstlen);
++#define KEYID_BUF 10 /* up to 9 text digits plus NUL */
++err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
++ int *has_port_wildcard);
++
++/* initializations */
++void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
++err_t loopbackaddr(int af, ip_address *dst);
++err_t unspecaddr(int af, ip_address *dst);
++err_t anyaddr(int af, ip_address *dst);
++err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
++err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
++err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
++
++/* misc. conversions and related */
++err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
++int addrtypeof(const ip_address *src);
++int subnettypeof(const ip_subnet *src);
++size_t addrlenof(const ip_address *src);
++size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
++size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
++int masktocount(const ip_address *src);
++void networkof(const ip_subnet *src, ip_address *dst);
++void maskof(const ip_subnet *src, ip_address *dst);
++
++/* tests */
++int sameaddr(const ip_address *a, const ip_address *b);
++int addrcmp(const ip_address *a, const ip_address *b);
++int samesubnet(const ip_subnet *a, const ip_subnet *b);
++int addrinsubnet(const ip_address *a, const ip_subnet *s);
++int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
++int subnetishost(const ip_subnet *s);
++int samesaid(const ip_said *a, const ip_said *b);
++int sameaddrtype(const ip_address *a, const ip_address *b);
++int samesubnettype(const ip_subnet *a, const ip_subnet *b);
++int isanyaddr(const ip_address *src);
++int isunspecaddr(const ip_address *src);
++int isloopbackaddr(const ip_address *src);
++
++/* low-level grot */
++int portof(const ip_address *src);
++void setportof(int port, ip_address *dst);
++struct sockaddr *sockaddrof(ip_address *src);
++size_t sockaddrlenof(const ip_address *src);
++
++/* PRNG */
++void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
++void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
++unsigned long prng_count(struct prng *prng);
++void prng_final(struct prng *prng);
++
++/* odds and ends */
++const char *ipsec_version_code(void);
++const char *ipsec_version_string(void);
++const char **ipsec_copyright_notice(void);
++
++const char *dns_string_rr(int rr, char *buf, int bufsize);
++const char *dns_string_datetime(time_t seconds,
++ char *buf,
++ int bufsize);
++
++
++/*
++ * old functions, to be deleted eventually
++ */
++
++/* unsigned long */
++const char * /* NULL for success, else string literal */
++atoul(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ int base, /* 0 means figure it out */
++ unsigned long *resultp
++);
++size_t /* space needed for full conversion */
++ultoa(
++ unsigned long n,
++ int base,
++ char *dst,
++ size_t dstlen
++);
++#define ULTOA_BUF 21 /* just large enough for largest result, */
++ /* assuming 64-bit unsigned long! */
++
++/* Internet addresses */
++const char * /* NULL for success, else string literal */
++atoaddr(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ struct in_addr *addr
++);
++size_t /* space needed for full conversion */
++addrtoa(
++ struct in_addr addr,
++ int format, /* character; 0 means default */
++ char *dst,
++ size_t dstlen
++);
++#define ADDRTOA_BUF 16 /* just large enough for largest result */
++
++/* subnets */
++const char * /* NULL for success, else string literal */
++atosubnet(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ struct in_addr *addr,
++ struct in_addr *mask
++);
++size_t /* space needed for full conversion */
++subnettoa(
++ struct in_addr addr,
++ struct in_addr mask,
++ int format, /* character; 0 means default */
++ char *dst,
++ size_t dstlen
++);
++#define SUBNETTOA_BUF 32 /* large enough for worst case result */
++
++/* ranges */
++const char * /* NULL for success, else string literal */
++atoasr(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ char *type, /* 'a', 's', 'r' */
++ struct in_addr *addrs /* two-element array */
++);
++size_t /* space needed for full conversion */
++rangetoa(
++ struct in_addr *addrs, /* two-element array */
++ int format, /* character; 0 means default */
++ char *dst,
++ size_t dstlen
++);
++#define RANGETOA_BUF 34 /* large enough for worst case result */
++
++/* data types for SA conversion functions */
++
++/* generic data, e.g. keys */
++const char * /* NULL for success, else string literal */
++atobytes(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ char *dst,
++ size_t dstlen,
++ size_t *lenp /* NULL means don't bother telling me */
++);
++size_t /* 0 failure, else true size */
++bytestoa(
++ const char *src,
++ size_t srclen,
++ int format, /* character; 0 means default */
++ char *dst,
++ size_t dstlen
++);
++
++/* old versions of generic-data functions; deprecated */
++size_t /* 0 failure, else true size */
++atodata(
++ const char *src,
++ size_t srclen, /* 0 means strlen(src) */
++ char *dst,
++ size_t dstlen
++);
++size_t /* 0 failure, else true size */
++datatoa(
++ const char *src,
++ size_t srclen,
++ int format, /* character; 0 means default */
++ char *dst,
++ size_t dstlen
++);
++
++/* part extraction and special addresses */
++struct in_addr
++subnetof(
++ struct in_addr addr,
++ struct in_addr mask
++);
++struct in_addr
++hostof(
++ struct in_addr addr,
++ struct in_addr mask
++);
++struct in_addr
++broadcastof(
++ struct in_addr addr,
++ struct in_addr mask
++);
++
++/* mask handling */
++int
++goodmask(
++ struct in_addr mask
++);
++int
++masktobits(
++ struct in_addr mask
++);
++struct in_addr
++bitstomask(
++ int n
++);
++
++
++
++/*
++ * general utilities
++ */
++
++#ifndef __KERNEL__
++/* option pickup from files (userland only because of use of FILE) */
++const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
++ int optind, FILE *errorreport);
++
++/* sanitize a string */
++extern size_t sanitize_string(char *buf, size_t size);
++
++#endif
++
++
++/*
++ * ENUM of klips debugging values. Not currently used in klips.
++ * debug flag is actually 32 -bits, but only one bit is ever used,
++ * so we can actually pack it all into a single 32-bit word.
++ */
++enum klips_debug_flags {
++ KDF_VERBOSE = 0,
++ KDF_XMIT = 1,
++ KDF_NETLINK = 2, /* obsolete */
++ KDF_XFORM = 3,
++ KDF_EROUTE = 4,
++ KDF_SPI = 5,
++ KDF_RADIJ = 6,
++ KDF_ESP = 7,
++ KDF_AH = 8, /* obsolete */
++ KDF_RCV = 9,
++ KDF_TUNNEL = 10,
++ KDF_PFKEY = 11,
++ KDF_COMP = 12
++};
++
++
++/*
++ * Debugging levels for pfkey_lib_debug
++ */
++#define PF_KEY_DEBUG_PARSE_NONE 0
++#define PF_KEY_DEBUG_PARSE_PROBLEM 1
++#define PF_KEY_DEBUG_PARSE_STRUCT 2
++#define PF_KEY_DEBUG_PARSE_FLOW 4
++#define PF_KEY_DEBUG_BUILD 8
++#define PF_KEY_DEBUG_PARSE_MAX 15
++
++extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
++
++/*
++ * pluto and lwdnsq need to know the maximum size of the commands to,
++ * and replies from lwdnsq.
++ */
++
++#define LWDNSQ_CMDBUF_LEN 1024
++#define LWDNSQ_RESULT_LEN_MAX 4096
++
++
++/* syntax for passthrough SA */
++#ifndef PASSTHROUGHNAME
++#define PASSTHROUGHNAME "%passthrough"
++#define PASSTHROUGH4NAME "%passthrough4"
++#define PASSTHROUGH6NAME "%passthrough6"
++#define PASSTHROUGHIS "tun0@0.0.0.0"
++#define PASSTHROUGH4IS "tun0@0.0.0.0"
++#define PASSTHROUGH6IS "tun0@::"
++#define PASSTHROUGHTYPE "tun"
++#define PASSTHROUGHSPI 0
++#define PASSTHROUGHDST 0
++#endif
++
++
++
++#endif /* _OPENSWAN_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipcomp.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,61 @@
++/*
++ * IPCOMP zlib interface code.
++ * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk>
++ * Copyright (C) 2000, 2001 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++
++ RCSID $Id: ipcomp.h,v 1.14 2004/07/10 19:08:41 mcr Exp $
++
++ */
++
++/* SSS */
++
++#ifndef _IPCOMP_H
++#define _IPCOMP_H
++
++/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */
++#ifndef IPCOMP_PREFIX
++#define IPCOMP_PREFIX
++#endif /* IPCOMP_PREFIX */
++
++#ifndef IPPROTO_COMP
++#define IPPROTO_COMP 108
++#endif /* IPPROTO_COMP */
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int sysctl_ipsec_debug_ipcomp;
++#endif /* CONFIG_KLIPS_DEBUG */
++
++struct ipcomphdr { /* IPCOMP header */
++ __u8 ipcomp_nh; /* Next header (protocol) */
++ __u8 ipcomp_flags; /* Reserved, must be 0 */
++ __u16 ipcomp_cpi; /* Compression Parameter Index */
++};
++
++extern struct inet_protocol comp_protocol;
++extern int sysctl_ipsec_debug_ipcomp;
++
++#define IPCOMP_UNCOMPRESSABLE 0x000000001
++#define IPCOMP_COMPRESSIONERROR 0x000000002
++#define IPCOMP_PARMERROR 0x000000004
++#define IPCOMP_DECOMPRESSIONERROR 0x000000008
++
++#define IPCOMP_ADAPT_INITIAL_TRIES 8
++#define IPCOMP_ADAPT_INITIAL_SKIP 4
++#define IPCOMP_ADAPT_SUBSEQ_TRIES 2
++#define IPCOMP_ADAPT_SUBSEQ_SKIP 8
++
++/* Function prototypes */
++struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
++struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
++
++#endif /* _IPCOMP_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_ah.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,200 @@
++/*
++ * Authentication Header declarations
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_ah.h,v 1.26 2004/09/13 02:22:10 mcr Exp $
++ */
++
++#include "ipsec_md5h.h"
++#include "ipsec_sha1.h"
++
++#ifndef IPPROTO_AH
++#define IPPROTO_AH 51
++#endif /* IPPROTO_AH */
++
++#include "ipsec_auth.h"
++
++#ifdef __KERNEL__
++
++extern struct inet_protocol ah_protocol;
++
++struct options;
++
++struct ahhdr /* Generic AH header */
++{
++ __u8 ah_nh; /* Next header (protocol) */
++ __u8 ah_hl; /* AH length, in 32-bit words */
++ __u16 ah_rv; /* reserved, must be 0 */
++ __u32 ah_spi; /* Security Parameters Index */
++ __u32 ah_rpl; /* Replay prevention */
++ __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
++};
++#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi
++ * and the ah_hl, says how many bytes after that
++ * to cover. */
++
++extern struct xform_functions ah_xform_funcs[];
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_ah;
++#endif /* CONFIG_KLIPS_DEBUG */
++#endif /* __KERNEL__ */
++
++/*
++ * $Log: ipsec_ah.h,v $
++ * Revision 1.26 2004/09/13 02:22:10 mcr
++ * #define inet_protocol if necessary.
++ *
++ * Revision 1.25 2004/09/06 18:35:41 mcr
++ * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility,
++ * so adjust for that.
++ *
++ * Revision 1.24 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.23 2004/04/05 19:55:04 mcr
++ * Moved from linux/include/freeswan/ipsec_ah.h,v
++ *
++ * Revision 1.22 2004/04/05 19:41:05 mcr
++ * merged alg-branch code.
++ *
++ * Revision 1.21 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.22 2003/12/11 20:14:58 mcr
++ * refactored the xmit code, to move all encapsulation
++ * code into protocol functions. Note that all functions
++ * are essentially done by a single function, which is probably
++ * wrong.
++ * the rcv_functions structures are renamed xform_functions.
++ *
++ * Revision 1.21 2003/12/06 21:21:19 mcr
++ * split up receive path into per-transform files, for
++ * easier later removal.
++ *
++ * Revision 1.20.8.1 2003/12/22 15:25:52 jjo
++ * Merged algo-0.8.1-rc11-test1 into alg-branch
++ *
++ * Revision 1.20 2003/02/06 02:21:34 rgb
++ *
++ * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
++ * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
++ * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
++ *
++ * Revision 1.19 2002/09/16 21:19:13 mcr
++ * fixes for west-ah-icmp-01 - length of AH header must be
++ * calculated properly, and next_header field properly copied.
++ *
++ * Revision 1.18 2002/05/14 02:37:02 rgb
++ * Change reference from _TDB to _IPSA.
++ *
++ * Revision 1.17 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_ah.h,v
++ *
++ * Revision 1.16 2002/02/20 01:27:06 rgb
++ * Ditched a pile of structs only used by the old Netlink interface.
++ *
++ * Revision 1.15 2001/12/11 02:35:57 rgb
++ * Change "struct net_device" to "struct device" for 2.2 compatibility.
++ *
++ * Revision 1.14 2001/11/26 09:23:47 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.13.2.1 2001/09/25 02:18:24 mcr
++ * replace "struct device" with "struct netdevice"
++ *
++ * Revision 1.13 2001/06/14 19:35:08 rgb
++ * Update copyright date.
++ *
++ * Revision 1.12 2000/09/12 03:21:20 rgb
++ * Cleared out unused htonq.
++ *
++ * Revision 1.11 2000/09/08 19:12:55 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.10 2000/01/21 06:13:10 rgb
++ * Tidied up spacing.
++ * Added macros for HMAC padding magic numbers.(kravietz)
++ *
++ * Revision 1.9 1999/12/07 18:16:23 rgb
++ * Fixed comments at end of #endif lines.
++ *
++ * Revision 1.8 1999/04/11 00:28:56 henry
++ * GPL boilerplate
++ *
++ * Revision 1.7 1999/04/06 04:54:25 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.6 1999/01/26 02:06:01 rgb
++ * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
++ *
++ * Revision 1.5 1999/01/22 06:17:49 rgb
++ * Updated macro comments.
++ * Added context types to support algorithm switch code.
++ * 64-bit clean-up -- converting 'u long long' to __u64.
++ *
++ * Revision 1.4 1998/07/14 15:54:56 rgb
++ * Add #ifdef __KERNEL__ to protect kernel-only structures.
++ *
++ * Revision 1.3 1998/06/30 18:05:16 rgb
++ * Comment out references to htonq.
++ *
++ * Revision 1.2 1998/06/25 19:33:46 rgb
++ * Add prototype for protocol receive function.
++ * Rearrange for more logical layout.
++ *
++ * Revision 1.1 1998/06/18 21:27:43 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.4 1998/05/18 22:28:43 rgb
++ * Disable key printing facilities from /proc/net/ipsec_*.
++ *
++ * Revision 1.3 1998/04/21 21:29:07 rgb
++ * Rearrange debug switches to change on the fly debug output from user
++ * space. Only kernel changes checked in at this time. radij.c was also
++ * changed to temporarily remove buggy debugging code in rj_delete causing
++ * an OOPS and hence, netlink device open errors.
++ *
++ * Revision 1.2 1998/04/12 22:03:17 rgb
++ * Updated ESP-3DES-HMAC-MD5-96,
++ * ESP-DES-HMAC-MD5-96,
++ * AH-HMAC-MD5-96,
++ * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
++ * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
++ *
++ * Fixed eroute references in /proc/net/ipsec*.
++ *
++ * Started to patch module unloading memory leaks in ipsec_netlink and
++ * radij tree unloading.
++ *
++ * Revision 1.1 1998/04/09 03:05:55 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:02 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * Added definitions for new AH transforms.
++ *
++ * Revision 0.3 1996/11/20 14:35:48 ji
++ * Minor Cleanup.
++ * Rationalized debugging code.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_alg.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,248 @@
++/*
++ * Modular extensions service and registration functions interface
++ *
++ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
++ *
++ * ipsec_alg.h,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
++ *
++ */
++/*
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ */
++#ifndef IPSEC_ALG_H
++#define IPSEC_ALG_H
++
++/*
++ * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__
++ * *BUT* its a compiler variable.
++ */
++#if (__GNUC__ >= 3)
++#ifndef __FUNCTION__
++#define __FUNCTION__ __func__
++#endif
++#endif
++
++/* Version 0.8.1-0 */
++#define IPSEC_ALG_VERSION 0x00080100
++
++#include <linux/types.h>
++#include <linux/list.h>
++#include <asm/atomic.h>
++#include <pfkey.h>
++
++/*
++ * The following structs are used via pointers in ipsec_alg object to
++ * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying
++ * module development
++ */
++struct ipsec_sa;
++struct esp;
++
++/**************************************
++ *
++ * Main registration object
++ *
++ *************************************/
++#define IPSEC_ALG_VERSION_QUAD(v) \
++ (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff)
++/*
++ * Main ipsec_alg objects: "OOPrograming wannabe"
++ * Hierachy (carefully handled with _minimal_ cast'ing):
++ *
++ * ipsec_alg+
++ * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT)
++ * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH)
++ */
++
++/***************************************************************
++ *
++ * INTERFACE object: struct ipsec_alg
++ *
++ ***************************************************************/
++
++#define ixt_alg_type ixt_support.ias_exttype
++#define ixt_alg_id ixt_support.ias_id
++
++#define IPSEC_ALG_ST_SUPP 0x01
++#define IPSEC_ALG_ST_REGISTERED 0x02
++#define IPSEC_ALG_ST_EXCL 0x04
++struct ipsec_alg {
++ unsigned ixt_version; /* only allow this version (or 'near')*/ \
++ struct list_head ixt_list; /* dlinked list */ \
++ struct module *ixt_module; /* THIS_MODULE */ \
++ unsigned ixt_state; /* state flags */ \
++ atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \
++ char ixt_name[16]; /* descriptive short name, eg. "3des" */ \
++ void *ixt_data; /* private for algo implementation */ \
++ uint8_t ixt_blocksize; /* blocksize in bytes */ \
++
++ struct ipsec_alg_supported ixt_support;
++};
++/*
++ * Note the const in cbc_encrypt IV arg:
++ * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy
++ */
++struct ipsec_alg_enc {
++ struct ipsec_alg ixt_common;
++ unsigned ixt_e_keylen; /* raw key length in bytes */
++ unsigned ixt_e_ctx_size; /* sa_p->key_e_size */
++ int (*ixt_e_set_key)(struct ipsec_alg_enc *alg, __u8 *key_e, const __u8 *key, size_t keysize);
++ __u8 *(*ixt_e_new_key)(struct ipsec_alg_enc *alg, const __u8 *key, size_t keysize);
++ void (*ixt_e_destroy_key)(struct ipsec_alg_enc *alg, __u8 *key_e);
++ int (*ixt_e_cbc_encrypt)(struct ipsec_alg_enc *alg, __u8 *key_e, __u8 *in, int ilen, const __u8 *iv, int encrypt);
++};
++struct ipsec_alg_auth {
++ struct ipsec_alg ixt_common;
++ unsigned ixt_a_keylen; /* raw key length in bytes */
++ unsigned ixt_a_ctx_size; /* sa_p->key_a_size */
++ unsigned ixt_a_authlen; /* 'natural' auth. hash len (bytes) */
++ int (*ixt_a_hmac_set_key)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *key, int keylen);
++ int (*ixt_a_hmac_hash)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *dat, int len, __u8 *hash, int hashlen);
++};
++/*
++ * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT},
++ * to avoid header coupling for true constants
++ * about headers ... "cp is your friend" --Linus
++ */
++#define IPSEC_ALG_TYPE_AUTH 14
++#define IPSEC_ALG_TYPE_ENCRYPT 15
++
++/***************************************************************
++ *
++ * INTERFACE for module loading,testing, and unloading
++ *
++ ***************************************************************/
++/* - registration calls */
++int register_ipsec_alg(struct ipsec_alg *);
++int unregister_ipsec_alg(struct ipsec_alg *);
++/* - optional (simple test) for algos */
++int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int testparm);
++/* inline wrappers (usefull for type validation */
++static inline int register_ipsec_alg_enc(struct ipsec_alg_enc *ixt) {
++ return register_ipsec_alg((struct ipsec_alg*)ixt);
++}
++static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc *ixt) {
++ return unregister_ipsec_alg((struct ipsec_alg*)ixt);
++}
++static inline int register_ipsec_alg_auth(struct ipsec_alg_auth *ixt) {
++ return register_ipsec_alg((struct ipsec_alg*)ixt);
++}
++static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth *ixt) {
++ return unregister_ipsec_alg((struct ipsec_alg*)ixt);
++}
++
++/*****************************************************************
++ *
++ * INTERFACE for ENC services: key creation, encrypt function
++ *
++ *****************************************************************/
++
++#define IPSEC_ALG_ENCRYPT 1
++#define IPSEC_ALG_DECRYPT 0
++
++/* encryption key context creation function */
++int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p);
++/*
++ * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns
++ * 0 or ERR<0
++ */
++int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 *idat, int ilen, const __u8 *iv, int action);
++
++/***************************************************************
++ *
++ * INTERFACE for AUTH services: key creation, hash functions
++ *
++ ***************************************************************/
++int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p);
++int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) ;
++#define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0)
++
++/* only called from ipsec_init.c */
++int ipsec_alg_init(void);
++
++/* algo module glue for static algos */
++void ipsec_alg_static_init(void);
++typedef int (*ipsec_alg_init_func_t) (void);
++
++/**********************************************
++ *
++ * INTERFACE for ipsec_sa init and wipe
++ *
++ **********************************************/
++
++/* returns true if ipsec_sa has ipsec_alg obj attached */
++/*
++ * Initializes ipsec_sa's ipsec_alg object, using already loaded
++ * proto, authalg, encalg.; links ipsec_alg objects (enc, auth)
++ */
++int ipsec_alg_sa_init(struct ipsec_sa *sa_p);
++/*
++ * Destroys ipsec_sa's ipsec_alg object
++ * unlinking ipsec_alg objects
++ */
++int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p);
++
++#define IPSEC_ALG_MODULE_INIT_MOD( func_name ) \
++ static int func_name(void); \
++ module_init(func_name); \
++ static int __init func_name(void)
++#define IPSEC_ALG_MODULE_EXIT_MOD( func_name ) \
++ static void func_name(void); \
++ module_exit(func_name); \
++ static void __exit func_name(void)
++
++#define IPSEC_ALG_MODULE_INIT_STATIC( func_name ) \
++ extern int func_name(void); \
++ int func_name(void)
++#define IPSEC_ALG_MODULE_EXIT_STATIC( func_name ) \
++ extern void func_name(void); \
++ void func_name(void)
++
++/**********************************************
++ *
++ * 2.2 backport for some 2.4 useful module stuff
++ *
++ **********************************************/
++#ifdef MODULE
++#ifndef THIS_MODULE
++#define THIS_MODULE (&__this_module)
++#endif
++#ifndef module_init
++typedef int (*__init_module_func_t)(void);
++typedef void (*__cleanup_module_func_t)(void);
++
++#define module_init(x) \
++ int init_module(void) __attribute__((alias(#x))); \
++ static inline __init_module_func_t __init_module_inline(void) \
++ { return x; }
++#define module_exit(x) \
++ void cleanup_module(void) __attribute__((alias(#x))); \
++ static inline __cleanup_module_func_t __cleanup_module_inline(void) \
++ { return x; }
++#endif
++#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_MOD( func_name )
++#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_MOD( func_name )
++
++#else /* not MODULE */
++#ifndef THIS_MODULE
++#define THIS_MODULE NULL
++#endif
++/*
++ * I only want module_init() magic
++ * when algo.c file *is THE MODULE*, in all other
++ * cases, initialization is called explicitely from ipsec_alg_init()
++ */
++#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_STATIC(func_name)
++#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_STATIC(func_name)
++#endif
++
++#endif /* IPSEC_ALG_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_alg_3des.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,12 @@
++struct TripleDES_context {
++ des_key_schedule s1;
++ des_key_schedule s2;
++ des_key_schedule s3;
++};
++typedef struct TripleDES_context TripleDES_context;
++
++#define ESP_3DES_KEY_SZ 3*(sizeof(des_cblock))
++#define ESP_3DES_CBC_BLK_LEN 8
++
++
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_auth.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,100 @@
++/*
++ * Authentication Header declarations
++ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_auth.h,v 1.3 2004/04/06 02:49:08 mcr Exp $
++ */
++
++#include "ipsec_md5h.h"
++#include "ipsec_sha1.h"
++
++#ifndef IPSEC_AUTH_H
++#define IPSEC_AUTH_H
++
++#define AH_FLENGTH 12 /* size of fixed part */
++#define AHMD5_KMAX 64 /* MD5 max 512 bits key */
++#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
++
++#define AHMD596_KLEN 16 /* MD5 128 bits key */
++#define AHSHA196_KLEN 20 /* SHA1 160 bits key */
++
++#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
++#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
++
++#define AHMD596_BLKLEN 64 /* MD5 block length */
++#define AHSHA196_BLKLEN 64 /* SHA1 block length */
++#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */
++#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */
++#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */
++
++#define AH_BLKLEN_MAX 128 /* keep up to date! */
++
++
++#define AH_AMAX AHSHA196_ALEN /* keep up to date! */
++#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
++#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
++
++#define DB_AH_PKTRX 0x0001
++#define DB_AH_PKTRX2 0x0002
++#define DB_AH_DMP 0x0004
++#define DB_AH_IPSA 0x0010
++#define DB_AH_XF 0x0020
++#define DB_AH_INAU 0x0040
++#define DB_AH_REPLAY 0x0100
++
++#ifdef __KERNEL__
++
++/* General HMAC algorithm is described in RFC 2104 */
++
++#define HMAC_IPAD 0x36
++#define HMAC_OPAD 0x5C
++
++struct md5_ctx {
++ MD5_CTX ictx; /* context after H(K XOR ipad) */
++ MD5_CTX octx; /* context after H(K XOR opad) */
++};
++
++struct sha1_ctx {
++ SHA1_CTX ictx; /* context after H(K XOR ipad) */
++ SHA1_CTX octx; /* context after H(K XOR opad) */
++};
++
++struct auth_alg {
++ void (*init)(void *ctx);
++ void (*update)(void *ctx, unsigned char *bytes, __u32 len);
++ void (*final)(unsigned char *hash, void *ctx);
++ int hashlen;
++};
++
++struct options;
++
++#endif /* __KERNEL__ */
++#endif /* IPSEC_AUTH_H */
++
++/*
++ * $Log: ipsec_auth.h,v $
++ * Revision 1.3 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.2 2004/04/05 19:55:04 mcr
++ * Moved from linux/include/freeswan/ipsec_auth.h,v
++ *
++ * Revision 1.1 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.1 2003/12/06 21:21:19 mcr
++ * split up receive path into per-transform files, for
++ * easier later removal.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_encap.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,149 @@
++/*
++ * declarations relevant to encapsulation-like operations
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_encap.h,v 1.19 2004/04/05 19:55:04 mcr Exp $
++ */
++
++#ifndef _IPSEC_ENCAP_H_
++
++#define SENT_IP4 16 /* data is two struct in_addr + proto + ports*/
++ /* (2 * sizeof(struct in_addr)) */
++ /* sizeof(struct sockaddr_encap)
++ - offsetof(struct sockaddr_encap, Sen.Sip4.Src) */
++
++struct sockaddr_encap
++{
++ __u8 sen_len; /* length */
++ __u8 sen_family; /* AF_ENCAP */
++ __u16 sen_type; /* see SENT_* */
++ union
++ {
++ struct /* SENT_IP4 */
++ {
++ struct in_addr Src;
++ struct in_addr Dst;
++ __u8 Proto;
++ __u16 Sport;
++ __u16 Dport;
++ } Sip4;
++ } Sen;
++};
++
++#define sen_ip_src Sen.Sip4.Src
++#define sen_ip_dst Sen.Sip4.Dst
++#define sen_proto Sen.Sip4.Proto
++#define sen_sport Sen.Sip4.Sport
++#define sen_dport Sen.Sip4.Dport
++
++#ifndef AF_ENCAP
++#define AF_ENCAP 26
++#endif /* AF_ENCAP */
++
++#define _IPSEC_ENCAP_H_
++#endif /* _IPSEC_ENCAP_H_ */
++
++/*
++ * $Log: ipsec_encap.h,v $
++ * Revision 1.19 2004/04/05 19:55:04 mcr
++ * Moved from linux/include/freeswan/ipsec_encap.h,v
++ *
++ * Revision 1.18 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.17.30.1 2003/09/21 13:59:38 mcr
++ * pre-liminary X.509 patch - does not yet pass tests.
++ *
++ * Revision 1.17 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_encap.h,v
++ *
++ * Revision 1.16 2001/11/26 09:23:47 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.15.2.1 2001/09/25 02:18:54 mcr
++ * struct eroute moved to ipsec_eroute.h
++ *
++ * Revision 1.15 2001/09/14 16:58:36 rgb
++ * Added support for storing the first and last packets through a HOLD.
++ *
++ * Revision 1.14 2001/09/08 21:13:31 rgb
++ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
++ *
++ * Revision 1.13 2001/06/14 19:35:08 rgb
++ * Update copyright date.
++ *
++ * Revision 1.12 2001/05/27 06:12:10 rgb
++ * Added structures for pid, packet count and last access time to eroute.
++ * Added packet count to beginning of /proc/net/ipsec_eroute.
++ *
++ * Revision 1.11 2000/09/08 19:12:56 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.10 2000/03/22 16:15:36 rgb
++ * Fixed renaming of dev_get (MB).
++ *
++ * Revision 1.9 2000/01/21 06:13:26 rgb
++ * Added a macro for AF_ENCAP
++ *
++ * Revision 1.8 1999/12/31 14:56:55 rgb
++ * MB fix for 2.3 dev-use-count.
++ *
++ * Revision 1.7 1999/11/18 04:09:18 rgb
++ * Replaced all kernel version macros to shorter, readable form.
++ *
++ * Revision 1.6 1999/09/24 00:34:13 rgb
++ * Add Marc Boucher's support for 2.3.xx+.
++ *
++ * Revision 1.5 1999/04/11 00:28:57 henry
++ * GPL boilerplate
++ *
++ * Revision 1.4 1999/04/06 04:54:25 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.3 1998/10/19 14:44:28 rgb
++ * Added inclusion of freeswan.h.
++ * sa_id structure implemented and used: now includes protocol.
++ *
++ * Revision 1.2 1998/07/14 18:19:33 rgb
++ * Added #ifdef __KERNEL__ directives to restrict scope of header.
++ *
++ * Revision 1.1 1998/06/18 21:27:44 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.2 1998/04/21 21:29:10 rgb
++ * Rearrange debug switches to change on the fly debug output from user
++ * space. Only kernel changes checked in at this time. radij.c was also
++ * changed to temporarily remove buggy debugging code in rj_delete causing
++ * an OOPS and hence, netlink device open errors.
++ *
++ * Revision 1.1 1998/04/09 03:05:58 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:02 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * Minor cosmetic changes.
++ *
++ * Revision 0.3 1996/11/20 14:35:48 ji
++ * Minor Cleanup.
++ * Rationalized debugging code.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_eroute.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,112 @@
++/*
++ * @(#) declarations of eroute structures
++ *
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * Copyright (C) 2001 Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_eroute.h,v 1.5 2004/04/05 19:55:05 mcr Exp $
++ *
++ * derived from ipsec_encap.h 1.15 on 2001/9/18 by mcr.
++ *
++ */
++
++#ifndef _IPSEC_EROUTE_H_
++
++#include "radij.h"
++#include "ipsec_encap.h"
++#include "ipsec_radij.h"
++
++/*
++ * The "type" is really part of the address as far as the routing
++ * system is concerned. By using only one bit in the type field
++ * for each type, we sort-of make sure that different types of
++ * encapsulation addresses won't be matched against the wrong type.
++ */
++
++/*
++ * An entry in the radix tree
++ */
++
++struct rjtentry
++{
++ struct radij_node rd_nodes[2]; /* tree glue, and other values */
++#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key))
++#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask))
++ short rd_flags;
++ short rd_count;
++};
++
++struct ident
++{
++ __u16 type; /* identity type */
++ __u64 id; /* identity id */
++ __u8 len; /* identity len */
++ caddr_t data; /* identity data */
++};
++
++/*
++ * An encapsulation route consists of a pointer to a
++ * radix tree entry and a SAID (a destination_address/SPI/protocol triple).
++ */
++
++struct eroute
++{
++ struct rjtentry er_rjt;
++ ip_said er_said;
++ uint32_t er_pid;
++ uint32_t er_count;
++ uint64_t er_lasttime;
++ struct sockaddr_encap er_eaddr; /* MCR get rid of _encap, it is silly*/
++ struct sockaddr_encap er_emask;
++ struct ident er_ident_s;
++ struct ident er_ident_d;
++ struct sk_buff* er_first;
++ struct sk_buff* er_last;
++};
++
++#define er_dst er_said.dst
++#define er_spi er_said.spi
++
++#define _IPSEC_EROUTE_H_
++#endif /* _IPSEC_EROUTE_H_ */
++
++/*
++ * $Log: ipsec_eroute.h,v $
++ * Revision 1.5 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_eroute.h,v
++ *
++ * Revision 1.4 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.3.30.2 2003/10/29 01:10:19 mcr
++ * elimited "struct sa_id"
++ *
++ * Revision 1.3.30.1 2003/09/21 13:59:38 mcr
++ * pre-liminary X.509 patch - does not yet pass tests.
++ *
++ * Revision 1.3 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_eroute.h,v
++ *
++ * Revision 1.2 2001/11/26 09:16:13 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:18:54 mcr
++ * struct eroute moved to ipsec_eroute.h
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_errs.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,53 @@
++/*
++ * @(#) definition of ipsec_errs structure
++ *
++ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_errs.h,v 1.4 2004/04/05 19:55:05 mcr Exp $
++ *
++ */
++
++/*
++ * This file describes the errors/statistics that FreeSWAN collects.
++ *
++ */
++
++struct ipsec_errs {
++ __u32 ips_alg_errs; /* number of algorithm errors */
++ __u32 ips_auth_errs; /* # of authentication errors */
++ __u32 ips_encsize_errs; /* # of encryption size errors*/
++ __u32 ips_encpad_errs; /* # of encryption pad errors*/
++ __u32 ips_replaywin_errs; /* # of pkt sequence errors */
++};
++
++/*
++ * $Log: ipsec_errs.h,v $
++ * Revision 1.4 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_errs.h,v
++ *
++ * Revision 1.3 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_errs.h,v
++ *
++ * Revision 1.2 2001/11/26 09:16:13 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:25:57 mcr
++ * lifetime structure created and common functions created.
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_esp.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,157 @@
++/*
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_esp.h,v 1.28 2004/09/13 02:22:10 mcr Exp $
++ */
++
++#include "openswan/ipsec_md5h.h"
++#include "openswan/ipsec_sha1.h"
++
++#include "crypto/des.h"
++
++#ifndef IPPROTO_ESP
++#define IPPROTO_ESP 50
++#endif /* IPPROTO_ESP */
++
++#define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/
++
++#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */
++#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */
++#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */
++#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */
++#define EMT_ESPDES_IV_SZ 8 /* IV size */
++#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */
++
++#define ESP_IV_MAXSZ 16 /* This is _critical_ */
++#define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int))
++
++#define DB_ES_PKTRX 0x0001
++#define DB_ES_PKTRX2 0x0002
++#define DB_ES_IPSA 0x0010
++#define DB_ES_XF 0x0020
++#define DB_ES_IPAD 0x0040
++#define DB_ES_INAU 0x0080
++#define DB_ES_OINFO 0x0100
++#define DB_ES_OINFO2 0x0200
++#define DB_ES_OH 0x0400
++#define DB_ES_REPLAY 0x0800
++
++#ifdef __KERNEL__
++struct des_eks {
++ des_key_schedule ks;
++};
++
++extern struct inet_protocol esp_protocol;
++
++struct options;
++
++struct esphdr
++{
++ __u32 esp_spi; /* Security Parameters Index */
++ __u32 esp_rpl; /* Replay counter */
++ __u8 esp_iv[8]; /* iv */
++};
++
++extern struct xform_functions esp_xform_funcs[];
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_esp;
++#endif /* CONFIG_KLIPS_DEBUG */
++#endif /* __KERNEL__ */
++
++/*
++ * $Log: ipsec_esp.h,v $
++ * Revision 1.28 2004/09/13 02:22:10 mcr
++ * #define inet_protocol if necessary.
++ *
++ * Revision 1.27 2004/09/06 18:35:41 mcr
++ * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility,
++ * so adjust for that.
++ *
++ * Revision 1.26 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.25 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.24 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_esp.h,v
++ *
++ * Revision 1.23 2004/04/05 19:41:05 mcr
++ * merged alg-branch code.
++ *
++ * Revision 1.22 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.23 2003/12/11 20:14:58 mcr
++ * refactored the xmit code, to move all encapsulation
++ * code into protocol functions. Note that all functions
++ * are essentially done by a single function, which is probably
++ * wrong.
++ * the rcv_functions structures are renamed xform_functions.
++ *
++ * Revision 1.22 2003/12/06 21:21:19 mcr
++ * split up receive path into per-transform files, for
++ * easier later removal.
++ *
++ * Revision 1.21.8.1 2003/12/22 15:25:52 jjo
++ * Merged algo-0.8.1-rc11-test1 into alg-branch
++ *
++ * Revision 1.21 2003/02/06 02:21:34 rgb
++ *
++ * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
++ * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
++ * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
++ *
++ * Revision 1.20 2002/05/14 02:37:02 rgb
++ * Change reference from _TDB to _IPSA.
++ *
++ * Revision 1.19 2002/04/24 07:55:32 mcr
++ * #include patches and Makefiles for post-reorg compilation.
++ *
++ * Revision 1.18 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_esp.h,v
++ *
++ * Revision 1.17 2002/02/20 01:27:07 rgb
++ * Ditched a pile of structs only used by the old Netlink interface.
++ *
++ * Revision 1.16 2001/12/11 02:35:57 rgb
++ * Change "struct net_device" to "struct device" for 2.2 compatibility.
++ *
++ * Revision 1.15 2001/11/26 09:23:48 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.14.2.3 2001/10/23 04:16:42 mcr
++ * get definition of des_key_schedule from des.h
++ *
++ * Revision 1.14.2.2 2001/10/22 20:33:13 mcr
++ * use "des_key_schedule" structure instead of cooking our own.
++ *
++ * Revision 1.14.2.1 2001/09/25 02:18:25 mcr
++ * replace "struct device" with "struct netdevice"
++ *
++ * Revision 1.14 2001/06/14 19:35:08 rgb
++ * Update copyright date.
++ *
++ * Revision 1.13 2000/09/08 19:12:56 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.12 2000/08/01 14:51:50 rgb
++ * Removed _all_ remaining traces of DES.
++ *
++ * Revision 1.11 2000/01/10 16:36:20 rgb
++ * Ditch last of EME option flags, including initiator.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_ipcomp.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,94 @@
++/*
++ * IP compression header declations
++ *
++ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_ipcomp.h,v 1.4 2004/07/10 19:08:41 mcr Exp $
++ */
++
++#ifndef IPSEC_IPCOMP_H
++#define IPSEC_IPCOMP_H
++
++#include "openswan/ipsec_auth.h"
++
++/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */
++#ifndef IPCOMP_PREFIX
++#define IPCOMP_PREFIX
++#endif /* IPCOMP_PREFIX */
++
++#ifndef IPPROTO_COMP
++#define IPPROTO_COMP 108
++#endif /* IPPROTO_COMP */
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int sysctl_ipsec_debug_ipcomp;
++#endif /* CONFIG_KLIPS_DEBUG */
++
++struct ipcomphdr { /* IPCOMP header */
++ __u8 ipcomp_nh; /* Next header (protocol) */
++ __u8 ipcomp_flags; /* Reserved, must be 0 */
++ __u16 ipcomp_cpi; /* Compression Parameter Index */
++};
++
++extern struct inet_protocol comp_protocol;
++extern int sysctl_ipsec_debug_ipcomp;
++
++#define IPCOMP_UNCOMPRESSABLE 0x000000001
++#define IPCOMP_COMPRESSIONERROR 0x000000002
++#define IPCOMP_PARMERROR 0x000000004
++#define IPCOMP_DECOMPRESSIONERROR 0x000000008
++
++#define IPCOMP_ADAPT_INITIAL_TRIES 8
++#define IPCOMP_ADAPT_INITIAL_SKIP 4
++#define IPCOMP_ADAPT_SUBSEQ_TRIES 2
++#define IPCOMP_ADAPT_SUBSEQ_SKIP 8
++
++/* Function prototypes */
++struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
++struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
++
++extern struct xform_functions ipcomp_xform_funcs[];
++
++#endif /* IPSEC_IPCOMP_H */
++
++/*
++ * $Log: ipsec_ipcomp.h,v $
++ * Revision 1.4 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.3 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.2 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_ipcomp.h,v
++ *
++ * Revision 1.1 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.2 2003/12/11 20:14:58 mcr
++ * refactored the xmit code, to move all encapsulation
++ * code into protocol functions. Note that all functions
++ * are essentially done by a single function, which is probably
++ * wrong.
++ * the rcv_functions structures are renamed xform_functions.
++ *
++ * Revision 1.1 2003/12/06 21:21:19 mcr
++ * split up receive path into per-transform files, for
++ * easier later removal.
++ *
++ *
++ *
++ */
++
++
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_ipe4.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,68 @@
++/*
++ * IP-in-IP Header declarations
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_ipe4.h,v 1.6 2004/04/05 19:55:05 mcr Exp $
++ */
++
++/* The packet header is an IP header! */
++
++struct ipe4_xdata /* transform table data */
++{
++ struct in_addr i4_src;
++ struct in_addr i4_dst;
++};
++
++#define EMT_IPE4_ULEN 8 /* coming from user mode */
++
++
++/*
++ * $Log: ipsec_ipe4.h,v $
++ * Revision 1.6 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_ipe4.h,v
++ *
++ * Revision 1.5 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_ipe4.h,v
++ *
++ * Revision 1.4 2001/06/14 19:35:08 rgb
++ * Update copyright date.
++ *
++ * Revision 1.3 1999/04/11 00:28:57 henry
++ * GPL boilerplate
++ *
++ * Revision 1.2 1999/04/06 04:54:25 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.1 1998/06/18 21:27:47 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.1 1998/04/09 03:06:07 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:03 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * No changes.
++ *
++ * Revision 0.3 1996/11/20 14:48:53 ji
++ * Release update only.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_ipip.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,45 @@
++/*
++ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_ipip.h,v 1.2 2004/04/05 19:55:05 mcr Exp $
++ */
++
++#ifndef _IPSEC_IPIP_H_
++
++#ifndef IPPROTO_IPIP
++#define IPPROTO_IPIP 4
++#endif /* IPPROTO_ESP */
++
++extern struct xform_functions ipip_xform_funcs[];
++
++#define _IPSEC_IPIP_H_
++
++#endif /* _IPSEC_IPIP_H_ */
++
++/*
++ * $Log: ipsec_ipip.h,v $
++ * Revision 1.2 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_ipip.h,v
++ *
++ * Revision 1.1 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.1 2003/12/11 20:14:58 mcr
++ * refactored the xmit code, to move all encapsulation
++ * code into protocol functions. Note that all functions
++ * are essentially done by a single function, which is probably
++ * wrong.
++ * the rcv_functions structures are renamed xform_functions.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_kern24.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,61 @@
++/*
++ * @(#) routines to makes kernel 2.4 compatible with 2.6 usage.
++ *
++ * Copyright (C) 2004 Michael Richardson <mcr@sandelman.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_kern24.h,v 1.4 2005/05/20 03:19:18 mcr Exp $
++ */
++
++#ifndef _IPSEC_KERN24_H
++
++#ifndef NET_26
++#define sk_receive_queue receive_queue
++#define sk_destruct destruct
++#define sk_reuse reuse
++#define sk_zapped zapped
++#define sk_family family
++#define sk_protocol protocol
++#define sk_protinfo protinfo
++#define sk_sleep sleep
++#define sk_state_change state_change
++#define sk_shutdown shutdown
++#define sk_err err
++#define sk_stamp stamp
++#define sk_socket socket
++#define sk_sndbuf sndbuf
++#define sock_flag(sk, flag) sk->dead
++#define sk_for_each(sk, node, plist) for(sk=*plist; sk!=NULL; sk = sk->next)
++#endif
++
++/* deal with 2.4 vs 2.6 issues with module counts */
++
++/* in 2.6, all refcounts are maintained *outside* of the
++ * module to deal with race conditions.
++ */
++
++#ifdef NET_26
++#define KLIPS_INC_USE /* nothing */
++#define KLIPS_DEC_USE /* nothing */
++
++#else
++#define KLIPS_INC_USE MOD_INC_USE_COUNT
++#define KLIPS_DEC_USE MOD_DEC_USE_COUNT
++#endif
++
++extern int printk_ratelimit(void);
++
++
++#define _IPSEC_KERN24_H 1
++
++#endif /* _IPSEC_KERN24_H */
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_kversion.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,352 @@
++#ifndef _OPENSWAN_KVERSIONS_H
++/*
++ * header file for FreeS/WAN library functions
++ * Copyright (C) 1998, 1999, 2000 Henry Spencer.
++ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: ipsec_kversion.h,v 1.15.2.11 2007/02/20 03:53:16 paul Exp $
++ */
++#define _OPENSWAN_KVERSIONS_H /* seen it, no need to see it again */
++
++/*
++ * this file contains a series of atomic defines that depend upon
++ * kernel version numbers. The kernel versions are arranged
++ * in version-order number (which is often not chronological)
++ * and each clause enables or disables a feature.
++ */
++
++/*
++ * First, assorted kernel-version-dependent trickery.
++ */
++#include <linux/version.h>
++#ifndef KERNEL_VERSION
++#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
++#endif
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0)
++#define HEADER_CACHE_BIND_21
++#error "KLIPS is no longer supported on Linux 2.0. Sorry"
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
++#define SPINLOCK
++#define PROC_FS_21
++#define NETLINK_SOCK
++#define NET_21
++#endif
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19)
++#define net_device_stats enet_statistics
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
++#define SPINLOCK_23
++#define NETDEV_23
++# ifndef CONFIG_IP_ALIAS
++# define CONFIG_IP_ALIAS
++# endif
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/netlink.h>
++# ifdef NETLINK_XFRM
++# define NETDEV_25
++# endif
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25)
++#define PROC_FS_2325
++#undef PROC_FS_21
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30)
++#define PROC_NO_DUMMY
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35)
++#define SKB_COPY_EXPAND
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37)
++#define IP_SELECT_IDENT
++#endif
++
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER)
++#define SKB_RESET_NFCT
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,2)
++#define IP_SELECT_IDENT_NEW
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4)
++#define IPH_is_SKB_PULLED
++#define SKB_COW_NEW
++#define PROTO_HANDLER_SINGLE_PARM
++#define IP_FRAGMENT_LINEARIZE 1
++#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */
++# ifdef REDHAT_BOGOSITY
++# define IP_SELECT_IDENT_NEW
++# define IPH_is_SKB_PULLED
++# define SKB_COW_NEW
++# define PROTO_HANDLER_SINGLE_PARM
++# endif /* REDHAT_BOGOSITY */
++#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
++#define MALLOC_SLAB
++#define LINUX_KERNEL_HAS_SNPRINTF
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
++#define HAVE_NETDEV_PRINTK 1
++#define NET_26
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,8)
++#define NEED_INET_PROTOCOL
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12)
++#define HAVE_SOCK_ZAPPED
++#define NET_26_12_SKALLOC
++#endif
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13)
++#define HAVE_SOCK_SECURITY
++/* skb->nf_debug disappared completely in 2.6.13 */
++#define HAVE_SKB_NF_DEBUG
++#endif
++
++#define SYSCTL_IPSEC_DEFAULT_TTL sysctl_ip_default_ttl
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,14)
++/* skb->stamp changed to skb->tstamp in 2.6.14 */
++#define HAVE_TSTAMP
++#define HAVE_INET_SK_SPORT
++#undef SYSCTL_IPSEC_DEFAULT_TTL
++#define SYSCTL_IPSEC_DEFAULT_TTL IPSEC_DEFAULT_TTL
++#else
++#define HAVE_SKB_LIST
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
++#define HAVE_NEW_SKB_LINEARIZE
++#endif
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
++/* skb->nfmark changed to skb->mark in 2.6.20 */
++#define nfmark mark
++#endif
++
++#ifdef NET_21
++# include <linux/in6.h>
++#else
++ /* old kernel in.h has some IPv6 stuff, but not quite enough */
++# define s6_addr16 s6_addr
++# define AF_INET6 10
++# define uint8_t __u8
++# define uint16_t __u16
++# define uint32_t __u32
++# define uint64_t __u64
++#endif
++
++#ifdef NET_21
++# define ipsec_kfree_skb(a) kfree_skb(a)
++#else /* NET_21 */
++# define ipsec_kfree_skb(a) kfree_skb(a, FREE_WRITE)
++#endif /* NET_21 */
++
++#ifdef NETDEV_23
++#if 0
++#ifndef NETDEV_25
++#define device net_device
++#endif
++#endif
++# define ipsec_dev_get dev_get_by_name
++# define __ipsec_dev_get __dev_get_by_name
++# define ipsec_dev_put(x) dev_put(x)
++# define __ipsec_dev_put(x) __dev_put(x)
++# define ipsec_dev_hold(x) dev_hold(x)
++#else /* NETDEV_23 */
++# define ipsec_dev_get dev_get
++# define __ipsec_dev_put(x)
++# define ipsec_dev_put(x)
++# define ipsec_dev_hold(x)
++#endif /* NETDEV_23 */
++
++#ifndef SPINLOCK
++# include <linux/bios32.h>
++ /* simulate spin locks and read/write locks */
++ typedef struct {
++ volatile char lock;
++ } spinlock_t;
++
++ typedef struct {
++ volatile unsigned int lock;
++ } rwlock_t;
++
++# define spin_lock_init(x) { (x)->lock = 0;}
++# define rw_lock_init(x) { (x)->lock = 0; }
++
++# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;}
++# define spin_lock_irq(x) { cli(); spin_lock(x);}
++# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);}
++
++# define spin_unlock(x) { (x)->lock=0;}
++# define spin_unlock_irq(x) { spin_unlock(x); sti();}
++# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);}
++
++# define read_lock(x) spin_lock(x)
++# define read_lock_irq(x) spin_lock_irq(x)
++# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
++
++# define read_unlock(x) spin_unlock(x)
++# define read_unlock_irq(x) spin_unlock_irq(x)
++# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
++
++# define write_lock(x) spin_lock(x)
++# define write_lock_irq(x) spin_lock_irq(x)
++# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
++
++# define write_unlock(x) spin_unlock(x)
++# define write_unlock_irq(x) spin_unlock_irq(x)
++# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
++#endif /* !SPINLOCK */
++
++#ifndef SPINLOCK_23
++# define spin_lock_bh(x) spin_lock_irq(x)
++# define spin_unlock_bh(x) spin_unlock_irq(x)
++
++# define read_lock_bh(x) read_lock_irq(x)
++# define read_unlock_bh(x) read_unlock_irq(x)
++
++# define write_lock_bh(x) write_lock_irq(x)
++# define write_unlock_bh(x) write_unlock_irq(x)
++#endif /* !SPINLOCK_23 */
++
++#ifndef HAVE_NETDEV_PRINTK
++#define netdev_printk(sevlevel, netdev, msglevel, format, arg...) \
++ printk(sevlevel "%s: " format , netdev->name , ## arg)
++#endif
++
++#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
++#include "openswan/ipsec_kern24.h"
++#else
++#error "kernels before 2.4 are not supported at this time"
++#endif
++#endif
++
++
++#endif /* _OPENSWAN_KVERSIONS_H */
++
++/*
++ * $Log: ipsec_kversion.h,v $
++ * Revision 1.15.2.11 2007/02/20 03:53:16 paul
++ * Added comment, made layout consistent with other checks.
++ *
++ * Revision 1.15.2.10 2007/02/16 19:08:12 paul
++ * Fix for compiling on 2.6.20 (nfmark is now called mark in sk_buff)
++ *
++ * Revision 1.15.2.9 2006/07/29 05:00:40 paul
++ * Added HAVE_NEW_SKB_LINEARIZE for 2.6.18+ kernels where skb_linearize
++ * only takes 1 argument.
++ *
++ * Revision 1.15.2.8 2006/05/01 14:31:52 mcr
++ * FREESWAN->OPENSWAN in #ifdef.
++ *
++ * Revision 1.15.2.7 2006/01/11 02:02:59 mcr
++ * updated patches and DEFAULT_TTL code to work
++ *
++ * Revision 1.15.2.6 2006/01/03 19:25:02 ken
++ * Remove duplicated #ifdef for TTL fix - bad patch
++ *
++ * Revision 1.15.2.5 2006/01/03 18:06:33 ken
++ * Fix for missing sysctl default ttl
++ *
++ * Revision 1.15.2.4 2005/11/27 21:40:14 paul
++ * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl"
++ * in for klips as module.
++ *
++ * Revision 1.15.2.3 2005/11/22 04:11:52 ken
++ * Backport fixes for 2.6.14 kernels from HEAD
++ *
++ * Revision 1.15.2.2 2005/09/01 01:57:19 paul
++ * michael's fixes for 2.6.13 from head
++ *
++ * Revision 1.15.2.1 2005/08/27 23:13:48 paul
++ * Fix for:
++ * 7 weeks ago: [NET]: Remove unused security member in sk_buff
++ * changeset 4280: 328ea53f5fee
++ * parent 4279: beb0afb0e3f8
++ * author: Thomas Graf <tgraf@suug.ch>
++ * date: Tue Jul 5 21:12:44 2005
++ * files: include/linux/skbuff.h include/linux/tc_ematch/tc_em_meta.h net/core/skbuff.c net/ipv4/ip_output.c net/ipv6/ip6_output.c net/sched/em_meta.c
++ *
++ * This should fix compilation on 2.6.13(rc) kernels
++ *
++ * Revision 1.15 2005/07/19 20:02:15 mcr
++ * sk_alloc() interface change.
++ *
++ * Revision 1.14 2005/07/08 16:20:05 mcr
++ * fix for 2.6.12 disapperance of sk_zapped field -> sock_flags.
++ *
++ * Revision 1.13 2005/05/20 03:19:18 mcr
++ * modifications for use on 2.4.30 kernel, with backported
++ * printk_ratelimit(). all warnings removed.
++ *
++ * Revision 1.12 2005/04/13 22:46:21 mcr
++ * note that KLIPS does not work on Linux 2.0.
++ *
++ * Revision 1.11 2004/09/13 02:22:26 mcr
++ * #define inet_protocol if necessary.
++ *
++ * Revision 1.10 2004/08/03 18:17:15 mcr
++ * in 2.6, use "net_device" instead of #define device->net_device.
++ * this probably breaks 2.0 compiles.
++ *
++ * Revision 1.9 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_kversion.h,v
++ *
++ * Revision 1.8 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.7 2003/07/31 22:48:08 mcr
++ * derive NET25-ness from presence of NETLINK_XFRM macro.
++ *
++ * Revision 1.6 2003/06/24 20:22:32 mcr
++ * added new global: ipsecdevices[] so that we can keep track of
++ * the ipsecX devices. They will be referenced with dev_hold(),
++ * so 2.2 may need this as well.
++ *
++ * Revision 1.5 2003/04/03 17:38:09 rgb
++ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
++ *
++ * Revision 1.4 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_kversion.h,v
++ *
++ * Revision 1.3 2002/04/12 03:21:17 mcr
++ * three parameter version of ip_select_ident appears first
++ * in 2.4.2 (RH7.1) not 2.4.4.
++ *
++ * Revision 1.2 2002/03/08 21:35:22 rgb
++ * Defined LINUX_KERNEL_HAS_SNPRINTF to shut up compiler warnings after
++ * 2.4.9. (Andreas Piesk).
++ *
++ * Revision 1.1 2002/01/29 02:11:42 mcr
++ * removal of kversions.h - sources that needed it now use ipsec_param.h.
++ * updating of IPv6 structures to match latest in6.h version.
++ * removed dead code from freeswan.h that also duplicated kversions.h
++ * code.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_life.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,112 @@
++/*
++ * Definitions relevant to IPSEC lifetimes
++ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_life.h,v 1.4 2004/04/05 19:55:05 mcr Exp $
++ *
++ * This file derived from ipsec_xform.h on 2001/9/18 by mcr.
++ *
++ */
++
++/*
++ * This file describes the book keeping fields for the
++ * IPsec Security Association Structure. ("ipsec_sa")
++ *
++ * This structure is never allocated directly by kernel code,
++ * (it is always a static/auto or is part of a structure)
++ * so it does not have a reference count.
++ *
++ */
++
++#ifndef _IPSEC_LIFE_H_
++
++/*
++ * _count is total count.
++ * _hard is hard limit (kill SA after this number)
++ * _soft is soft limit (try to renew SA after this number)
++ * _last is used in some special cases.
++ *
++ */
++
++struct ipsec_lifetime64
++{
++ __u64 ipl_count;
++ __u64 ipl_soft;
++ __u64 ipl_hard;
++ __u64 ipl_last;
++};
++
++struct ipsec_lifetimes
++{
++ /* number of bytes processed */
++ struct ipsec_lifetime64 ipl_bytes;
++
++ /* number of packets processed */
++ struct ipsec_lifetime64 ipl_packets;
++
++ /* time since SA was added */
++ struct ipsec_lifetime64 ipl_addtime;
++
++ /* time since SA was first used */
++ struct ipsec_lifetime64 ipl_usetime;
++
++ /* from rfc2367:
++ * For CURRENT, the number of different connections,
++ * endpoints, or flows that the association has been
++ * allocated towards. For HARD and SOFT, the number of
++ * these the association may be allocated towards
++ * before it expires. The concept of a connection,
++ * flow, or endpoint is system specific.
++ *
++ * mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN.
++ * They are maintained for PF_KEY compatibility.
++ */
++ struct ipsec_lifetime64 ipl_allocations;
++};
++
++enum ipsec_life_alive {
++ ipsec_life_harddied = -1,
++ ipsec_life_softdied = 0,
++ ipsec_life_okay = 1
++};
++
++enum ipsec_life_type {
++ ipsec_life_timebased = 1,
++ ipsec_life_countbased= 0
++};
++
++#define _IPSEC_LIFE_H_
++#endif /* _IPSEC_LIFE_H_ */
++
++
++/*
++ * $Log: ipsec_life.h,v $
++ * Revision 1.4 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_life.h,v
++ *
++ * Revision 1.3 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_life.h,v
++ *
++ * Revision 1.2 2001/11/26 09:16:14 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:25:58 mcr
++ * lifetime structure created and common functions created.
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_md5h.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,143 @@
++/*
++ * RCSID $Id: ipsec_md5h.h,v 1.10 2004/09/08 17:21:35 ken Exp $
++ */
++
++/*
++ * The rest of this file is Copyright RSA DSI. See the following comments
++ * for the full Copyright notice.
++ */
++
++#ifndef _IPSEC_MD5H_H_
++#define _IPSEC_MD5H_H_
++
++/* GLOBAL.H - RSAREF types and constants
++ */
++
++/* PROTOTYPES should be set to one if and only if the compiler supports
++ function argument prototyping.
++ The following makes PROTOTYPES default to 0 if it has not already
++ been defined with C compiler flags.
++ */
++#ifndef PROTOTYPES
++#define PROTOTYPES 1
++#endif /* !PROTOTYPES */
++
++/* POINTER defines a generic pointer type */
++typedef __u8 *POINTER;
++
++/* UINT2 defines a two byte word */
++typedef __u16 UINT2;
++
++/* UINT4 defines a four byte word */
++typedef __u32 UINT4;
++
++/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
++ If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
++ returns an empty list.
++ */
++
++#if PROTOTYPES
++#define PROTO_LIST(list) list
++#else /* PROTOTYPES */
++#define PROTO_LIST(list) ()
++#endif /* PROTOTYPES */
++
++
++/* MD5.H - header file for MD5C.C
++ */
++
++/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
++rights reserved.
++
++License to copy and use this software is granted provided that it
++is identified as the "RSA Data Security, Inc. MD5 Message-Digest
++Algorithm" in all material mentioning or referencing this software
++or this function.
++
++License is also granted to make and use derivative works provided
++that such works are identified as "derived from the RSA Data
++Security, Inc. MD5 Message-Digest Algorithm" in all material
++mentioning or referencing the derived work.
++
++RSA Data Security, Inc. makes no representations concerning either
++the merchantability of this software or the suitability of this
++software for any particular purpose. It is provided "as is"
++without express or implied warranty of any kind.
++
++These notices must be retained in any copies of any part of this
++documentation and/or software.
++ */
++
++/* MD5 context. */
++typedef struct {
++ UINT4 state[4]; /* state (ABCD) */
++ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
++ unsigned char buffer[64]; /* input buffer */
++} MD5_CTX;
++
++void osMD5Init PROTO_LIST ((void *));
++void osMD5Update PROTO_LIST
++ ((void *, unsigned char *, __u32));
++void osMD5Final PROTO_LIST ((unsigned char [16], void *));
++
++#endif /* _IPSEC_MD5H_H_ */
++
++/*
++ * $Log: ipsec_md5h.h,v $
++ * Revision 1.10 2004/09/08 17:21:35 ken
++ * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this)
++ *
++ * Revision 1.9 2004/04/05 19:55:05 mcr
++ * Moved from linux/include/freeswan/ipsec_md5h.h,v
++ *
++ * Revision 1.8 2002/09/10 01:45:09 mcr
++ * changed type of MD5_CTX and SHA1_CTX to void * so that
++ * the function prototypes would match, and could be placed
++ * into a pointer to a function.
++ *
++ * Revision 1.7 2002/04/24 07:36:46 mcr
++ * Moved from ./klips/net/ipsec/ipsec_md5h.h,v
++ *
++ * Revision 1.6 1999/12/13 13:59:13 rgb
++ * Quick fix to argument size to Update bugs.
++ *
++ * Revision 1.5 1999/12/07 18:16:23 rgb
++ * Fixed comments at end of #endif lines.
++ *
++ * Revision 1.4 1999/04/06 04:54:26 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.3 1999/01/22 06:19:58 rgb
++ * 64-bit clean-up.
++ *
++ * Revision 1.2 1998/11/30 13:22:54 rgb
++ * Rationalised all the klips kernel file headers. They are much shorter
++ * now and won't conflict under RH5.2.
++ *
++ * Revision 1.1 1998/06/18 21:27:48 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.2 1998/04/23 20:54:03 rgb
++ * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
++ * verified.
++ *
++ * Revision 1.1 1998/04/09 03:04:21 henry
++ * sources moved up from linux/net/ipsec
++ * these two include files modified not to include others except in kernel
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:03 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * No changes.
++ *
++ * Revision 0.3 1996/11/20 14:48:53 ji
++ * Release update only.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_param.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,387 @@
++/*
++ * @(#) Openswan tunable paramaters
++ *
++ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ * Copyright (C) 2004 Michael Richardson <mcr@xelerance.com>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_param.h,v 1.29.6.3 2006/05/01 14:32:31 mcr Exp $
++ *
++ */
++
++/*
++ * This file provides a set of #define's which may be tuned by various
++ * people/configurations. It keeps all compile-time tunables in one place.
++ *
++ * This file should be included before all other IPsec kernel-only files.
++ *
++ */
++
++#ifndef _IPSEC_PARAM_H_
++
++#ifdef __KERNEL__
++#include "ipsec_kversion.h"
++
++/* Set number of ipsecX virtual devices here. */
++/* This must be < exp(field width of IPSEC_DEV_FORMAT) */
++/* It must also be reasonable so as not to overload the memory and CPU */
++/* constraints of the host. */
++#define IPSEC_NUM_IF 4
++/* The field width must be < IF_NAM_SIZ - strlen("ipsec") - 1. */
++/* With "ipsec" being 5 characters, that means 10 is the max field width */
++/* but machine memory and CPU constraints are not likely to tollerate */
++/* more than 3 digits. The default is one digit. */
++/* Update: userland scripts get upset if they can't find "ipsec0", so */
++/* for now, no "0"-padding should be used (which would have been helpful */
++/* to make text-searches work */
++#define IPSEC_DEV_FORMAT "ipsec%d"
++/* For, say, 500 virtual ipsec devices, I would recommend: */
++/* #define IPSEC_NUM_IF 500 */
++/* #define IPSEC_DEV_FORMAT "ipsec%03d" */
++/* Note that the "interfaces=" line in /etc/ipsec.conf would be, um, challenging. */
++
++/* use dynamic ipsecX device allocation */
++#ifndef CONFIG_KLIPS_DYNDEV
++#define CONFIG_KLIPS_DYNDEV 1
++#endif /* CONFIG_KLIPS_DYNDEV */
++
++
++#ifdef CONFIG_KLIPS_BIGGATE
++# define SADB_HASHMOD 8069
++#else /* CONFIG_KLIPS_BIGGATE */
++# define SADB_HASHMOD 257
++#endif /* CONFIG_KLIPS_BIGGATE */
++#endif /* __KERNEL__ */
++
++/*
++ * This is for the SA reference table. This number is related to the
++ * maximum number of SAs that KLIPS can concurrently deal with, plus enough
++ * space for keeping expired SAs around.
++ *
++ * TABLE_MAX_WIDTH is the number of bits that we will use.
++ * MAIN_TABLE_WIDTH is the number of bits used for the primary index table.
++ *
++ */
++#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH
++# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16
++#endif
++
++#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
++# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4
++#endif
++
++#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES
++# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256
++#endif
++
++#ifndef IPSEC_SA_REF_CODE
++# define IPSEC_SA_REF_CODE 1
++#endif
++
++#ifdef __KERNEL__
++/* This is defined for 2.4, but not 2.2.... */
++#ifndef ARPHRD_VOID
++# define ARPHRD_VOID 0xFFFF
++#endif
++
++/* always turn on IPIP mode */
++#ifndef CONFIG_KLIPS_IPIP
++#define CONFIG_KLIPS_IPIP 1
++#endif
++
++/*
++ * Worry about PROC_FS stuff
++ */
++#if defined(PROC_FS_2325)
++/* kernel 2.4 */
++# define IPSEC_PROC_LAST_ARG ,int *eof,void *data
++# define IPSEC_PROCFS_DEBUG_NO_STATIC
++# define IPSEC_PROC_SUBDIRS
++#else
++/* kernel <2.4 */
++# define IPSEC_PROCFS_DEBUG_NO_STATIC DEBUG_NO_STATIC
++
++# ifndef PROC_NO_DUMMY
++# define IPSEC_PROC_LAST_ARG , int dummy
++# else
++# define IPSEC_PROC_LAST_ARG
++# endif /* !PROC_NO_DUMMY */
++#endif /* PROC_FS_2325 */
++
++#if !defined(LINUX_KERNEL_HAS_SNPRINTF)
++/* GNU CPP specific! */
++# define snprintf(buf, len, fmt...) sprintf(buf, ##fmt)
++#endif /* !LINUX_KERNEL_HAS_SNPRINTF */
++
++#ifdef SPINLOCK
++# ifdef SPINLOCK_23
++# include <linux/spinlock.h> /* *lock* */
++# else /* SPINLOCK_23 */
++# include <asm/spinlock.h> /* *lock* */
++# endif /* SPINLOCK_23 */
++#endif /* SPINLOCK */
++
++#ifndef KLIPS_FIXES_DES_PARITY
++# define KLIPS_FIXES_DES_PARITY 1
++#endif /* !KLIPS_FIXES_DES_PARITY */
++
++/* we don't really want to print these unless there are really big problems */
++#ifndef KLIPS_DIVULGE_CYPHER_KEY
++# define KLIPS_DIVULGE_CYPHER_KEY 0
++#endif /* !KLIPS_DIVULGE_CYPHER_KEY */
++
++#ifndef KLIPS_DIVULGE_HMAC_KEY
++# define KLIPS_DIVULGE_HMAC_KEY 0
++#endif /* !KLIPS_DIVULGE_HMAC_KEY */
++
++#ifndef IPSEC_DISALLOW_IPOPTIONS
++# define IPSEC_DISALLOW_IPOPTIONS 1
++#endif /* !KLIPS_DIVULGE_HMAC_KEY */
++
++/* extra toggles for regression testing */
++#ifdef CONFIG_KLIPS_REGRESS
++
++/*
++ * should pfkey_acquire() become 100% lossy?
++ *
++ */
++extern int sysctl_ipsec_regress_pfkey_lossage;
++#ifndef KLIPS_PFKEY_ACQUIRE_LOSSAGE
++# ifdef CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE
++# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 100
++# endif /* CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE */
++#else
++#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0
++#endif /* KLIPS_PFKEY_ACQUIRE_LOSSAGE */
++
++#else /* CONFIG_KLIPS_REGRESS */
++#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0
++
++#endif /* CONFIG_KLIPS_REGRESS */
++
++
++/*
++ * debugging routines.
++ */
++#define KLIPS_ERROR(flag, format, args...) if(printk_ratelimit() || flag) printk(KERN_ERR "KLIPS " format, ## args)
++#ifdef CONFIG_KLIPS_DEBUG
++extern void ipsec_print_ip(struct iphdr *ip);
++
++ #define KLIPS_PRINT(flag, format, args...) \
++ ((flag) ? printk(KERN_INFO format , ## args) : 0)
++ #define KLIPS_PRINTMORE(flag, format, args...) \
++ ((flag) ? printk(format , ## args) : 0)
++ #define KLIPS_IP_PRINT(flag, ip) \
++ ((flag) ? ipsec_print_ip(ip) : 0)
++#else /* CONFIG_KLIPS_DEBUG */
++ #define KLIPS_PRINT(flag, format, args...) do ; while(0)
++ #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0)
++ #define KLIPS_IP_PRINT(flag, ip) do ; while(0)
++#endif /* CONFIG_KLIPS_DEBUG */
++
++
++/*
++ * Stupid kernel API differences in APIs. Not only do some
++ * kernels not have ip_select_ident, but some have differing APIs,
++ * and SuSE has one with one parameter, but no way of checking to
++ * see what is really what.
++ */
++
++#ifdef SUSE_LINUX_2_4_19_IS_STUPID
++#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph)
++#else
++
++/* simplest case, nothing */
++#if !defined(IP_SELECT_IDENT)
++#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0)
++#endif
++
++/* kernels > 2.3.37-ish */
++#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW)
++#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst)
++#endif
++
++/* kernels > 2.4.2 */
++#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW)
++#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL)
++#endif
++
++#endif /* SUSE_LINUX_2_4_19_IS_STUPID */
++
++/*
++ * make klips fail test:east-espiv-01.
++ * exploit is at testing/attacks/espiv
++ *
++ */
++#define KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK 0
++
++
++/* IP_FRAGMENT_LINEARIZE is set in freeswan.h if Kernel > 2.4.4 */
++#ifndef IP_FRAGMENT_LINEARIZE
++# define IP_FRAGMENT_LINEARIZE 0
++#endif /* IP_FRAGMENT_LINEARIZE */
++#endif /* __KERNEL__ */
++
++#ifdef NEED_INET_PROTOCOL
++#define inet_protocol net_protocol
++#endif
++
++#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) && CONFIG_IPSEC_NAT_TRAVERSAL
++#define NAT_TRAVERSAL 1
++#else
++/* let people either #undef, or #define = 0 it */
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++#undef CONFIG_IPSEC_NAT_TRAVERSAL
++#endif
++#endif
++
++#ifndef IPSEC_DEFAULT_TTL
++#define IPSEC_DEFAULT_TTL 64
++#endif
++
++#define _IPSEC_PARAM_H_
++#endif /* _IPSEC_PARAM_H_ */
++
++/*
++ * $Log: ipsec_param.h,v $
++ * Revision 1.29.6.3 2006/05/01 14:32:31 mcr
++ * added KLIPS_ERROR and make sure that things work without CONFIG_KLIPS_REGRESS.
++ *
++ * Revision 1.29.6.2 2005/11/27 21:40:14 paul
++ * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl"
++ * in for klips as module.
++ *
++ * Revision 1.29.6.1 2005/08/12 16:24:18 ken
++ * Pull in NAT-T compile logic from HEAD
++ *
++ * Revision 1.29 2005/01/26 00:50:35 mcr
++ * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT,
++ * and make sure that NAT_TRAVERSAL is set as well to match
++ * userspace compiles of code.
++ *
++ * Revision 1.28 2004/09/13 15:50:15 mcr
++ * spell NEED_INET properly, not NET_INET.
++ *
++ * Revision 1.27 2004/09/13 02:21:45 mcr
++ * always turn on IPIP mode.
++ * #define inet_protocol if necessary.
++ *
++ * Revision 1.26 2004/08/17 03:25:43 mcr
++ * freeswan->openswan.
++ *
++ * Revision 1.25 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.24 2004/04/05 19:55:06 mcr
++ * Moved from linux/include/freeswan/ipsec_param.h,v
++ *
++ * Revision 1.23 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.22 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.21.4.1 2003/10/29 01:10:19 mcr
++ * elimited "struct sa_id"
++ *
++ * Revision 1.21 2003/04/03 17:38:18 rgb
++ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
++ * Change indentation for readability.
++ *
++ * Revision 1.20 2003/03/14 08:09:26 rgb
++ * Fixed up CONFIG_IPSEC_DYNDEV definitions.
++ *
++ * Revision 1.19 2003/01/30 02:31:43 rgb
++ *
++ * Rename SAref table macro names for clarity.
++ *
++ * Revision 1.18 2002/09/30 19:06:26 rgb
++ * Reduce default table to 16 bits width.
++ *
++ * Revision 1.17 2002/09/20 15:40:29 rgb
++ * Define switch to activate new SAref code.
++ * Prefix macros with "IPSEC_".
++ * Rework saref freelist.
++ * Restrict some bits to kernel context for use to klips utils.
++ *
++ * Revision 1.16 2002/09/20 05:00:31 rgb
++ * Define switch to divulge hmac keys for debugging.
++ * Added IPOPTIONS switch.
++ *
++ * Revision 1.15 2002/09/19 02:34:24 mcr
++ * define IPSEC_PROC_SUBDIRS if we are 2.4, and use that in ipsec_proc.c
++ * to decide if we are to create /proc/net/ipsec/.
++ *
++ * Revision 1.14 2002/08/30 01:20:54 mcr
++ * reorganized 2.0/2.2/2.4 procfs support macro so match
++ * 2.4 values/typedefs.
++ *
++ * Revision 1.13 2002/07/28 22:03:28 mcr
++ * added some documentation to SA_REF_*
++ * turned on fix for ESPIV attack, now that we have the attack code.
++ *
++ * Revision 1.12 2002/07/26 08:48:31 rgb
++ * Added SA ref table code.
++ *
++ * Revision 1.11 2002/07/23 02:57:45 rgb
++ * Define ARPHRD_VOID for < 2.4 kernels.
++ *
++ * Revision 1.10 2002/05/27 21:37:28 rgb
++ * Set the defaults sanely for those adventurous enough to try more than 1
++ * digit of ipsec devices.
++ *
++ * Revision 1.9 2002/05/27 18:56:07 rgb
++ * Convert to dynamic ipsec device allocation.
++ *
++ * Revision 1.8 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_param.h,v
++ *
++ * Revision 1.7 2002/04/20 00:12:25 rgb
++ * Added esp IV CBC attack fix, disabled.
++ *
++ * Revision 1.6 2002/01/29 02:11:42 mcr
++ * removal of kversions.h - sources that needed it now use ipsec_param.h.
++ * updating of IPv6 structures to match latest in6.h version.
++ * removed dead code from freeswan.h that also duplicated kversions.h
++ * code.
++ *
++ * Revision 1.5 2002/01/28 19:22:01 mcr
++ * by default, turn off LINEARIZE option
++ * (let kversions.h turn it on)
++ *
++ * Revision 1.4 2002/01/20 20:19:36 mcr
++ * renamed option to IP_FRAGMENT_LINEARIZE.
++ *
++ * Revision 1.3 2002/01/12 02:57:25 mcr
++ * first regression test causes acquire messages to be lost
++ * 100% of the time. This is to help testing of pluto.
++ *
++ * Revision 1.2 2001/11/26 09:16:14 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.3 2001/10/23 04:40:16 mcr
++ * added #define for DIVULGING session keys in debug output.
++ *
++ * Revision 1.1.2.2 2001/10/22 20:53:25 mcr
++ * added a define to control forcing of DES parity.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:20:19 mcr
++ * many common kernel configuration questions centralized.
++ * more things remain that should be moved from freeswan.h.
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_policy.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,217 @@
++#ifndef _IPSEC_POLICY_H
++/*
++ * policy interface file between pluto and applications
++ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: ipsec_policy.h,v 1.7.6.1 2005/07/26 01:53:07 ken Exp $
++ */
++#define _IPSEC_POLICY_H /* seen it, no need to see it again */
++
++
++/*
++ * this file defines an interface between an application (or rather an
++ * application library) and a key/policy daemon. It provides for inquiries
++ * as to the current state of a connected socket, as well as for general
++ * questions.
++ *
++ * In general, the interface is defined as a series of functional interfaces,
++ * and the policy messages should be internal. However, because this is in
++ * fact an ABI between pieces of the system that may get compiled and revised
++ * seperately, this ABI must be public and revision controlled.
++ *
++ * It is expected that the daemon will always support previous versions.
++ */
++
++#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061
++
++enum ipsec_policy_command {
++ IPSEC_CMD_QUERY_FD = 1,
++ IPSEC_CMD_QUERY_HOSTPAIR = 2,
++ IPSEC_CMD_QUERY_DSTONLY = 3,
++};
++
++struct ipsec_policy_msg_head {
++ u_int32_t ipm_version;
++ u_int32_t ipm_msg_len;
++ u_int32_t ipm_msg_type;
++ u_int32_t ipm_msg_seq;
++};
++
++enum ipsec_privacy_quality {
++ IPSEC_PRIVACY_NONE = 0,
++ IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */
++ IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */
++ IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */
++ IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */
++ IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */
++ IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */
++ IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */
++ IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */
++};
++
++enum ipsec_bandwidth_quality {
++ IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */
++ IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast.
++ Good enough for telnet/ssh. */
++ IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */
++ IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware
++ offloaded, but latency/jitter may be bad */
++ IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */
++};
++
++/* moved from programs/pluto/constants.h */
++/* IPsec AH transform values
++ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
++ * and in http://www.iana.org/assignments/isakmp-registry
++ */
++enum ipsec_authentication_algo {
++ AH_MD5=2,
++ AH_SHA=3,
++ AH_DES=4,
++ AH_SHA2_256=5,
++ AH_SHA2_384=6,
++ AH_SHA2_512=7
++};
++
++/* IPsec ESP transform values
++ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
++ * and from http://www.iana.org/assignments/isakmp-registry
++ */
++
++enum ipsec_cipher_algo {
++ ESP_reserved=0,
++ ESP_DES_IV64=1,
++ ESP_DES=2,
++ ESP_3DES=3,
++ ESP_RC5=4,
++ ESP_IDEA=5,
++ ESP_CAST=6,
++ ESP_BLOWFISH=7,
++ ESP_3IDEA=8,
++ ESP_DES_IV32=9,
++ ESP_RC4=10,
++ ESP_NULL=11,
++ ESP_AES=12, /* 128 bit AES */
++};
++
++/* IPCOMP transform values
++ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
++ */
++
++enum ipsec_comp_algo {
++ IPCOMP_OUI= 1,
++ IPCOMP_DEFLATE= 2,
++ IPCOMP_LZS= 3,
++ IPCOMP_V42BIS= 4
++};
++
++/* Identification type values
++ * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1
++ */
++
++enum ipsec_id_type {
++ ID_IMPOSSIBLE= (-2), /* private to Pluto */
++ ID_MYID= (-1), /* private to Pluto */
++ ID_NONE= 0, /* private to Pluto */
++ ID_IPV4_ADDR= 1,
++ ID_FQDN= 2,
++ ID_USER_FQDN= 3,
++ ID_IPV4_ADDR_SUBNET= 4,
++ ID_IPV6_ADDR= 5,
++ ID_IPV6_ADDR_SUBNET= 6,
++ ID_IPV4_ADDR_RANGE= 7,
++ ID_IPV6_ADDR_RANGE= 8,
++ ID_DER_ASN1_DN= 9,
++ ID_DER_ASN1_GN= 10,
++ ID_KEY_ID= 11
++};
++
++/* Certificate type values
++ * RFC 2408 ISAKMP, chapter 3.9
++ */
++enum ipsec_cert_type {
++ CERT_NONE= 0, /* none, or guess from file contents */
++ CERT_PKCS7_WRAPPED_X509= 1, /* self-signed certificate from disk */
++ CERT_PGP= 2,
++ CERT_DNS_SIGNED_KEY= 3, /* KEY RR from DNS */
++ CERT_X509_SIGNATURE= 4,
++ CERT_X509_KEY_EXCHANGE= 5,
++ CERT_KERBEROS_TOKENS= 6,
++ CERT_CRL= 7,
++ CERT_ARL= 8,
++ CERT_SPKI= 9,
++ CERT_X509_ATTRIBUTE= 10,
++ CERT_RAW_RSA= 11, /* raw RSA from config file */
++};
++
++/* a SIG record in ASCII */
++struct ipsec_dns_sig {
++ char fqdn[256];
++ char dns_sig[768]; /* empty string if not signed */
++};
++
++struct ipsec_raw_key {
++ char id_name[256];
++ char fs_keyid[8];
++};
++
++struct ipsec_identity {
++ enum ipsec_id_type ii_type;
++ enum ipsec_cert_type ii_format;
++ union {
++ struct ipsec_dns_sig ipsec_dns_signed;
++ /* some thing for PGP */
++ /* some thing for PKIX */
++ struct ipsec_raw_key ipsec_raw_key;
++ } ii_credential;
++};
++
++#define IPSEC_MAX_CREDENTIALS 32
++
++struct ipsec_policy_cmd_query {
++ struct ipsec_policy_msg_head head;
++
++ /* Query section */
++ ip_address query_local; /* us */
++ ip_address query_remote; /* them */
++ u_int8_t proto; /* TCP, ICMP, etc. */
++ u_short src_port, dst_port;
++
++ /* Answer section */
++ enum ipsec_privacy_quality strength;
++ enum ipsec_bandwidth_quality bandwidth;
++ enum ipsec_authentication_algo auth_detail;
++ enum ipsec_cipher_algo esp_detail;
++ enum ipsec_comp_algo comp_detail;
++
++ int credential_count;
++
++ struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS];
++};
++
++#define IPSEC_POLICY_SOCKET "/var/run/pluto/pluto.info"
++
++/* prototypes */
++extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result);
++extern err_t ipsec_policy_init(void);
++extern err_t ipsec_policy_final(void);
++extern err_t ipsec_policy_readmsg(int policysock,
++ unsigned char *buf, size_t buflen);
++extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen);
++extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result);
++
++
++extern const char *ipsec_policy_version_code(void);
++extern const char *ipsec_policy_version_string(void);
++
++#endif /* _IPSEC_POLICY_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_proto.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,199 @@
++/*
++ * @(#) prototypes for FreeSWAN functions
++ *
++ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_proto.h,v 1.14 2005/04/29 04:50:03 mcr Exp $
++ *
++ */
++
++#ifndef _IPSEC_PROTO_H_
++
++#include "ipsec_param.h"
++
++/*
++ * This file is a kernel only file that declares prototypes for
++ * all intra-module function calls and global data structures.
++ *
++ * Include this file last.
++ *
++ */
++
++/* forward references */
++enum ipsec_direction;
++enum ipsec_life_type;
++struct ipsec_lifetime64;
++struct ident;
++struct sockaddr_encap;
++struct ipsec_sa;
++
++/* ipsec_init.c */
++extern struct prng ipsec_prng;
++
++/* ipsec_sa.c */
++extern struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD];
++extern spinlock_t tdb_lock;
++extern int ipsec_sadb_init(void);
++extern int ipsec_sadb_cleanup(__u8);
++
++extern struct ipsec_sa *ipsec_sa_alloc(int*error);
++
++
++extern struct ipsec_sa *ipsec_sa_getbyid(ip_said *);
++extern int ipsec_sa_put(struct ipsec_sa *);
++extern /* void */ int ipsec_sa_del(struct ipsec_sa *);
++extern /* void */ int ipsec_sa_delchain(struct ipsec_sa *);
++extern /* void */ int ipsec_sa_add(struct ipsec_sa *);
++
++extern int ipsec_sa_init(struct ipsec_sa *ipsp);
++extern int ipsec_sa_wipe(struct ipsec_sa *ipsp);
++
++/* debug declarations */
++
++/* ipsec_proc.c */
++extern int ipsec_proc_init(void);
++extern void ipsec_proc_cleanup(void);
++
++/* ipsec_rcv.c */
++extern int ipsec_rcv(struct sk_buff *skb);
++extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type);
++
++/* ipsec_xmit.c */
++struct ipsec_xmit_state;
++extern enum ipsec_xmit_value ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs);
++extern enum ipsec_xmit_value ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs);
++extern void ipsec_print_ip(struct iphdr *ip);
++
++
++
++/* ipsec_radij.c */
++extern int ipsec_makeroute(struct sockaddr_encap *ea,
++ struct sockaddr_encap *em,
++ ip_said said,
++ uint32_t pid,
++ struct sk_buff *skb,
++ struct ident *ident_s,
++ struct ident *ident_d);
++
++extern int ipsec_breakroute(struct sockaddr_encap *ea,
++ struct sockaddr_encap *em,
++ struct sk_buff **first,
++ struct sk_buff **last);
++
++int ipsec_radijinit(void);
++int ipsec_cleareroutes(void);
++int ipsec_radijcleanup(void);
++
++/* ipsec_life.c */
++extern enum ipsec_life_alive ipsec_lifetime_check(struct ipsec_lifetime64 *il64,
++ const char *lifename,
++ const char *saname,
++ enum ipsec_life_type ilt,
++ enum ipsec_direction idir,
++ struct ipsec_sa *ips);
++
++
++extern int ipsec_lifetime_format(char *buffer,
++ int buflen,
++ char *lifename,
++ enum ipsec_life_type timebaselife,
++ struct ipsec_lifetime64 *lifetime);
++
++extern void ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime,
++ __u64 newvalue);
++
++extern void ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime,
++ __u64 newvalue);
++
++/* ipsec_snprintf.c */
++extern int ipsec_snprintf(char * buf, ssize_t size, const char *fmt, ...);
++extern void ipsec_dmp_block(char *s, caddr_t bb, int len);
++
++
++/* ipsec_alg.c */
++extern int ipsec_alg_init(void);
++
++
++#ifdef CONFIG_KLIPS_DEBUG
++
++extern int debug_xform;
++extern int debug_eroute;
++extern int debug_spi;
++extern int debug_netlink;
++
++#endif /* CONFIG_KLIPS_DEBUG */
++
++
++
++
++#define _IPSEC_PROTO_H
++#endif /* _IPSEC_PROTO_H_ */
++
++/*
++ * $Log: ipsec_proto.h,v $
++ * Revision 1.14 2005/04/29 04:50:03 mcr
++ * prototypes for xmit and alg code.
++ *
++ * Revision 1.13 2005/04/17 03:46:07 mcr
++ * added prototypes for ipsec_rcv() routines.
++ *
++ * Revision 1.12 2005/04/14 20:28:37 mcr
++ * added additional prototypes.
++ *
++ * Revision 1.11 2005/04/14 01:16:28 mcr
++ * add prototypes for snprintf.
++ *
++ * Revision 1.10 2005/04/13 22:47:28 mcr
++ * make sure that forward references are available.
++ *
++ * Revision 1.9 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.8 2004/04/05 19:55:06 mcr
++ * Moved from linux/include/freeswan/ipsec_proto.h,v
++ *
++ * Revision 1.7 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.6.30.1 2003/10/29 01:10:19 mcr
++ * elimited "struct sa_id"
++ *
++ * Revision 1.6 2002/05/23 07:13:48 rgb
++ * Added ipsec_sa_put() for releasing an ipsec_sa refcount.
++ *
++ * Revision 1.5 2002/05/14 02:36:40 rgb
++ * Converted reference from ipsec_sa_put to ipsec_sa_add to avoid confusion
++ * with "put" usage in the kernel.
++ *
++ * Revision 1.4 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_proto.h,v
++ *
++ * Revision 1.3 2002/04/20 00:12:25 rgb
++ * Added esp IV CBC attack fix, disabled.
++ *
++ * Revision 1.2 2001/11/26 09:16:15 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:21:01 mcr
++ * ipsec_proto.h created to keep prototypes rather than deal with
++ * cyclic dependancies of structures and prototypes in .h files.
++ *
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_radij.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,179 @@
++/*
++ * @(#) Definitions relevant to the IPSEC <> radij tree interfacing
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_radij.h,v 1.22 2004/07/10 19:08:41 mcr Exp $
++ */
++
++#ifndef _IPSEC_RADIJ_H
++
++#include <openswan.h>
++
++int ipsec_walk(char *);
++
++int ipsec_rj_walker_procprint(struct radij_node *, void *);
++int ipsec_rj_walker_delete(struct radij_node *, void *);
++
++/* This structure is used to pass information between
++ * ipsec_eroute_get_info and ipsec_rj_walker_procprint
++ * (through rj_walktree) and between calls of ipsec_rj_walker_procprint.
++ */
++struct wsbuf
++{
++ /* from caller of ipsec_eroute_get_info: */
++ char *const buffer; /* start of buffer provided */
++ const int length; /* length of buffer provided */
++ const off_t offset; /* file position of first character of interest */
++ /* accumulated by ipsec_rj_walker_procprint: */
++ int len; /* number of character filled into buffer */
++ off_t begin; /* file position contained in buffer[0] (<=offset) */
++};
++
++extern struct radij_node_head *rnh;
++extern spinlock_t eroute_lock;
++
++struct eroute * ipsec_findroute(struct sockaddr_encap *);
++
++#define O1(x) (int)(((x)>>24)&0xff)
++#define O2(x) (int)(((x)>>16)&0xff)
++#define O3(x) (int)(((x)>>8)&0xff)
++#define O4(x) (int)(((x))&0xff)
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_radij;
++void rj_dumptrees(void);
++
++#define DB_RJ_DUMPTREES 0x0001
++#define DB_RJ_FINDROUTE 0x0002
++#endif /* CONFIG_KLIPS_DEBUG */
++
++#define _IPSEC_RADIJ_H
++#endif
++
++/*
++ * $Log: ipsec_radij.h,v $
++ * Revision 1.22 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.21 2004/04/29 11:06:42 ken
++ * Last bits from 2.06 procfs updates
++ *
++ * Revision 1.20 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.19 2004/04/05 19:55:06 mcr
++ * Moved from linux/include/freeswan/ipsec_radij.h,v
++ *
++ * Revision 1.18 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_radij.h,v
++ *
++ * Revision 1.17 2001/11/26 09:23:49 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.16.2.1 2001/09/25 02:21:17 mcr
++ * ipsec_proto.h created to keep prototypes rather than deal with
++ * cyclic dependancies of structures and prototypes in .h files.
++ *
++ * Revision 1.16 2001/09/15 16:24:04 rgb
++ * Re-inject first and last HOLD packet when an eroute REPLACE is done.
++ *
++ * Revision 1.15 2001/09/14 16:58:37 rgb
++ * Added support for storing the first and last packets through a HOLD.
++ *
++ * Revision 1.14 2001/09/08 21:13:32 rgb
++ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
++ *
++ * Revision 1.13 2001/06/14 19:35:09 rgb
++ * Update copyright date.
++ *
++ * Revision 1.12 2001/05/27 06:12:11 rgb
++ * Added structures for pid, packet count and last access time to eroute.
++ * Added packet count to beginning of /proc/net/ipsec_eroute.
++ *
++ * Revision 1.11 2000/09/08 19:12:56 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.10 1999/11/17 15:53:39 rgb
++ * Changed all occurrences of #include "../../../lib/freeswan.h"
++ * to #include <freeswan.h> which works due to -Ilibfreeswan in the
++ * klips/net/ipsec/Makefile.
++ *
++ * Revision 1.9 1999/10/01 00:01:23 rgb
++ * Added eroute structure locking.
++ *
++ * Revision 1.8 1999/04/11 00:28:59 henry
++ * GPL boilerplate
++ *
++ * Revision 1.7 1999/04/06 04:54:26 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.6 1999/01/22 06:23:26 rgb
++ * Cruft clean-out.
++ *
++ * Revision 1.5 1998/10/25 02:42:08 rgb
++ * Change return type on ipsec_breakroute and ipsec_makeroute and add an
++ * argument to be able to transmit more infomation about errors.
++ *
++ * Revision 1.4 1998/10/19 14:44:29 rgb
++ * Added inclusion of freeswan.h.
++ * sa_id structure implemented and used: now includes protocol.
++ *
++ * Revision 1.3 1998/07/28 00:03:31 rgb
++ * Comment out temporary inet_nto4u() kluge.
++ *
++ * Revision 1.2 1998/07/14 18:22:00 rgb
++ * Add function to clear the eroute table.
++ *
++ * Revision 1.1 1998/06/18 21:27:49 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.5 1998/05/25 20:30:38 rgb
++ * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
++ *
++ * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
++ * add ipsec_rj_walker_delete.
++ *
++ * Revision 1.4 1998/05/21 13:02:56 rgb
++ * Imported definitions from ipsec_radij.c and radij.c to support /proc 3k
++ * limit fix.
++ *
++ * Revision 1.3 1998/04/21 21:29:09 rgb
++ * Rearrange debug switches to change on the fly debug output from user
++ * space. Only kernel changes checked in at this time. radij.c was also
++ * changed to temporarily remove buggy debugging code in rj_delete causing
++ * an OOPS and hence, netlink device open errors.
++ *
++ * Revision 1.2 1998/04/14 17:30:39 rgb
++ * Fix up compiling errors for radij tree memory reclamation.
++ *
++ * Revision 1.1 1998/04/09 03:06:10 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * No changes.
++ *
++ * Revision 0.3 1996/11/20 14:39:04 ji
++ * Minor cleanups.
++ * Rationalized debugging code.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_rcv.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,199 @@
++/*
++ *
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_rcv.h,v 1.28.2.2 2006/10/06 21:39:26 paul Exp $
++ */
++
++#ifndef IPSEC_RCV_H
++#define IPSEC_RCV_H
++
++#include "openswan/ipsec_auth.h"
++
++#define DB_RX_PKTRX 0x0001
++#define DB_RX_PKTRX2 0x0002
++#define DB_RX_DMP 0x0004
++#define DB_RX_IPSA 0x0010
++#define DB_RX_XF 0x0020
++#define DB_RX_IPAD 0x0040
++#define DB_RX_INAU 0x0080
++#define DB_RX_OINFO 0x0100
++#define DB_RX_OINFO2 0x0200
++#define DB_RX_OH 0x0400
++#define DB_RX_REPLAY 0x0800
++
++#ifdef __KERNEL__
++/* struct options; */
++
++#define __NO_VERSION__
++#ifndef AUTOCONF_INCLUDED
++#include <linux/config.h> /* for CONFIG_IP_FORWARD */
++#endif
++#ifdef CONFIG_MODULES
++#include <linux/module.h>
++#endif
++#include <linux/version.h>
++#include <openswan.h>
++
++#define IPSEC_BIRTH_TEMPLATE_MAXLEN 256
++
++struct ipsec_birth_reply {
++ int packet_template_len;
++ unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN];
++};
++
++extern struct ipsec_birth_reply ipsec_ipv4_birth_packet;
++extern struct ipsec_birth_reply ipsec_ipv6_birth_packet;
++
++enum ipsec_rcv_value {
++ IPSEC_RCV_LASTPROTO=1,
++ IPSEC_RCV_OK=0,
++ IPSEC_RCV_BADPROTO=-1,
++ IPSEC_RCV_BADLEN=-2,
++ IPSEC_RCV_ESP_BADALG=-3,
++ IPSEC_RCV_3DES_BADBLOCKING=-4,
++ IPSEC_RCV_ESP_DECAPFAIL=-5,
++ IPSEC_RCV_DECAPFAIL=-6,
++ IPSEC_RCV_SAIDNOTFOUND=-7,
++ IPSEC_RCV_IPCOMPALONE=-8,
++ IPSEC_RCV_IPCOMPFAILED=-10,
++ IPSEC_RCV_SAIDNOTLIVE=-11,
++ IPSEC_RCV_FAILEDINBOUND=-12,
++ IPSEC_RCV_LIFETIMEFAILED=-13,
++ IPSEC_RCV_BADAUTH=-14,
++ IPSEC_RCV_REPLAYFAILED=-15,
++ IPSEC_RCV_AUTHFAILED=-16,
++ IPSEC_RCV_REPLAYROLLED=-17,
++ IPSEC_RCV_BAD_DECRYPT=-18
++};
++
++struct ipsec_rcv_state {
++ struct sk_buff *skb;
++ struct net_device_stats *stats;
++ struct iphdr *ipp; /* the IP header */
++ struct ipsec_sa *ipsp; /* current SA being processed */
++ int len; /* length of packet */
++ int ilen; /* length of inner payload (-authlen) */
++ int authlen; /* how big is the auth data at end */
++ int hard_header_len; /* layer 2 size */
++ int iphlen; /* how big is IP header */
++ struct auth_alg *authfuncs;
++ ip_said said;
++ char sa[SATOT_BUF];
++ size_t sa_len;
++ __u8 next_header;
++ __u8 hash[AH_AMAX];
++ char ipsaddr_txt[ADDRTOA_BUF];
++ char ipdaddr_txt[ADDRTOA_BUF];
++ __u8 *octx;
++ __u8 *ictx;
++ int ictx_len;
++ int octx_len;
++ union {
++ struct {
++ struct esphdr *espp;
++ } espstuff;
++ struct {
++ struct ahhdr *ahp;
++ } ahstuff;
++ struct {
++ struct ipcomphdr *compp;
++ } ipcompstuff;
++ } protostuff;
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++ __u8 natt_type;
++ __u16 natt_sport;
++ __u16 natt_dport;
++ int natt_len;
++#endif
++};
++
++extern int
++#ifdef PROTO_HANDLER_SINGLE_PARM
++ipsec_rcv(struct sk_buff *skb);
++#else /* PROTO_HANDLER_SINGLE_PARM */
++ipsec_rcv(struct sk_buff *skb,
++ unsigned short xlen);
++#endif /* PROTO_HANDLER_SINGLE_PARM */
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_rcv;
++#define ipsec_rcv_dmp(_x,_y, _z) if (debug_rcv && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z)
++#else
++#define ipsec_rcv_dmp(_x,_y, _z) do {} while(0)
++#endif /* CONFIG_KLIPS_DEBUG */
++
++extern int sysctl_ipsec_inbound_policy_check;
++#endif /* __KERNEL__ */
++
++extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type);
++
++
++#endif /* IPSEC_RCV_H */
++
++/*
++ * $Log: ipsec_rcv.h,v $
++ * Revision 1.28.2.2 2006/10/06 21:39:26 paul
++ * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not
++ * set. This is defined through autoconf.h which is included through the
++ * linux kernel build macros.
++ *
++ * Revision 1.28.2.1 2006/07/10 15:52:20 paul
++ * Fix for bug #642 by Bart Trojanowski
++ *
++ * Revision 1.28 2005/05/11 00:59:45 mcr
++ * do not call debug routines if !defined KLIPS_DEBUG.
++ *
++ * Revision 1.27 2005/04/29 04:59:46 mcr
++ * use ipsec_dmp_block.
++ *
++ * Revision 1.26 2005/04/13 22:48:35 mcr
++ * added comments, and removed some log.
++ * removed Linux 2.0 support.
++ *
++ * Revision 1.25 2005/04/08 18:25:37 mcr
++ * prototype klips26 encap receive function
++ *
++ * Revision 1.24 2004/08/20 21:45:37 mcr
++ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
++ * be 26sec compatible. But, some defines where changed.
++ *
++ * Revision 1.23 2004/08/03 18:17:40 mcr
++ * in 2.6, use "net_device" instead of #define device->net_device.
++ * this probably breaks 2.0 compiles.
++ *
++ * Revision 1.22 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.21 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.20 2004/04/05 19:55:06 mcr
++ * Moved from linux/include/freeswan/ipsec_rcv.h,v
++ *
++ * Revision 1.19 2003/12/15 18:13:09 mcr
++ * when compiling with NAT traversal, don't assume that the
++ * kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP
++ * is set.
++ *
++ * history elided 2005-04-12.
++ *
++ * Local Variables:
++ * c-basic-offset:8
++ * c-style:linux
++ * End:
++ *
++ */
++
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_sa.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,355 @@
++/*
++ * @(#) Definitions of IPsec Security Association (ipsec_sa)
++ *
++ * Copyright (C) 2001, 2002, 2003
++ * Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_sa.h,v 1.23 2005/05/11 01:18:59 mcr Exp $
++ *
++ * This file derived from ipsec_xform.h on 2001/9/18 by mcr.
++ *
++ */
++
++/*
++ * This file describes the IPsec Security Association Structure.
++ *
++ * This structure keeps track of a single transform that may be done
++ * to a set of packets. It can describe applying the transform or
++ * apply the reverse. (e.g. compression vs expansion). However, it
++ * only describes one at a time. To describe both, two structures would
++ * be used, but since the sides of the transform are performed
++ * on different machines typically it is usual to have only one side
++ * of each association.
++ *
++ */
++
++#ifndef _IPSEC_SA_H_
++
++#ifdef __KERNEL__
++#include "openswan/ipsec_stats.h"
++#include "openswan/ipsec_life.h"
++#include "openswan/ipsec_eroute.h"
++#endif /* __KERNEL__ */
++#include "openswan/ipsec_param.h"
++
++#include "pfkeyv2.h"
++
++
++/* SAs are held in a table.
++ * Entries in this table are referenced by IPsecSAref_t values.
++ * IPsecSAref_t values are conceptually subscripts. Because
++ * we want to allocate the table piece-meal, the subscripting
++ * is implemented with two levels, a bit like paged virtual memory.
++ * This representation mechanism is known as an Iliffe Vector.
++ *
++ * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
++ * pointers to subtables.
++ * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which
++ * is a pointer to an SA.
++ *
++ * An IPsecSAref_t contains either an exceptional value (signified by the
++ * high-order bit being on) or a reference to a table entry. A table entry
++ * reference has the subtable subscript in the low-order
++ * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript
++ * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits.
++ *
++ * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is
++ * IPsecSAref2table(x). It is of type struct IPsecSArefSubTable *.
++ *
++ * The pointer to the SA for x is IPsecSAref2SA(x). It is of type
++ * struct ipsec_sa*. The macro definition clearly shows the two-level
++ * access needed to find the SA pointer.
++ *
++ * The Maintable is allocated when IPsec is initialized.
++ * Each subtable is allocated when needed, but the first is allocated
++ * when IPsec is initialized.
++ *
++ * IPsecSAref_t is designed to be smaller than an NFmark so that
++ * they can be stored in NFmarks and still leave a few bits for other
++ * purposes. The spare bits are in the low order of the NFmark
++ * but in the high order of the IPsecSAref_t, so conversion is required.
++ * We pick the upper bits of NFmark on the theory that they are less likely to
++ * interfere with more pedestrian uses of nfmark.
++ */
++
++
++typedef unsigned short int IPsecRefTableUnusedCount;
++
++#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
++
++#ifdef __KERNEL__
++#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0)
++#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")"
++#endif
++
++#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
++
++#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
++#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
++
++#ifdef CONFIG_NETFILTER
++#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark
++#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL))
++#else /* CONFIG_NETFILTER */
++/* just make it work for now, it doesn't matter, since there is no nfmark */
++#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long
++#endif /* CONFIG_NETFILTER */
++#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE))
++#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
++
++#define IPSEC_SA_REF_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
++#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
++#define IPSEC_SA_REF_ENTRY_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH))
++
++#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
++#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK)
++#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y))
++
++#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)])
++#define IPsecSA2SAref(x) ((x)->ips_ref)
++
++#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */
++
++/* 'struct ipsec_sa' should be 64bit aligned when allocated. */
++struct ipsec_sa
++{
++ IPsecSAref_t ips_ref; /* reference table entry number */
++ atomic_t ips_refcount; /* reference count for this struct */
++ struct ipsec_sa *ips_hnext; /* next in hash chain */
++ struct ipsec_sa *ips_inext; /* pointer to next xform */
++ struct ipsec_sa *ips_onext; /* pointer to prev xform */
++
++ struct ifnet *ips_rcvif; /* related rcv encap interface */
++
++ ip_said ips_said; /* SA ID */
++
++ __u32 ips_seq; /* seq num of msg that initiated this SA */
++ __u32 ips_pid; /* PID of process that initiated this SA */
++ __u8 ips_authalg; /* auth algorithm for this SA */
++ __u8 ips_encalg; /* enc algorithm for this SA */
++
++ struct ipsec_stats ips_errs;
++
++ __u8 ips_replaywin; /* replay window size */
++ enum sadb_sastate ips_state; /* state of SA */
++ __u32 ips_replaywin_lastseq; /* last pkt sequence num */
++ __u64 ips_replaywin_bitmap; /* bitmap of received pkts */
++ __u32 ips_replaywin_maxdiff; /* max pkt sequence difference */
++
++ __u32 ips_flags; /* generic xform flags */
++
++
++ struct ipsec_lifetimes ips_life; /* lifetime records */
++
++ /* selector information */
++ __u8 ips_transport_protocol; /* protocol for this SA, if ports are involved */
++ struct sockaddr*ips_addr_s; /* src sockaddr */
++ struct sockaddr*ips_addr_d; /* dst sockaddr */
++ struct sockaddr*ips_addr_p; /* proxy sockaddr */
++ __u16 ips_addr_s_size;
++ __u16 ips_addr_d_size;
++ __u16 ips_addr_p_size;
++ ip_address ips_flow_s;
++ ip_address ips_flow_d;
++ ip_address ips_mask_s;
++ ip_address ips_mask_d;
++
++ __u16 ips_key_bits_a; /* size of authkey in bits */
++ __u16 ips_auth_bits; /* size of authenticator in bits */
++ __u16 ips_key_bits_e; /* size of enckey in bits */
++ __u16 ips_iv_bits; /* size of IV in bits */
++ __u8 ips_iv_size;
++ __u16 ips_key_a_size;
++ __u16 ips_key_e_size;
++
++ caddr_t ips_key_a; /* authentication key */
++ caddr_t ips_key_e; /* encryption key */
++ caddr_t ips_iv; /* Initialisation Vector */
++
++ struct ident ips_ident_s; /* identity src */
++ struct ident ips_ident_d; /* identity dst */
++
++ /* these are included even if CONFIG_KLIPS_IPCOMP is off */
++ __u16 ips_comp_adapt_tries; /* ipcomp self-adaption tries */
++ __u16 ips_comp_adapt_skip; /* ipcomp self-adaption to-skip */
++ __u64 ips_comp_ratio_cbytes; /* compressed bytes */
++ __u64 ips_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */
++
++ /* these are included even if CONFIG_IPSEC_NAT_TRAVERSAL is off */
++ __u8 ips_natt_type;
++ __u8 ips_natt_reserved[3];
++ __u16 ips_natt_sport;
++ __u16 ips_natt_dport;
++
++ struct sockaddr *ips_natt_oa;
++ __u16 ips_natt_oa_size;
++ __u16 ips_natt_reserved2;
++
++#if 0
++ __u32 ips_sens_dpd;
++ __u8 ips_sens_sens_level;
++ __u8 ips_sens_sens_len;
++ __u64* ips_sens_sens_bitmap;
++ __u8 ips_sens_integ_level;
++ __u8 ips_sens_integ_len;
++ __u64* ips_sens_integ_bitmap;
++#endif
++ struct ipsec_alg_enc *ips_alg_enc;
++ struct ipsec_alg_auth *ips_alg_auth;
++ IPsecSAref_t ips_ref_rel;
++};
++
++struct IPsecSArefSubTable
++{
++ struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES];
++};
++
++struct ipsec_sadb {
++ struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES];
++ IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES];
++ int refFreeListHead;
++ int refFreeListTail;
++ IPsecSAref_t refFreeListCont;
++ IPsecSAref_t said_hash[SADB_HASHMOD];
++ spinlock_t sadb_lock;
++};
++
++extern struct ipsec_sadb ipsec_sadb;
++
++extern int ipsec_SAref_recycle(void);
++extern int ipsec_SArefSubTable_alloc(unsigned table);
++extern int ipsec_saref_freelist_init(void);
++extern int ipsec_sadb_init(void);
++extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */
++extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */
++extern int ipsec_sa_free(struct ipsec_sa* ips);
++extern int ipsec_sa_put(struct ipsec_sa *ips);
++extern int ipsec_sa_add(struct ipsec_sa *ips);
++extern int ipsec_sa_del(struct ipsec_sa *ips);
++extern int ipsec_sa_delchain(struct ipsec_sa *ips);
++extern int ipsec_sadb_cleanup(__u8 proto);
++extern int ipsec_sadb_free(void);
++extern int ipsec_sa_wipe(struct ipsec_sa *ips);
++#endif /* __KERNEL__ */
++
++enum ipsec_direction {
++ ipsec_incoming = 1,
++ ipsec_outgoing = 2
++};
++
++#define _IPSEC_SA_H_
++#endif /* _IPSEC_SA_H_ */
++
++/*
++ * $Log: ipsec_sa.h,v $
++ * Revision 1.23 2005/05/11 01:18:59 mcr
++ * do not change structure based upon options, to avoid
++ * too many #ifdef.
++ *
++ * Revision 1.22 2005/04/14 01:17:09 mcr
++ * change sadb_state to an enum.
++ *
++ * Revision 1.21 2004/08/20 21:45:37 mcr
++ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
++ * be 26sec compatible. But, some defines where changed.
++ *
++ * Revision 1.20 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.19 2004/04/05 19:55:06 mcr
++ * Moved from linux/include/freeswan/ipsec_sa.h,v
++ *
++ * Revision 1.18 2004/04/05 19:41:05 mcr
++ * merged alg-branch code.
++ *
++ * Revision 1.17.2.1 2003/12/22 15:25:52 jjo
++ * . Merged algo-0.8.1-rc11-test1 into alg-branch
++ *
++ * Revision 1.17 2003/12/10 01:20:06 mcr
++ * NAT-traversal patches to KLIPS.
++ *
++ * Revision 1.16 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.15.4.1 2003/10/29 01:10:19 mcr
++ * elimited "struct sa_id"
++ *
++ * Revision 1.15 2003/05/11 00:53:09 mcr
++ * IPsecSAref_t and macros were moved to freeswan.h.
++ *
++ * Revision 1.14 2003/02/12 19:31:55 rgb
++ * Fixed bug in "file seen" machinery.
++ * Updated copyright year.
++ *
++ * Revision 1.13 2003/01/30 02:31:52 rgb
++ *
++ * Re-wrote comments describing SAref system for accuracy.
++ * Rename SAref table macro names for clarity.
++ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
++ * Transmit error code through to caller from callee for better diagnosis of problems.
++ * Enclose all macro arguments in parens to avoid any possible obscrure bugs.
++ *
++ * Revision 1.12 2002/10/07 18:31:19 rgb
++ * Change comment to reflect the flexible nature of the main and sub-table widths.
++ * Added a counter for the number of unused entries in each subtable.
++ * Further break up host field type macro to host field.
++ * Move field width sanity checks to ipsec_sa.c
++ * Define a mask for an entire saref.
++ *
++ * Revision 1.11 2002/09/20 15:40:33 rgb
++ * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys.
++ * Fixed SAref/nfmark macros.
++ * Rework saref freeslist.
++ * Place all ipsec sadb globals into one struct.
++ * Restrict some bits to kernel context for use to klips utils.
++ *
++ * Revision 1.10 2002/09/20 05:00:34 rgb
++ * Update copyright date.
++ *
++ * Revision 1.9 2002/09/17 17:19:29 mcr
++ * make it compile even if there is no netfilter - we lost
++ * functionality, but it works, especially on 2.2.
++ *
++ * Revision 1.8 2002/07/28 22:59:53 mcr
++ * clarified/expanded one comment.
++ *
++ * Revision 1.7 2002/07/26 08:48:31 rgb
++ * Added SA ref table code.
++ *
++ * Revision 1.6 2002/05/31 17:27:48 rgb
++ * Comment fix.
++ *
++ * Revision 1.5 2002/05/27 18:55:03 rgb
++ * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT.
++ *
++ * Revision 1.4 2002/05/23 07:13:36 rgb
++ * Convert "usecount" to "refcount" to remove ambiguity.
++ *
++ * Revision 1.3 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_sa.h,v
++ *
++ * Revision 1.2 2001/11/26 09:16:15 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:24:58 mcr
++ * struct tdb -> struct ipsec_sa.
++ * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
++ * ipsec_xform.c removed. header file still contains useful things.
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_sha1.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,79 @@
++/*
++ * RCSID $Id: ipsec_sha1.h,v 1.8 2004/04/05 19:55:07 mcr Exp $
++ */
++
++/*
++ * Here is the original comment from the distribution:
++
++SHA-1 in C
++By Steve Reid <steve@edmweb.com>
++100% Public Domain
++
++ * Adapted for use by the IPSEC code by John Ioannidis
++ */
++
++
++#ifndef _IPSEC_SHA1_H_
++#define _IPSEC_SHA1_H_
++
++typedef struct
++{
++ __u32 state[5];
++ __u32 count[2];
++ __u8 buffer[64];
++} SHA1_CTX;
++
++void SHA1Transform(__u32 state[5], __u8 buffer[64]);
++void SHA1Init(void *context);
++void SHA1Update(void *context, unsigned char *data, __u32 len);
++void SHA1Final(unsigned char digest[20], void *context);
++
++
++#endif /* _IPSEC_SHA1_H_ */
++
++/*
++ * $Log: ipsec_sha1.h,v $
++ * Revision 1.8 2004/04/05 19:55:07 mcr
++ * Moved from linux/include/freeswan/ipsec_sha1.h,v
++ *
++ * Revision 1.7 2002/09/10 01:45:09 mcr
++ * changed type of MD5_CTX and SHA1_CTX to void * so that
++ * the function prototypes would match, and could be placed
++ * into a pointer to a function.
++ *
++ * Revision 1.6 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_sha1.h,v
++ *
++ * Revision 1.5 1999/12/13 13:59:13 rgb
++ * Quick fix to argument size to Update bugs.
++ *
++ * Revision 1.4 1999/12/07 18:16:23 rgb
++ * Fixed comments at end of #endif lines.
++ *
++ * Revision 1.3 1999/04/06 04:54:27 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.2 1998/11/30 13:22:54 rgb
++ * Rationalised all the klips kernel file headers. They are much shorter
++ * now and won't conflict under RH5.2.
++ *
++ * Revision 1.1 1998/06/18 21:27:50 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.2 1998/04/23 20:54:05 rgb
++ * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
++ * verified.
++ *
++ * Revision 1.1 1998/04/09 03:04:21 henry
++ * sources moved up from linux/net/ipsec
++ * these two include files modified not to include others except in kernel
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * New transform
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_stats.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,76 @@
++/*
++ * @(#) definition of ipsec_stats structure
++ *
++ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
++ * and Michael Richardson <mcr@freeswan.org>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_stats.h,v 1.7 2005/04/14 01:17:45 mcr Exp $
++ *
++ */
++
++/*
++ * This file describes the errors/statistics that FreeSWAN collects.
++ */
++
++#ifndef _IPSEC_STATS_H_
++
++struct ipsec_stats {
++ __u32 ips_alg_errs; /* number of algorithm errors */
++ __u32 ips_auth_errs; /* # of authentication errors */
++ __u32 ips_encsize_errs; /* # of encryption size errors*/
++ __u32 ips_encpad_errs; /* # of encryption pad errors*/
++ __u32 ips_replaywin_errs; /* # of pkt sequence errors */
++};
++
++#define _IPSEC_STATS_H_
++#endif /* _IPSEC_STATS_H_ */
++
++/*
++ * $Log: ipsec_stats.h,v $
++ * Revision 1.7 2005/04/14 01:17:45 mcr
++ * add prototypes for snprintf.
++ *
++ * Revision 1.6 2004/04/05 19:55:07 mcr
++ * Moved from linux/include/freeswan/ipsec_stats.h,v
++ *
++ * Revision 1.5 2004/04/05 19:41:05 mcr
++ * merged alg-branch code.
++ *
++ * Revision 1.4 2004/03/28 20:27:19 paul
++ * Included tested and confirmed fixes mcr made and dhr verified for
++ * snprint statements. Changed one other snprintf to use ipsec_snprintf
++ * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with
++ * dhr. (thanks dhr!)
++ *
++ * Revision 1.4 2004/03/24 01:58:31 mcr
++ * sprintf->snprintf for formatting into proc buffer.
++ *
++ * Revision 1.3.34.1 2004/04/05 04:30:46 mcr
++ * patches for alg-branch to compile/work with 2.x openswan
++ *
++ * Revision 1.3 2002/04/24 07:36:47 mcr
++ * Moved from ./klips/net/ipsec/ipsec_stats.h,v
++ *
++ * Revision 1.2 2001/11/26 09:16:16 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.1.2.1 2001/09/25 02:27:00 mcr
++ * statistics moved to seperate structure.
++ *
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_tunnel.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,280 @@
++/*
++ * IPSEC tunneling code
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_tunnel.h,v 1.33 2005/06/04 16:06:05 mcr Exp $
++ */
++
++
++#ifdef NET_21
++# define DEV_QUEUE_XMIT(skb, device, pri) {\
++ skb->dev = device; \
++ neigh_compat_output(skb); \
++ /* skb->dst->output(skb); */ \
++ }
++# define ICMP_SEND(skb_in, type, code, info, dev) \
++ icmp_send(skb_in, type, code, htonl(info))
++# define IP_SEND(skb, dev) \
++ ip_send(skb);
++#else /* NET_21 */
++# define DEV_QUEUE_XMIT(skb, device, pri) {\
++ dev_queue_xmit(skb, device, pri); \
++ }
++# define ICMP_SEND(skb_in, type, code, info, dev) \
++ icmp_send(skb_in, type, code, info, dev)
++# define IP_SEND(skb, dev) \
++ if(ntohs(iph->tot_len) > physmtu) { \
++ ip_fragment(NULL, skb, dev, 0); \
++ ipsec_kfree_skb(skb); \
++ } else { \
++ dev_queue_xmit(skb, dev, SOPRI_NORMAL); \
++ }
++#endif /* NET_21 */
++
++
++/*
++ * Heavily based on drivers/net/new_tunnel.c. Lots
++ * of ideas also taken from the 2.1.x version of drivers/net/shaper.c
++ */
++
++struct ipsectunnelconf
++{
++ __u32 cf_cmd;
++ union
++ {
++ char cfu_name[12];
++ } cf_u;
++#define cf_name cf_u.cfu_name
++};
++
++#define IPSEC_SET_DEV (SIOCDEVPRIVATE)
++#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1)
++#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2)
++
++#ifdef __KERNEL__
++#include <linux/version.h>
++#ifndef KERNEL_VERSION
++# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
++#endif
++struct ipsecpriv
++{
++ struct sk_buff_head sendq;
++ struct net_device *dev;
++ struct wait_queue *wait_queue;
++ char locked;
++ int (*hard_start_xmit) (struct sk_buff *skb,
++ struct net_device *dev);
++ int (*hard_header) (struct sk_buff *skb,
++ struct net_device *dev,
++ unsigned short type,
++ void *daddr,
++ void *saddr,
++ unsigned len);
++#ifdef NET_21
++ int (*rebuild_header)(struct sk_buff *skb);
++#else /* NET_21 */
++ int (*rebuild_header)(void *buff, struct net_device *dev,
++ unsigned long raddr, struct sk_buff *skb);
++#endif /* NET_21 */
++ int (*set_mac_address)(struct net_device *dev, void *addr);
++#ifndef NET_21
++ void (*header_cache_bind)(struct hh_cache **hhp, struct net_device *dev,
++ unsigned short htype, __u32 daddr);
++#endif /* !NET_21 */
++ void (*header_cache_update)(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr);
++ struct net_device_stats *(*get_stats)(struct net_device *dev);
++ struct net_device_stats mystats;
++ int mtu; /* What is the desired MTU? */
++};
++
++extern char ipsec_tunnel_c_version[];
++
++extern struct net_device *ipsecdevices[IPSEC_NUM_IF];
++
++int ipsec_tunnel_init_devices(void);
++
++/* void */ int ipsec_tunnel_cleanup_devices(void);
++
++extern /* void */ int ipsec_init(void);
++
++extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct net_device *dev);
++extern struct net_device *ipsec_get_device(int inst);
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_tunnel;
++extern int sysctl_ipsec_debug_verbose;
++#endif /* CONFIG_KLIPS_DEBUG */
++#endif /* __KERNEL__ */
++
++#ifdef CONFIG_KLIPS_DEBUG
++#define DB_TN_INIT 0x0001
++#define DB_TN_PROCFS 0x0002
++#define DB_TN_XMIT 0x0010
++#define DB_TN_OHDR 0x0020
++#define DB_TN_CROUT 0x0040
++#define DB_TN_OXFS 0x0080
++#define DB_TN_REVEC 0x0100
++#define DB_TN_ENCAP 0x0200
++#endif /* CONFIG_KLIPS_DEBUG */
++
++/*
++ * $Log: ipsec_tunnel.h,v $
++ * Revision 1.33 2005/06/04 16:06:05 mcr
++ * better patch for nat-t rcv-device code.
++ *
++ * Revision 1.32 2005/05/21 03:18:35 mcr
++ * added additional debug flag tunnelling.
++ *
++ * Revision 1.31 2004/08/03 18:18:02 mcr
++ * in 2.6, use "net_device" instead of #define device->net_device.
++ * this probably breaks 2.0 compiles.
++ *
++ * Revision 1.30 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.29 2004/04/05 19:55:07 mcr
++ * Moved from linux/include/freeswan/ipsec_tunnel.h,v
++ *
++ * Revision 1.28 2003/06/24 20:22:32 mcr
++ * added new global: ipsecdevices[] so that we can keep track of
++ * the ipsecX devices. They will be referenced with dev_hold(),
++ * so 2.2 may need this as well.
++ *
++ * Revision 1.27 2003/04/03 17:38:09 rgb
++ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
++ *
++ * Revision 1.26 2003/02/12 19:32:20 rgb
++ * Updated copyright year.
++ *
++ * Revision 1.25 2002/05/27 18:56:07 rgb
++ * Convert to dynamic ipsec device allocation.
++ *
++ * Revision 1.24 2002/04/24 07:36:48 mcr
++ * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v
++ *
++ * Revision 1.23 2001/11/06 19:50:44 rgb
++ * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for
++ * use also by pfkey_v2_parser.c
++ *
++ * Revision 1.22 2001/09/15 16:24:05 rgb
++ * Re-inject first and last HOLD packet when an eroute REPLACE is done.
++ *
++ * Revision 1.21 2001/06/14 19:35:10 rgb
++ * Update copyright date.
++ *
++ * Revision 1.20 2000/09/15 11:37:02 rgb
++ * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
++ * IPCOMP zlib deflate code.
++ *
++ * Revision 1.19 2000/09/08 19:12:56 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.18 2000/07/28 13:50:54 rgb
++ * Changed enet_statistics to net_device_stats and added back compatibility
++ * for pre-2.1.19.
++ *
++ * Revision 1.17 1999/11/19 01:12:15 rgb
++ * Purge unneeded proc_info prototypes, now that static linking uses
++ * dynamic proc_info registration.
++ *
++ * Revision 1.16 1999/11/18 18:51:00 rgb
++ * Changed all device registrations for static linking to
++ * dynamic to reduce the number and size of patches.
++ *
++ * Revision 1.15 1999/11/18 04:14:21 rgb
++ * Replaced all kernel version macros to shorter, readable form.
++ * Added CONFIG_PROC_FS compiler directives in case it is shut off.
++ * Added Marc Boucher's 2.3.25 proc patches.
++ *
++ * Revision 1.14 1999/05/25 02:50:10 rgb
++ * Fix kernel version macros for 2.0.x static linking.
++ *
++ * Revision 1.13 1999/05/25 02:41:06 rgb
++ * Add ipsec_klipsdebug support for static linking.
++ *
++ * Revision 1.12 1999/05/05 22:02:32 rgb
++ * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
++ *
++ * Revision 1.11 1999/04/29 15:19:50 rgb
++ * Add return values to init and cleanup functions.
++ *
++ * Revision 1.10 1999/04/16 16:02:39 rgb
++ * Bump up macro to 4 ipsec I/Fs.
++ *
++ * Revision 1.9 1999/04/15 15:37:25 rgb
++ * Forward check changes from POST1_00 branch.
++ *
++ * Revision 1.5.2.1 1999/04/02 04:26:14 rgb
++ * Backcheck from HEAD, pre1.0.
++ *
++ * Revision 1.8 1999/04/11 00:29:01 henry
++ * GPL boilerplate
++ *
++ * Revision 1.7 1999/04/06 04:54:28 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.6 1999/03/31 05:44:48 rgb
++ * Keep PMTU reduction private.
++ *
++ * Revision 1.5 1999/02/10 22:31:20 rgb
++ * Change rebuild_header member to reflect generality of link layer.
++ *
++ * Revision 1.4 1998/12/01 13:22:04 rgb
++ * Added support for debug printing of version info.
++ *
++ * Revision 1.3 1998/07/29 20:42:46 rgb
++ * Add a macro for clearing all tunnel devices.
++ * Rearrange structures and declarations for sharing with userspace.
++ *
++ * Revision 1.2 1998/06/25 20:01:45 rgb
++ * Make prototypes available for ipsec_init and ipsec proc_dir_entries
++ * for static linking.
++ *
++ * Revision 1.1 1998/06/18 21:27:50 henry
++ * move sources from klips/src to klips/net/ipsec, to keep stupid
++ * kernel-build scripts happier in the presence of symlinks
++ *
++ * Revision 1.3 1998/05/18 21:51:50 rgb
++ * Added macros for num of I/F's and a procfs debug switch.
++ *
++ * Revision 1.2 1998/04/21 21:29:09 rgb
++ * Rearrange debug switches to change on the fly debug output from user
++ * space. Only kernel changes checked in at this time. radij.c was also
++ * changed to temporarily remove buggy debugging code in rj_delete causing
++ * an OOPS and hence, netlink device open errors.
++ *
++ * Revision 1.1 1998/04/09 03:06:13 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:05 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.5 1997/06/03 04:24:48 ji
++ * Added transport mode.
++ * Changed the way routing is done.
++ * Lots of bug fixes.
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * No changes.
++ *
++ * Revision 0.3 1996/11/20 14:39:04 ji
++ * Minor cleanups.
++ * Rationalized debugging code.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_xform.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,257 @@
++/*
++ * Definitions relevant to IPSEC transformations
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++ * COpyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_xform.h,v 1.41 2004/07/10 19:08:41 mcr Exp $
++ */
++
++#ifndef _IPSEC_XFORM_H_
++
++#include <openswan.h>
++
++#define XF_NONE 0 /* No transform set */
++#define XF_IP4 1 /* IPv4 inside IPv4 */
++#define XF_AHMD5 2 /* AH MD5 */
++#define XF_AHSHA 3 /* AH SHA */
++#define XF_ESP3DES 5 /* ESP DES3-CBC */
++#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */
++#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */
++#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */
++#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */
++#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */
++#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */
++#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */
++#define XF_IP6 15 /* IPv6 inside IPv6 */
++#define XF_COMPDEFLATE 16 /* IPCOMP deflate */
++
++#define XF_CLR 126 /* Clear SA table */
++#define XF_DEL 127 /* Delete SA */
++
++/* IPsec AH transform values
++ * RFC 2407
++ * draft-ietf-ipsec-doi-tc-mib-02.txt
++ */
++
++#define AH_NONE 0
++#define AH_MD5 2
++#define AH_SHA 3
++/* draft-ietf-ipsec-ciph-aes-cbc-03.txt */
++#define AH_SHA2_256 5
++#define AH_SHA2_384 6
++#define AH_SHA2_512 7
++#define AH_RIPEMD 8
++#define AH_MAX 15
++
++/* IPsec ESP transform values */
++
++#define ESP_NONE 0
++#define ESP_DES 2
++#define ESP_3DES 3
++#define ESP_RC5 4
++#define ESP_IDEA 5
++#define ESP_CAST 6
++#define ESP_BLOWFISH 7
++#define ESP_3IDEA 8
++#define ESP_RC4 10
++#define ESP_NULL 11
++#define ESP_AES 12
++
++/* as draft-ietf-ipsec-ciph-aes-cbc-02.txt */
++#define ESP_MARS 249
++#define ESP_RC6 250
++#define ESP_SERPENT 252
++#define ESP_TWOFISH 253
++
++/* IPCOMP transform values */
++
++#define IPCOMP_NONE 0
++#define IPCOMP_OUI 1
++#define IPCOMP_DEFLAT 2
++#define IPCOMP_LZS 3
++#define IPCOMP_V42BIS 4
++
++#define XFT_AUTH 0x0001
++#define XFT_CONF 0x0100
++
++/* available if CONFIG_KLIPS_DEBUG is defined */
++#define DB_XF_INIT 0x0001
++
++#define PROTO2TXT(x) \
++ (x) == IPPROTO_AH ? "AH" : \
++ (x) == IPPROTO_ESP ? "ESP" : \
++ (x) == IPPROTO_IPIP ? "IPIP" : \
++ (x) == IPPROTO_COMP ? "COMP" : \
++ "UNKNOWN_proto"
++static inline const char *enc_name_id (unsigned id) {
++ static char buf[16];
++ snprintf(buf, sizeof(buf), "_ID%d", id);
++ return buf;
++}
++static inline const char *auth_name_id (unsigned id) {
++ static char buf[16];
++ snprintf(buf, sizeof(buf), "_ID%d", id);
++ return buf;
++}
++#define IPS_XFORM_NAME(x) \
++ PROTO2TXT((x)->ips_said.proto), \
++ (x)->ips_said.proto == IPPROTO_COMP ? \
++ ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \
++ "_DEFLATE" : "_UNKNOWN_comp") : \
++ (x)->ips_encalg == ESP_NONE ? "" : \
++ (x)->ips_encalg == ESP_3DES ? "_3DES" : \
++ (x)->ips_encalg == ESP_AES ? "_AES" : \
++ (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \
++ (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \
++ enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \
++ (x)->ips_authalg == AH_NONE ? "" : \
++ (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \
++ (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \
++ (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \
++ (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \
++ (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \
++ auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \
++
++#ifdef __KERNEL__
++struct ipsec_rcv_state;
++struct ipsec_xmit_state;
++
++struct xform_functions {
++ enum ipsec_rcv_value (*rcv_checks)(struct ipsec_rcv_state *irs,
++ struct sk_buff *skb);
++ enum ipsec_rcv_value (*rcv_decrypt)(struct ipsec_rcv_state *irs);
++
++ enum ipsec_rcv_value (*rcv_setup_auth)(struct ipsec_rcv_state *irs,
++ struct sk_buff *skb,
++ __u32 *replay,
++ unsigned char **authenticator);
++ enum ipsec_rcv_value (*rcv_calc_auth)(struct ipsec_rcv_state *irs,
++ struct sk_buff *skb);
++
++ enum ipsec_xmit_value (*xmit_setup)(struct ipsec_xmit_state *ixs);
++ enum ipsec_xmit_value (*xmit_encrypt)(struct ipsec_xmit_state *ixs);
++
++ enum ipsec_xmit_value (*xmit_setup_auth)(struct ipsec_xmit_state *ixs,
++ struct sk_buff *skb,
++ __u32 *replay,
++ unsigned char **authenticator);
++ enum ipsec_xmit_value (*xmit_calc_auth)(struct ipsec_xmit_state *ixs,
++ struct sk_buff *skb);
++ int xmit_headroom;
++ int xmit_needtailroom;
++};
++
++#endif /* __KERNEL__ */
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern void ipsec_dmp(char *s, caddr_t bb, int len);
++#else /* CONFIG_KLIPS_DEBUG */
++#define ipsec_dmp(_x, _y, _z)
++#endif /* CONFIG_KLIPS_DEBUG */
++
++
++#define _IPSEC_XFORM_H_
++#endif /* _IPSEC_XFORM_H_ */
++
++/*
++ * $Log: ipsec_xform.h,v $
++ * Revision 1.41 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.40 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.39 2004/04/05 19:55:07 mcr
++ * Moved from linux/include/freeswan/ipsec_xform.h,v
++ *
++ * Revision 1.38 2004/04/05 19:41:05 mcr
++ * merged alg-branch code.
++ *
++ * Revision 1.37 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.36.34.1 2003/12/22 15:25:52 jjo
++ * Merged algo-0.8.1-rc11-test1 into alg-branch
++ *
++ * Revision 1.36 2002/04/24 07:36:48 mcr
++ * Moved from ./klips/net/ipsec/ipsec_xform.h,v
++ *
++ * Revision 1.35 2001/11/26 09:23:51 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.33.2.1 2001/09/25 02:24:58 mcr
++ * struct tdb -> struct ipsec_sa.
++ * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
++ * ipsec_xform.c removed. header file still contains useful things.
++ *
++ * Revision 1.34 2001/11/06 19:47:17 rgb
++ * Changed lifetime_packets to uint32 from uint64.
++ *
++ * Revision 1.33 2001/09/08 21:13:34 rgb
++ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
++ *
++ * Revision 1.32 2001/07/06 07:40:01 rgb
++ * Reformatted for readability.
++ * Added inbound policy checking fields for use with IPIP SAs.
++ *
++ * Revision 1.31 2001/06/14 19:35:11 rgb
++ * Update copyright date.
++ *
++ * Revision 1.30 2001/05/30 08:14:03 rgb
++ * Removed vestiges of esp-null transforms.
++ *
++ * Revision 1.29 2001/01/30 23:42:47 rgb
++ * Allow pfkey msgs from pid other than user context required for ACQUIRE
++ * and subsequent ADD or UDATE.
++ *
++ * Revision 1.28 2000/11/06 04:30:40 rgb
++ * Add Svenning's adaptive content compression.
++ *
++ * Revision 1.27 2000/09/19 00:38:25 rgb
++ * Fixed algorithm name bugs introduced for ipcomp.
++ *
++ * Revision 1.26 2000/09/17 21:36:48 rgb
++ * Added proto2txt macro.
++ *
++ * Revision 1.25 2000/09/17 18:56:47 rgb
++ * Added IPCOMP support.
++ *
++ * Revision 1.24 2000/09/12 19:34:12 rgb
++ * Defined XF_IP6 from Gerhard for ipv6 tunnel support.
++ *
++ * Revision 1.23 2000/09/12 03:23:14 rgb
++ * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
++ *
++ * Revision 1.22 2000/09/08 19:12:56 rgb
++ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++ *
++ * Revision 1.21 2000/09/01 18:32:43 rgb
++ * Added (disabled) sensitivity members to tdb struct.
++ *
++ * Revision 1.20 2000/08/30 05:31:01 rgb
++ * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
++ * Kill remainder of tdb_xform, tdb_xdata, xformsw.
++ *
++ * Revision 1.19 2000/08/01 14:51:52 rgb
++ * Removed _all_ remaining traces of DES.
++ *
++ * Revision 1.18 2000/01/21 06:17:45 rgb
++ * Tidied up spacing.
++ *
++ *
++ * Local variables:
++ * c-file-style: "linux"
++ * End:
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/ipsec_xmit.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,198 @@
++/*
++ * IPSEC tunneling code
++ * Copyright (C) 1996, 1997 John Ioannidis.
++ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: ipsec_xmit.h,v 1.14 2005/05/11 01:00:26 mcr Exp $
++ */
++
++#include "openswan/ipsec_sa.h"
++
++enum ipsec_xmit_value
++{
++ IPSEC_XMIT_STOLEN=2,
++ IPSEC_XMIT_PASS=1,
++ IPSEC_XMIT_OK=0,
++ IPSEC_XMIT_ERRMEMALLOC=-1,
++ IPSEC_XMIT_ESP_BADALG=-2,
++ IPSEC_XMIT_BADPROTO=-3,
++ IPSEC_XMIT_ESP_PUSHPULLERR=-4,
++ IPSEC_XMIT_BADLEN=-5,
++ IPSEC_XMIT_AH_BADALG=-6,
++ IPSEC_XMIT_SAIDNOTFOUND=-7,
++ IPSEC_XMIT_SAIDNOTLIVE=-8,
++ IPSEC_XMIT_REPLAYROLLED=-9,
++ IPSEC_XMIT_LIFETIMEFAILED=-10,
++ IPSEC_XMIT_CANNOTFRAG=-11,
++ IPSEC_XMIT_MSSERR=-12,
++ IPSEC_XMIT_ERRSKBALLOC=-13,
++ IPSEC_XMIT_ENCAPFAIL=-14,
++ IPSEC_XMIT_NODEV=-15,
++ IPSEC_XMIT_NOPRIVDEV=-16,
++ IPSEC_XMIT_NOPHYSDEV=-17,
++ IPSEC_XMIT_NOSKB=-18,
++ IPSEC_XMIT_NOIPV6=-19,
++ IPSEC_XMIT_NOIPOPTIONS=-20,
++ IPSEC_XMIT_TTLEXPIRED=-21,
++ IPSEC_XMIT_BADHHLEN=-22,
++ IPSEC_XMIT_PUSHPULLERR=-23,
++ IPSEC_XMIT_ROUTEERR=-24,
++ IPSEC_XMIT_RECURSDETECT=-25,
++ IPSEC_XMIT_IPSENDFAILURE=-26,
++ IPSEC_XMIT_ESPUDP=-27,
++ IPSEC_XMIT_ESPUDP_BADTYPE=-28,
++};
++
++struct ipsec_xmit_state
++{
++ struct sk_buff *skb; /* working skb pointer */
++ struct net_device *dev; /* working dev pointer */
++ struct ipsecpriv *prv; /* Our device' private space */
++ struct sk_buff *oskb; /* Original skb pointer */
++ struct net_device_stats *stats; /* This device's statistics */
++ struct iphdr *iph; /* Our new IP header */
++ __u32 newdst; /* The other SG's IP address */
++ __u32 orgdst; /* Original IP destination address */
++ __u32 orgedst; /* 1st SG's IP address */
++ __u32 newsrc; /* The new source SG's IP address */
++ __u32 orgsrc; /* Original IP source address */
++ __u32 innersrc; /* Innermost IP source address */
++ int iphlen; /* IP header length */
++ int pyldsz; /* upper protocol payload size */
++ int headroom;
++ int tailroom;
++ int authlen;
++ int max_headroom; /* The extra header space needed */
++ int max_tailroom; /* The extra stuffing needed */
++ int ll_headroom; /* The extra link layer hard_header space needed */
++ int tot_headroom; /* The total header space needed */
++ int tot_tailroom; /* The totalstuffing needed */
++ __u8 *saved_header; /* saved copy of the hard header */
++ unsigned short sport, dport;
++
++ struct sockaddr_encap matcher; /* eroute search key */
++ struct eroute *eroute;
++ struct ipsec_sa *ipsp, *ipsq; /* ipsec_sa pointers */
++ char sa_txt[SATOT_BUF];
++ size_t sa_len;
++ int hard_header_stripped; /* has the hard header been removed yet? */
++ int hard_header_len;
++ struct net_device *physdev;
++/* struct device *virtdev; */
++ short physmtu;
++ short cur_mtu; /* copy of prv->mtu, cause prv may == NULL */
++ short mtudiff;
++#ifdef NET_21
++ struct rtable *route;
++#endif /* NET_21 */
++ ip_said outgoing_said;
++#ifdef NET_21
++ int pass;
++#endif /* NET_21 */
++ int error;
++ uint32_t eroute_pid;
++ struct ipsec_sa ips;
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++ uint8_t natt_type;
++ uint8_t natt_head;
++ uint16_t natt_sport;
++ uint16_t natt_dport;
++#endif
++};
++
++enum ipsec_xmit_value
++ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs);
++
++enum ipsec_xmit_value
++ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs);
++
++enum ipsec_xmit_value
++ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs);
++
++extern void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er);
++
++
++extern int ipsec_xmit_trap_count;
++extern int ipsec_xmit_trap_sendcount;
++
++#ifdef CONFIG_KLIPS_DEBUG
++extern int debug_tunnel;
++
++#define debug_xmit debug_tunnel
++
++#define ipsec_xmit_dmp(_x,_y, _z) if (debug_xmit && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z)
++#else
++#define ipsec_xmit_dmp(_x,_y, _z) do {} while(0)
++
++#endif /* CONFIG_KLIPS_DEBUG */
++
++extern int sysctl_ipsec_debug_verbose;
++extern int sysctl_ipsec_icmp;
++extern int sysctl_ipsec_tos;
++
++
++/*
++ * $Log: ipsec_xmit.h,v $
++ * Revision 1.14 2005/05/11 01:00:26 mcr
++ * do not call debug routines if !defined KLIPS_DEBUG.
++ *
++ * Revision 1.13 2005/04/29 05:01:38 mcr
++ * use ipsec_dmp_block.
++ * added cur_mtu to ixs instead of using ixs->dev.
++ *
++ * Revision 1.12 2004/08/20 21:45:37 mcr
++ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
++ * be 26sec compatible. But, some defines where changed.
++ *
++ * Revision 1.11 2004/08/03 18:18:21 mcr
++ * in 2.6, use "net_device" instead of #define device->net_device.
++ * this probably breaks 2.0 compiles.
++ *
++ * Revision 1.10 2004/07/10 19:08:41 mcr
++ * CONFIG_IPSEC -> CONFIG_KLIPS.
++ *
++ * Revision 1.9 2004/04/06 02:49:08 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.8 2004/04/05 19:55:07 mcr
++ * Moved from linux/include/freeswan/ipsec_xmit.h,v
++ *
++ * Revision 1.7 2004/02/03 03:11:40 mcr
++ * new xmit type if the UDP encapsulation is wrong.
++ *
++ * Revision 1.6 2003/12/13 19:10:16 mcr
++ * refactored rcv and xmit code - same as FS 2.05.
++ *
++ * Revision 1.5 2003/12/10 01:20:06 mcr
++ * NAT-traversal patches to KLIPS.
++ *
++ * Revision 1.4 2003/12/06 16:37:04 mcr
++ * 1.4.7a X.509 patch applied.
++ *
++ * Revision 1.3 2003/10/31 02:27:05 mcr
++ * pulled up port-selector patches and sa_id elimination.
++ *
++ * Revision 1.2.4.2 2003/10/29 01:10:19 mcr
++ * elimited "struct sa_id"
++ *
++ * Revision 1.2.4.1 2003/09/21 13:59:38 mcr
++ * pre-liminary X.509 patch - does not yet pass tests.
++ *
++ * Revision 1.2 2003/06/20 01:42:13 mcr
++ * added counters to measure how many ACQUIREs we send to pluto,
++ * and how many are successfully sent.
++ *
++ * Revision 1.1 2003/02/12 19:31:03 rgb
++ * Refactored from ipsec_tunnel.c
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/passert.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,75 @@
++/*
++ * sanitize a string into a printable format.
++ *
++ * Copyright (C) 1998-2002 D. Hugh Redelmeier.
++ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: passert.h,v 1.7 2004/10/21 18:44:42 mcr Exp $
++ */
++
++#include "openswan.h"
++
++#ifndef _OPENSWAN_PASSERT_H
++#define _OPENSWAN_PASSERT_H
++/* our versions of assert: log result */
++
++#ifdef DEBUG
++
++typedef void (*openswan_passert_fail_t)(const char *pred_str,
++ const char *file_str,
++ unsigned long line_no) NEVER_RETURNS;
++
++openswan_passert_fail_t openswan_passert_fail;
++
++extern void pexpect_log(const char *pred_str
++ , const char *file_str, unsigned long line_no);
++
++# define impossible() do { \
++ if(openswan_passert_fail) { \
++ (*openswan_passert_fail)("impossible", __FILE__, __LINE__); \
++ }} while(0)
++
++extern void switch_fail(int n
++ , const char *file_str, unsigned long line_no) NEVER_RETURNS;
++
++# define bad_case(n) switch_fail((int) n, __FILE__, __LINE__)
++
++# define passert(pred) do { \
++ if (!(pred)) \
++ if(openswan_passert_fail) { \
++ (*openswan_passert_fail)(#pred, __FILE__, __LINE__); \
++ } \
++ } while(0)
++
++# define pexpect(pred) do { \
++ if (!(pred)) \
++ pexpect_log(#pred, __FILE__, __LINE__); \
++ } while(0)
++
++/* assert that an err_t is NULL; evaluate exactly once */
++# define happy(x) { \
++ err_t ugh = x; \
++ if (ugh != NULL) \
++ if(openswan_passert_fail) { (*openswan_passert_fail)(ugh, __FILE__, __LINE__); } \
++ }
++
++#else /*!DEBUG*/
++
++# define impossible() abort()
++# define bad_case(n) abort()
++# define passert(pred) { } /* do nothing */
++# define happy(x) { (void) x; } /* evaluate non-judgementally */
++
++#endif /*!DEBUG*/
++
++#endif /* _OPENSWAN_PASSERT_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/pfkey_debug.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,54 @@
++/*
++ * sanitize a string into a printable format.
++ *
++ * Copyright (C) 1998-2002 D. Hugh Redelmeier.
++ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: pfkey_debug.h,v 1.3 2004/04/05 19:55:07 mcr Exp $
++ */
++
++#ifndef _FREESWAN_PFKEY_DEBUG_H
++#define _FREESWAN_PFKEY_DEBUG_H
++
++#ifdef __KERNEL__
++
++/* note, kernel version ignores pfkey levels */
++# define DEBUGGING(level,args...) \
++ KLIPS_PRINT(debug_pfkey, "klips_debug:" args)
++
++# define ERROR(args...) printk(KERN_ERR "klips:" args)
++
++#else
++
++extern unsigned int pfkey_lib_debug;
++
++extern void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1);
++extern void (*pfkey_error_func)(const char *message, ...) PRINTF_LIKE(1);
++
++#define DEBUGGING(level,args...) if(pfkey_lib_debug & level) { \
++ if(pfkey_debug_func != NULL) { \
++ (*pfkey_debug_func)("pfkey_lib_debug:" args); \
++ } else { \
++ printf("pfkey_lib_debug:" args); \
++ } }
++
++#define ERROR(args...) if(pfkey_error_func != NULL) { \
++ (*pfkey_error_func)("pfkey_lib_debug:" args); \
++ }
++
++# define MALLOC(size) malloc(size)
++# define FREE(obj) free(obj)
++
++#endif
++
++#endif
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/openswan/radij.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,280 @@
++/*
++ * RCSID $Id: radij.h,v 1.13 2004/04/05 19:55:08 mcr Exp $
++ */
++
++/*
++ * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite
++ *
++ * Variable and procedure names have been modified so that they don't
++ * conflict with the original BSD code, as a small number of modifications
++ * have been introduced and we may want to reuse this code in BSD.
++ *
++ * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek
++ * chi or a German ch sound (as `doch', not as in `milch'), or even a
++ * spanish j as in Juan. It is not as far back in the throat like
++ * the corresponding Hebrew sound, nor is it a soft breath like the English h.
++ * It has nothing to do with the Dutch ij sound.
++ *
++ * Here is the appropriate copyright notice:
++ */
++
++/*
++ * Copyright (c) 1988, 1989, 1993
++ * The Regents of the University of California. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the University of
++ * California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * @(#)radix.h 8.1 (Berkeley) 6/10/93
++ */
++
++#ifndef _RADIJ_H_
++#define _RADIJ_H_
++
++/*
++#define RJ_DEBUG
++*/
++
++#ifdef __KERNEL__
++
++#ifndef __P
++#ifdef __STDC__
++#define __P(x) x
++#else
++#define __P(x) ()
++#endif
++#endif
++
++/*
++ * Radix search tree node layout.
++ */
++
++struct radij_node
++{
++ struct radij_mask *rj_mklist; /* list of masks contained in subtree */
++ struct radij_node *rj_p; /* parent */
++ short rj_b; /* bit offset; -1-index(netmask) */
++ char rj_bmask; /* node: mask for bit test*/
++ u_char rj_flags; /* enumerated next */
++#define RJF_NORMAL 1 /* leaf contains normal route */
++#define RJF_ROOT 2 /* leaf is root leaf for tree */
++#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */
++ union {
++ struct { /* leaf only data: */
++ caddr_t rj_Key; /* object of search */
++ caddr_t rj_Mask; /* netmask, if present */
++ struct radij_node *rj_Dupedkey;
++ } rj_leaf;
++ struct { /* node only data: */
++ int rj_Off; /* where to start compare */
++ struct radij_node *rj_L;/* progeny */
++ struct radij_node *rj_R;/* progeny */
++ }rj_node;
++ } rj_u;
++#ifdef RJ_DEBUG
++ int rj_info;
++ struct radij_node *rj_twin;
++ struct radij_node *rj_ybro;
++#endif
++};
++
++#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey
++#define rj_key rj_u.rj_leaf.rj_Key
++#define rj_mask rj_u.rj_leaf.rj_Mask
++#define rj_off rj_u.rj_node.rj_Off
++#define rj_l rj_u.rj_node.rj_L
++#define rj_r rj_u.rj_node.rj_R
++
++/*
++ * Annotations to tree concerning potential routes applying to subtrees.
++ */
++
++extern struct radij_mask {
++ short rm_b; /* bit offset; -1-index(netmask) */
++ char rm_unused; /* cf. rj_bmask */
++ u_char rm_flags; /* cf. rj_flags */
++ struct radij_mask *rm_mklist; /* more masks to try */
++ caddr_t rm_mask; /* the mask */
++ int rm_refs; /* # of references to this struct */
++} *rj_mkfreelist;
++
++#define MKGet(m) {\
++ if (rj_mkfreelist) {\
++ m = rj_mkfreelist; \
++ rj_mkfreelist = (m)->rm_mklist; \
++ } else \
++ R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\
++
++#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);}
++
++struct radij_node_head {
++ struct radij_node *rnh_treetop;
++ int rnh_addrsize; /* permit, but not require fixed keys */
++ int rnh_pktsize; /* permit, but not require fixed keys */
++#if 0
++ struct radij_node *(*rnh_addaddr) /* add based on sockaddr */
++ __P((void *v, void *mask,
++ struct radij_node_head *head, struct radij_node nodes[]));
++#endif
++ int (*rnh_addaddr) /* add based on sockaddr */
++ __P((void *v, void *mask,
++ struct radij_node_head *head, struct radij_node nodes[]));
++ struct radij_node *(*rnh_addpkt) /* add based on packet hdr */
++ __P((void *v, void *mask,
++ struct radij_node_head *head, struct radij_node nodes[]));
++#if 0
++ struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */
++ __P((void *v, void *mask, struct radij_node_head *head));
++#endif
++ int (*rnh_deladdr) /* remove based on sockaddr */
++ __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node));
++ struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */
++ __P((void *v, void *mask, struct radij_node_head *head));
++ struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */
++ __P((void *v, struct radij_node_head *head));
++ struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */
++ __P((void *v, struct radij_node_head *head));
++ int (*rnh_walktree) /* traverse tree */
++ __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
++ struct radij_node rnh_nodes[3]; /* empty tree for common case */
++};
++
++
++#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
++#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
++#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n))
++#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n)))
++#define Free(p) kfree((caddr_t)p);
++
++void rj_init __P((void));
++int rj_inithead __P((void **, int));
++int rj_refines __P((void *, void *));
++int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
++struct radij_node
++ *rj_addmask __P((void *, int, int)) /* , rgb */ ;
++int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *,
++ struct radij_node [2])) /* , rgb */ ;
++int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ;
++struct radij_node /* rgb */
++ *rj_insert __P((void *, struct radij_node_head *, int *,
++ struct radij_node [2])),
++ *rj_match __P((void *, struct radij_node_head *)),
++ *rj_newpair __P((void *, int, struct radij_node[2])),
++ *rj_search __P((void *, struct radij_node *)),
++ *rj_search_m __P((void *, struct radij_node *, void *));
++
++void rj_deltree(struct radij_node_head *);
++void rj_delnodes(struct radij_node *);
++void rj_free_mkfreelist(void);
++int radijcleartree(void);
++int radijcleanup(void);
++
++extern struct radij_node_head *mask_rjhead;
++extern int maj_keylen;
++#endif /* __KERNEL__ */
++
++#endif /* _RADIJ_H_ */
++
++
++/*
++ * $Log: radij.h,v $
++ * Revision 1.13 2004/04/05 19:55:08 mcr
++ * Moved from linux/include/freeswan/radij.h,v
++ *
++ * Revision 1.12 2002/04/24 07:36:48 mcr
++ * Moved from ./klips/net/ipsec/radij.h,v
++ *
++ * Revision 1.11 2001/09/20 15:33:00 rgb
++ * Min/max cleanup.
++ *
++ * Revision 1.10 1999/11/18 04:09:20 rgb
++ * Replaced all kernel version macros to shorter, readable form.
++ *
++ * Revision 1.9 1999/05/05 22:02:33 rgb
++ * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
++ *
++ * Revision 1.8 1999/04/29 15:24:58 rgb
++ * Add check for existence of macros min/max.
++ *
++ * Revision 1.7 1999/04/11 00:29:02 henry
++ * GPL boilerplate
++ *
++ * Revision 1.6 1999/04/06 04:54:29 rgb
++ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++ * patch shell fixes.
++ *
++ * Revision 1.5 1999/01/22 06:30:32 rgb
++ * 64-bit clean-up.
++ *
++ * Revision 1.4 1998/11/30 13:22:55 rgb
++ * Rationalised all the klips kernel file headers. They are much shorter
++ * now and won't conflict under RH5.2.
++ *
++ * Revision 1.3 1998/10/25 02:43:27 rgb
++ * Change return type on rj_addroute and rj_delete and add and argument
++ * to the latter to be able to transmit more infomation about errors.
++ *
++ * Revision 1.2 1998/07/14 18:09:51 rgb
++ * Add a routine to clear eroute table.
++ * Added #ifdef __KERNEL__ directives to restrict scope of header.
++ *
++ * Revision 1.1 1998/06/18 21:30:22 henry
++ * move sources from klips/src to klips/net/ipsec to keep stupid kernel
++ * build scripts happier about symlinks
++ *
++ * Revision 1.4 1998/05/25 20:34:16 rgb
++ * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
++ *
++ * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
++ * add ipsec_rj_walker_delete.
++ *
++ * Recover memory for eroute table on unload of module.
++ *
++ * Revision 1.3 1998/04/22 16:51:37 rgb
++ * Tidy up radij debug code from recent rash of modifications to debug code.
++ *
++ * Revision 1.2 1998/04/14 17:30:38 rgb
++ * Fix up compiling errors for radij tree memory reclamation.
++ *
++ * Revision 1.1 1998/04/09 03:06:16 henry
++ * sources moved up from linux/net/ipsec
++ *
++ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
++ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
++ *
++ * Revision 0.4 1997/01/15 01:28:15 ji
++ * No changes.
++ *
++ * Revision 0.3 1996/11/20 14:44:45 ji
++ * Release update only.
++ *
++ * Revision 0.2 1996/11/02 00:18:33 ji
++ * First limited release.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/pfkey.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,529 @@
++/*
++ * FreeS/WAN specific PF_KEY headers
++ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * RCSID $Id: pfkey.h,v 1.49 2005/05/11 00:57:29 mcr Exp $
++ */
++
++#ifndef __NET_IPSEC_PF_KEY_H
++#define __NET_IPSEC_PF_KEY_H
++#ifdef __KERNEL__
++extern struct proto_ops pfkey_proto_ops;
++typedef struct sock pfkey_sock;
++extern int debug_pfkey;
++
++extern /* void */ int pfkey_init(void);
++extern /* void */ int pfkey_cleanup(void);
++
++struct socket_list
++{
++ struct socket *socketp;
++ struct socket_list *next;
++};
++extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
++extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
++extern struct socket_list *pfkey_open_sockets;
++extern struct socket_list *pfkey_registered_sockets[];
++
++struct ipsec_alg_supported
++{
++ uint16_t ias_exttype;
++ uint8_t ias_id;
++ uint8_t ias_ivlen;
++ uint16_t ias_keyminbits;
++ uint16_t ias_keymaxbits;
++ char *ias_name;
++};
++
++extern struct supported_list *pfkey_supported_list[];
++struct supported_list
++{
++ struct ipsec_alg_supported *supportedp;
++ struct supported_list *next;
++};
++extern int pfkey_list_insert_supported(struct ipsec_alg_supported*, struct supported_list**);
++extern int pfkey_list_remove_supported(struct ipsec_alg_supported*, struct supported_list**);
++
++struct sockaddr_key
++{
++ uint16_t key_family; /* PF_KEY */
++ uint16_t key_pad; /* not used */
++ uint32_t key_pid; /* process ID */
++};
++
++struct pfkey_extracted_data
++{
++ struct ipsec_sa* ips;
++ struct ipsec_sa* ips2;
++ struct eroute *eroute;
++};
++
++/* forward reference */
++struct sadb_ext;
++struct sadb_msg;
++struct sockaddr;
++struct sadb_comb;
++struct sadb_sadb;
++struct sadb_alg;
++
++extern int
++pfkey_alloc_eroute(struct eroute** eroute);
++
++extern int
++pfkey_sa_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_lifetime_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_address_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_key_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_ident_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_sens_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_prop_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_supported_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_spirange_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_x_satype_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int
++pfkey_x_debug_process(struct sadb_ext *pfkey_ext,
++ struct pfkey_extracted_data* extr);
++
++extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
++extern int pfkey_expire(struct ipsec_sa *, int);
++extern int pfkey_acquire(struct ipsec_sa *);
++#else /* ! __KERNEL__ */
++
++extern void (*pfkey_debug_func)(const char *message, ...);
++extern void (*pfkey_error_func)(const char *message, ...);
++extern void pfkey_print(struct sadb_msg *msg, FILE *out);
++
++
++#endif /* __KERNEL__ */
++
++extern uint8_t satype2proto(uint8_t satype);
++extern uint8_t proto2satype(uint8_t proto);
++extern char* satype2name(uint8_t satype);
++extern char* proto2name(uint8_t proto);
++
++struct key_opt
++{
++ uint32_t key_pid; /* process ID */
++ struct sock *sk;
++};
++
++#define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid
++
++/* XXX-mcr this is not an alignment, this is because the count is in 64-bit
++ * words.
++ */
++#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
++#define BITS_PER_OCTET 8
++#define OCTETBITS 8
++#define PFKEYBITS 64
++#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
++#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
++
++#define IPSEC_PFKEYv2_LEN(x) ((x) * IPSEC_PFKEYv2_ALIGN)
++#define IPSEC_PFKEYv2_WORDS(x) ((x) / IPSEC_PFKEYv2_ALIGN)
++
++
++#define PFKEYv2_MAX_MSGSIZE 4096
++
++/*
++ * PF_KEYv2 permitted and required extensions in and out bitmaps
++ */
++struct pf_key_ext_parsers_def {
++ int (*parser)(struct sadb_ext*);
++ char *parser_name;
++};
++
++
++#define SADB_EXTENSIONS_MAX 31
++extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_EXTENSIONS_MAX];
++#define EXT_BITS_IN 0
++#define EXT_BITS_OUT 1
++#define EXT_BITS_PERM 0
++#define EXT_BITS_REQ 1
++
++extern void pfkey_extensions_init(struct sadb_ext *extensions[]);
++extern void pfkey_extensions_free(struct sadb_ext *extensions[]);
++extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
++
++extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
++ struct pf_key_ext_parsers_def *ext_parsers[],
++ struct sadb_ext **extensions,
++ int dir);
++
++extern int pfkey_register_reply(int satype, struct sadb_msg *sadb_msg);
++
++/*
++ * PF_KEYv2 build function prototypes
++ */
++
++int
++pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
++ uint8_t msg_type,
++ uint8_t satype,
++ uint8_t msg_errno,
++ uint32_t seq,
++ uint32_t pid);
++
++int
++pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext,
++ uint16_t exttype,
++ uint32_t spi, /* in network order */
++ uint8_t replay_window,
++ uint8_t sa_state,
++ uint8_t auth,
++ uint8_t encrypt,
++ uint32_t flags,
++ uint32_t/*IPsecSAref_t*/ ref);
++
++int
++pfkey_sa_build(struct sadb_ext ** pfkey_ext,
++ uint16_t exttype,
++ uint32_t spi, /* in network order */
++ uint8_t replay_window,
++ uint8_t sa_state,
++ uint8_t auth,
++ uint8_t encrypt,
++ uint32_t flags);
++
++int
++pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
++ uint16_t exttype,
++ uint32_t allocations,
++ uint64_t bytes,
++ uint64_t addtime,
++ uint64_t usetime,
++ uint32_t packets);
++
++int
++pfkey_address_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ uint8_t proto,
++ uint8_t prefixlen,
++ struct sockaddr* address);
++
++int
++pfkey_key_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ uint16_t key_bits,
++ char* key);
++
++int
++pfkey_ident_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ uint16_t ident_type,
++ uint64_t ident_id,
++ uint8_t ident_len,
++ char* ident_string);
++
++#ifdef __KERNEL__
++extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16);
++extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
++extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
++#endif /* __KERNEL__ */
++int
++pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext,
++ uint8_t type);
++int
++pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ uint16_t port);
++
++int
++pfkey_sens_build(struct sadb_ext** pfkey_ext,
++ uint32_t dpd,
++ uint8_t sens_level,
++ uint8_t sens_len,
++ uint64_t* sens_bitmap,
++ uint8_t integ_level,
++ uint8_t integ_len,
++ uint64_t* integ_bitmap);
++
++int pfkey_x_protocol_build(struct sadb_ext **, uint8_t);
++
++
++int
++pfkey_prop_build(struct sadb_ext** pfkey_ext,
++ uint8_t replay,
++ unsigned int comb_num,
++ struct sadb_comb* comb);
++
++int
++pfkey_supported_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ unsigned int alg_num,
++ struct sadb_alg* alg);
++
++int
++pfkey_spirange_build(struct sadb_ext** pfkey_ext,
++ uint16_t exttype,
++ uint32_t min,
++ uint32_t max);
++
++int
++pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext);
++
++int
++pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
++ uint8_t satype);
++
++int
++pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
++ uint32_t tunnel,
++ uint32_t netlink,
++ uint32_t xform,
++ uint32_t eroute,
++ uint32_t spi,
++ uint32_t radij,
++ uint32_t esp,
++ uint32_t ah,
++ uint32_t rcv,
++ uint32_t pfkey,
++ uint32_t ipcomp,
++ uint32_t verbose);
++
++int
++pfkey_msg_build(struct sadb_msg** pfkey_msg,
++ struct sadb_ext* extensions[],
++ int dir);
++
++/* in pfkey_v2_debug.c - routines to decode numbers -> strings */
++const char *
++pfkey_v2_sadb_ext_string(int extnum);
++
++const char *
++pfkey_v2_sadb_type_string(int sadb_type);
++
++
++#endif /* __NET_IPSEC_PF_KEY_H */
++
++/*
++ * $Log: pfkey.h,v $
++ * Revision 1.49 2005/05/11 00:57:29 mcr
++ * rename struct supported -> struct ipsec_alg_supported.
++ * make pfkey.h more standalone.
++ *
++ * Revision 1.48 2005/05/01 03:12:50 mcr
++ * include name of algorithm in datastructure.
++ *
++ * Revision 1.47 2004/08/21 00:44:14 mcr
++ * simplify definition of nat_t related prototypes.
++ *
++ * Revision 1.46 2004/08/04 16:27:22 mcr
++ * 2.6 sk_ options.
++ *
++ * Revision 1.45 2004/04/06 02:49:00 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.44 2003/12/10 01:20:01 mcr
++ * NAT-traversal patches to KLIPS.
++ *
++ * Revision 1.43 2003/10/31 02:26:44 mcr
++ * pulled up port-selector patches.
++ *
++ * Revision 1.42.2.2 2003/10/29 01:09:32 mcr
++ * added debugging for pfkey library.
++ *
++ * Revision 1.42.2.1 2003/09/21 13:59:34 mcr
++ * pre-liminary X.509 patch - does not yet pass tests.
++ *
++ * Revision 1.42 2003/08/25 22:08:19 mcr
++ * removed pfkey_proto_init() from pfkey.h for 2.6 support.
++ *
++ * Revision 1.41 2003/05/07 17:28:57 mcr
++ * new function pfkey_debug_func added for us in debugging from
++
++ * pfkey library.
++ *
++ * Revision 1.40 2003/01/30 02:31:34 rgb
++ *
++ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
++ *
++ * Revision 1.39 2002/09/20 15:40:21 rgb
++ * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc().
++ * Added ref parameter to pfkey_sa_build().
++ * Cleaned out unused cruft.
++ *
++ * Revision 1.38 2002/05/14 02:37:24 rgb
++ * Change all references to tdb, TDB or Tunnel Descriptor Block to ips,
++ * ipsec_sa or ipsec_sa.
++ * Added function prototypes for the functions moved to
++ * pfkey_v2_ext_process.c.
++ *
++ * Revision 1.37 2002/04/24 07:36:49 mcr
++ * Moved from ./lib/pfkey.h,v
++ *
++ * Revision 1.36 2002/01/20 20:34:49 mcr
++ * added pfkey_v2_sadb_type_string to decode sadb_type to string.
++ *
++ * Revision 1.35 2001/11/27 05:27:47 mcr
++ * pfkey parses are now maintained by a structure
++ * that includes their name for debug purposes.
++ *
++ * Revision 1.34 2001/11/26 09:23:53 rgb
++ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
++ *
++ * Revision 1.33 2001/11/06 19:47:47 rgb
++ * Added packet parameter to lifetime and comb structures.
++ *
++ * Revision 1.32 2001/09/08 21:13:34 rgb
++ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
++ *
++ * Revision 1.31 2001/06/14 19:35:16 rgb
++ * Update copyright date.
++ *
++ * Revision 1.30 2001/02/27 07:04:52 rgb
++ * Added satype2name prototype.
++ *
++ * Revision 1.29 2001/02/26 19:59:33 rgb
++ * Ditch unused sadb_satype2proto[], replaced by satype2proto().
++ *
++ * Revision 1.28 2000/10/10 20:10:19 rgb
++ * Added support for debug_ipcomp and debug_verbose to klipsdebug.
++ *
++ * Revision 1.27 2000/09/21 04:20:45 rgb
++ * Fixed array size off-by-one error. (Thanks Svenning!)
++ *
++ * Revision 1.26 2000/09/12 03:26:05 rgb
++ * Added pfkey_acquire prototype.
++ *
++ * Revision 1.25 2000/09/08 19:21:28 rgb
++ * Fix pfkey_prop_build() parameter to be only single indirection.
++ *
++ * Revision 1.24 2000/09/01 18:46:42 rgb
++ * Added a supported algorithms array lists, one per satype and registered
++ * existing algorithms.
++ * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
++ * list.
++ *
++ * Revision 1.23 2000/08/27 01:55:26 rgb
++ * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
++ *
++ * Revision 1.22 2000/08/20 21:39:23 rgb
++ * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
++ * pfkey_expire().
++ *
++ * Revision 1.21 2000/08/15 17:29:23 rgb
++ * Fixes from SZI to untested pfkey_prop_build().
++ *
++ * Revision 1.20 2000/05/10 20:14:19 rgb
++ * Fleshed out sensitivity, proposal and supported extensions.
++ *
++ * Revision 1.19 2000/03/16 14:07:23 rgb
++ * Renamed ALIGN macro to avoid fighting with others in kernel.
++ *
++ * Revision 1.18 2000/01/22 23:24:06 rgb
++ * Added prototypes for proto2satype(), satype2proto() and proto2name().
++ *
++ * Revision 1.17 2000/01/21 06:26:59 rgb
++ * Converted from double tdb arguments to one structure (extr)
++ * containing pointers to all temporary information structures.
++ * Added klipsdebug switching capability.
++ * Dropped unused argument to pfkey_x_satype_build().
++ *
++ * Revision 1.16 1999/12/29 21:17:41 rgb
++ * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
++ * parameter for cleaner manipulation of extensions[] and to guard
++ * against potential memory leaks.
++ * Changed the I/F to pfkey_msg_free() for the same reason.
++ *
++ * Revision 1.15 1999/12/09 23:12:54 rgb
++ * Added macro for BITS_PER_OCTET.
++ * Added argument to pfkey_sa_build() to do eroutes.
++ *
++ * Revision 1.14 1999/12/08 20:33:25 rgb
++ * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
++ *
++ * Revision 1.13 1999/12/07 19:53:40 rgb
++ * Removed unused first argument from extension parsers.
++ * Changed __u* types to uint* to avoid use of asm/types.h and
++ * sys/types.h in userspace code.
++ * Added function prototypes for pfkey message and extensions
++ * initialisation and cleanup.
++ *
++ * Revision 1.12 1999/12/01 22:19:38 rgb
++ * Change pfkey_sa_build to accept an SPI in network byte order.
++ *
++ * Revision 1.11 1999/11/27 11:55:26 rgb
++ * Added extern sadb_satype2proto to enable moving protocol lookup table
++ * to lib/pfkey_v2_parse.c.
++ * Delete unused, moved typedefs.
++ * Add argument to pfkey_msg_parse() for direction.
++ * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
++ *
++ * Revision 1.10 1999/11/23 22:29:21 rgb
++ * This file has been moved in the distribution from klips/net/ipsec to
++ * lib.
++ * Add macros for dealing with alignment and rounding up more opaquely.
++ * The uint<n>_t type defines have been moved to freeswan.h to avoid
++ * chicken-and-egg problems.
++ * Add macros for dealing with alignment and rounding up more opaque.
++ * Added prototypes for using extention header bitmaps.
++ * Added prototypes of all the build functions.
++ *
++ * Revision 1.9 1999/11/20 21:59:48 rgb
++ * Moved socketlist type declarations and prototypes for shared use.
++ * Slightly modified scope of sockaddr_key declaration.
++ *
++ * Revision 1.8 1999/11/17 14:34:25 rgb
++ * Protect sa_family_t from being used in userspace with GLIBC<2.
++ *
++ * Revision 1.7 1999/10/27 19:40:35 rgb
++ * Add a maximum PFKEY packet size macro.
++ *
++ * Revision 1.6 1999/10/26 16:58:58 rgb
++ * Created a sockaddr_key and key_opt socket extension structures.
++ *
++ * Revision 1.5 1999/06/10 05:24:41 rgb
++ * Renamed variables to reduce confusion.
++ *
++ * Revision 1.4 1999/04/29 15:21:11 rgb
++ * Add pfkey support to debugging.
++ * Add return values to init and cleanup functions.
++ *
++ * Revision 1.3 1999/04/15 17:58:07 rgb
++ * Add RCSID labels.
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/pfkeyv2.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,472 @@
++/*
++ * RCSID $Id: pfkeyv2.h,v 1.31 2005/04/14 01:14:54 mcr Exp $
++ */
++
++/*
++RFC 2367 PF_KEY Key Management API July 1998
++
++
++Appendix D: Sample Header File
++
++This file defines structures and symbols for the PF_KEY Version 2
++key management interface. It was written at the U.S. Naval Research
++Laboratory. This file is in the public domain. The authors ask that
++you leave this credit intact on any copies of this file.
++*/
++#ifndef __PFKEY_V2_H
++#define __PFKEY_V2_H 1
++
++#define PF_KEY_V2 2
++#define PFKEYV2_REVISION 199806L
++
++#define SADB_RESERVED 0
++#define SADB_GETSPI 1
++#define SADB_UPDATE 2
++#define SADB_ADD 3
++#define SADB_DELETE 4
++#define SADB_GET 5
++#define SADB_ACQUIRE 6
++#define SADB_REGISTER 7
++#define SADB_EXPIRE 8
++#define SADB_FLUSH 9
++#define SADB_DUMP 10
++#define SADB_X_PROMISC 11
++#define SADB_X_PCHANGE 12
++#define SADB_X_GRPSA 13
++#define SADB_X_ADDFLOW 14
++#define SADB_X_DELFLOW 15
++#define SADB_X_DEBUG 16
++#define SADB_X_NAT_T_NEW_MAPPING 17
++#define SADB_MAX 17
++
++struct sadb_msg {
++ uint8_t sadb_msg_version;
++ uint8_t sadb_msg_type;
++ uint8_t sadb_msg_errno;
++ uint8_t sadb_msg_satype;
++ uint16_t sadb_msg_len;
++ uint16_t sadb_msg_reserved;
++ uint32_t sadb_msg_seq;
++ uint32_t sadb_msg_pid;
++};
++
++struct sadb_ext {
++ uint16_t sadb_ext_len;
++ uint16_t sadb_ext_type;
++};
++
++struct sadb_sa {
++ uint16_t sadb_sa_len;
++ uint16_t sadb_sa_exttype;
++ uint32_t sadb_sa_spi;
++ uint8_t sadb_sa_replay;
++ uint8_t sadb_sa_state;
++ uint8_t sadb_sa_auth;
++ uint8_t sadb_sa_encrypt;
++ uint32_t sadb_sa_flags;
++ uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */
++ uint8_t sadb_x_reserved[4];
++};
++
++struct sadb_sa_v1 {
++ uint16_t sadb_sa_len;
++ uint16_t sadb_sa_exttype;
++ uint32_t sadb_sa_spi;
++ uint8_t sadb_sa_replay;
++ uint8_t sadb_sa_state;
++ uint8_t sadb_sa_auth;
++ uint8_t sadb_sa_encrypt;
++ uint32_t sadb_sa_flags;
++};
++
++struct sadb_lifetime {
++ uint16_t sadb_lifetime_len;
++ uint16_t sadb_lifetime_exttype;
++ uint32_t sadb_lifetime_allocations;
++ uint64_t sadb_lifetime_bytes;
++ uint64_t sadb_lifetime_addtime;
++ uint64_t sadb_lifetime_usetime;
++ uint32_t sadb_x_lifetime_packets;
++ uint32_t sadb_x_lifetime_reserved;
++};
++
++struct sadb_address {
++ uint16_t sadb_address_len;
++ uint16_t sadb_address_exttype;
++ uint8_t sadb_address_proto;
++ uint8_t sadb_address_prefixlen;
++ uint16_t sadb_address_reserved;
++};
++
++struct sadb_key {
++ uint16_t sadb_key_len;
++ uint16_t sadb_key_exttype;
++ uint16_t sadb_key_bits;
++ uint16_t sadb_key_reserved;
++};
++
++struct sadb_ident {
++ uint16_t sadb_ident_len;
++ uint16_t sadb_ident_exttype;
++ uint16_t sadb_ident_type;
++ uint16_t sadb_ident_reserved;
++ uint64_t sadb_ident_id;
++};
++
++struct sadb_sens {
++ uint16_t sadb_sens_len;
++ uint16_t sadb_sens_exttype;
++ uint32_t sadb_sens_dpd;
++ uint8_t sadb_sens_sens_level;
++ uint8_t sadb_sens_sens_len;
++ uint8_t sadb_sens_integ_level;
++ uint8_t sadb_sens_integ_len;
++ uint32_t sadb_sens_reserved;
++};
++
++struct sadb_prop {
++ uint16_t sadb_prop_len;
++ uint16_t sadb_prop_exttype;
++ uint8_t sadb_prop_replay;
++ uint8_t sadb_prop_reserved[3];
++};
++
++struct sadb_comb {
++ uint8_t sadb_comb_auth;
++ uint8_t sadb_comb_encrypt;
++ uint16_t sadb_comb_flags;
++ uint16_t sadb_comb_auth_minbits;
++ uint16_t sadb_comb_auth_maxbits;
++ uint16_t sadb_comb_encrypt_minbits;
++ uint16_t sadb_comb_encrypt_maxbits;
++ uint32_t sadb_comb_reserved;
++ uint32_t sadb_comb_soft_allocations;
++ uint32_t sadb_comb_hard_allocations;
++ uint64_t sadb_comb_soft_bytes;
++ uint64_t sadb_comb_hard_bytes;
++ uint64_t sadb_comb_soft_addtime;
++ uint64_t sadb_comb_hard_addtime;
++ uint64_t sadb_comb_soft_usetime;
++ uint64_t sadb_comb_hard_usetime;
++ uint32_t sadb_x_comb_soft_packets;
++ uint32_t sadb_x_comb_hard_packets;
++};
++
++struct sadb_supported {
++ uint16_t sadb_supported_len;
++ uint16_t sadb_supported_exttype;
++ uint32_t sadb_supported_reserved;
++};
++
++struct sadb_alg {
++ uint8_t sadb_alg_id;
++ uint8_t sadb_alg_ivlen;
++ uint16_t sadb_alg_minbits;
++ uint16_t sadb_alg_maxbits;
++ uint16_t sadb_alg_reserved;
++};
++
++struct sadb_spirange {
++ uint16_t sadb_spirange_len;
++ uint16_t sadb_spirange_exttype;
++ uint32_t sadb_spirange_min;
++ uint32_t sadb_spirange_max;
++ uint32_t sadb_spirange_reserved;
++};
++
++struct sadb_x_kmprivate {
++ uint16_t sadb_x_kmprivate_len;
++ uint16_t sadb_x_kmprivate_exttype;
++ uint32_t sadb_x_kmprivate_reserved;
++};
++
++struct sadb_x_satype {
++ uint16_t sadb_x_satype_len;
++ uint16_t sadb_x_satype_exttype;
++ uint8_t sadb_x_satype_satype;
++ uint8_t sadb_x_satype_reserved[3];
++};
++
++struct sadb_x_policy {
++ uint16_t sadb_x_policy_len;
++ uint16_t sadb_x_policy_exttype;
++ uint16_t sadb_x_policy_type;
++ uint8_t sadb_x_policy_dir;
++ uint8_t sadb_x_policy_reserved;
++ uint32_t sadb_x_policy_id;
++ uint32_t sadb_x_policy_reserved2;
++};
++
++struct sadb_x_debug {
++ uint16_t sadb_x_debug_len;
++ uint16_t sadb_x_debug_exttype;
++ uint32_t sadb_x_debug_tunnel;
++ uint32_t sadb_x_debug_netlink;
++ uint32_t sadb_x_debug_xform;
++ uint32_t sadb_x_debug_eroute;
++ uint32_t sadb_x_debug_spi;
++ uint32_t sadb_x_debug_radij;
++ uint32_t sadb_x_debug_esp;
++ uint32_t sadb_x_debug_ah;
++ uint32_t sadb_x_debug_rcv;
++ uint32_t sadb_x_debug_pfkey;
++ uint32_t sadb_x_debug_ipcomp;
++ uint32_t sadb_x_debug_verbose;
++ uint8_t sadb_x_debug_reserved[4];
++};
++
++struct sadb_x_nat_t_type {
++ uint16_t sadb_x_nat_t_type_len;
++ uint16_t sadb_x_nat_t_type_exttype;
++ uint8_t sadb_x_nat_t_type_type;
++ uint8_t sadb_x_nat_t_type_reserved[3];
++};
++struct sadb_x_nat_t_port {
++ uint16_t sadb_x_nat_t_port_len;
++ uint16_t sadb_x_nat_t_port_exttype;
++ uint16_t sadb_x_nat_t_port_port;
++ uint16_t sadb_x_nat_t_port_reserved;
++};
++
++/*
++ * A protocol structure for passing through the transport level
++ * protocol. It contains more fields than are actually used/needed
++ * but it is this way to be compatible with the structure used in
++ * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h)
++ */
++struct sadb_protocol {
++ uint16_t sadb_protocol_len;
++ uint16_t sadb_protocol_exttype;
++ uint8_t sadb_protocol_proto;
++ uint8_t sadb_protocol_direction;
++ uint8_t sadb_protocol_flags;
++ uint8_t sadb_protocol_reserved2;
++};
++
++#define SADB_EXT_RESERVED 0
++#define SADB_EXT_SA 1
++#define SADB_EXT_LIFETIME_CURRENT 2
++#define SADB_EXT_LIFETIME_HARD 3
++#define SADB_EXT_LIFETIME_SOFT 4
++#define SADB_EXT_ADDRESS_SRC 5
++#define SADB_EXT_ADDRESS_DST 6
++#define SADB_EXT_ADDRESS_PROXY 7
++#define SADB_EXT_KEY_AUTH 8
++#define SADB_EXT_KEY_ENCRYPT 9
++#define SADB_EXT_IDENTITY_SRC 10
++#define SADB_EXT_IDENTITY_DST 11
++#define SADB_EXT_SENSITIVITY 12
++#define SADB_EXT_PROPOSAL 13
++#define SADB_EXT_SUPPORTED_AUTH 14
++#define SADB_EXT_SUPPORTED_ENCRYPT 15
++#define SADB_EXT_SPIRANGE 16
++#define SADB_X_EXT_KMPRIVATE 17
++#define SADB_X_EXT_SATYPE2 18
++#ifdef KERNEL26_HAS_KAME_DUPLICATES
++#define SADB_X_EXT_POLICY 18
++#endif
++#define SADB_X_EXT_SA2 19
++#define SADB_X_EXT_ADDRESS_DST2 20
++#define SADB_X_EXT_ADDRESS_SRC_FLOW 21
++#define SADB_X_EXT_ADDRESS_DST_FLOW 22
++#define SADB_X_EXT_ADDRESS_SRC_MASK 23
++#define SADB_X_EXT_ADDRESS_DST_MASK 24
++#define SADB_X_EXT_DEBUG 25
++#define SADB_X_EXT_PROTOCOL 26
++#define SADB_X_EXT_NAT_T_TYPE 27
++#define SADB_X_EXT_NAT_T_SPORT 28
++#define SADB_X_EXT_NAT_T_DPORT 29
++#define SADB_X_EXT_NAT_T_OA 30
++#define SADB_EXT_MAX 30
++
++/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
++#define SADB_X_EXT_ADDRESS_DELFLOW \
++ ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
++ | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
++ | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
++ | (1<<SADB_X_EXT_ADDRESS_DST_MASK))
++
++#define SADB_SATYPE_UNSPEC 0
++#define SADB_SATYPE_AH 2
++#define SADB_SATYPE_ESP 3
++#define SADB_SATYPE_RSVP 5
++#define SADB_SATYPE_OSPFV2 6
++#define SADB_SATYPE_RIPV2 7
++#define SADB_SATYPE_MIP 8
++#define SADB_X_SATYPE_IPIP 9
++#ifdef KERNEL26_HAS_KAME_DUPLICATES
++#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */
++#endif
++#define SADB_X_SATYPE_COMP 10
++#define SADB_X_SATYPE_INT 11
++#define SADB_SATYPE_MAX 11
++
++enum sadb_sastate {
++ SADB_SASTATE_LARVAL=0,
++ SADB_SASTATE_MATURE=1,
++ SADB_SASTATE_DYING=2,
++ SADB_SASTATE_DEAD=3
++};
++#define SADB_SASTATE_MAX 3
++
++#define SADB_SAFLAGS_PFS 1
++#define SADB_X_SAFLAGS_REPLACEFLOW 2
++#define SADB_X_SAFLAGS_CLEARFLOW 4
++#define SADB_X_SAFLAGS_INFLOW 8
++
++/* not obvious, but these are the same values as used in isakmp,
++ * and in freeswan/ipsec_policy.h. If you need to add any, they
++ * should be added as according to
++ * http://www.iana.org/assignments/isakmp-registry
++ *
++ * and if not, then please try to use a private-use value, and
++ * consider asking IANA to assign a value.
++ */
++#define SADB_AALG_NONE 0
++#define SADB_AALG_MD5HMAC 2
++#define SADB_AALG_SHA1HMAC 3
++#define SADB_X_AALG_SHA2_256HMAC 5
++#define SADB_X_AALG_SHA2_384HMAC 6
++#define SADB_X_AALG_SHA2_512HMAC 7
++#define SADB_X_AALG_RIPEMD160HMAC 8
++#define SADB_X_AALG_NULL 251 /* kame */
++#define SADB_AALG_MAX 251
++
++#define SADB_EALG_NONE 0
++#define SADB_EALG_DESCBC 2
++#define SADB_EALG_3DESCBC 3
++#define SADB_X_EALG_CASTCBC 6
++#define SADB_X_EALG_BLOWFISHCBC 7
++#define SADB_EALG_NULL 11
++#define SADB_X_EALG_AESCBC 12
++#define SADB_EALG_MAX 255
++
++#define SADB_X_CALG_NONE 0
++#define SADB_X_CALG_OUI 1
++#define SADB_X_CALG_DEFLATE 2
++#define SADB_X_CALG_LZS 3
++#define SADB_X_CALG_V42BIS 4
++#ifdef KERNEL26_HAS_KAME_DUPLICATES
++#define SADB_X_CALG_LZJH 4
++#endif
++#define SADB_X_CALG_MAX 4
++
++#define SADB_X_TALG_NONE 0
++#define SADB_X_TALG_IPv4_in_IPv4 1
++#define SADB_X_TALG_IPv6_in_IPv4 2
++#define SADB_X_TALG_IPv4_in_IPv6 3
++#define SADB_X_TALG_IPv6_in_IPv6 4
++#define SADB_X_TALG_MAX 4
++
++
++#define SADB_IDENTTYPE_RESERVED 0
++#define SADB_IDENTTYPE_PREFIX 1
++#define SADB_IDENTTYPE_FQDN 2
++#define SADB_IDENTTYPE_USERFQDN 3
++#define SADB_X_IDENTTYPE_CONNECTION 4
++#define SADB_IDENTTYPE_MAX 4
++
++#define SADB_KEY_FLAGS_MAX 0
++#endif /* __PFKEY_V2_H */
++
++/*
++ * $Log: pfkeyv2.h,v $
++ * Revision 1.31 2005/04/14 01:14:54 mcr
++ * change sadb_state to an enum.
++ *
++ * Revision 1.30 2004/04/06 02:49:00 mcr
++ * pullup of algo code from alg-branch.
++ *
++ * Revision 1.29 2003/12/22 21:35:58 mcr
++ * new patches from Dr{Who}.
++ *
++ * Revision 1.28 2003/12/22 19:33:15 mcr
++ * added 0.6c NAT-T patch.
++ *
++ * Revision 1.27 2003/12/10 01:20:01 mcr
++ * NAT-traversal patches to KLIPS.
++ *
++ * Revision 1.26 2003/10/31 02:26:44 mcr
++ * pulled up port-selector patches.
++ *
++ * Revision 1.25.4.1 2003/09/21 13:59:34 mcr
++ * pre-liminary X.509 patch - does not yet pass tests.
++ *
++ * Revision 1.25 2003/07/31 23:59:17 mcr
++ * re-introduce kernel 2.6 duplicate values for now.
++ * hope to get them changed!
++ *
++ * Revision 1.24 2003/07/31 22:55:27 mcr
++ * added some definitions to keep pfkeyv2.h files in sync.
++ *
++ * Revision 1.23 2003/05/11 00:43:48 mcr
++ * added comment about origin of values used
++ *
++ * Revision 1.22 2003/01/30 02:31:34 rgb
++ *
++ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
++ *
++ * Revision 1.21 2002/12/16 19:26:49 mcr
++ * added definition of FS 1.xx sadb structure
++ *
++ * Revision 1.20 2002/09/20 15:40:25 rgb
++ * Added sadb_x_sa_ref to struct sadb_sa.
++ *
++ * Revision 1.19 2002/04/24 07:36:49 mcr
++ * Moved from ./lib/pfkeyv2.h,v
++ *
++ * Revision 1.18 2001/11/06 19:47:47 rgb
++ * Added packet parameter to lifetime and comb structures.
++ *
++ * Revision 1.17 2001/09/08 21:13:35 rgb
++ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
++ *
++ * Revision 1.16 2001/07/06 19:49:46 rgb
++ * Added SADB_X_SAFLAGS_INFLOW for supporting incoming policy checks.
++ *
++ * Revision 1.15 2001/02/26 20:00:43 rgb
++ * Added internal IP protocol 61 for magic SAs.
++ *
++ * Revision 1.14 2001/02/08 18:51:05 rgb
++ * Include RFC document title and appendix subsection title.
++ *
++ * Revision 1.13 2000/10/10 20:10:20 rgb
++ * Added support for debug_ipcomp and debug_verbose to klipsdebug.
++ *
++ * Revision 1.12 2000/09/15 06:41:50 rgb
++ * Added V42BIS constant.
++ *
++ * Revision 1.11 2000/09/12 22:35:37 rgb
++ * Restructured to remove unused extensions from CLEARFLOW messages.
++ *
++ * Revision 1.10 2000/09/12 18:50:09 rgb
++ * Added IPIP tunnel types as algo support.
++ *
++ * Revision 1.9 2000/08/21 16:47:19 rgb
++ * Added SADB_X_CALG_* macros for IPCOMP.
++ *
++ * Revision 1.8 2000/08/09 20:43:34 rgb
++ * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
++ *
++ * Revision 1.7 2000/01/21 06:28:37 rgb
++ * Added flow add/delete message type macros.
++ * Added flow address extension type macros.
++ * Tidied up spacing.
++ * Added klipsdebug switching capability.
++ *
++ * Revision 1.6 1999/11/27 11:56:08 rgb
++ * Add SADB_X_SATYPE_COMP for compression, eventually.
++ *
++ * Revision 1.5 1999/11/23 22:23:16 rgb
++ * This file has been moved in the distribution from klips/net/ipsec to
++ * lib.
++ *
++ * Revision 1.4 1999/04/29 15:23:29 rgb
++ * Add GRPSA support.
++ * Add support for a second SATYPE, SA and DST_ADDRESS.
++ * Add IPPROTO_IPIP support.
++ *
++ * Revision 1.3 1999/04/15 17:58:08 rgb
++ * Add RCSID labels.
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/zlib/zconf.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,309 @@
++/* zconf.h -- configuration of the zlib compression library
++ * Copyright (C) 1995-2002 Jean-loup Gailly.
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/* @(#) $Id: zconf.h,v 1.4 2004/07/10 07:48:40 mcr Exp $ */
++
++#ifndef _ZCONF_H
++#define _ZCONF_H
++
++/*
++ * If you *really* need a unique prefix for all types and library functions,
++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
++ */
++#ifdef IPCOMP_PREFIX
++# define deflateInit_ ipcomp_deflateInit_
++# define deflate ipcomp_deflate
++# define deflateEnd ipcomp_deflateEnd
++# define inflateInit_ ipcomp_inflateInit_
++# define inflate ipcomp_inflate
++# define inflateEnd ipcomp_inflateEnd
++# define deflateInit2_ ipcomp_deflateInit2_
++# define deflateSetDictionary ipcomp_deflateSetDictionary
++# define deflateCopy ipcomp_deflateCopy
++# define deflateReset ipcomp_deflateReset
++# define deflateParams ipcomp_deflateParams
++# define inflateInit2_ ipcomp_inflateInit2_
++# define inflateSetDictionary ipcomp_inflateSetDictionary
++# define inflateSync ipcomp_inflateSync
++# define inflateSyncPoint ipcomp_inflateSyncPoint
++# define inflateReset ipcomp_inflateReset
++# define compress ipcomp_compress
++# define compress2 ipcomp_compress2
++# define uncompress ipcomp_uncompress
++# define adler32 ipcomp_adler32
++# define crc32 ipcomp_crc32
++# define get_crc_table ipcomp_get_crc_table
++/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */
++# define inflate_blocks ipcomp_deflate_blocks
++# define inflate_blocks_free ipcomp_deflate_blocks_free
++# define inflate_blocks_new ipcomp_inflate_blocks_new
++# define inflate_blocks_reset ipcomp_inflate_blocks_reset
++# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point
++# define inflate_set_dictionary ipcomp_inflate_set_dictionary
++# define inflate_codes ipcomp_inflate_codes
++# define inflate_codes_free ipcomp_inflate_codes_free
++# define inflate_codes_new ipcomp_inflate_codes_new
++# define inflate_fast ipcomp_inflate_fast
++# define inflate_trees_bits ipcomp_inflate_trees_bits
++# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic
++# define inflate_trees_fixed ipcomp_inflate_trees_fixed
++# define inflate_flush ipcomp_inflate_flush
++# define inflate_mask ipcomp_inflate_mask
++# define _dist_code _ipcomp_dist_code
++# define _length_code _ipcomp_length_code
++# define _tr_align _ipcomp_tr_align
++# define _tr_flush_block _ipcomp_tr_flush_block
++# define _tr_init _ipcomp_tr_init
++# define _tr_stored_block _ipcomp_tr_stored_block
++# define _tr_tally _ipcomp_tr_tally
++# define zError ipcomp_zError
++# define z_errmsg ipcomp_z_errmsg
++# define zlibVersion ipcomp_zlibVersion
++# define match_init ipcomp_match_init
++# define longest_match ipcomp_longest_match
++#endif
++
++#ifdef Z_PREFIX
++# define Byte z_Byte
++# define uInt z_uInt
++# define uLong z_uLong
++# define Bytef z_Bytef
++# define charf z_charf
++# define intf z_intf
++# define uIntf z_uIntf
++# define uLongf z_uLongf
++# define voidpf z_voidpf
++# define voidp z_voidp
++#endif
++
++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
++# define WIN32
++#endif
++#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
++# ifndef __32BIT__
++# define __32BIT__
++# endif
++#endif
++#if defined(__MSDOS__) && !defined(MSDOS)
++# define MSDOS
++#endif
++
++/*
++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
++ * than 64k bytes at a time (needed on systems with 16-bit int).
++ */
++#if defined(MSDOS) && !defined(__32BIT__)
++# define MAXSEG_64K
++#endif
++#ifdef MSDOS
++# define UNALIGNED_OK
++#endif
++
++#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC)
++# define STDC
++#endif
++#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)
++# ifndef STDC
++# define STDC
++# endif
++#endif
++
++#ifndef STDC
++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
++# define const
++# endif
++#endif
++
++/* Some Mac compilers merge all .h files incorrectly: */
++#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
++# define NO_DUMMY_DECL
++#endif
++
++/* Old Borland C incorrectly complains about missing returns: */
++#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500)
++# define NEED_DUMMY_RETURN
++#endif
++
++
++/* Maximum value for memLevel in deflateInit2 */
++#ifndef MAX_MEM_LEVEL
++# ifdef MAXSEG_64K
++# define MAX_MEM_LEVEL 8
++# else
++# define MAX_MEM_LEVEL 9
++# endif
++#endif
++
++/* Maximum value for windowBits in deflateInit2 and inflateInit2.
++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
++ * created by gzip. (Files created by minigzip can still be extracted by
++ * gzip.)
++ */
++#ifndef MAX_WBITS
++# define MAX_WBITS 15 /* 32K LZ77 window */
++#endif
++
++/* The memory requirements for deflate are (in bytes):
++ (1 << (windowBits+2)) + (1 << (memLevel+9))
++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
++ plus a few kilobytes for small objects. For example, if you want to reduce
++ the default memory requirements from 256K to 128K, compile with
++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
++ Of course this will generally degrade compression (there's no free lunch).
++
++ The memory requirements for inflate are (in bytes) 1 << windowBits
++ that is, 32K for windowBits=15 (default value) plus a few kilobytes
++ for small objects.
++*/
++
++ /* Type declarations */
++
++#ifndef OF /* function prototypes */
++# ifdef STDC
++# define OF(args) args
++# else
++# define OF(args) ()
++# endif
++#endif
++
++/* The following definitions for FAR are needed only for MSDOS mixed
++ * model programming (small or medium model with some far allocations).
++ * This was tested only with MSC; for other MSDOS compilers you may have
++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
++ * just define FAR to be empty.
++ */
++#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
++ /* MSC small or medium model */
++# define SMALL_MEDIUM
++# ifdef _MSC_VER
++# define FAR _far
++# else
++# define FAR far
++# endif
++#endif
++#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
++# ifndef __32BIT__
++# define SMALL_MEDIUM
++# define FAR _far
++# endif
++#endif
++
++/* Compile with -DZLIB_DLL for Windows DLL support */
++#if defined(ZLIB_DLL)
++# if defined(_WINDOWS) || defined(WINDOWS)
++# ifdef FAR
++# undef FAR
++# endif
++# include <windows.h>
++# define ZEXPORT WINAPI
++# ifdef WIN32
++# define ZEXPORTVA WINAPIV
++# else
++# define ZEXPORTVA FAR _cdecl _export
++# endif
++# endif
++# if defined (__BORLANDC__)
++# if (__BORLANDC__ >= 0x0500) && defined (WIN32)
++# include <windows.h>
++# define ZEXPORT __declspec(dllexport) WINAPI
++# define ZEXPORTRVA __declspec(dllexport) WINAPIV
++# else
++# if defined (_Windows) && defined (__DLL__)
++# define ZEXPORT _export
++# define ZEXPORTVA _export
++# endif
++# endif
++# endif
++#endif
++
++#if defined (__BEOS__)
++# if defined (ZLIB_DLL)
++# define ZEXTERN extern __declspec(dllexport)
++# else
++# define ZEXTERN extern __declspec(dllimport)
++# endif
++#endif
++
++#ifndef ZEXPORT
++# define ZEXPORT
++#endif
++#ifndef ZEXPORTVA
++# define ZEXPORTVA
++#endif
++#ifndef ZEXTERN
++# define ZEXTERN extern
++#endif
++
++#ifndef FAR
++# define FAR
++#endif
++
++#if !defined(MACOS) && !defined(TARGET_OS_MAC)
++typedef unsigned char Byte; /* 8 bits */
++#endif
++typedef unsigned int uInt; /* 16 bits or more */
++typedef unsigned long uLong; /* 32 bits or more */
++
++#ifdef SMALL_MEDIUM
++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
++# define Bytef Byte FAR
++#else
++ typedef Byte FAR Bytef;
++#endif
++typedef char FAR charf;
++typedef int FAR intf;
++typedef uInt FAR uIntf;
++typedef uLong FAR uLongf;
++
++#ifdef STDC
++ typedef void FAR *voidpf;
++ typedef void *voidp;
++#else
++ typedef Byte FAR *voidpf;
++ typedef Byte *voidp;
++#endif
++
++#ifdef HAVE_UNISTD_H
++# include <sys/types.h> /* for off_t */
++# include <unistd.h> /* for SEEK_* and off_t */
++# define z_off_t off_t
++#endif
++#ifndef SEEK_SET
++# define SEEK_SET 0 /* Seek from beginning of file. */
++# define SEEK_CUR 1 /* Seek from current position. */
++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */
++#endif
++#ifndef z_off_t
++# define z_off_t long
++#endif
++
++/* MVS linker does not support external names larger than 8 bytes */
++#if defined(__MVS__)
++# pragma map(deflateInit_,"DEIN")
++# pragma map(deflateInit2_,"DEIN2")
++# pragma map(deflateEnd,"DEEND")
++# pragma map(inflateInit_,"ININ")
++# pragma map(inflateInit2_,"ININ2")
++# pragma map(inflateEnd,"INEND")
++# pragma map(inflateSync,"INSY")
++# pragma map(inflateSetDictionary,"INSEDI")
++# pragma map(inflate_blocks,"INBL")
++# pragma map(inflate_blocks_new,"INBLNE")
++# pragma map(inflate_blocks_free,"INBLFR")
++# pragma map(inflate_blocks_reset,"INBLRE")
++# pragma map(inflate_codes_free,"INCOFR")
++# pragma map(inflate_codes,"INCO")
++# pragma map(inflate_fast,"INFA")
++# pragma map(inflate_flush,"INFLU")
++# pragma map(inflate_mask,"INMA")
++# pragma map(inflate_set_dictionary,"INSEDI2")
++# pragma map(ipcomp_inflate_copyright,"INCOPY")
++# pragma map(inflate_trees_bits,"INTRBI")
++# pragma map(inflate_trees_dynamic,"INTRDY")
++# pragma map(inflate_trees_fixed,"INTRFI")
++# pragma map(inflate_trees_free,"INTRFR")
++#endif
++
++#endif /* _ZCONF_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/zlib/zlib.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,893 @@
++/* zlib.h -- interface of the 'zlib' general purpose compression library
++ version 1.1.4, March 11th, 2002
++
++ Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
++
++ This software is provided 'as-is', without any express or implied
++ warranty. In no event will the authors be held liable for any damages
++ arising from the use of this software.
++
++ Permission is granted to anyone to use this software for any purpose,
++ including commercial applications, and to alter it and redistribute it
++ freely, subject to the following restrictions:
++
++ 1. The origin of this software must not be misrepresented; you must not
++ claim that you wrote the original software. If you use this software
++ in a product, an acknowledgment in the product documentation would be
++ appreciated but is not required.
++ 2. Altered source versions must be plainly marked as such, and must not be
++ misrepresented as being the original software.
++ 3. This notice may not be removed or altered from any source distribution.
++
++ Jean-loup Gailly Mark Adler
++ jloup@gzip.org madler@alumni.caltech.edu
++
++
++ The data format used by the zlib library is described by RFCs (Request for
++ Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
++*/
++
++#ifndef _ZLIB_H
++#define _ZLIB_H
++
++#include "zconf.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define ZLIB_VERSION "1.1.4"
++
++/*
++ The 'zlib' compression library provides in-memory compression and
++ decompression functions, including integrity checks of the uncompressed
++ data. This version of the library supports only one compression method
++ (deflation) but other algorithms will be added later and will have the same
++ stream interface.
++
++ Compression can be done in a single step if the buffers are large
++ enough (for example if an input file is mmap'ed), or can be done by
++ repeated calls of the compression function. In the latter case, the
++ application must provide more input and/or consume the output
++ (providing more output space) before each call.
++
++ The library also supports reading and writing files in gzip (.gz) format
++ with an interface similar to that of stdio.
++
++ The library does not install any signal handler. The decoder checks
++ the consistency of the compressed data, so the library should never
++ crash even in case of corrupted input.
++*/
++
++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
++typedef void (*free_func) OF((voidpf opaque, voidpf address));
++
++struct internal_state;
++
++typedef struct z_stream_s {
++ Bytef *next_in; /* next input byte */
++ uInt avail_in; /* number of bytes available at next_in */
++ uLong total_in; /* total nb of input bytes read so far */
++
++ Bytef *next_out; /* next output byte should be put there */
++ uInt avail_out; /* remaining free space at next_out */
++ uLong total_out; /* total nb of bytes output so far */
++
++ const char *msg; /* last error message, NULL if no error */
++ struct internal_state FAR *state; /* not visible by applications */
++
++ alloc_func zalloc; /* used to allocate the internal state */
++ free_func zfree; /* used to free the internal state */
++ voidpf opaque; /* private data object passed to zalloc and zfree */
++
++ int data_type; /* best guess about the data type: ascii or binary */
++ uLong adler; /* adler32 value of the uncompressed data */
++ uLong reserved; /* reserved for future use */
++} z_stream;
++
++typedef z_stream FAR *z_streamp;
++
++/*
++ The application must update next_in and avail_in when avail_in has
++ dropped to zero. It must update next_out and avail_out when avail_out
++ has dropped to zero. The application must initialize zalloc, zfree and
++ opaque before calling the init function. All other fields are set by the
++ compression library and must not be updated by the application.
++
++ The opaque value provided by the application will be passed as the first
++ parameter for calls of zalloc and zfree. This can be useful for custom
++ memory management. The compression library attaches no meaning to the
++ opaque value.
++
++ zalloc must return Z_NULL if there is not enough memory for the object.
++ If zlib is used in a multi-threaded application, zalloc and zfree must be
++ thread safe.
++
++ On 16-bit systems, the functions zalloc and zfree must be able to allocate
++ exactly 65536 bytes, but will not be required to allocate more than this
++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
++ pointers returned by zalloc for objects of exactly 65536 bytes *must*
++ have their offset normalized to zero. The default allocation function
++ provided by this library ensures this (see zutil.c). To reduce memory
++ requirements and avoid any allocation of 64K objects, at the expense of
++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
++
++ The fields total_in and total_out can be used for statistics or
++ progress reports. After compression, total_in holds the total size of
++ the uncompressed data and may be saved for use in the decompressor
++ (particularly if the decompressor wants to decompress everything in
++ a single step).
++*/
++
++ /* constants */
++
++#define Z_NO_FLUSH 0
++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */
++#define Z_SYNC_FLUSH 2
++#define Z_FULL_FLUSH 3
++#define Z_FINISH 4
++/* Allowed flush values; see deflate() below for details */
++
++#define Z_OK 0
++#define Z_STREAM_END 1
++#define Z_NEED_DICT 2
++#define Z_ERRNO (-1)
++#define Z_STREAM_ERROR (-2)
++#define Z_DATA_ERROR (-3)
++#define Z_MEM_ERROR (-4)
++#define Z_BUF_ERROR (-5)
++#define Z_VERSION_ERROR (-6)
++/* Return codes for the compression/decompression functions. Negative
++ * values are errors, positive values are used for special but normal events.
++ */
++
++#define Z_NO_COMPRESSION 0
++#define Z_BEST_SPEED 1
++#define Z_BEST_COMPRESSION 9
++#define Z_DEFAULT_COMPRESSION (-1)
++/* compression levels */
++
++#define Z_FILTERED 1
++#define Z_HUFFMAN_ONLY 2
++#define Z_DEFAULT_STRATEGY 0
++/* compression strategy; see deflateInit2() below for details */
++
++#define Z_BINARY 0
++#define Z_ASCII 1
++#define Z_UNKNOWN 2
++/* Possible values of the data_type field */
++
++#define Z_DEFLATED 8
++/* The deflate compression method (the only one supported in this version) */
++
++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
++
++#define zlib_version zlibVersion()
++/* for compatibility with versions < 1.0.2 */
++
++ /* basic functions */
++
++ZEXTERN const char * ZEXPORT zlibVersion OF((void));
++/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
++ If the first character differs, the library code actually used is
++ not compatible with the zlib.h header file used by the application.
++ This check is automatically made by deflateInit and inflateInit.
++ */
++
++/*
++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
++
++ Initializes the internal stream state for compression. The fields
++ zalloc, zfree and opaque must be initialized before by the caller.
++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to
++ use default allocation functions.
++
++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
++ 1 gives best speed, 9 gives best compression, 0 gives no compression at
++ all (the input data is simply copied a block at a time).
++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and
++ compression (currently equivalent to level 6).
++
++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_STREAM_ERROR if level is not a valid compression level,
++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
++ with the version assumed by the caller (ZLIB_VERSION).
++ msg is set to null if there is no error message. deflateInit does not
++ perform any compression: this will be done by deflate().
++*/
++
++
++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
++/*
++ deflate compresses as much data as possible, and stops when the input
++ buffer becomes empty or the output buffer becomes full. It may introduce some
++ output latency (reading input without producing any output) except when
++ forced to flush.
++
++ The detailed semantics are as follows. deflate performs one or both of the
++ following actions:
++
++ - Compress more input starting at next_in and update next_in and avail_in
++ accordingly. If not all input can be processed (because there is not
++ enough room in the output buffer), next_in and avail_in are updated and
++ processing will resume at this point for the next call of deflate().
++
++ - Provide more output starting at next_out and update next_out and avail_out
++ accordingly. This action is forced if the parameter flush is non zero.
++ Forcing flush frequently degrades the compression ratio, so this parameter
++ should be set only when necessary (in interactive applications).
++ Some output may be provided even if flush is not set.
++
++ Before the call of deflate(), the application should ensure that at least
++ one of the actions is possible, by providing more input and/or consuming
++ more output, and updating avail_in or avail_out accordingly; avail_out
++ should never be zero before the call. The application can consume the
++ compressed output when it wants, for example when the output buffer is full
++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
++ and with zero avail_out, it must be called again after making room in the
++ output buffer because there might be more output pending.
++
++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
++ flushed to the output buffer and the output is aligned on a byte boundary, so
++ that the decompressor can get all input data available so far. (In particular
++ avail_in is zero after the call if enough output space has been provided
++ before the call.) Flushing may degrade compression for some compression
++ algorithms and so it should be used only when necessary.
++
++ If flush is set to Z_FULL_FLUSH, all output is flushed as with
++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can
++ restart from this point if previous compressed data has been damaged or if
++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade
++ the compression.
++
++ If deflate returns with avail_out == 0, this function must be called again
++ with the same value of the flush parameter and more output space (updated
++ avail_out), until the flush is complete (deflate returns with non-zero
++ avail_out).
++
++ If the parameter flush is set to Z_FINISH, pending input is processed,
++ pending output is flushed and deflate returns with Z_STREAM_END if there
++ was enough output space; if deflate returns with Z_OK, this function must be
++ called again with Z_FINISH and more output space (updated avail_out) but no
++ more input data, until it returns with Z_STREAM_END or an error. After
++ deflate has returned Z_STREAM_END, the only possible operations on the
++ stream are deflateReset or deflateEnd.
++
++ Z_FINISH can be used immediately after deflateInit if all the compression
++ is to be done in a single step. In this case, avail_out must be at least
++ 0.1% larger than avail_in plus 12 bytes. If deflate does not return
++ Z_STREAM_END, then it must be called again as described above.
++
++ deflate() sets strm->adler to the adler32 checksum of all input read
++ so far (that is, total_in bytes).
++
++ deflate() may update data_type if it can make a good guess about
++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
++ binary. This field is only for information purposes and does not affect
++ the compression algorithm in any manner.
++
++ deflate() returns Z_OK if some progress has been made (more input
++ processed or more output produced), Z_STREAM_END if all input has been
++ consumed and all output has been produced (only when flush is set to
++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible
++ (for example avail_in or avail_out was zero).
++*/
++
++
++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
++/*
++ All dynamically allocated data structures for this stream are freed.
++ This function discards any unprocessed input and does not flush any
++ pending output.
++
++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed
++ prematurely (some input or output was discarded). In the error case,
++ msg may be set but then points to a static string (which must not be
++ deallocated).
++*/
++
++
++/*
++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
++
++ Initializes the internal stream state for decompression. The fields
++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by
++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact
++ value depends on the compression method), inflateInit determines the
++ compression method from the zlib header and allocates all data structures
++ accordingly; otherwise the allocation will be deferred to the first call of
++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to
++ use default allocation functions.
++
++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
++ version assumed by the caller. msg is set to null if there is no error
++ message. inflateInit does not perform any decompression apart from reading
++ the zlib header if present: this will be done by inflate(). (So next_in and
++ avail_in may be modified, but next_out and avail_out are unchanged.)
++*/
++
++
++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
++/*
++ inflate decompresses as much data as possible, and stops when the input
++ buffer becomes empty or the output buffer becomes full. It may some
++ introduce some output latency (reading input without producing any output)
++ except when forced to flush.
++
++ The detailed semantics are as follows. inflate performs one or both of the
++ following actions:
++
++ - Decompress more input starting at next_in and update next_in and avail_in
++ accordingly. If not all input can be processed (because there is not
++ enough room in the output buffer), next_in is updated and processing
++ will resume at this point for the next call of inflate().
++
++ - Provide more output starting at next_out and update next_out and avail_out
++ accordingly. inflate() provides as much output as possible, until there
++ is no more input data or no more space in the output buffer (see below
++ about the flush parameter).
++
++ Before the call of inflate(), the application should ensure that at least
++ one of the actions is possible, by providing more input and/or consuming
++ more output, and updating the next_* and avail_* values accordingly.
++ The application can consume the uncompressed output when it wants, for
++ example when the output buffer is full (avail_out == 0), or after each
++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it
++ must be called again after making room in the output buffer because there
++ might be more output pending.
++
++ If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much
++ output as possible to the output buffer. The flushing behavior of inflate is
++ not specified for values of the flush parameter other than Z_SYNC_FLUSH
++ and Z_FINISH, but the current implementation actually flushes as much output
++ as possible anyway.
++
++ inflate() should normally be called until it returns Z_STREAM_END or an
++ error. However if all decompression is to be performed in a single step
++ (a single call of inflate), the parameter flush should be set to
++ Z_FINISH. In this case all pending input is processed and all pending
++ output is flushed; avail_out must be large enough to hold all the
++ uncompressed data. (The size of the uncompressed data may have been saved
++ by the compressor for this purpose.) The next operation on this stream must
++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH
++ is never required, but can be used to inform inflate that a faster routine
++ may be used for the single inflate() call.
++
++ If a preset dictionary is needed at this point (see inflateSetDictionary
++ below), inflate sets strm-adler to the adler32 checksum of the
++ dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise
++ it sets strm->adler to the adler32 checksum of all output produced
++ so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or
++ an error code as described below. At the end of the stream, inflate()
++ checks that its computed adler32 checksum is equal to that saved by the
++ compressor and returns Z_STREAM_END only if the checksum is correct.
++
++ inflate() returns Z_OK if some progress has been made (more input processed
++ or more output produced), Z_STREAM_END if the end of the compressed data has
++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a
++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
++ corrupted (input stream not conforming to the zlib format or incorrect
++ adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent
++ (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not
++ enough memory, Z_BUF_ERROR if no progress is possible or if there was not
++ enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR
++ case, the application may then call inflateSync to look for a good
++ compression block.
++*/
++
++
++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
++/*
++ All dynamically allocated data structures for this stream are freed.
++ This function discards any unprocessed input and does not flush any
++ pending output.
++
++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
++ was inconsistent. In the error case, msg may be set but then points to a
++ static string (which must not be deallocated).
++*/
++
++ /* Advanced functions */
++
++/*
++ The following functions are needed only in some special applications.
++*/
++
++/*
++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
++ int level,
++ int method,
++ int windowBits,
++ int memLevel,
++ int strategy));
++
++ This is another version of deflateInit with more compression options. The
++ fields next_in, zalloc, zfree and opaque must be initialized before by
++ the caller.
++
++ The method parameter is the compression method. It must be Z_DEFLATED in
++ this version of the library.
++
++ The windowBits parameter is the base two logarithm of the window size
++ (the size of the history buffer). It should be in the range 8..15 for this
++ version of the library. Larger values of this parameter result in better
++ compression at the expense of memory usage. The default value is 15 if
++ deflateInit is used instead.
++
++ The memLevel parameter specifies how much memory should be allocated
++ for the internal compression state. memLevel=1 uses minimum memory but
++ is slow and reduces compression ratio; memLevel=9 uses maximum memory
++ for optimal speed. The default value is 8. See zconf.h for total memory
++ usage as a function of windowBits and memLevel.
++
++ The strategy parameter is used to tune the compression algorithm. Use the
++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
++ filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
++ string match). Filtered data consists mostly of small values with a
++ somewhat random distribution. In this case, the compression algorithm is
++ tuned to compress them better. The effect of Z_FILTERED is to force more
++ Huffman coding and less string matching; it is somewhat intermediate
++ between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
++ the compression ratio but not the correctness of the compressed output even
++ if it is not set appropriately.
++
++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid
++ method). msg is set to null if there is no error message. deflateInit2 does
++ not perform any compression: this will be done by deflate().
++*/
++
++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
++ const Bytef *dictionary,
++ uInt dictLength));
++/*
++ Initializes the compression dictionary from the given byte sequence
++ without producing any compressed output. This function must be called
++ immediately after deflateInit, deflateInit2 or deflateReset, before any
++ call of deflate. The compressor and decompressor must use exactly the same
++ dictionary (see inflateSetDictionary).
++
++ The dictionary should consist of strings (byte sequences) that are likely
++ to be encountered later in the data to be compressed, with the most commonly
++ used strings preferably put towards the end of the dictionary. Using a
++ dictionary is most useful when the data to be compressed is short and can be
++ predicted with good accuracy; the data can then be compressed better than
++ with the default empty dictionary.
++
++ Depending on the size of the compression data structures selected by
++ deflateInit or deflateInit2, a part of the dictionary may in effect be
++ discarded, for example if the dictionary is larger than the window size in
++ deflate or deflate2. Thus the strings most likely to be useful should be
++ put at the end of the dictionary, not at the front.
++
++ Upon return of this function, strm->adler is set to the Adler32 value
++ of the dictionary; the decompressor may later use this value to determine
++ which dictionary has been used by the compressor. (The Adler32 value
++ applies to the whole dictionary even if only a subset of the dictionary is
++ actually used by the compressor.)
++
++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
++ parameter is invalid (such as NULL dictionary) or the stream state is
++ inconsistent (for example if deflate has already been called for this stream
++ or if the compression method is bsort). deflateSetDictionary does not
++ perform any compression: this will be done by deflate().
++*/
++
++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
++ z_streamp source));
++/*
++ Sets the destination stream as a complete copy of the source stream.
++
++ This function can be useful when several compression strategies will be
++ tried, for example when there are several ways of pre-processing the input
++ data with a filter. The streams that will be discarded should then be freed
++ by calling deflateEnd. Note that deflateCopy duplicates the internal
++ compression state which can be quite large, so this strategy is slow and
++ can consume lots of memory.
++
++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
++ (such as zalloc being NULL). msg is left unchanged in both source and
++ destination.
++*/
++
++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
++/*
++ This function is equivalent to deflateEnd followed by deflateInit,
++ but does not free and reallocate all the internal compression state.
++ The stream will keep the same compression level and any other attributes
++ that may have been set by deflateInit2.
++
++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
++ stream state was inconsistent (such as zalloc or state being NULL).
++*/
++
++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
++ int level,
++ int strategy));
++/*
++ Dynamically update the compression level and compression strategy. The
++ interpretation of level and strategy is as in deflateInit2. This can be
++ used to switch between compression and straight copy of the input data, or
++ to switch to a different kind of input data requiring a different
++ strategy. If the compression level is changed, the input available so far
++ is compressed with the old level (and may be flushed); the new level will
++ take effect only at the next call of deflate().
++
++ Before the call of deflateParams, the stream state must be set as for
++ a call of deflate(), since the currently available input may have to
++ be compressed and flushed. In particular, strm->avail_out must be non-zero.
++
++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
++ if strm->avail_out was zero.
++*/
++
++/*
++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
++ int windowBits));
++
++ This is another version of inflateInit with an extra parameter. The
++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized
++ before by the caller.
++
++ The windowBits parameter is the base two logarithm of the maximum window
++ size (the size of the history buffer). It should be in the range 8..15 for
++ this version of the library. The default value is 15 if inflateInit is used
++ instead. If a compressed stream with a larger window size is given as
++ input, inflate() will return with the error code Z_DATA_ERROR instead of
++ trying to allocate a larger window.
++
++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative
++ memLevel). msg is set to null if there is no error message. inflateInit2
++ does not perform any decompression apart from reading the zlib header if
++ present: this will be done by inflate(). (So next_in and avail_in may be
++ modified, but next_out and avail_out are unchanged.)
++*/
++
++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
++ const Bytef *dictionary,
++ uInt dictLength));
++/*
++ Initializes the decompression dictionary from the given uncompressed byte
++ sequence. This function must be called immediately after a call of inflate
++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor
++ can be determined from the Adler32 value returned by this call of
++ inflate. The compressor and decompressor must use exactly the same
++ dictionary (see deflateSetDictionary).
++
++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
++ parameter is invalid (such as NULL dictionary) or the stream state is
++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
++ expected one (incorrect Adler32 value). inflateSetDictionary does not
++ perform any decompression: this will be done by subsequent calls of
++ inflate().
++*/
++
++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
++/*
++ Skips invalid compressed data until a full flush point (see above the
++ description of deflate with Z_FULL_FLUSH) can be found, or until all
++ available input is skipped. No output is provided.
++
++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
++ if no more input was provided, Z_DATA_ERROR if no flush point has been found,
++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
++ case, the application may save the current current value of total_in which
++ indicates where valid compressed data was found. In the error case, the
++ application may repeatedly call inflateSync, providing more input each time,
++ until success or end of the input data.
++*/
++
++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
++/*
++ This function is equivalent to inflateEnd followed by inflateInit,
++ but does not free and reallocate all the internal decompression state.
++ The stream will keep attributes that may have been set by inflateInit2.
++
++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
++ stream state was inconsistent (such as zalloc or state being NULL).
++*/
++
++
++ /* utility functions */
++
++/*
++ The following utility functions are implemented on top of the
++ basic stream-oriented functions. To simplify the interface, some
++ default options are assumed (compression level and memory usage,
++ standard memory allocation functions). The source code of these
++ utility functions can easily be modified if you need special options.
++*/
++
++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen));
++/*
++ Compresses the source buffer into the destination buffer. sourceLen is
++ the byte length of the source buffer. Upon entry, destLen is the total
++ size of the destination buffer, which must be at least 0.1% larger than
++ sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
++ compressed buffer.
++ This function can be used to compress a whole file at once if the
++ input file is mmap'ed.
++ compress returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_BUF_ERROR if there was not enough room in the output
++ buffer.
++*/
++
++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen,
++ int level));
++/*
++ Compresses the source buffer into the destination buffer. The level
++ parameter has the same meaning as in deflateInit. sourceLen is the byte
++ length of the source buffer. Upon entry, destLen is the total size of the
++ destination buffer, which must be at least 0.1% larger than sourceLen plus
++ 12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
++
++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_BUF_ERROR if there was not enough room in the output buffer,
++ Z_STREAM_ERROR if the level parameter is invalid.
++*/
++
++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen));
++/*
++ Decompresses the source buffer into the destination buffer. sourceLen is
++ the byte length of the source buffer. Upon entry, destLen is the total
++ size of the destination buffer, which must be large enough to hold the
++ entire uncompressed data. (The size of the uncompressed data must have
++ been saved previously by the compressor and transmitted to the decompressor
++ by some mechanism outside the scope of this compression library.)
++ Upon exit, destLen is the actual size of the compressed buffer.
++ This function can be used to decompress a whole file at once if the
++ input file is mmap'ed.
++
++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_BUF_ERROR if there was not enough room in the output
++ buffer, or Z_DATA_ERROR if the input data was corrupted.
++*/
++
++
++typedef voidp gzFile;
++
++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
++/*
++ Opens a gzip (.gz) file for reading or writing. The mode parameter
++ is as in fopen ("rb" or "wb") but can also include a compression level
++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for
++ Huffman only compression as in "wb1h". (See the description
++ of deflateInit2 for more information about the strategy parameter.)
++
++ gzopen can be used to read a file which is not in gzip format; in this
++ case gzread will directly read from the file without decompression.
++
++ gzopen returns NULL if the file could not be opened or if there was
++ insufficient memory to allocate the (de)compression state; errno
++ can be checked to distinguish the two cases (if errno is zero, the
++ zlib error is Z_MEM_ERROR). */
++
++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
++/*
++ gzdopen() associates a gzFile with the file descriptor fd. File
++ descriptors are obtained from calls like open, dup, creat, pipe or
++ fileno (in the file has been previously opened with fopen).
++ The mode parameter is as in gzopen.
++ The next call of gzclose on the returned gzFile will also close the
++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
++ gzdopen returns NULL if there was insufficient memory to allocate
++ the (de)compression state.
++*/
++
++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
++/*
++ Dynamically update the compression level or strategy. See the description
++ of deflateInit2 for the meaning of these parameters.
++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
++ opened for writing.
++*/
++
++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
++/*
++ Reads the given number of uncompressed bytes from the compressed file.
++ If the input file was not in gzip format, gzread copies the given number
++ of bytes into the buffer.
++ gzread returns the number of uncompressed bytes actually read (0 for
++ end of file, -1 for error). */
++
++ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
++ const voidp buf, unsigned len));
++/*
++ Writes the given number of uncompressed bytes into the compressed file.
++ gzwrite returns the number of uncompressed bytes actually written
++ (0 in case of error).
++*/
++
++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
++/*
++ Converts, formats, and writes the args to the compressed file under
++ control of the format string, as in fprintf. gzprintf returns the number of
++ uncompressed bytes actually written (0 in case of error).
++*/
++
++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
++/*
++ Writes the given null-terminated string to the compressed file, excluding
++ the terminating null character.
++ gzputs returns the number of characters written, or -1 in case of error.
++*/
++
++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
++/*
++ Reads bytes from the compressed file until len-1 characters are read, or
++ a newline character is read and transferred to buf, or an end-of-file
++ condition is encountered. The string is then terminated with a null
++ character.
++ gzgets returns buf, or Z_NULL in case of error.
++*/
++
++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
++/*
++ Writes c, converted to an unsigned char, into the compressed file.
++ gzputc returns the value that was written, or -1 in case of error.
++*/
++
++ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
++/*
++ Reads one byte from the compressed file. gzgetc returns this byte
++ or -1 in case of end of file or error.
++*/
++
++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
++/*
++ Flushes all pending output into the compressed file. The parameter
++ flush is as in the deflate() function. The return value is the zlib
++ error number (see function gzerror below). gzflush returns Z_OK if
++ the flush parameter is Z_FINISH and all output could be flushed.
++ gzflush should be called only when strictly necessary because it can
++ degrade compression.
++*/
++
++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
++ z_off_t offset, int whence));
++/*
++ Sets the starting position for the next gzread or gzwrite on the
++ given compressed file. The offset represents a number of bytes in the
++ uncompressed data stream. The whence parameter is defined as in lseek(2);
++ the value SEEK_END is not supported.
++ If the file is opened for reading, this function is emulated but can be
++ extremely slow. If the file is opened for writing, only forward seeks are
++ supported; gzseek then compresses a sequence of zeroes up to the new
++ starting position.
++
++ gzseek returns the resulting offset location as measured in bytes from
++ the beginning of the uncompressed stream, or -1 in case of error, in
++ particular if the file is opened for writing and the new starting position
++ would be before the current position.
++*/
++
++ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
++/*
++ Rewinds the given file. This function is supported only for reading.
++
++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
++*/
++
++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
++/*
++ Returns the starting position for the next gzread or gzwrite on the
++ given compressed file. This position represents a number of bytes in the
++ uncompressed data stream.
++
++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
++*/
++
++ZEXTERN int ZEXPORT gzeof OF((gzFile file));
++/*
++ Returns 1 when EOF has previously been detected reading the given
++ input stream, otherwise zero.
++*/
++
++ZEXTERN int ZEXPORT gzclose OF((gzFile file));
++/*
++ Flushes all pending output if necessary, closes the compressed file
++ and deallocates all the (de)compression state. The return value is the zlib
++ error number (see function gzerror below).
++*/
++
++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
++/*
++ Returns the error message for the last error which occurred on the
++ given compressed file. errnum is set to zlib error number. If an
++ error occurred in the file system and not in the compression library,
++ errnum is set to Z_ERRNO and the application may consult errno
++ to get the exact error code.
++*/
++
++ /* checksum functions */
++
++/*
++ These functions are not related to compression but are exported
++ anyway because they might be useful in applications using the
++ compression library.
++*/
++
++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
++
++/*
++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and
++ return the updated checksum. If buf is NULL, this function returns
++ the required initial value for the checksum.
++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
++ much faster. Usage example:
++
++ uLong adler = adler32(0L, Z_NULL, 0);
++
++ while (read_buffer(buffer, length) != EOF) {
++ adler = adler32(adler, buffer, length);
++ }
++ if (adler != original_adler) error();
++*/
++
++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
++/*
++ Update a running crc with the bytes buf[0..len-1] and return the updated
++ crc. If buf is NULL, this function returns the required initial value
++ for the crc. Pre- and post-conditioning (one's complement) is performed
++ within this function so it shouldn't be done by the application.
++ Usage example:
++
++ uLong crc = crc32(0L, Z_NULL, 0);
++
++ while (read_buffer(buffer, length) != EOF) {
++ crc = crc32(crc, buffer, length);
++ }
++ if (crc != original_crc) error();
++*/
++
++
++ /* various hacks, don't look :) */
++
++/* deflateInit and inflateInit are macros to allow checking the zlib version
++ * and the compiler's view of z_stream:
++ */
++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
++ const char *version, int stream_size));
++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
++ const char *version, int stream_size));
++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
++ int windowBits, int memLevel,
++ int strategy, const char *version,
++ int stream_size));
++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
++ const char *version, int stream_size));
++#define deflateInit(strm, level) \
++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
++#define inflateInit(strm) \
++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
++ (strategy), ZLIB_VERSION, sizeof(z_stream))
++#define inflateInit2(strm, windowBits) \
++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
++
++
++#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
++ struct internal_state {int dummy;}; /* hack for buggy compilers */
++#endif
++
++ZEXTERN const char * ZEXPORT zError OF((int err));
++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z));
++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void));
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* _ZLIB_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/include/zlib/zutil.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,225 @@
++/* zutil.h -- internal interface and configuration of the compression library
++ * Copyright (C) 1995-2002 Jean-loup Gailly.
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/* WARNING: this file should *not* be used by applications. It is
++ part of the implementation of the compression library and is
++ subject to change. Applications should only use zlib.h.
++ */
++
++/* @(#) $Id: zutil.h,v 1.4 2002/04/24 07:36:48 mcr Exp $ */
++
++#ifndef _Z_UTIL_H
++#define _Z_UTIL_H
++
++#include "zlib.h"
++
++#include <linux/string.h>
++#define HAVE_MEMCPY
++
++#if 0 // #ifdef STDC
++# include <stddef.h>
++# include <string.h>
++# include <stdlib.h>
++#endif
++#ifndef __KERNEL__
++#ifdef NO_ERRNO_H
++ extern int errno;
++#else
++# include <errno.h>
++#endif
++#endif
++
++#ifndef local
++# define local static
++#endif
++/* compile with -Dlocal if your debugger can't find static symbols */
++
++typedef unsigned char uch;
++typedef uch FAR uchf;
++typedef unsigned short ush;
++typedef ush FAR ushf;
++typedef unsigned long ulg;
++
++extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
++/* (size given to avoid silly warnings with Visual C++) */
++
++#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
++
++#define ERR_RETURN(strm,err) \
++ return (strm->msg = ERR_MSG(err), (err))
++/* To be used only when the state is known to be valid */
++
++ /* common constants */
++
++#ifndef DEF_WBITS
++# define DEF_WBITS MAX_WBITS
++#endif
++/* default windowBits for decompression. MAX_WBITS is for compression only */
++
++#if MAX_MEM_LEVEL >= 8
++# define DEF_MEM_LEVEL 8
++#else
++# define DEF_MEM_LEVEL MAX_MEM_LEVEL
++#endif
++/* default memLevel */
++
++#define STORED_BLOCK 0
++#define STATIC_TREES 1
++#define DYN_TREES 2
++/* The three kinds of block type */
++
++#define MIN_MATCH 3
++#define MAX_MATCH 258
++/* The minimum and maximum match lengths */
++
++#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
++
++ /* target dependencies */
++
++#ifdef MSDOS
++# define OS_CODE 0x00
++# if defined(__TURBOC__) || defined(__BORLANDC__)
++# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
++ /* Allow compilation with ANSI keywords only enabled */
++ void _Cdecl farfree( void *block );
++ void *_Cdecl farmalloc( unsigned long nbytes );
++# else
++# include <alloc.h>
++# endif
++# else /* MSC or DJGPP */
++# include <malloc.h>
++# endif
++#endif
++
++#ifdef OS2
++# define OS_CODE 0x06
++#endif
++
++#ifdef WIN32 /* Window 95 & Windows NT */
++# define OS_CODE 0x0b
++#endif
++
++#if defined(VAXC) || defined(VMS)
++# define OS_CODE 0x02
++# define F_OPEN(name, mode) \
++ fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
++#endif
++
++#ifdef AMIGA
++# define OS_CODE 0x01
++#endif
++
++#if defined(ATARI) || defined(atarist)
++# define OS_CODE 0x05
++#endif
++
++#if defined(MACOS) || defined(TARGET_OS_MAC)
++# define OS_CODE 0x07
++# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
++# include <unix.h> /* for fdopen */
++# else
++# ifndef fdopen
++# define fdopen(fd,mode) NULL /* No fdopen() */
++# endif
++# endif
++#endif
++
++#ifdef __50SERIES /* Prime/PRIMOS */
++# define OS_CODE 0x0F
++#endif
++
++#ifdef TOPS20
++# define OS_CODE 0x0a
++#endif
++
++#if defined(_BEOS_) || defined(RISCOS)
++# define fdopen(fd,mode) NULL /* No fdopen() */
++#endif
++
++#if (defined(_MSC_VER) && (_MSC_VER > 600))
++# define fdopen(fd,type) _fdopen(fd,type)
++#endif
++
++
++ /* Common defaults */
++
++#ifndef OS_CODE
++# define OS_CODE 0x03 /* assume Unix */
++#endif
++
++#ifndef F_OPEN
++# define F_OPEN(name, mode) fopen((name), (mode))
++#endif
++
++ /* functions */
++
++#ifdef HAVE_STRERROR
++ extern char *strerror OF((int));
++# define zstrerror(errnum) strerror(errnum)
++#else
++# define zstrerror(errnum) ""
++#endif
++
++#if defined(pyr)
++# define NO_MEMCPY
++#endif
++#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
++ /* Use our own functions for small and medium model with MSC <= 5.0.
++ * You may have to use the same strategy for Borland C (untested).
++ * The __SC__ check is for Symantec.
++ */
++# define NO_MEMCPY
++#endif
++#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
++# define HAVE_MEMCPY
++#endif
++#ifdef HAVE_MEMCPY
++# ifdef SMALL_MEDIUM /* MSDOS small or medium model */
++# define zmemcpy _fmemcpy
++# define zmemcmp _fmemcmp
++# define zmemzero(dest, len) _fmemset(dest, 0, len)
++# else
++# define zmemcpy memcpy
++# define zmemcmp memcmp
++# define zmemzero(dest, len) memset(dest, 0, len)
++# endif
++#else
++ extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
++ extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
++ extern void zmemzero OF((Bytef* dest, uInt len));
++#endif
++
++/* Diagnostic functions */
++#ifdef DEBUG
++# include <stdio.h>
++ extern int z_verbose;
++ extern void z_error OF((char *m));
++# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
++# define Trace(x) {if (z_verbose>=0) fprintf x ;}
++# define Tracev(x) {if (z_verbose>0) fprintf x ;}
++# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
++# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
++# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
++#else
++# define Assert(cond,msg)
++# define Trace(x)
++# define Tracev(x)
++# define Tracevv(x)
++# define Tracec(c,x)
++# define Tracecv(c,x)
++#endif
++
++
++typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf,
++ uInt len));
++voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size));
++void zcfree OF((voidpf opaque, voidpf ptr));
++
++#define ZALLOC(strm, items, size) \
++ (*((strm)->zalloc))((strm)->opaque, (items), (size))
++#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
++#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
++
++#endif /* _Z_UTIL_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/lib/libfreeswan/Makefile.objs Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,21 @@
++obj-y += satot.o
++obj-y += addrtot.o
++obj-y += ultot.o
++obj-y += addrtypeof.o
++obj-y += anyaddr.o
++obj-y += initaddr.o
++obj-y += ultoa.o
++obj-y += addrtoa.o
++obj-y += subnettoa.o
++obj-y += subnetof.o
++obj-y += goodmask.o
++obj-y += datatot.o
++obj-y += rangetoa.o
++obj-y += prng.o
++obj-y += pfkey_v2_parse.o
++obj-y += pfkey_v2_build.o
++obj-y += pfkey_v2_debug.o
++obj-y += pfkey_v2_ext_bits.o
++
++#version.c: ${LIBFREESWANDIR}/version.in.c ${OPENSWANSRCDIR}/Makefile.ver
++# sed '/"/s/xxx/$(IPSECVERSION)/' ${LIBFREESWANDIR}/version.in.c >$@
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/lib/zlib/Makefile Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,118 @@
++# (kernel) Makefile for IPCOMP zlib deflate code
++# Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
++# Copyright (C) 2000 Svenning Soerensen
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile,v 1.9 2002/04/24 07:55:32 mcr Exp $
++#
++
++
++
++include ../Makefile.inc
++
++
++
++ifndef TOPDIR
++TOPDIR := /usr/src/linux
++endif
++
++
++L_TARGET := zlib.a
++
++obj-y :=
++
++include Makefile.objs
++
++EXTRA_CFLAGS += $(KLIPSCOMPILE)
++
++EXTRA_CFLAGS += -Wall
++#EXTRA_CFLAGS += -Wconversion
++#EXTRA_CFLAGS += -Wmissing-prototypes
++EXTRA_CFLAGS += -Wpointer-arith
++#EXTRA_CFLAGS += -Wcast-qual
++#EXTRA_CFLAGS += -Wmissing-declarations
++EXTRA_CFLAGS += -Wstrict-prototypes
++#EXTRA_CFLAGS += -pedantic
++#EXTRA_CFLAGS += -W
++#EXTRA_CFLAGS += -Wwrite-strings
++EXTRA_CFLAGS += -Wbad-function-cast
++EXTRA_CFLAGS += -DIPCOMP_PREFIX
++
++.S.o:
++ $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o
++
++asm-obj-$(CONFIG_M586) += match586.o
++asm-obj-$(CONFIG_M586TSC) += match586.o
++asm-obj-$(CONFIG_M586MMX) += match586.o
++asm-obj-$(CONFIG_M686) += match686.o
++asm-obj-$(CONFIG_MPENTIUMIII) += match686.o
++asm-obj-$(CONFIG_MPENTIUM4) += match686.o
++asm-obj-$(CONFIG_MK6) += match586.o
++asm-obj-$(CONFIG_MK7) += match686.o
++asm-obj-$(CONFIG_MCRUSOE) += match586.o
++asm-obj-$(CONFIG_MWINCHIPC6) += match586.o
++asm-obj-$(CONFIG_MWINCHIP2) += match686.o
++asm-obj-$(CONFIG_MWINCHIP3D) += match686.o
++
++obj-y += $(asm-obj-y)
++ifneq ($(strip $(asm-obj-y)),)
++ EXTRA_CFLAGS += -DASMV
++endif
++
++active-objs := $(sort $(obj-y) $(obj-m))
++L_OBJS := $(obj-y)
++M_OBJS := $(obj-m)
++MIX_OBJS := $(filter $(export-objs), $(active-objs))
++
++include $(TOPDIR)/Rules.make
++
++$(obj-y) : $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h
++
++
++clean:
++ -rm -f *.o *.a
++
++checkprograms:
++programs: $(L_TARGET)
++
++#
++# $Log: Makefile,v $
++# Revision 1.9 2002/04/24 07:55:32 mcr
++# #include patches and Makefiles for post-reorg compilation.
++#
++# Revision 1.8 2002/04/24 07:36:44 mcr
++# Moved from ./zlib/Makefile,v
++#
++# Revision 1.7 2002/03/27 23:34:35 mcr
++# added programs: target
++#
++# Revision 1.6 2001/12/05 20:19:08 henry
++# use new compile-control variable
++#
++# Revision 1.5 2001/11/27 16:38:08 mcr
++# added new "checkprograms" target to deal with programs that
++# are required for "make check", but that may not be ready to
++# build for every user due to external dependancies.
++#
++# Revision 1.4 2001/10/24 14:46:24 henry
++# Makefile.inc
++#
++# Revision 1.3 2001/04/21 23:05:24 rgb
++# Update asm directives for 2.4 style makefiles.
++#
++# Revision 1.2 2001/01/29 22:22:00 rgb
++# Convert to 2.4 new style with back compat.
++#
++# Revision 1.1.1.1 2000/09/29 18:51:33 rgb
++# zlib_beginnings
++#
++#
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/lib/zlib/Makefile.objs Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,27 @@
++obj-$(CONFIG_IPSEC_IPCOMP) += adler32.o
++obj-$(CONFIG_IPSEC_IPCOMP) += deflate.o
++obj-$(CONFIG_IPSEC_IPCOMP) += infblock.o
++obj-$(CONFIG_IPSEC_IPCOMP) += infcodes.o
++obj-$(CONFIG_IPSEC_IPCOMP) += inffast.o
++obj-$(CONFIG_IPSEC_IPCOMP) += inflate.o
++obj-$(CONFIG_IPSEC_IPCOMP) += inftrees.o
++obj-$(CONFIG_IPSEC_IPCOMP) += infutil.o
++obj-$(CONFIG_IPSEC_IPCOMP) += trees.o
++obj-$(CONFIG_IPSEC_IPCOMP) += zutil.o
++
++asm-obj-$(CONFIG_M586) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_M586TSC) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_M586MMX) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_M686) += ${LIBZLIBSRCDIR}/match686.o
++asm-obj-$(CONFIG_MPENTIUMIII) += ${LIBZLIBSRCDIR}/match686.o
++asm-obj-$(CONFIG_MPENTIUM4) += ${LIBZLIBSRCDIR}/match686.o
++asm-obj-$(CONFIG_MK6) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_MK7) += ${LIBZLIBSRCDIR}/match686.o
++asm-obj-$(CONFIG_MCRUSOE) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_MWINCHIPC6) += ${LIBZLIBSRCDIR}/match586.o
++asm-obj-$(CONFIG_MWINCHIP2) += ${LIBZLIBSRCDIR}/match686.o
++asm-obj-$(CONFIG_MWINCHIP3D) += ${LIBZLIBSRCDIR}/match686.o
++
++EXTRA_CFLAGS += -DIPCOMP_PREFIX
++
++
+--- swan26/net/Kconfig.preipsec 2005-09-01 18:15:19.000000000 -0400
++++ swan26/net/Kconfig 2005-09-03 16:51:17.000000000 -0400
+@@ -215,2 +215,6 @@
+
++if INET
++source "net/ipsec/Kconfig"
++endif # if INET
++
+ endif # if NET
+--- /distros/kernel/linux-2.6.3-rc4/net/Makefile Mon Feb 16 21:22:12 2004
++++ ref26/net/Makefile Thu Feb 19 21:02:25 2004
+@@ -42,3 +42,6 @@
+ ifeq ($(CONFIG_NET),y)
+ obj-$(CONFIG_SYSCTL) += sysctl_net.o
+ endif
++
++obj-$(CONFIG_KLIPS) += ipsec/
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/Kconfig Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,161 @@
++#
++# IPSEC configuration
++# Copyright (C) 2004 Michael Richardson <mcr@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Kconfig,v 1.6.2.2 2006/10/11 18:14:33 paul Exp $
++
++config KLIPS
++ tristate "Openswan IPsec (KLIPS26)"
++ default n
++ help
++ KLIPS is the Openswan (www.openswan.org) Kernel Level IP Security
++ system. It is extensively tested, and has interoperated with
++ many other systems.
++ It provides "ipsecX" devices on which one can do firewalling.
++ The userland, is compatible with both KLIPS and 26sec.
++
++menu "KLIPS options"
++ depends on KLIPS
++
++config KLIPS_ESP
++ bool 'Encapsulating Security Payload - ESP ("VPN")'
++ default y
++ help
++ This option provides support for the IPSEC Encapsulation Security
++ Payload (IP protocol 50) which provides packet layer content
++ hiding, and content authentication.
++ It is recommended to enable this. RFC2406
++
++config KLIPS_AH
++ bool 'Authentication Header - AH'
++ default n
++ help
++ This option provides support for the IPSEC Authentication Header
++ (IP protocol 51) which provides packet layer sender and content
++ authentication. It does not provide for confidentiality.
++ It is not recommended to enable this. RFC2402
++
++config KLIPS_AUTH_HMAC_MD5
++ bool 'HMAC-MD5 authentication algorithm'
++ default y
++ help
++ The HMAC-MD5 algorithm is used by ESP (and AH) to guarantee packet
++ integrity. There is little reason not to include it.
++
++config KLIPS_AUTH_HMAC_SHA1
++ bool 'HMAC-SHA1 authentication algorithm'
++ default y
++ help
++ The HMAC-SHA1 algorithm is used by ESP (and AH) to guarantee packet
++ integrity. SHA1 is a little slower than MD5, but is said to be
++ a bit more secure. There is little reason not to include it.
++
++config KLIPS_ENC_CRYPTOAPI
++ bool 'CryptoAPI algorithm interface'
++ default n
++ help
++ Enable the algorithm interface to make all CryptoAPI 1.0 algorithms
++ available to KLIPS.
++
++config KLIPS_ENC_1DES
++ bool 'Include 1DES with CryptoAPI'
++ default n
++ depends on KLIPS_ENC_CRYPTOAPI
++ help
++ The CryptoAPI interface does not include support for every algorithm
++ yet, and one that it doesn't support by default is the VERY WEAK
++ 1DES. Select this if you are terminally stupid.
++
++config KLIPS_ENC_3DES
++ bool '3DES encryption algorithm'
++ default y
++ help
++ The 3DES algorithm is used by ESP to provide for packet privacy.
++ 3DES is 3-repeats of the DES algorithm. 3DES is widely supported,
++ and analyzed and is considered very secure. 1DES is not supported.
++
++config KLIPS_ENC_AES
++ bool 'AES encryption algorithm'
++ default y
++ help
++ The AES algorithm is used by ESP to provide for packet privacy.
++ AES the NIST replacement for DES. AES is being widely analyzed,
++ and is very fast.
++
++config KLIPS_ENC_NULL
++ bool 'NULL NON-encryption algorithm'
++ default n
++ help
++ NON encryption algo , maybe useful for ESP auth only scenarios
++ (eg: with NAT-T), see RFC 2410.
++
++config KLIPS_IPCOMP
++ bool 'IP compression'
++ default y
++ help
++ The IPcomp protocol is used prior to ESP to make the packet
++ smaller. Once encrypted, compression will fail, so any link
++ layer efforts (e.g. PPP) will not work.
++
++config KLIPS_DEBUG
++ bool 'IPsec debugging'
++ default y
++ help
++ KLIPS includes a lot of debugging code. Unless there is a real
++ tangible benefit to removing this code, it should be left in place.
++ Debugging connections without access to kernel level debugging is
++ essentially impossible. Leave this on.
++
++endmenu
++
++#
++#
++# $Log: Kconfig,v $
++# Revision 1.6.2.2 2006/10/11 18:14:33 paul
++# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
++# per default.
++#
++# Revision 1.6.2.1 2006/04/20 16:33:06 mcr
++# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it.
++# Fix in-kernel module compilation. Sub-makefiles do not work.
++#
++# Revision 1.6 2005/05/18 20:55:27 mcr
++# default cryptoapi to n.
++#
++# Revision 1.5 2005/05/11 01:23:25 mcr
++# added 1DES option to cryptoapi.
++#
++# Revision 1.4 2005/04/29 05:29:54 mcr
++# add option to include cryptoapi algorithms.
++#
++# Revision 1.3 2004/08/17 03:27:23 mcr
++# klips 2.6 edits.
++#
++# Revision 1.2 2004/08/14 03:27:39 mcr
++# 2.6 kernel build/configuration files.
++#
++# Revision 1.1 2004/08/14 02:47:55 mcr
++# kernel build/config patches
++#
++# Revision 1.3 2004/02/24 17:17:04 mcr
++# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to
++# turn it on/off as well.
++#
++# Revision 1.2 2004/02/22 06:50:42 mcr
++# kernel 2.6 port - merged with 2.4 code.
++#
++# Revision 1.1.2.1 2004/02/20 02:07:53 mcr
++# module configuration for KLIPS 2.6
++#
++#
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/Makefile Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,195 @@
++# Makefile for KLIPS kernel code as a module for 2.6 kernels
++#
++# Makefile for KLIPS kernel code as a module
++# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs.
++# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile.fs2_6,v 1.8.2.2 2006/10/11 18:14:33 paul Exp $
++#
++# Note! Dependencies are done automagically by 'make dep', which also
++# removes any old dependencies. DON'T put your own dependencies here
++# unless it's something special (ie not a .c file).
++#
++
++OPENSWANSRCDIR?=.
++KLIPS_TOP?=.
++
++-include ${OPENSWANSRCDIR}/Makefile.ver
++
++base-klips-objs :=
++
++base-klips-objs+= ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o
++base-klips-objs+= ipsec_life.o ipsec_proc.o
++base-klips-objs+= ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o ipsec_ipip.o
++base-klips-objs+= ipsec_snprintf.o
++base-klips-objs+= sysctl_net_ipsec.o
++base-klips-objs+= pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o
++base-klips-objs+= version.o
++
++base-klips-objs+= satot.o
++base-klips-objs+= addrtot.o
++base-klips-objs+= ultot.o
++base-klips-objs+= addrtypeof.o
++base-klips-objs+= anyaddr.o
++base-klips-objs+= initaddr.o
++base-klips-objs+= ultoa.o
++base-klips-objs+= addrtoa.o
++base-klips-objs+= subnettoa.o
++base-klips-objs+= subnetof.o
++base-klips-objs+= goodmask.o
++base-klips-objs+= datatot.o
++base-klips-objs+= rangetoa.o
++base-klips-objs+= prng.o
++base-klips-objs+= pfkey_v2_parse.o
++base-klips-objs+= pfkey_v2_build.o
++base-klips-objs+= pfkey_v2_debug.o
++base-klips-objs+= pfkey_v2_ext_bits.o
++base-klips-objs+= version.o
++
++obj-${CONFIG_KLIPS} += ipsec.o
++
++ipsec-objs += ${base-klips-objs}
++
++ipsec-$(CONFIG_KLIPS_ESP) += ipsec_esp.o
++ipsec-$(CONFIG_KLIPS_IPCOMP) += ipsec_ipcomp.o
++ipsec-$(CONFIG_KLIPS_AUTH_HMAC_MD5) += ipsec_md5c.o
++ipsec-$(CONFIG_KLIPS_AUTH_HMAC_SHA1) += ipsec_sha1.o
++
++# AH, if you really think you need it.
++ipsec-$(CONFIG_KLIPS_AH) += ipsec_ah.o
++
++ipsec-y += ipsec_alg.o
++
++# include code from DES subdir
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ipsec_alg_3des.o
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/cbc_enc.o
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ecb_enc.o
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/set_key.o
++
++ifeq ($(strip ${SUBARCH}),)
++SUBARCH:=${ARCH}
++endif
++
++# the assembly version expects frame pointers, which are
++# optional in many kernel builds. If you want speed, you should
++# probably use cryptoapi code instead.
++USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
++ifeq (${USEASSEMBLY},i386y)
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/dx86unix.o
++else
++crypto-$(CONFIG_KLIPS_ENC_3DES) += des/des_enc.o
++endif
++
++# include code from AES subdir
++crypto-$(CONFIG_KLIPS_ENC_AES) += aes/ipsec_alg_aes.o
++crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_xcbc_mac.o
++crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_cbc.o
++
++ifeq ($(strip ${SUBARCH}),)
++SUBARCH:=${ARCH}
++endif
++
++USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
++ifeq (${USEASSEMBLY},i386y)
++crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes-i586.o
++else
++crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes.o
++endif
++
++crypto-$(CONFIG_KLIPS_ENC_NULL) += null/ipsec_alg_null.o
++
++ipsec-y += ${crypto-y}
++
++ipsec-$(CONFIG_KLIPS_ENC_CRYPTOAPI) += ipsec_alg_cryptoapi.o
++
++# IPcomp stuff
++base-ipcomp-objs := ipcomp.o
++base-ipcomp-objs += adler32.o
++base-ipcomp-objs += deflate.o
++base-ipcomp-objs += infblock.o
++base-ipcomp-objs += infcodes.o
++base-ipcomp-objs += inffast.o
++base-ipcomp-objs += inflate.o
++base-ipcomp-objs += inftrees.o
++base-ipcomp-objs += infutil.o
++base-ipcomp-objs += trees.o
++base-ipcomp-objs += zutil.o
++asm-ipcomp-obj-$(CONFIG_M586) += match586.o
++asm-ipcomp-obj-$(CONFIG_M586TSC) += match586.o
++asm-ipcomp-obj-$(CONFIG_M586MMX) += match586.o
++asm-ipcomp-obj-$(CONFIG_M686) += match686.o
++asm-ipcomp-obj-$(CONFIG_MPENTIUMIII) += match686.o
++asm-ipcomp-obj-$(CONFIG_MPENTIUM4) += match686.o
++asm-ipcomp-obj-$(CONFIG_MK6) += match586.o
++asm-ipcomp-obj-$(CONFIG_MK7) += match686.o
++asm-ipcomp-obj-$(CONFIG_MCRUSOE) += match586.o
++asm-ipcomp-obj-$(CONFIG_MWINCHIPC6) += match586.o
++asm-ipcomp-obj-$(CONFIG_MWINCHIP2) += match686.o
++asm-ipcomp-obj-$(CONFIG_MWINCHIP3D) += match686.o
++base-ipcomp-objs += ${asm-ipcomp-obj-y}
++
++ipsec-$(CONFIG_KLIPS_IPCOMP) += ${base-ipcomp-objs}
++
++EXTRA_CFLAGS += -DIPCOMP_PREFIX
++
++#
++# $Log: Makefile.fs2_6,v $
++# Revision 1.8.2.2 2006/10/11 18:14:33 paul
++# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
++# per default.
++#
++# Revision 1.8.2.1 2006/04/20 16:33:06 mcr
++# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it.
++# Fix in-kernel module compilation. Sub-makefiles do not work.
++#
++# Revision 1.8 2005/05/11 03:15:42 mcr
++# adjusted makefiles to sanely build modules properly.
++#
++# Revision 1.7 2005/04/13 22:52:12 mcr
++# moved KLIPS specific snprintf() wrapper to seperate file.
++#
++# Revision 1.6 2004/08/22 05:02:03 mcr
++# organized symbols such that it is easier to build modules.
++#
++# Revision 1.5 2004/08/18 01:43:56 mcr
++# adjusted makefile enumation so that it can be used by module
++# wrapper.
++#
++# Revision 1.4 2004/08/17 03:27:23 mcr
++# klips 2.6 edits.
++#
++# Revision 1.3 2004/08/04 16:50:13 mcr
++# removed duplicate definition of dx86unix.o
++#
++# Revision 1.2 2004/08/03 18:21:09 mcr
++# only set KLIPS_TOP and OPENSWANSRCDIR if not already set.
++#
++# Revision 1.1 2004/07/26 15:02:22 mcr
++# makefile for KLIPS module for 2.6.
++#
++# Revision 1.3 2004/02/24 17:17:04 mcr
++# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to
++# turn it on/off as well.
++#
++# Revision 1.2 2004/02/22 06:50:42 mcr
++# kernel 2.6 port - merged with 2.4 code.
++#
++# Revision 1.1.2.1 2004/02/20 02:07:53 mcr
++# module configuration for KLIPS 2.6
++#
++#
++# Local Variables:
++# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
++# End Variables:
++#
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/README-zlib Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,147 @@
++zlib 1.1.4 is a general purpose data compression library. All the code
++is thread safe. The data format used by the zlib library
++is described by RFCs (Request for Comments) 1950 to 1952 in the files
++http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
++format) and rfc1952.txt (gzip format). These documents are also available in
++other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
++
++All functions of the compression library are documented in the file zlib.h
++(volunteer to write man pages welcome, contact jloup@gzip.org). A usage
++example of the library is given in the file example.c which also tests that
++the library is working correctly. Another example is given in the file
++minigzip.c. The compression library itself is composed of all source files
++except example.c and minigzip.c.
++
++To compile all files and run the test program, follow the instructions
++given at the top of Makefile. In short "make test; make install"
++should work for most machines. For Unix: "./configure; make test; make install"
++For MSDOS, use one of the special makefiles such as Makefile.msc.
++For VMS, use Make_vms.com or descrip.mms.
++
++Questions about zlib should be sent to <zlib@gzip.org>, or to
++Gilles Vollant <info@winimage.com> for the Windows DLL version.
++The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/
++Before reporting a problem, please check this site to verify that
++you have the latest version of zlib; otherwise get the latest version and
++check whether the problem still exists or not.
++
++PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html
++before asking for help.
++
++Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan. 1997
++issue of Dr. Dobb's Journal; a copy of the article is available in
++http://dogma.net/markn/articles/zlibtool/zlibtool.htm
++
++The changes made in version 1.1.4 are documented in the file ChangeLog.
++The only changes made since 1.1.3 are bug corrections:
++
++- ZFREE was repeated on same allocation on some error conditions.
++ This creates a security problem described in
++ http://www.zlib.org/advisory-2002-03-11.txt
++- Returned incorrect error (Z_MEM_ERROR) on some invalid data
++- Avoid accesses before window for invalid distances with inflate window
++ less than 32K.
++- force windowBits > 8 to avoid a bug in the encoder for a window size
++ of 256 bytes. (A complete fix will be available in 1.1.5).
++
++The beta version 1.1.5beta includes many more changes. A new official
++version 1.1.5 will be released as soon as extensive testing has been
++completed on it.
++
++
++Unsupported third party contributions are provided in directory "contrib".
++
++A Java implementation of zlib is available in the Java Development Kit
++http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html
++See the zlib home page http://www.zlib.org for details.
++
++A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk>
++is in the CPAN (Comprehensive Perl Archive Network) sites
++http://www.cpan.org/modules/by-module/Compress/
++
++A Python interface to zlib written by A.M. Kuchling <amk@magnet.com>
++is available in Python 1.5 and later versions, see
++http://www.python.org/doc/lib/module-zlib.html
++
++A zlib binding for TCL written by Andreas Kupries <a.kupries@westend.com>
++is availlable at http://www.westend.com/~kupries/doc/trf/man/man.html
++
++An experimental package to read and write files in .zip format,
++written on top of zlib by Gilles Vollant <info@winimage.com>, is
++available at http://www.winimage.com/zLibDll/unzip.html
++and also in the contrib/minizip directory of zlib.
++
++
++Notes for some targets:
++
++- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc
++ and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL
++ The zlib DLL support was initially done by Alessandro Iacopetti and is
++ now maintained by Gilles Vollant <info@winimage.com>. Check the zlib DLL
++ home page at http://www.winimage.com/zLibDll
++
++ From Visual Basic, you can call the DLL functions which do not take
++ a structure as argument: compress, uncompress and all gz* functions.
++ See contrib/visual-basic.txt for more information, or get
++ http://www.tcfb.com/dowseware/cmp-z-it.zip
++
++- For 64-bit Irix, deflate.c must be compiled without any optimization.
++ With -O, one libpng test fails. The test works in 32 bit mode (with
++ the -n32 compiler flag). The compiler bug has been reported to SGI.
++
++- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1
++ it works when compiled with cc.
++
++- on Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1
++ is necessary to get gzprintf working correctly. This is done by configure.
++
++- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works
++ with other compilers. Use "make test" to check your compiler.
++
++- gzdopen is not supported on RISCOS, BEOS and by some Mac compilers.
++
++- For Turbo C the small model is supported only with reduced performance to
++ avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
++
++- For PalmOs, see http://www.cs.uit.no/~perm/PASTA/pilot/software.html
++ Per Harald Myrvang <perm@stud.cs.uit.no>
++
++
++Acknowledgments:
++
++ The deflate format used by zlib was defined by Phil Katz. The deflate
++ and zlib specifications were written by L. Peter Deutsch. Thanks to all the
++ people who reported problems and suggested various improvements in zlib;
++ they are too numerous to cite here.
++
++Copyright notice:
++
++ (C) 1995-2002 Jean-loup Gailly and Mark Adler
++
++ This software is provided 'as-is', without any express or implied
++ warranty. In no event will the authors be held liable for any damages
++ arising from the use of this software.
++
++ Permission is granted to anyone to use this software for any purpose,
++ including commercial applications, and to alter it and redistribute it
++ freely, subject to the following restrictions:
++
++ 1. The origin of this software must not be misrepresented; you must not
++ claim that you wrote the original software. If you use this software
++ in a product, an acknowledgment in the product documentation would be
++ appreciated but is not required.
++ 2. Altered source versions must be plainly marked as such, and must not be
++ misrepresented as being the original software.
++ 3. This notice may not be removed or altered from any source distribution.
++
++ Jean-loup Gailly Mark Adler
++ jloup@gzip.org madler@alumni.caltech.edu
++
++If you use the zlib library in a product, we would appreciate *not*
++receiving lengthy legal documents to sign. The sources are provided
++for free but without warranty of any kind. The library has been
++entirely written by Jean-loup Gailly and Mark Adler; it does not
++include third-party code.
++
++If you redistribute modified sources, we would appreciate that you include
++in the file ChangeLog history information documenting your changes.
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/README-zlib.freeswan Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,13 @@
++The only changes made to these files for use in FreeS/WAN are:
++
++ - In zconf.h, macros are defined to prefix global symbols with "ipcomp_"
++ (or "_ipcomp"), when compiled with -DIPCOMP_PREFIX.
++ - The copyright strings are defined local (static)
++
++ The above changes are made to avoid name collisions with ppp_deflate
++ and ext2compr.
++
++ - Files not needed for FreeS/WAN have been removed
++
++ See the "README" file for information about where to obtain the complete
++ zlib package.
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/addrtoa.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,67 @@
++/*
++ * addresses to ASCII
++ * Copyright (C) 1998, 1999 Henry Spencer.
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: addrtoa.c,v 1.10 2004/07/10 07:43:47 mcr Exp $
++ */
++#include "openswan.h"
++
++#define NBYTES 4 /* bytes in an address */
++#define PERBYTE 4 /* three digits plus a dot or NUL */
++#define BUFLEN (NBYTES*PERBYTE)
++
++#if BUFLEN != ADDRTOA_BUF
++#error "ADDRTOA_BUF in openswan.h inconsistent with addrtoa() code"
++#endif
++
++/*
++ - addrtoa - convert binary address to ASCII dotted decimal
++ */
++size_t /* space needed for full conversion */
++addrtoa(addr, format, dst, dstlen)
++struct in_addr addr;
++int format; /* character */
++char *dst; /* need not be valid if dstlen is 0 */
++size_t dstlen;
++{
++ unsigned long a = ntohl(addr.s_addr);
++ int i;
++ size_t n;
++ unsigned long byte;
++ char buf[BUFLEN];
++ char *p;
++
++ switch (format) {
++ case 0:
++ break;
++ default:
++ return 0;
++ break;
++ }
++
++ p = buf;
++ for (i = NBYTES-1; i >= 0; i--) {
++ byte = (a >> (i*8)) & 0xff;
++ p += ultoa(byte, 10, p, PERBYTE);
++ if (i != 0)
++ *(p-1) = '.';
++ }
++ n = p - buf;
++
++ if (dstlen > 0) {
++ if (n > dstlen)
++ buf[dstlen - 1] = '\0';
++ strcpy(dst, buf);
++ }
++ return n;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/addrtot.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,423 @@
++/*
++ * addresses to text
++ * Copyright (C) 2000 Henry Spencer.
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: addrtot.c,v 1.22.2.1 2005/11/17 22:30:49 paul Exp $
++ */
++
++#if defined(__KERNEL__) && defined(__HAVE_ARCH_STRSTR)
++#include <linux/string.h>
++#endif
++
++#include "openswan.h"
++
++#define IP4BYTES 4 /* bytes in an IPv4 address */
++#define PERBYTE 4 /* three digits plus a dot or NUL */
++#define IP6BYTES 16 /* bytes in an IPv6 address */
++
++/* forwards */
++static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp);
++static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish);
++static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp);
++static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp);
++
++#if defined(__KERNEL__) && !defined(__HAVE_ARCH_STRSTR)
++#define strstr ipsec_strstr
++/*
++ * Find the first occurrence of find in s.
++ * (from NetBSD 1.6's /src/lib/libc/string/strstr.c)
++ */
++static char *
++strstr(s, find)
++ const char *s, *find;
++{
++ char c, sc;
++ size_t len;
++
++ if ((c = *find++) != 0) {
++ len = strlen(find);
++ do {
++ do {
++ if ((sc = *s++) == 0)
++ return (NULL);
++ } while (sc != c);
++ } while (strncmp(s, find, len) != 0);
++ s--;
++ }
++ /* LINTED interface specification */
++ return ((char *)s);
++}
++#endif
++
++/*
++ - addrtot - convert binary address to text (dotted decimal or IPv6 string)
++ */
++size_t /* space needed for full conversion */
++addrtot(src, format, dst, dstlen)
++const ip_address *src;
++int format; /* character */
++char *dst; /* need not be valid if dstlen is 0 */
++size_t dstlen;
++{
++ const unsigned char *b;
++ size_t n;
++ char buf[1+ADDRTOT_BUF+1]; /* :address: */
++ char *p;
++ int t = addrtypeof(src);
++# define TF(t, f) (((t)<<8) | (f))
++
++ n = addrbytesptr(src, &b);
++ if (n == 0) {
++ bad:
++ dst[0]='\0';
++ strncat(dst, "<invalid>", dstlen);
++ return sizeof("<invalid>");
++ }
++
++ switch (TF(t, format)) {
++ case TF(AF_INET, 0):
++ n = normal4(b, n, buf, &p);
++ break;
++ case TF(AF_INET6, 0):
++ n = normal6(b, n, buf, &p, 1);
++ break;
++ case TF(AF_INET, 'Q'):
++ n = normal4(b, n, buf, &p);
++ break;
++ case TF(AF_INET6, 'Q'):
++ n = normal6(b, n, buf, &p, 0);
++ break;
++ case TF(AF_INET, 'r'):
++ n = reverse4(b, n, buf, &p);
++ break;
++ case TF(AF_INET6, 'r'):
++ n = reverse6(b, n, buf, &p);
++ break;
++ default: /* including (AF_INET, 'R') */
++ goto bad;
++ break;
++ }
++
++ if (dstlen > 0) {
++ if (dstlen < n)
++ p[dstlen - 1] = '\0';
++ strcpy(dst, p);
++ }
++ return n;
++}
++
++/*
++ - normal4 - normal IPv4 address-text conversion
++ */
++static size_t /* size of text, including NUL */
++normal4(srcp, srclen, buf, dstp)
++const unsigned char *srcp;
++size_t srclen;
++char *buf; /* guaranteed large enough */
++char **dstp; /* where to put result pointer */
++{
++ int i;
++ char *p;
++
++ if (srclen != IP4BYTES) /* "can't happen" */
++ return 0;
++ p = buf;
++ for (i = 0; i < IP4BYTES; i++) {
++ p += ultot(srcp[i], 10, p, PERBYTE);
++ if (i != IP4BYTES - 1)
++ *(p-1) = '.'; /* overwrites the NUL */
++ }
++ *dstp = buf;
++ return p - buf;
++}
++
++/*
++ - normal6 - normal IPv6 address-text conversion
++ */
++static size_t /* size of text, including NUL */
++normal6(srcp, srclen, buf, dstp, squish)
++const unsigned char *srcp;
++size_t srclen;
++char *buf; /* guaranteed large enough, plus 2 */
++char **dstp; /* where to put result pointer */
++int squish; /* whether to squish out 0:0 */
++{
++ int i;
++ unsigned long piece;
++ char *p;
++ char *q;
++
++ if (srclen != IP6BYTES) /* "can't happen" */
++ return 0;
++ p = buf;
++ *p++ = ':';
++ for (i = 0; i < IP6BYTES/2; i++) {
++ piece = (srcp[2*i] << 8) + srcp[2*i + 1];
++ p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */
++ *(p-1) = ':'; /* overwrites the NUL */
++ }
++ *p = '\0';
++ q = strstr(buf, ":0:0:");
++ if (squish && q != NULL) { /* zero squishing is possible */
++ p = q + 1;
++ while (*p == '0' && *(p+1) == ':')
++ p += 2;
++ q++;
++ *q++ = ':'; /* overwrite first 0 */
++ while (*p != '\0')
++ *q++ = *p++;
++ *q = '\0';
++ if (!(*(q-1) == ':' && *(q-2) == ':'))
++ *--q = '\0'; /* strip final : unless :: */
++ p = buf;
++ if (!(*p == ':' && *(p+1) == ':'))
++ p++; /* skip initial : unless :: */
++ } else {
++ q = p;
++ *--q = '\0'; /* strip final : */
++ p = buf + 1; /* skip initial : */
++ }
++ *dstp = p;
++ return q - p + 1;
++}
++
++/*
++ - reverse4 - IPv4 reverse-lookup conversion
++ */
++static size_t /* size of text, including NUL */
++reverse4(srcp, srclen, buf, dstp)
++const unsigned char *srcp;
++size_t srclen;
++char *buf; /* guaranteed large enough */
++char **dstp; /* where to put result pointer */
++{
++ int i;
++ char *p;
++
++ if (srclen != IP4BYTES) /* "can't happen" */
++ return 0;
++ p = buf;
++ for (i = IP4BYTES-1; i >= 0; i--) {
++ p += ultot(srcp[i], 10, p, PERBYTE);
++ *(p-1) = '.'; /* overwrites the NUL */
++ }
++ strcpy(p, "IN-ADDR.ARPA.");
++ *dstp = buf;
++ return strlen(buf) + 1;
++}
++
++/*
++ - reverse6 - IPv6 reverse-lookup conversion (RFC 1886)
++ * A trifle inefficient, really shouldn't use ultot...
++ */
++static size_t /* size of text, including NUL */
++reverse6(srcp, srclen, buf, dstp)
++const unsigned char *srcp;
++size_t srclen;
++char *buf; /* guaranteed large enough */
++char **dstp; /* where to put result pointer */
++{
++ int i;
++ unsigned long piece;
++ char *p;
++
++ if (srclen != IP6BYTES) /* "can't happen" */
++ return 0;
++ p = buf;
++ for (i = IP6BYTES-1; i >= 0; i--) {
++ piece = srcp[i];
++ p += ultot(piece&0xf, 16, p, 2);
++ *(p-1) = '.';
++ p += ultot(piece>>4, 16, p, 2);
++ *(p-1) = '.';
++ }
++ strcpy(p, "IP6.ARPA.");
++ *dstp = buf;
++ return strlen(buf) + 1;
++}
++
++/*
++ - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874)
++ * this version removed as it was obsoleted in the end.
++ */
++
++#ifdef ADDRTOT_MAIN
++
++#include <stdio.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++
++void regress(void);
++
++int
++main(int argc, char *argv[])
++{
++ if (argc < 2) {
++ fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n",
++ argv[0]);
++ exit(2);
++ }
++
++ if (strcmp(argv[1], "-r") == 0) {
++ regress();
++ fprintf(stderr, "regress() returned?!?\n");
++ exit(1);
++ }
++ exit(0);
++}
++
++struct rtab {
++ char *input;
++ char format;
++ char *output; /* NULL means error expected */
++} rtab[] = {
++ {"1.2.3.0", 0, "1.2.3.0"},
++ {"1:2::3:4", 0, "1:2::3:4"},
++ {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"},
++ {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"},
++ {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."},
++ /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */
++ {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."},
++ {NULL, 0, NULL}
++};
++
++void
++regress()
++{
++ struct rtab *r;
++ int status = 0;
++ ip_address a;
++ char in[100];
++ char buf[100];
++ const char *oops;
++ size_t n;
++
++ for (r = rtab; r->input != NULL; r++) {
++ strcpy(in, r->input);
++
++ /* convert it *to* internal format */
++ oops = ttoaddr(in, strlen(in), 0, &a);
++
++ /* now convert it back */
++
++ n = addrtot(&a, r->format, buf, sizeof(buf));
++
++ if (n == 0 && r->output == NULL)
++ {} /* okay, error expected */
++
++ else if (n == 0) {
++ printf("`%s' atoasr failed\n", r->input);
++ status = 1;
++
++ } else if (r->output == NULL) {
++ printf("`%s' atoasr succeeded unexpectedly '%c'\n",
++ r->input, r->format);
++ status = 1;
++ } else {
++ if (strcasecmp(r->output, buf) != 0) {
++ printf("`%s' '%c' gave `%s', expected `%s'\n",
++ r->input, r->format, buf, r->output);
++ status = 1;
++ }
++ }
++ }
++ exit(status);
++}
++
++#endif /* ADDRTOT_MAIN */
++
++/*
++ * $Log: addrtot.c,v $
++ * Revision 1.22.2.1 2005/11/17 22:30:49 paul
++ * pull up strstr fix from head.
++ *
++ * Revision 1.22 2005/05/20 16:47:40 mcr
++ * make strstr static if we need it.
++ *
++ * Revision 1.21 2005/03/21 00:35:12 mcr
++ * test for strstr properly
++ *
++ * Revision 1.20 2004/11/09 22:52:20 mcr
++ * until we figure out which kernels have strsep and which
++ * do not (UML does not under certain circumstances), then
++ * let's just provide our own.
++ *
++ * Revision 1.19 2004/10/08 16:30:33 mcr
++ * pull-up of initial crypto-offload work.
++ *
++ * Revision 1.18 2004/09/18 19:33:08 mcr
++ * use an appropriate kernel happy ifdef for strstr.
++ *
++ * Revision 1.17 2004/09/15 21:49:02 mcr
++ * use local copy of strstr() if this is going in the kernel.
++ * Not clear why this worked before, or why this shows up
++ * for modules only.
++ *
++ * Revision 1.16 2004/07/10 07:43:47 mcr
++ * Moved from linux/lib/libfreeswan/addrtot.c,v
++ *
++ * Revision 1.15 2004/04/11 17:39:25 mcr
++ * removed internal.h requirements.
++ *
++ * Revision 1.14 2004/03/08 01:59:08 ken
++ * freeswan.h -> openswan.h
++ *
++ * Revision 1.13 2004/01/05 23:21:05 mcr
++ * if the address type is invalid, then return length of <invalid>
++ * string!
++ *
++ * Revision 1.12 2003/12/30 06:42:48 mcr
++ * added $Log: addrtot.c,v $
++ * added Revision 1.22.2.1 2005/11/17 22:30:49 paul
++ * added pull up strstr fix from head.
++ * added
++ * added Revision 1.22 2005/05/20 16:47:40 mcr
++ * added make strstr static if we need it.
++ * added
++ * added Revision 1.21 2005/03/21 00:35:12 mcr
++ * added test for strstr properly
++ * added
++ * added Revision 1.20 2004/11/09 22:52:20 mcr
++ * added until we figure out which kernels have strsep and which
++ * added do not (UML does not under certain circumstances), then
++ * added let's just provide our own.
++ * added
++ * added Revision 1.19 2004/10/08 16:30:33 mcr
++ * added pull-up of initial crypto-offload work.
++ * added
++ * added Revision 1.18 2004/09/18 19:33:08 mcr
++ * added use an appropriate kernel happy ifdef for strstr.
++ * added
++ * added Revision 1.17 2004/09/15 21:49:02 mcr
++ * added use local copy of strstr() if this is going in the kernel.
++ * added Not clear why this worked before, or why this shows up
++ * added for modules only.
++ * added
++ * added Revision 1.16 2004/07/10 07:43:47 mcr
++ * added Moved from linux/lib/libfreeswan/addrtot.c,v
++ * added
++ * added Revision 1.15 2004/04/11 17:39:25 mcr
++ * added removed internal.h requirements.
++ * added
++ * added Revision 1.14 2004/03/08 01:59:08 ken
++ * added freeswan.h -> openswan.h
++ * added
++ * added Revision 1.13 2004/01/05 23:21:05 mcr
++ * added if the address type is invalid, then return length of <invalid>
++ * added string!
++ * added
++ *
++ *
++ */
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/addrtypeof.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,93 @@
++/*
++ * extract parts of an ip_address
++ * Copyright (C) 2000 Henry Spencer.
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: addrtypeof.c,v 1.10 2004/07/10 07:43:47 mcr Exp $
++ */
++#include "openswan.h"
++
++/*
++ - addrtypeof - get the type of an ip_address
++ */
++int
++addrtypeof(src)
++const ip_address *src;
++{
++ return src->u.v4.sin_family;
++}
++
++/*
++ - addrbytesptr - get pointer to the address bytes of an ip_address
++ */
++size_t /* 0 for error */
++addrbytesptr(src, dstp)
++const ip_address *src;
++const unsigned char **dstp; /* NULL means just a size query */
++{
++ const unsigned char *p;
++ size_t n;
++
++ switch (src->u.v4.sin_family) {
++ case AF_INET:
++ p = (const unsigned char *)&src->u.v4.sin_addr.s_addr;
++ n = 4;
++ break;
++ case AF_INET6:
++ p = (const unsigned char *)&src->u.v6.sin6_addr;
++ n = 16;
++ break;
++ default:
++ return 0;
++ break;
++ }
++
++ if (dstp != NULL)
++ *dstp = p;
++ return n;
++}
++
++/*
++ - addrlenof - get length of the address bytes of an ip_address
++ */
++size_t /* 0 for error */
++addrlenof(src)
++const ip_address *src;
++{
++ return addrbytesptr(src, NULL);
++}
++
++/*
++ - addrbytesof - get the address bytes of an ip_address
++ */
++size_t /* 0 for error */
++addrbytesof(src, dst, dstlen)
++const ip_address *src;
++unsigned char *dst;
++size_t dstlen;
++{
++ const unsigned char *p;
++ size_t n;
++ size_t ncopy;
++
++ n = addrbytesptr(src, &p);
++ if (n == 0)
++ return 0;
++
++ if (dstlen > 0) {
++ ncopy = n;
++ if (ncopy > dstlen)
++ ncopy = dstlen;
++ memcpy(dst, p, ncopy);
++ }
++ return n;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/adler32.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,49 @@
++/* adler32.c -- compute the Adler-32 checksum of a data stream
++ * Copyright (C) 1995-2002 Mark Adler
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/* @(#) $Id: adler32.c,v 1.6 2004/07/10 19:11:18 mcr Exp $ */
++
++#include <zlib/zlib.h>
++#include <zlib/zconf.h>
++
++#define BASE 65521L /* largest prime smaller than 65536 */
++#define NMAX 5552
++/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
++
++#define DO1(buf,i) {s1 += buf[i]; s2 += s1;}
++#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1);
++#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2);
++#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4);
++#define DO16(buf) DO8(buf,0); DO8(buf,8);
++
++/* ========================================================================= */
++uLong ZEXPORT adler32(adler, buf, len)
++ uLong adler;
++ const Bytef *buf;
++ uInt len;
++{
++ unsigned long s1 = adler & 0xffff;
++ unsigned long s2 = (adler >> 16) & 0xffff;
++ int k;
++
++ if (buf == Z_NULL) return 1L;
++
++ while (len > 0) {
++ k = len < NMAX ? len : NMAX;
++ len -= k;
++ while (k >= 16) {
++ DO16(buf);
++ buf += 16;
++ k -= 16;
++ }
++ if (k != 0) do {
++ s1 += *buf++;
++ s2 += s1;
++ } while (--k);
++ s1 %= BASE;
++ s2 %= BASE;
++ }
++ return (s2 << 16) | s1;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/Makefile Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,59 @@
++# Makefile for KLIPS 3DES kernel code as a module for 2.6 kernels
++#
++# Makefile for KLIPS kernel code as a module
++# Copyright (C) 2002-2004 Michael Richardson <mcr@xelerance.com>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile.fs2_6,v 1.1.10.1 2005/08/12 16:10:05 ken Exp $
++#
++# Note! Dependencies are done automagically by 'make dep', which also
++# removes any old dependencies. DON'T put your own dependencies here
++# unless it's something special (ie not a .c file).
++#
++
++obj-$(CONFIG_KLIPS_ENC_AES) += ipsec_alg_aes.o
++obj-$(CONFIG_KLIPS_ENC_AES) += aes_xcbc_mac.o
++obj-$(CONFIG_KLIPS_ENC_AES) += aes_cbc.o
++
++ifeq ($(strip ${SUBARCH}),)
++SUBARCH:=${ARCH}
++endif
++
++# the assembly version expects frame pointers, which are
++# optional in many kernel builds. If you want speed, you should
++# probably use cryptoapi code instead.
++USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
++ifeq (${USEASSEMBLY},i386y)
++obj-$(CONFIG_KLIPS_ENC_AES) += aes-i586.o
++else
++obj-$(CONFIG_KLIPS_ENC_AES) += aes.o
++endif
++
++
++#
++# $Log: Makefile.fs2_6,v $
++# Revision 1.1.10.1 2005/08/12 16:10:05 ken
++# do not use assembly code with there are no frame pointers
++#
++# Revision 1.2 2005/08/12 14:13:58 mcr
++# do not use assembly code with there are no frame pointers,
++# as it does not have the right linkages.
++#
++# Revision 1.1 2004/08/17 03:31:34 mcr
++# klips 2.6 edits.
++#
++#
++# Local Variables:
++# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
++# End Variables:
++#
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/aes-i586.S Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,892 @@
++//
++// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
++// All rights reserved.
++//
++// TERMS
++//
++// Redistribution and use in source and binary forms, with or without
++// modification, are permitted subject to the following conditions:
++//
++// 1. Redistributions of source code must retain the above copyright
++// notice, this list of conditions and the following disclaimer.
++//
++// 2. Redistributions in binary form must reproduce the above copyright
++// notice, this list of conditions and the following disclaimer in the
++// documentation and/or other materials provided with the distribution.
++//
++// 3. The copyright holder's name must not be used to endorse or promote
++// any products derived from this software without his specific prior
++// written permission.
++//
++// This software is provided 'as is' with no express or implied warranties
++// of correctness or fitness for purpose.
++
++// Modified by Jari Ruusu, December 24 2001
++// - Converted syntax to GNU CPP/assembler syntax
++// - C programming interface converted back to "old" API
++// - Minor portability cleanups and speed optimizations
++
++// An AES (Rijndael) implementation for the Pentium. This version only
++// implements the standard AES block length (128 bits, 16 bytes). This code
++// does not preserve the eax, ecx or edx registers or the artihmetic status
++// flags. However, the ebx, esi, edi, and ebp registers are preserved across
++// calls.
++
++// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f)
++// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
++// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
++
++#if defined(USE_UNDERLINE)
++# define aes_set_key _aes_set_key
++# define aes_encrypt _aes_encrypt
++# define aes_decrypt _aes_decrypt
++#endif
++#if !defined(ALIGN32BYTES)
++# define ALIGN32BYTES 32
++#endif
++
++ .file "aes-i586.S"
++ .globl aes_set_key
++ .globl aes_encrypt
++ .globl aes_decrypt
++
++#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words)
++
++// offsets to parameters with one register pushed onto stack
++
++#define ctx 8 // AES context structure
++#define in_blk 12 // input byte array address parameter
++#define out_blk 16 // output byte array address parameter
++
++// offsets in context structure
++
++#define nkey 0 // key length, size 4
++#define nrnd 4 // number of rounds, size 4
++#define ekey 8 // encryption key schedule base address, size 256
++#define dkey 264 // decryption key schedule base address, size 256
++
++// This macro performs a forward encryption cycle. It is entered with
++// the first previous round column values in %eax, %ebx, %esi and %edi and
++// exits with the final values in the same registers.
++
++#define fwd_rnd(p1,p2) \
++ mov %ebx,(%esp) ;\
++ movzbl %al,%edx ;\
++ mov %eax,%ecx ;\
++ mov p2(%ebp),%eax ;\
++ mov %edi,4(%esp) ;\
++ mov p2+12(%ebp),%edi ;\
++ xor p1(,%edx,4),%eax ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ mov p2+4(%ebp),%ebx ;\
++ xor p1+tlen(,%edx,4),%edi ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+3*tlen(,%ecx,4),%ebx ;\
++ mov %esi,%ecx ;\
++ mov p1+2*tlen(,%edx,4),%esi ;\
++ movzbl %cl,%edx ;\
++ xor p1(,%edx,4),%esi ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ xor p1+tlen(,%edx,4),%ebx ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+2*tlen(,%edx,4),%eax ;\
++ mov (%esp),%edx ;\
++ xor p1+3*tlen(,%ecx,4),%edi ;\
++ movzbl %dl,%ecx ;\
++ xor p2+8(%ebp),%esi ;\
++ xor p1(,%ecx,4),%ebx ;\
++ movzbl %dh,%ecx ;\
++ shr $16,%edx ;\
++ xor p1+tlen(,%ecx,4),%eax ;\
++ movzbl %dl,%ecx ;\
++ movzbl %dh,%edx ;\
++ xor p1+2*tlen(,%ecx,4),%edi ;\
++ mov 4(%esp),%ecx ;\
++ xor p1+3*tlen(,%edx,4),%esi ;\
++ movzbl %cl,%edx ;\
++ xor p1(,%edx,4),%edi ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ xor p1+tlen(,%edx,4),%esi ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+2*tlen(,%edx,4),%ebx ;\
++ xor p1+3*tlen(,%ecx,4),%eax
++
++// This macro performs an inverse encryption cycle. It is entered with
++// the first previous round column values in %eax, %ebx, %esi and %edi and
++// exits with the final values in the same registers.
++
++#define inv_rnd(p1,p2) \
++ movzbl %al,%edx ;\
++ mov %ebx,(%esp) ;\
++ mov %eax,%ecx ;\
++ mov p2(%ebp),%eax ;\
++ mov %edi,4(%esp) ;\
++ mov p2+4(%ebp),%ebx ;\
++ xor p1(,%edx,4),%eax ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ mov p2+12(%ebp),%edi ;\
++ xor p1+tlen(,%edx,4),%ebx ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+3*tlen(,%ecx,4),%edi ;\
++ mov %esi,%ecx ;\
++ mov p1+2*tlen(,%edx,4),%esi ;\
++ movzbl %cl,%edx ;\
++ xor p1(,%edx,4),%esi ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ xor p1+tlen(,%edx,4),%edi ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+2*tlen(,%edx,4),%eax ;\
++ mov (%esp),%edx ;\
++ xor p1+3*tlen(,%ecx,4),%ebx ;\
++ movzbl %dl,%ecx ;\
++ xor p2+8(%ebp),%esi ;\
++ xor p1(,%ecx,4),%ebx ;\
++ movzbl %dh,%ecx ;\
++ shr $16,%edx ;\
++ xor p1+tlen(,%ecx,4),%esi ;\
++ movzbl %dl,%ecx ;\
++ movzbl %dh,%edx ;\
++ xor p1+2*tlen(,%ecx,4),%edi ;\
++ mov 4(%esp),%ecx ;\
++ xor p1+3*tlen(,%edx,4),%eax ;\
++ movzbl %cl,%edx ;\
++ xor p1(,%edx,4),%edi ;\
++ movzbl %ch,%edx ;\
++ shr $16,%ecx ;\
++ xor p1+tlen(,%edx,4),%eax ;\
++ movzbl %cl,%edx ;\
++ movzbl %ch,%ecx ;\
++ xor p1+2*tlen(,%edx,4),%ebx ;\
++ xor p1+3*tlen(,%ecx,4),%esi
++
++// AES (Rijndael) Encryption Subroutine
++
++ .text
++ .align ALIGN32BYTES
++aes_encrypt:
++ push %ebp
++ mov ctx(%esp),%ebp // pointer to context
++ mov in_blk(%esp),%ecx
++ push %ebx
++ push %esi
++ push %edi
++ mov nrnd(%ebp),%edx // number of rounds
++ lea ekey+16(%ebp),%ebp // key pointer
++
++// input four columns and xor in first round key
++
++ mov (%ecx),%eax
++ mov 4(%ecx),%ebx
++ mov 8(%ecx),%esi
++ mov 12(%ecx),%edi
++ xor -16(%ebp),%eax
++ xor -12(%ebp),%ebx
++ xor -8(%ebp),%esi
++ xor -4(%ebp),%edi
++
++ sub $8,%esp // space for register saves on stack
++
++ sub $10,%edx
++ je aes_15
++ add $32,%ebp
++ sub $2,%edx
++ je aes_13
++ add $32,%ebp
++
++ fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key
++ fwd_rnd(aes_ft_tab,-48)
++aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key
++ fwd_rnd(aes_ft_tab,-16)
++aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key
++ fwd_rnd(aes_ft_tab,16)
++ fwd_rnd(aes_ft_tab,32)
++ fwd_rnd(aes_ft_tab,48)
++ fwd_rnd(aes_ft_tab,64)
++ fwd_rnd(aes_ft_tab,80)
++ fwd_rnd(aes_ft_tab,96)
++ fwd_rnd(aes_ft_tab,112)
++ fwd_rnd(aes_ft_tab,128)
++ fwd_rnd(aes_fl_tab,144) // last round uses a different table
++
++// move final values to the output array.
++
++ mov out_blk+20(%esp),%ebp
++ add $8,%esp
++ mov %eax,(%ebp)
++ mov %ebx,4(%ebp)
++ mov %esi,8(%ebp)
++ mov %edi,12(%ebp)
++ pop %edi
++ pop %esi
++ pop %ebx
++ pop %ebp
++ ret
++
++
++// AES (Rijndael) Decryption Subroutine
++
++ .align ALIGN32BYTES
++aes_decrypt:
++ push %ebp
++ mov ctx(%esp),%ebp // pointer to context
++ mov in_blk(%esp),%ecx
++ push %ebx
++ push %esi
++ push %edi
++ mov nrnd(%ebp),%edx // number of rounds
++ lea dkey+16(%ebp),%ebp // key pointer
++
++// input four columns and xor in first round key
++
++ mov (%ecx),%eax
++ mov 4(%ecx),%ebx
++ mov 8(%ecx),%esi
++ mov 12(%ecx),%edi
++ xor -16(%ebp),%eax
++ xor -12(%ebp),%ebx
++ xor -8(%ebp),%esi
++ xor -4(%ebp),%edi
++
++ sub $8,%esp // space for register saves on stack
++
++ sub $10,%edx
++ je aes_25
++ add $32,%ebp
++ sub $2,%edx
++ je aes_23
++ add $32,%ebp
++
++ inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key
++ inv_rnd(aes_it_tab,-48)
++aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key
++ inv_rnd(aes_it_tab,-16)
++aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key
++ inv_rnd(aes_it_tab,16)
++ inv_rnd(aes_it_tab,32)
++ inv_rnd(aes_it_tab,48)
++ inv_rnd(aes_it_tab,64)
++ inv_rnd(aes_it_tab,80)
++ inv_rnd(aes_it_tab,96)
++ inv_rnd(aes_it_tab,112)
++ inv_rnd(aes_it_tab,128)
++ inv_rnd(aes_il_tab,144) // last round uses a different table
++
++// move final values to the output array.
++
++ mov out_blk+20(%esp),%ebp
++ add $8,%esp
++ mov %eax,(%ebp)
++ mov %ebx,4(%ebp)
++ mov %esi,8(%ebp)
++ mov %edi,12(%ebp)
++ pop %edi
++ pop %esi
++ pop %ebx
++ pop %ebp
++ ret
++
++// AES (Rijndael) Key Schedule Subroutine
++
++// input/output parameters
++
++#define aes_cx 12 // AES context
++#define in_key 16 // key input array address
++#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256)
++#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only
++
++// offsets for locals
++
++#define cnt -4
++#define kpf -8
++#define slen 8
++
++// This macro performs a column mixing operation on an input 32-bit
++// word to give a 32-bit result. It uses each of the 4 bytes in the
++// the input column to index 4 different tables of 256 32-bit words
++// that are xored together to form the output value.
++
++#define mix_col(p1) \
++ movzbl %bl,%ecx ;\
++ mov p1(,%ecx,4),%eax ;\
++ movzbl %bh,%ecx ;\
++ ror $16,%ebx ;\
++ xor p1+tlen(,%ecx,4),%eax ;\
++ movzbl %bl,%ecx ;\
++ xor p1+2*tlen(,%ecx,4),%eax ;\
++ movzbl %bh,%ecx ;\
++ xor p1+3*tlen(,%ecx,4),%eax
++
++// Key Schedule Macros
++
++#define ksc4(p1) \
++ rol $24,%ebx ;\
++ mix_col(aes_fl_tab) ;\
++ ror $8,%ebx ;\
++ xor 4*p1+aes_rcon_tab,%eax ;\
++ xor %eax,%esi ;\
++ xor %esi,%ebp ;\
++ mov %esi,16*p1(%edi) ;\
++ mov %ebp,16*p1+4(%edi) ;\
++ xor %ebp,%edx ;\
++ xor %edx,%ebx ;\
++ mov %edx,16*p1+8(%edi) ;\
++ mov %ebx,16*p1+12(%edi)
++
++#define ksc6(p1) \
++ rol $24,%ebx ;\
++ mix_col(aes_fl_tab) ;\
++ ror $8,%ebx ;\
++ xor 4*p1+aes_rcon_tab,%eax ;\
++ xor 24*p1-24(%edi),%eax ;\
++ mov %eax,24*p1(%edi) ;\
++ xor 24*p1-20(%edi),%eax ;\
++ mov %eax,24*p1+4(%edi) ;\
++ xor %eax,%esi ;\
++ xor %esi,%ebp ;\
++ mov %esi,24*p1+8(%edi) ;\
++ mov %ebp,24*p1+12(%edi) ;\
++ xor %ebp,%edx ;\
++ xor %edx,%ebx ;\
++ mov %edx,24*p1+16(%edi) ;\
++ mov %ebx,24*p1+20(%edi)
++
++#define ksc8(p1) \
++ rol $24,%ebx ;\
++ mix_col(aes_fl_tab) ;\
++ ror $8,%ebx ;\
++ xor 4*p1+aes_rcon_tab,%eax ;\
++ xor 32*p1-32(%edi),%eax ;\
++ mov %eax,32*p1(%edi) ;\
++ xor 32*p1-28(%edi),%eax ;\
++ mov %eax,32*p1+4(%edi) ;\
++ xor 32*p1-24(%edi),%eax ;\
++ mov %eax,32*p1+8(%edi) ;\
++ xor 32*p1-20(%edi),%eax ;\
++ mov %eax,32*p1+12(%edi) ;\
++ push %ebx ;\
++ mov %eax,%ebx ;\
++ mix_col(aes_fl_tab) ;\
++ pop %ebx ;\
++ xor %eax,%esi ;\
++ xor %esi,%ebp ;\
++ mov %esi,32*p1+16(%edi) ;\
++ mov %ebp,32*p1+20(%edi) ;\
++ xor %ebp,%edx ;\
++ xor %edx,%ebx ;\
++ mov %edx,32*p1+24(%edi) ;\
++ mov %ebx,32*p1+28(%edi)
++
++ .align ALIGN32BYTES
++aes_set_key:
++ pushfl
++ push %ebp
++ mov %esp,%ebp
++ sub $slen,%esp
++ push %ebx
++ push %esi
++ push %edi
++
++ mov aes_cx(%ebp),%edx // edx -> AES context
++
++ mov key_ln(%ebp),%ecx // key length
++ cmpl $128,%ecx
++ jb aes_30
++ shr $3,%ecx
++aes_30: cmpl $32,%ecx
++ je aes_32
++ cmpl $24,%ecx
++ je aes_32
++ mov $16,%ecx
++aes_32: shr $2,%ecx
++ mov %ecx,nkey(%edx)
++
++ lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length
++ mov %eax,nrnd(%edx)
++
++ mov in_key(%ebp),%esi // key input array
++ lea ekey(%edx),%edi // key position in AES context
++ cld
++ push %ebp
++ mov %ecx,%eax // save key length in eax
++ rep ; movsl // words in the key schedule
++ mov -4(%esi),%ebx // put some values in registers
++ mov -8(%esi),%edx // to allow faster code
++ mov -12(%esi),%ebp
++ mov -16(%esi),%esi
++
++ cmpl $4,%eax // jump on key size
++ je aes_36
++ cmpl $6,%eax
++ je aes_35
++
++ ksc8(0)
++ ksc8(1)
++ ksc8(2)
++ ksc8(3)
++ ksc8(4)
++ ksc8(5)
++ ksc8(6)
++ jmp aes_37
++aes_35: ksc6(0)
++ ksc6(1)
++ ksc6(2)
++ ksc6(3)
++ ksc6(4)
++ ksc6(5)
++ ksc6(6)
++ ksc6(7)
++ jmp aes_37
++aes_36: ksc4(0)
++ ksc4(1)
++ ksc4(2)
++ ksc4(3)
++ ksc4(4)
++ ksc4(5)
++ ksc4(6)
++ ksc4(7)
++ ksc4(8)
++ ksc4(9)
++aes_37: pop %ebp
++ mov aes_cx(%ebp),%edx // edx -> AES context
++ cmpl $0,ed_flg(%ebp)
++ jne aes_39
++
++// compile decryption key schedule from encryption schedule - reverse
++// order and do mix_column operation on round keys except first and last
++
++ mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd
++ shl $2,%eax
++ lea dkey(%edx,%eax,4),%edi
++ lea ekey(%edx),%esi // kf = cx->e_key
++
++ movsl // copy first round key (unmodified)
++ movsl
++ movsl
++ movsl
++ sub $32,%edi
++ movl $1,cnt(%ebp)
++aes_38: // do mix column on each column of
++ lodsl // each round key
++ mov %eax,%ebx
++ mix_col(aes_im_tab)
++ stosl
++ lodsl
++ mov %eax,%ebx
++ mix_col(aes_im_tab)
++ stosl
++ lodsl
++ mov %eax,%ebx
++ mix_col(aes_im_tab)
++ stosl
++ lodsl
++ mov %eax,%ebx
++ mix_col(aes_im_tab)
++ stosl
++ sub $32,%edi
++
++ incl cnt(%ebp)
++ mov cnt(%ebp),%eax
++ cmp nrnd(%edx),%eax
++ jb aes_38
++
++ movsl // copy last round key (unmodified)
++ movsl
++ movsl
++ movsl
++aes_39: pop %edi
++ pop %esi
++ pop %ebx
++ mov %ebp,%esp
++ pop %ebp
++ popfl
++ ret
++
++
++// finite field multiplies by {02}, {04} and {08}
++
++#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b))
++#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b))
++#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b))
++
++// finite field multiplies required in table generation
++
++#define f3(x) (f2(x) ^ x)
++#define f9(x) (f8(x) ^ x)
++#define fb(x) (f8(x) ^ f2(x) ^ x)
++#define fd(x) (f8(x) ^ f4(x) ^ x)
++#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
++
++// These defines generate the forward table entries
++
++#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x))
++#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x))
++#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x)
++#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x)
++
++// These defines generate the inverse table entries
++
++#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x))
++#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x))
++#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x))
++#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x))
++
++// These defines generate entries for the last round tables
++
++#define w0(x) (x)
++#define w1(x) (x << 8)
++#define w2(x) (x << 16)
++#define w3(x) (x << 24)
++
++// macro to generate inverse mix column tables (needed for the key schedule)
++
++#define im_data0(p1) \
++ .long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\
++ .long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\
++ .long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\
++ .long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f)
++#define im_data1(p1) \
++ .long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\
++ .long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\
++ .long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\
++ .long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f)
++#define im_data2(p1) \
++ .long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\
++ .long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\
++ .long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\
++ .long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f)
++#define im_data3(p1) \
++ .long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\
++ .long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\
++ .long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\
++ .long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f)
++#define im_data4(p1) \
++ .long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\
++ .long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\
++ .long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\
++ .long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f)
++#define im_data5(p1) \
++ .long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\
++ .long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\
++ .long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\
++ .long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf)
++#define im_data6(p1) \
++ .long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\
++ .long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\
++ .long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\
++ .long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf)
++#define im_data7(p1) \
++ .long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\
++ .long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\
++ .long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\
++ .long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff)
++
++// S-box data - 256 entries
++
++#define sb_data0(p1) \
++ .long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\
++ .long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\
++ .long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\
++ .long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0)
++#define sb_data1(p1) \
++ .long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\
++ .long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\
++ .long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\
++ .long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75)
++#define sb_data2(p1) \
++ .long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\
++ .long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\
++ .long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\
++ .long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf)
++#define sb_data3(p1) \
++ .long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\
++ .long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\
++ .long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\
++ .long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2)
++#define sb_data4(p1) \
++ .long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\
++ .long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\
++ .long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\
++ .long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb)
++#define sb_data5(p1) \
++ .long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\
++ .long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\
++ .long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\
++ .long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08)
++#define sb_data6(p1) \
++ .long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\
++ .long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\
++ .long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\
++ .long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e)
++#define sb_data7(p1) \
++ .long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\
++ .long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\
++ .long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\
++ .long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16)
++
++// Inverse S-box data - 256 entries
++
++#define ib_data0(p1) \
++ .long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\
++ .long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\
++ .long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\
++ .long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb)
++#define ib_data1(p1) \
++ .long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\
++ .long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\
++ .long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\
++ .long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25)
++#define ib_data2(p1) \
++ .long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\
++ .long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\
++ .long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\
++ .long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84)
++#define ib_data3(p1) \
++ .long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\
++ .long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\
++ .long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\
++ .long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b)
++#define ib_data4(p1) \
++ .long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\
++ .long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\
++ .long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\
++ .long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e)
++#define ib_data5(p1) \
++ .long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\
++ .long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\
++ .long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\
++ .long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4)
++#define ib_data6(p1) \
++ .long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\
++ .long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\
++ .long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\
++ .long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef)
++#define ib_data7(p1) \
++ .long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\
++ .long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\
++ .long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\
++ .long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d)
++
++// The rcon_table (needed for the key schedule)
++//
++// Here is original Dr Brian Gladman's source code:
++// _rcon_tab:
++// %assign x 1
++// %rep 29
++// dd x
++// %assign x f2(x)
++// %endrep
++//
++// Here is precomputed output (it's more portable this way):
++
++ .align ALIGN32BYTES
++aes_rcon_tab:
++ .long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
++ .long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f
++ .long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4
++ .long 0xb3,0x7d,0xfa,0xef,0xc5
++
++// The forward xor tables
++
++ .align ALIGN32BYTES
++aes_ft_tab:
++ sb_data0(u0)
++ sb_data1(u0)
++ sb_data2(u0)
++ sb_data3(u0)
++ sb_data4(u0)
++ sb_data5(u0)
++ sb_data6(u0)
++ sb_data7(u0)
++
++ sb_data0(u1)
++ sb_data1(u1)
++ sb_data2(u1)
++ sb_data3(u1)
++ sb_data4(u1)
++ sb_data5(u1)
++ sb_data6(u1)
++ sb_data7(u1)
++
++ sb_data0(u2)
++ sb_data1(u2)
++ sb_data2(u2)
++ sb_data3(u2)
++ sb_data4(u2)
++ sb_data5(u2)
++ sb_data6(u2)
++ sb_data7(u2)
++
++ sb_data0(u3)
++ sb_data1(u3)
++ sb_data2(u3)
++ sb_data3(u3)
++ sb_data4(u3)
++ sb_data5(u3)
++ sb_data6(u3)
++ sb_data7(u3)
++
++ .align ALIGN32BYTES
++aes_fl_tab:
++ sb_data0(w0)
++ sb_data1(w0)
++ sb_data2(w0)
++ sb_data3(w0)
++ sb_data4(w0)
++ sb_data5(w0)
++ sb_data6(w0)
++ sb_data7(w0)
++
++ sb_data0(w1)
++ sb_data1(w1)
++ sb_data2(w1)
++ sb_data3(w1)
++ sb_data4(w1)
++ sb_data5(w1)
++ sb_data6(w1)
++ sb_data7(w1)
++
++ sb_data0(w2)
++ sb_data1(w2)
++ sb_data2(w2)
++ sb_data3(w2)
++ sb_data4(w2)
++ sb_data5(w2)
++ sb_data6(w2)
++ sb_data7(w2)
++
++ sb_data0(w3)
++ sb_data1(w3)
++ sb_data2(w3)
++ sb_data3(w3)
++ sb_data4(w3)
++ sb_data5(w3)
++ sb_data6(w3)
++ sb_data7(w3)
++
++// The inverse xor tables
++
++ .align ALIGN32BYTES
++aes_it_tab:
++ ib_data0(v0)
++ ib_data1(v0)
++ ib_data2(v0)
++ ib_data3(v0)
++ ib_data4(v0)
++ ib_data5(v0)
++ ib_data6(v0)
++ ib_data7(v0)
++
++ ib_data0(v1)
++ ib_data1(v1)
++ ib_data2(v1)
++ ib_data3(v1)
++ ib_data4(v1)
++ ib_data5(v1)
++ ib_data6(v1)
++ ib_data7(v1)
++
++ ib_data0(v2)
++ ib_data1(v2)
++ ib_data2(v2)
++ ib_data3(v2)
++ ib_data4(v2)
++ ib_data5(v2)
++ ib_data6(v2)
++ ib_data7(v2)
++
++ ib_data0(v3)
++ ib_data1(v3)
++ ib_data2(v3)
++ ib_data3(v3)
++ ib_data4(v3)
++ ib_data5(v3)
++ ib_data6(v3)
++ ib_data7(v3)
++
++ .align ALIGN32BYTES
++aes_il_tab:
++ ib_data0(w0)
++ ib_data1(w0)
++ ib_data2(w0)
++ ib_data3(w0)
++ ib_data4(w0)
++ ib_data5(w0)
++ ib_data6(w0)
++ ib_data7(w0)
++
++ ib_data0(w1)
++ ib_data1(w1)
++ ib_data2(w1)
++ ib_data3(w1)
++ ib_data4(w1)
++ ib_data5(w1)
++ ib_data6(w1)
++ ib_data7(w1)
++
++ ib_data0(w2)
++ ib_data1(w2)
++ ib_data2(w2)
++ ib_data3(w2)
++ ib_data4(w2)
++ ib_data5(w2)
++ ib_data6(w2)
++ ib_data7(w2)
++
++ ib_data0(w3)
++ ib_data1(w3)
++ ib_data2(w3)
++ ib_data3(w3)
++ ib_data4(w3)
++ ib_data5(w3)
++ ib_data6(w3)
++ ib_data7(w3)
++
++// The inverse mix column tables
++
++ .align ALIGN32BYTES
++aes_im_tab:
++ im_data0(v0)
++ im_data1(v0)
++ im_data2(v0)
++ im_data3(v0)
++ im_data4(v0)
++ im_data5(v0)
++ im_data6(v0)
++ im_data7(v0)
++
++ im_data0(v1)
++ im_data1(v1)
++ im_data2(v1)
++ im_data3(v1)
++ im_data4(v1)
++ im_data5(v1)
++ im_data6(v1)
++ im_data7(v1)
++
++ im_data0(v2)
++ im_data1(v2)
++ im_data2(v2)
++ im_data3(v2)
++ im_data4(v2)
++ im_data5(v2)
++ im_data6(v2)
++ im_data7(v2)
++
++ im_data0(v3)
++ im_data1(v3)
++ im_data2(v3)
++ im_data3(v3)
++ im_data4(v3)
++ im_data5(v3)
++ im_data6(v3)
++ im_data7(v3)
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/aes.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,1415 @@
++// I retain copyright in this code but I encourage its free use provided
++// that I don't carry any responsibility for the results. I am especially
++// happy to see it used in free and open source software. If you do use
++// it I would appreciate an acknowledgement of its origin in the code or
++// the product that results and I would also appreciate knowing a little
++// about the use to which it is being put. I am grateful to Frank Yellin
++// for some ideas that are used in this implementation.
++//
++// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
++//
++// This is an implementation of the AES encryption algorithm (Rijndael)
++// designed by Joan Daemen and Vincent Rijmen. This version is designed
++// to provide both fixed and dynamic block and key lengths and can also
++// run with either big or little endian internal byte order (see aes.h).
++// It inputs block and key lengths in bytes with the legal values being
++// 16, 24 and 32.
++
++/*
++ * Modified by Jari Ruusu, May 1 2001
++ * - Fixed some compile warnings, code was ok but gcc warned anyway.
++ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
++ * - Major name space cleanup: Names visible to outside now begin
++ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
++ * - Removed C++ and DLL support as part of name space cleanup.
++ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
++ * - Merged precomputed constant tables to aes.c file.
++ * - Removed data alignment restrictions for portability reasons.
++ * - Made block and key lengths accept bit count (128/192/256)
++ * as well byte count (16/24/32).
++ * - Removed all error checks. This change also eliminated the need
++ * to preinitialize the context struct to zero.
++ * - Removed some totally unused constants.
++ */
++
++#include "crypto/aes.h"
++
++// CONFIGURATION OPTIONS (see also aes.h)
++//
++// 1. Define UNROLL for full loop unrolling in encryption and decryption.
++// 2. Define PARTIAL_UNROLL to unroll two loops in encryption and decryption.
++// 3. Define FIXED_TABLES for compiled rather than dynamic tables.
++// 4. Define FF_TABLES to use tables for field multiplies and inverses.
++// Do not enable this without understanding stack space requirements.
++// 5. Define ARRAYS to use arrays to hold the local state block. If this
++// is not defined, individually declared 32-bit words are used.
++// 6. Define FAST_VARIABLE if a high speed variable block implementation
++// is needed (essentially three separate fixed block size code sequences)
++// 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven
++// version using 1 table (2 kbytes of table space) or 4 tables (8
++// kbytes of table space) for higher speed.
++// 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed
++// increase by using tables for the last rounds but with more table
++// space (2 or 8 kbytes extra).
++// 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but
++// slower version is provided.
++// 10. If fast decryption key scheduling is needed define ONE_IM_TABLE
++// or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra).
++
++#define UNROLL
++//#define PARTIAL_UNROLL
++
++#define FIXED_TABLES
++//#define FF_TABLES
++//#define ARRAYS
++#define FAST_VARIABLE
++
++//#define ONE_TABLE
++#define FOUR_TABLES
++
++//#define ONE_LR_TABLE
++#define FOUR_LR_TABLES
++
++//#define ONE_IM_TABLE
++#define FOUR_IM_TABLES
++
++#if defined(UNROLL) && defined (PARTIAL_UNROLL)
++#error both UNROLL and PARTIAL_UNROLL are defined
++#endif
++
++#if defined(ONE_TABLE) && defined (FOUR_TABLES)
++#error both ONE_TABLE and FOUR_TABLES are defined
++#endif
++
++#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES)
++#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined
++#endif
++
++#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES)
++#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined
++#endif
++
++#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32
++#error an illegal block size has been specified
++#endif
++
++// upr(x,n): rotates bytes within words by n positions, moving bytes
++// to higher index positions with wrap around into low positions
++// ups(x,n): moves bytes by n positions to higher index positions in
++// words but without wrap around
++// bval(x,n): extracts a byte from a word
++
++#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n))))
++#define ups(x,n) ((x) << 8 * (n))
++#define bval(x,n) ((unsigned char)((x) >> 8 * (n)))
++#define bytes2word(b0, b1, b2, b3) \
++ ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
++
++
++/* little endian processor without data alignment restrictions: AES_LE_OK */
++/* original code: i386 */
++#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386)
++#define AES_LE_OK 1
++/* added (tested): alpha --jjo */
++#elif defined(__alpha__)|| defined (__alpha)
++#define AES_LE_OK 1
++/* added (tested): ia64 --jjo */
++#elif defined(__ia64__)|| defined (__ia64)
++#define AES_LE_OK 1
++#endif
++
++#ifdef AES_LE_OK
++/* little endian processor without data alignment restrictions */
++#define word_in(x) *(u_int32_t*)(x)
++#define const_word_in(x) *(const u_int32_t*)(x)
++#define word_out(x,v) *(u_int32_t*)(x) = (v)
++#define const_word_out(x,v) *(const u_int32_t*)(x) = (v)
++#else
++/* slower but generic big endian or with data alignment restrictions */
++/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */
++#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
++#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24))
++#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
++#define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24)
++#endif
++
++// Disable at least some poor combinations of options
++
++#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
++#define FIXED_TABLES
++#undef UNROLL
++#undef ONE_LR_TABLE
++#undef FOUR_LR_TABLES
++#undef ONE_IM_TABLE
++#undef FOUR_IM_TABLES
++#elif !defined(FOUR_TABLES)
++#ifdef FOUR_LR_TABLES
++#undef FOUR_LR_TABLES
++#define ONE_LR_TABLE
++#endif
++#ifdef FOUR_IM_TABLES
++#undef FOUR_IM_TABLES
++#define ONE_IM_TABLE
++#endif
++#elif !defined(AES_BLOCK_SIZE)
++#if defined(UNROLL)
++#define PARTIAL_UNROLL
++#undef UNROLL
++#endif
++#endif
++
++// the finite field modular polynomial and elements
++
++#define ff_poly 0x011b
++#define ff_hi 0x80
++
++// multiply four bytes in GF(2^8) by 'x' {02} in parallel
++
++#define m1 0x80808080
++#define m2 0x7f7f7f7f
++#define m3 0x0000001b
++#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3))
++
++// The following defines provide alternative definitions of FFmulX that might
++// give improved performance if a fast 32-bit multiply is not available. Note
++// that a temporary variable u needs to be defined where FFmulX is used.
++
++// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
++// #define m4 0x1b1b1b1b
++// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
++
++// perform column mix operation on four bytes in parallel
++
++#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1))
++
++#if defined(FIXED_TABLES)
++
++// the S-Box table
++
++static const unsigned char s_box[256] =
++{
++ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
++ 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
++ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
++ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
++ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
++ 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
++ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
++ 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
++ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
++ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
++ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
++ 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
++ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
++ 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
++ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
++ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
++ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
++ 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
++ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
++ 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
++ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
++ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
++ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
++ 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
++ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
++ 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
++ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
++ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
++ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
++ 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
++ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
++ 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
++};
++
++// the inverse S-Box table
++
++static const unsigned char inv_s_box[256] =
++{
++ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
++ 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
++ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
++ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
++ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
++ 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
++ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
++ 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
++ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
++ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
++ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
++ 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
++ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
++ 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
++ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
++ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
++ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
++ 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
++ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
++ 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
++ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
++ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
++ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
++ 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
++ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
++ 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
++ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
++ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
++ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
++ 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
++ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
++ 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
++};
++
++#define w0(p) 0x000000##p
++
++// Number of elements required in this table for different
++// block and key lengths is:
++//
++// Nk = 4 6 8
++// ----------
++// Nb = 4 | 10 8 7
++// 6 | 19 12 11
++// 8 | 29 19 14
++//
++// this table can be a table of bytes if the key schedule
++// code is adjusted accordingly
++
++static const u_int32_t rcon_tab[29] =
++{
++ w0(01), w0(02), w0(04), w0(08),
++ w0(10), w0(20), w0(40), w0(80),
++ w0(1b), w0(36), w0(6c), w0(d8),
++ w0(ab), w0(4d), w0(9a), w0(2f),
++ w0(5e), w0(bc), w0(63), w0(c6),
++ w0(97), w0(35), w0(6a), w0(d4),
++ w0(b3), w0(7d), w0(fa), w0(ef),
++ w0(c5)
++};
++
++#undef w0
++
++#define r0(p,q,r,s) 0x##p##q##r##s
++#define r1(p,q,r,s) 0x##q##r##s##p
++#define r2(p,q,r,s) 0x##r##s##p##q
++#define r3(p,q,r,s) 0x##s##p##q##r
++#define w0(p) 0x000000##p
++#define w1(p) 0x0000##p##00
++#define w2(p) 0x00##p##0000
++#define w3(p) 0x##p##000000
++
++#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES))
++
++// data for forward tables (other than last round)
++
++#define f_table \
++ r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\
++ r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\
++ r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\
++ r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\
++ r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\
++ r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\
++ r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\
++ r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\
++ r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\
++ r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\
++ r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\
++ r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\
++ r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\
++ r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\
++ r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\
++ r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\
++ r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\
++ r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\
++ r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\
++ r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\
++ r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\
++ r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\
++ r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\
++ r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\
++ r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\
++ r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\
++ r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\
++ r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\
++ r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\
++ r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\
++ r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\
++ r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\
++ r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\
++ r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\
++ r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\
++ r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\
++ r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\
++ r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\
++ r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\
++ r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\
++ r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\
++ r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\
++ r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\
++ r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\
++ r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\
++ r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\
++ r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\
++ r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\
++ r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\
++ r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\
++ r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\
++ r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\
++ r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\
++ r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\
++ r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\
++ r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\
++ r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\
++ r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\
++ r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\
++ r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\
++ r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\
++ r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\
++ r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\
++ r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c)
++
++// data for inverse tables (other than last round)
++
++#define i_table \
++ r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\
++ r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\
++ r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\
++ r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\
++ r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\
++ r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\
++ r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\
++ r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\
++ r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\
++ r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\
++ r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\
++ r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\
++ r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\
++ r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\
++ r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\
++ r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\
++ r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\
++ r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\
++ r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\
++ r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\
++ r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\
++ r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\
++ r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\
++ r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\
++ r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\
++ r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\
++ r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\
++ r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\
++ r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\
++ r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\
++ r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\
++ r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\
++ r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\
++ r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\
++ r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\
++ r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\
++ r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\
++ r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\
++ r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\
++ r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\
++ r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\
++ r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\
++ r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\
++ r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\
++ r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\
++ r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\
++ r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\
++ r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\
++ r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\
++ r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\
++ r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\
++ r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\
++ r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\
++ r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\
++ r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\
++ r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\
++ r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\
++ r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\
++ r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\
++ r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\
++ r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\
++ r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\
++ r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\
++ r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0)
++
++// generate the required tables in the desired endian format
++
++#undef r
++#define r r0
++
++#if defined(ONE_TABLE)
++static const u_int32_t ft_tab[256] =
++ { f_table };
++#elif defined(FOUR_TABLES)
++static const u_int32_t ft_tab[4][256] =
++{ { f_table },
++#undef r
++#define r r1
++ { f_table },
++#undef r
++#define r r2
++ { f_table },
++#undef r
++#define r r3
++ { f_table }
++};
++#endif
++
++#undef r
++#define r r0
++#if defined(ONE_TABLE)
++static const u_int32_t it_tab[256] =
++ { i_table };
++#elif defined(FOUR_TABLES)
++static const u_int32_t it_tab[4][256] =
++{ { i_table },
++#undef r
++#define r r1
++ { i_table },
++#undef r
++#define r r2
++ { i_table },
++#undef r
++#define r r3
++ { i_table }
++};
++#endif
++
++#endif
++
++#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES))
++
++// data for inverse tables (last round)
++
++#define li_table \
++ w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\
++ w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\
++ w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\
++ w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\
++ w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\
++ w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\
++ w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\
++ w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\
++ w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\
++ w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\
++ w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\
++ w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\
++ w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\
++ w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\
++ w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\
++ w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\
++ w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\
++ w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\
++ w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\
++ w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\
++ w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\
++ w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\
++ w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\
++ w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\
++ w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\
++ w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\
++ w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\
++ w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\
++ w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\
++ w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\
++ w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\
++ w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d),
++
++// generate the required tables in the desired endian format
++
++#undef r
++#define r(p,q,r,s) w0(q)
++#if defined(ONE_LR_TABLE)
++static const u_int32_t fl_tab[256] =
++ { f_table };
++#elif defined(FOUR_LR_TABLES)
++static const u_int32_t fl_tab[4][256] =
++{ { f_table },
++#undef r
++#define r(p,q,r,s) w1(q)
++ { f_table },
++#undef r
++#define r(p,q,r,s) w2(q)
++ { f_table },
++#undef r
++#define r(p,q,r,s) w3(q)
++ { f_table }
++};
++#endif
++
++#undef w
++#define w w0
++#if defined(ONE_LR_TABLE)
++static const u_int32_t il_tab[256] =
++ { li_table };
++#elif defined(FOUR_LR_TABLES)
++static const u_int32_t il_tab[4][256] =
++{ { li_table },
++#undef w
++#define w w1
++ { li_table },
++#undef w
++#define w w2
++ { li_table },
++#undef w
++#define w w3
++ { li_table }
++};
++#endif
++
++#endif
++
++#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES))
++
++#define m_table \
++ r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\
++ r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\
++ r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\
++ r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\
++ r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\
++ r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\
++ r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\
++ r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\
++ r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\
++ r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\
++ r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\
++ r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\
++ r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\
++ r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\
++ r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\
++ r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\
++ r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\
++ r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\
++ r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\
++ r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\
++ r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\
++ r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\
++ r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\
++ r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\
++ r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\
++ r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\
++ r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\
++ r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\
++ r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\
++ r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\
++ r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\
++ r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\
++ r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\
++ r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\
++ r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\
++ r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\
++ r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\
++ r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\
++ r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\
++ r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\
++ r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\
++ r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\
++ r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\
++ r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\
++ r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\
++ r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\
++ r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\
++ r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\
++ r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\
++ r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\
++ r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\
++ r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\
++ r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\
++ r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\
++ r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\
++ r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\
++ r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\
++ r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\
++ r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\
++ r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\
++ r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\
++ r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\
++ r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\
++ r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d)
++
++#undef r
++#define r r0
++
++#if defined(ONE_IM_TABLE)
++static const u_int32_t im_tab[256] =
++ { m_table };
++#elif defined(FOUR_IM_TABLES)
++static const u_int32_t im_tab[4][256] =
++{ { m_table },
++#undef r
++#define r r1
++ { m_table },
++#undef r
++#define r r2
++ { m_table },
++#undef r
++#define r r3
++ { m_table }
++};
++#endif
++
++#endif
++
++#else
++
++static int tab_gen = 0;
++
++static unsigned char s_box[256]; // the S box
++static unsigned char inv_s_box[256]; // the inverse S box
++static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants
++
++#if defined(ONE_TABLE)
++static u_int32_t ft_tab[256];
++static u_int32_t it_tab[256];
++#elif defined(FOUR_TABLES)
++static u_int32_t ft_tab[4][256];
++static u_int32_t it_tab[4][256];
++#endif
++
++#if defined(ONE_LR_TABLE)
++static u_int32_t fl_tab[256];
++static u_int32_t il_tab[256];
++#elif defined(FOUR_LR_TABLES)
++static u_int32_t fl_tab[4][256];
++static u_int32_t il_tab[4][256];
++#endif
++
++#if defined(ONE_IM_TABLE)
++static u_int32_t im_tab[256];
++#elif defined(FOUR_IM_TABLES)
++static u_int32_t im_tab[4][256];
++#endif
++
++// Generate the tables for the dynamic table option
++
++#if !defined(FF_TABLES)
++
++// It will generally be sensible to use tables to compute finite
++// field multiplies and inverses but where memory is scarse this
++// code might sometimes be better.
++
++// return 2 ^ (n - 1) where n is the bit number of the highest bit
++// set in x with x in the range 1 < x < 0x00000200. This form is
++// used so that locals within FFinv can be bytes rather than words
++
++static unsigned char hibit(const u_int32_t x)
++{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2));
++
++ r |= (r >> 2);
++ r |= (r >> 4);
++ return (r + 1) >> 1;
++}
++
++// return the inverse of the finite field element x
++
++static unsigned char FFinv(const unsigned char x)
++{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
++
++ if(x < 2) return x;
++
++ for(;;)
++ {
++ if(!n1) return v1;
++
++ while(n2 >= n1)
++ {
++ n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
++ }
++
++ if(!n2) return v2;
++
++ while(n1 >= n2)
++ {
++ n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
++ }
++ }
++}
++
++// define the finite field multiplies required for Rijndael
++
++#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0))
++#define FFmul03(x) ((x) ^ FFmul02(x))
++#define FFmul09(x) ((x) ^ FFmul02(FFmul02(FFmul02(x))))
++#define FFmul0b(x) ((x) ^ FFmul02((x) ^ FFmul02(FFmul02(x))))
++#define FFmul0d(x) ((x) ^ FFmul02(FFmul02((x) ^ FFmul02(x))))
++#define FFmul0e(x) FFmul02((x) ^ FFmul02((x) ^ FFmul02(x)))
++
++#else
++
++#define FFinv(x) ((x) ? pow[255 - log[x]]: 0)
++
++#define FFmul02(x) (x ? pow[log[x] + 0x19] : 0)
++#define FFmul03(x) (x ? pow[log[x] + 0x01] : 0)
++#define FFmul09(x) (x ? pow[log[x] + 0xc7] : 0)
++#define FFmul0b(x) (x ? pow[log[x] + 0x68] : 0)
++#define FFmul0d(x) (x ? pow[log[x] + 0xee] : 0)
++#define FFmul0e(x) (x ? pow[log[x] + 0xdf] : 0)
++
++#endif
++
++// The forward and inverse affine transformations used in the S-box
++
++#define fwd_affine(x) \
++ (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8)))
++
++#define inv_affine(x) \
++ (w = (u_int32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(unsigned char)(w^(w>>8)))
++
++static void gen_tabs(void)
++{ u_int32_t i, w;
++
++#if defined(FF_TABLES)
++
++ unsigned char pow[512], log[256];
++
++ // log and power tables for GF(2^8) finite field with
++ // 0x011b as modular polynomial - the simplest primitive
++ // root is 0x03, used here to generate the tables
++
++ i = 0; w = 1;
++ do
++ {
++ pow[i] = (unsigned char)w;
++ pow[i + 255] = (unsigned char)w;
++ log[w] = (unsigned char)i++;
++ w ^= (w << 1) ^ (w & ff_hi ? ff_poly : 0);
++ }
++ while (w != 1);
++
++#endif
++
++ for(i = 0, w = 1; i < AES_RC_LENGTH; ++i)
++ {
++ rcon_tab[i] = bytes2word(w, 0, 0, 0);
++ w = (w << 1) ^ (w & ff_hi ? ff_poly : 0);
++ }
++
++ for(i = 0; i < 256; ++i)
++ { unsigned char b;
++
++ s_box[i] = b = fwd_affine(FFinv((unsigned char)i));
++
++ w = bytes2word(b, 0, 0, 0);
++#if defined(ONE_LR_TABLE)
++ fl_tab[i] = w;
++#elif defined(FOUR_LR_TABLES)
++ fl_tab[0][i] = w;
++ fl_tab[1][i] = upr(w,1);
++ fl_tab[2][i] = upr(w,2);
++ fl_tab[3][i] = upr(w,3);
++#endif
++ w = bytes2word(FFmul02(b), b, b, FFmul03(b));
++#if defined(ONE_TABLE)
++ ft_tab[i] = w;
++#elif defined(FOUR_TABLES)
++ ft_tab[0][i] = w;
++ ft_tab[1][i] = upr(w,1);
++ ft_tab[2][i] = upr(w,2);
++ ft_tab[3][i] = upr(w,3);
++#endif
++ inv_s_box[i] = b = FFinv(inv_affine((unsigned char)i));
++
++ w = bytes2word(b, 0, 0, 0);
++#if defined(ONE_LR_TABLE)
++ il_tab[i] = w;
++#elif defined(FOUR_LR_TABLES)
++ il_tab[0][i] = w;
++ il_tab[1][i] = upr(w,1);
++ il_tab[2][i] = upr(w,2);
++ il_tab[3][i] = upr(w,3);
++#endif
++ w = bytes2word(FFmul0e(b), FFmul09(b), FFmul0d(b), FFmul0b(b));
++#if defined(ONE_TABLE)
++ it_tab[i] = w;
++#elif defined(FOUR_TABLES)
++ it_tab[0][i] = w;
++ it_tab[1][i] = upr(w,1);
++ it_tab[2][i] = upr(w,2);
++ it_tab[3][i] = upr(w,3);
++#endif
++#if defined(ONE_IM_TABLE)
++ im_tab[b] = w;
++#elif defined(FOUR_IM_TABLES)
++ im_tab[0][b] = w;
++ im_tab[1][b] = upr(w,1);
++ im_tab[2][b] = upr(w,2);
++ im_tab[3][b] = upr(w,3);
++#endif
++
++ }
++}
++
++#endif
++
++#define no_table(x,box,vf,rf,c) bytes2word( \
++ box[bval(vf(x,0,c),rf(0,c))], \
++ box[bval(vf(x,1,c),rf(1,c))], \
++ box[bval(vf(x,2,c),rf(2,c))], \
++ box[bval(vf(x,3,c),rf(3,c))])
++
++#define one_table(x,op,tab,vf,rf,c) \
++ ( tab[bval(vf(x,0,c),rf(0,c))] \
++ ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
++ ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
++ ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
++
++#define four_tables(x,tab,vf,rf,c) \
++ ( tab[0][bval(vf(x,0,c),rf(0,c))] \
++ ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
++ ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
++ ^ tab[3][bval(vf(x,3,c),rf(3,c))])
++
++#define vf1(x,r,c) (x)
++#define rf1(r,c) (r)
++#define rf2(r,c) ((r-c)&3)
++
++#if defined(FOUR_LR_TABLES)
++#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c)
++#elif defined(ONE_LR_TABLE)
++#define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c)
++#else
++#define ls_box(x,c) no_table(x,s_box,vf1,rf2,c)
++#endif
++
++#if defined(FOUR_IM_TABLES)
++#define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0)
++#elif defined(ONE_IM_TABLE)
++#define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0)
++#else
++#define inv_mcol(x) \
++ (f9 = (x),f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \
++ f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
++#endif
++
++// Subroutine to set the block size (if variable) in bytes, legal
++// values being 16, 24 and 32.
++
++#if defined(AES_BLOCK_SIZE)
++#define nc (AES_BLOCK_SIZE / 4)
++#else
++#define nc (cx->aes_Ncol)
++
++void aes_set_blk(aes_context *cx, int n_bytes)
++{
++#if !defined(FIXED_TABLES)
++ if(!tab_gen) { gen_tabs(); tab_gen = 1; }
++#endif
++
++ switch(n_bytes) {
++ case 32: /* bytes */
++ case 256: /* bits */
++ nc = 8;
++ break;
++ case 24: /* bytes */
++ case 192: /* bits */
++ nc = 6;
++ break;
++ case 16: /* bytes */
++ case 128: /* bits */
++ default:
++ nc = 4;
++ break;
++ }
++}
++
++#endif
++
++// Initialise the key schedule from the user supplied key. The key
++// length is now specified in bytes - 16, 24 or 32 as appropriate.
++// This corresponds to bit lengths of 128, 192 and 256 bits, and
++// to Nk values of 4, 6 and 8 respectively.
++
++#define mx(t,f) (*t++ = inv_mcol(*f),f++)
++#define cp(t,f) *t++ = *f++
++
++#if AES_BLOCK_SIZE == 16
++#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s)
++#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s)
++#elif AES_BLOCK_SIZE == 24
++#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
++ cp(d,s); cp(d,s)
++#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
++ mx(d,s); mx(d,s)
++#elif AES_BLOCK_SIZE == 32
++#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
++ cp(d,s); cp(d,s); cp(d,s); cp(d,s)
++#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
++ mx(d,s); mx(d,s); mx(d,s); mx(d,s)
++#else
++
++#define cpy(d,s) \
++switch(nc) \
++{ case 8: cp(d,s); cp(d,s); \
++ case 6: cp(d,s); cp(d,s); \
++ case 4: cp(d,s); cp(d,s); \
++ cp(d,s); cp(d,s); \
++}
++
++#define mix(d,s) \
++switch(nc) \
++{ case 8: mx(d,s); mx(d,s); \
++ case 6: mx(d,s); mx(d,s); \
++ case 4: mx(d,s); mx(d,s); \
++ mx(d,s); mx(d,s); \
++}
++
++#endif
++
++void aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f)
++{ u_int32_t *kf, *kt, rci;
++
++#if !defined(FIXED_TABLES)
++ if(!tab_gen) { gen_tabs(); tab_gen = 1; }
++#endif
++
++ switch(n_bytes) {
++ case 32: /* bytes */
++ case 256: /* bits */
++ cx->aes_Nkey = 8;
++ break;
++ case 24: /* bytes */
++ case 192: /* bits */
++ cx->aes_Nkey = 6;
++ break;
++ case 16: /* bytes */
++ case 128: /* bits */
++ default:
++ cx->aes_Nkey = 4;
++ break;
++ }
++
++ cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6;
++
++ cx->aes_e_key[0] = const_word_in(in_key );
++ cx->aes_e_key[1] = const_word_in(in_key + 4);
++ cx->aes_e_key[2] = const_word_in(in_key + 8);
++ cx->aes_e_key[3] = const_word_in(in_key + 12);
++
++ kf = cx->aes_e_key;
++ kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey;
++ rci = 0;
++
++ switch(cx->aes_Nkey)
++ {
++ case 4: do
++ { kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++];
++ kf[5] = kf[1] ^ kf[4];
++ kf[6] = kf[2] ^ kf[5];
++ kf[7] = kf[3] ^ kf[6];
++ kf += 4;
++ }
++ while(kf < kt);
++ break;
++
++ case 6: cx->aes_e_key[4] = const_word_in(in_key + 16);
++ cx->aes_e_key[5] = const_word_in(in_key + 20);
++ do
++ { kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++];
++ kf[ 7] = kf[1] ^ kf[ 6];
++ kf[ 8] = kf[2] ^ kf[ 7];
++ kf[ 9] = kf[3] ^ kf[ 8];
++ kf[10] = kf[4] ^ kf[ 9];
++ kf[11] = kf[5] ^ kf[10];
++ kf += 6;
++ }
++ while(kf < kt);
++ break;
++
++ case 8: cx->aes_e_key[4] = const_word_in(in_key + 16);
++ cx->aes_e_key[5] = const_word_in(in_key + 20);
++ cx->aes_e_key[6] = const_word_in(in_key + 24);
++ cx->aes_e_key[7] = const_word_in(in_key + 28);
++ do
++ { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++];
++ kf[ 9] = kf[1] ^ kf[ 8];
++ kf[10] = kf[2] ^ kf[ 9];
++ kf[11] = kf[3] ^ kf[10];
++ kf[12] = kf[4] ^ ls_box(kf[11],0);
++ kf[13] = kf[5] ^ kf[12];
++ kf[14] = kf[6] ^ kf[13];
++ kf[15] = kf[7] ^ kf[14];
++ kf += 8;
++ }
++ while (kf < kt);
++ break;
++ }
++
++ if(!f)
++ { u_int32_t i;
++
++ kt = cx->aes_d_key + nc * cx->aes_Nrnd;
++ kf = cx->aes_e_key;
++
++ cpy(kt, kf); kt -= 2 * nc;
++
++ for(i = 1; i < cx->aes_Nrnd; ++i)
++ {
++#if defined(ONE_TABLE) || defined(FOUR_TABLES)
++#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES)
++ u_int32_t f2, f4, f8, f9;
++#endif
++ mix(kt, kf);
++#else
++ cpy(kt, kf);
++#endif
++ kt -= 2 * nc;
++ }
++
++ cpy(kt, kf);
++ }
++}
++
++// y = output word, x = input word, r = row, c = column
++// for r = 0, 1, 2 and 3 = column accessed for row r
++
++#if defined(ARRAYS)
++#define s(x,c) x[c]
++#else
++#define s(x,c) x##c
++#endif
++
++// I am grateful to Frank Yellin for the following constructions
++// which, given the column (c) of the output state variable that
++// is being computed, return the input state variables which are
++// needed for each row (r) of the state
++
++// For the fixed block size options, compilers reduce these two
++// expressions to fixed variable references. For variable block
++// size code conditional clauses will sometimes be returned
++
++#define unused 77 // Sunset Strip
++
++#define fwd_var(x,r,c) \
++ ( r==0 ? \
++ ( c==0 ? s(x,0) \
++ : c==1 ? s(x,1) \
++ : c==2 ? s(x,2) \
++ : c==3 ? s(x,3) \
++ : c==4 ? s(x,4) \
++ : c==5 ? s(x,5) \
++ : c==6 ? s(x,6) \
++ : s(x,7)) \
++ : r==1 ? \
++ ( c==0 ? s(x,1) \
++ : c==1 ? s(x,2) \
++ : c==2 ? s(x,3) \
++ : c==3 ? nc==4 ? s(x,0) : s(x,4) \
++ : c==4 ? s(x,5) \
++ : c==5 ? nc==8 ? s(x,6) : s(x,0) \
++ : c==6 ? s(x,7) \
++ : s(x,0)) \
++ : r==2 ? \
++ ( c==0 ? nc==8 ? s(x,3) : s(x,2) \
++ : c==1 ? nc==8 ? s(x,4) : s(x,3) \
++ : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
++ : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
++ : c==4 ? nc==8 ? s(x,7) : s(x,0) \
++ : c==5 ? nc==8 ? s(x,0) : s(x,1) \
++ : c==6 ? s(x,1) \
++ : s(x,2)) \
++ : \
++ ( c==0 ? nc==8 ? s(x,4) : s(x,3) \
++ : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
++ : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
++ : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \
++ : c==4 ? nc==8 ? s(x,0) : s(x,1) \
++ : c==5 ? nc==8 ? s(x,1) : s(x,2) \
++ : c==6 ? s(x,2) \
++ : s(x,3)))
++
++#define inv_var(x,r,c) \
++ ( r==0 ? \
++ ( c==0 ? s(x,0) \
++ : c==1 ? s(x,1) \
++ : c==2 ? s(x,2) \
++ : c==3 ? s(x,3) \
++ : c==4 ? s(x,4) \
++ : c==5 ? s(x,5) \
++ : c==6 ? s(x,6) \
++ : s(x,7)) \
++ : r==1 ? \
++ ( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \
++ : c==1 ? s(x,0) \
++ : c==2 ? s(x,1) \
++ : c==3 ? s(x,2) \
++ : c==4 ? s(x,3) \
++ : c==5 ? s(x,4) \
++ : c==6 ? s(x,5) \
++ : s(x,6)) \
++ : r==2 ? \
++ ( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
++ : c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
++ : c==2 ? nc==8 ? s(x,7) : s(x,0) \
++ : c==3 ? nc==8 ? s(x,0) : s(x,1) \
++ : c==4 ? nc==8 ? s(x,1) : s(x,2) \
++ : c==5 ? nc==8 ? s(x,2) : s(x,3) \
++ : c==6 ? s(x,3) \
++ : s(x,4)) \
++ : \
++ ( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \
++ : c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
++ : c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
++ : c==3 ? nc==8 ? s(x,7) : s(x,0) \
++ : c==4 ? nc==8 ? s(x,0) : s(x,1) \
++ : c==5 ? nc==8 ? s(x,1) : s(x,2) \
++ : c==6 ? s(x,2) \
++ : s(x,3)))
++
++#define si(y,x,k,c) s(y,c) = const_word_in(x + 4 * c) ^ k[c]
++#define so(y,x,c) word_out(y + 4 * c, s(x,c))
++
++#if defined(FOUR_TABLES)
++#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c)
++#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c)
++#elif defined(ONE_TABLE)
++#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c)
++#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c)
++#else
++#define fwd_rnd(y,x,k,c) s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c]
++#define inv_rnd(y,x,k,c) s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c])
++#endif
++
++#if defined(FOUR_LR_TABLES)
++#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c)
++#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c)
++#elif defined(ONE_LR_TABLE)
++#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c)
++#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c)
++#else
++#define fwd_lrnd(y,x,k,c) s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c]
++#define inv_lrnd(y,x,k,c) s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]
++#endif
++
++#if AES_BLOCK_SIZE == 16
++
++#if defined(ARRAYS)
++#define locals(y,x) x[4],y[4]
++#else
++#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
++// the following defines prevent the compiler requiring the declaration
++// of generated but unused variables in the fwd_var and inv_var macros
++#define b04 unused
++#define b05 unused
++#define b06 unused
++#define b07 unused
++#define b14 unused
++#define b15 unused
++#define b16 unused
++#define b17 unused
++#endif
++#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
++ s(y,2) = s(x,2); s(y,3) = s(x,3);
++#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
++#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
++#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
++
++#elif AES_BLOCK_SIZE == 24
++
++#if defined(ARRAYS)
++#define locals(y,x) x[6],y[6]
++#else
++#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5, \
++ y##0,y##1,y##2,y##3,y##4,y##5
++#define b06 unused
++#define b07 unused
++#define b16 unused
++#define b17 unused
++#endif
++#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
++ s(y,2) = s(x,2); s(y,3) = s(x,3); \
++ s(y,4) = s(x,4); s(y,5) = s(x,5);
++#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \
++ si(y,x,k,3); si(y,x,k,4); si(y,x,k,5)
++#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); \
++ so(y,x,3); so(y,x,4); so(y,x,5)
++#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \
++ rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5)
++#else
++
++#if defined(ARRAYS)
++#define locals(y,x) x[8],y[8]
++#else
++#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \
++ y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7
++#endif
++#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
++ s(y,2) = s(x,2); s(y,3) = s(x,3); \
++ s(y,4) = s(x,4); s(y,5) = s(x,5); \
++ s(y,6) = s(x,6); s(y,7) = s(x,7);
++
++#if AES_BLOCK_SIZE == 32
++
++#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \
++ si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7)
++#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \
++ so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7)
++#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \
++ rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7)
++#else
++
++#define state_in(y,x,k) \
++switch(nc) \
++{ case 8: si(y,x,k,7); si(y,x,k,6); \
++ case 6: si(y,x,k,5); si(y,x,k,4); \
++ case 4: si(y,x,k,3); si(y,x,k,2); \
++ si(y,x,k,1); si(y,x,k,0); \
++}
++
++#define state_out(y,x) \
++switch(nc) \
++{ case 8: so(y,x,7); so(y,x,6); \
++ case 6: so(y,x,5); so(y,x,4); \
++ case 4: so(y,x,3); so(y,x,2); \
++ so(y,x,1); so(y,x,0); \
++}
++
++#if defined(FAST_VARIABLE)
++
++#define round(rm,y,x,k) \
++switch(nc) \
++{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
++ rm(y,x,k,5); rm(y,x,k,4); \
++ rm(y,x,k,3); rm(y,x,k,2); \
++ rm(y,x,k,1); rm(y,x,k,0); \
++ break; \
++ case 6: rm(y,x,k,5); rm(y,x,k,4); \
++ rm(y,x,k,3); rm(y,x,k,2); \
++ rm(y,x,k,1); rm(y,x,k,0); \
++ break; \
++ case 4: rm(y,x,k,3); rm(y,x,k,2); \
++ rm(y,x,k,1); rm(y,x,k,0); \
++ break; \
++}
++#else
++
++#define round(rm,y,x,k) \
++switch(nc) \
++{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
++ case 6: rm(y,x,k,5); rm(y,x,k,4); \
++ case 4: rm(y,x,k,3); rm(y,x,k,2); \
++ rm(y,x,k,1); rm(y,x,k,0); \
++}
++
++#endif
++
++#endif
++#endif
++
++void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
++{ u_int32_t locals(b0, b1);
++ const u_int32_t *kp = cx->aes_e_key;
++
++#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
++ u_int32_t f2;
++#endif
++
++ state_in(b0, in_blk, kp); kp += nc;
++
++#if defined(UNROLL)
++
++ switch(cx->aes_Nrnd)
++ {
++ case 14: round(fwd_rnd, b1, b0, kp );
++ round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
++ case 12: round(fwd_rnd, b1, b0, kp );
++ round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
++ case 10: round(fwd_rnd, b1, b0, kp );
++ round(fwd_rnd, b0, b1, kp + nc);
++ round(fwd_rnd, b1, b0, kp + 2 * nc);
++ round(fwd_rnd, b0, b1, kp + 3 * nc);
++ round(fwd_rnd, b1, b0, kp + 4 * nc);
++ round(fwd_rnd, b0, b1, kp + 5 * nc);
++ round(fwd_rnd, b1, b0, kp + 6 * nc);
++ round(fwd_rnd, b0, b1, kp + 7 * nc);
++ round(fwd_rnd, b1, b0, kp + 8 * nc);
++ round(fwd_lrnd, b0, b1, kp + 9 * nc);
++ }
++
++#elif defined(PARTIAL_UNROLL)
++ { u_int32_t rnd;
++
++ for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd)
++ {
++ round(fwd_rnd, b1, b0, kp);
++ round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc;
++ }
++
++ round(fwd_rnd, b1, b0, kp);
++ round(fwd_lrnd, b0, b1, kp + nc);
++ }
++#else
++ { u_int32_t rnd;
++
++ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd)
++ {
++ round(fwd_rnd, b1, b0, kp);
++ l_copy(b0, b1); kp += nc;
++ }
++
++ round(fwd_lrnd, b0, b1, kp);
++ }
++#endif
++
++ state_out(out_blk, b0);
++}
++
++void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
++{ u_int32_t locals(b0, b1);
++ const u_int32_t *kp = cx->aes_d_key;
++
++#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
++ u_int32_t f2, f4, f8, f9;
++#endif
++
++ state_in(b0, in_blk, kp); kp += nc;
++
++#if defined(UNROLL)
++
++ switch(cx->aes_Nrnd)
++ {
++ case 14: round(inv_rnd, b1, b0, kp );
++ round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
++ case 12: round(inv_rnd, b1, b0, kp );
++ round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
++ case 10: round(inv_rnd, b1, b0, kp );
++ round(inv_rnd, b0, b1, kp + nc);
++ round(inv_rnd, b1, b0, kp + 2 * nc);
++ round(inv_rnd, b0, b1, kp + 3 * nc);
++ round(inv_rnd, b1, b0, kp + 4 * nc);
++ round(inv_rnd, b0, b1, kp + 5 * nc);
++ round(inv_rnd, b1, b0, kp + 6 * nc);
++ round(inv_rnd, b0, b1, kp + 7 * nc);
++ round(inv_rnd, b1, b0, kp + 8 * nc);
++ round(inv_lrnd, b0, b1, kp + 9 * nc);
++ }
++
++#elif defined(PARTIAL_UNROLL)
++ { u_int32_t rnd;
++
++ for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd)
++ {
++ round(inv_rnd, b1, b0, kp);
++ round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc;
++ }
++
++ round(inv_rnd, b1, b0, kp);
++ round(inv_lrnd, b0, b1, kp + nc);
++ }
++#else
++ { u_int32_t rnd;
++
++ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd)
++ {
++ round(inv_rnd, b1, b0, kp);
++ l_copy(b0, b1); kp += nc;
++ }
++
++ round(inv_lrnd, b0, b1, kp);
++ }
++#endif
++
++ state_out(out_blk, b0);
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/aes_cbc.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,46 @@
++/*
++// I retain copyright in this code but I encourage its free use provided
++// that I don't carry any responsibility for the results. I am especially
++// happy to see it used in free and open source software. If you do use
++// it I would appreciate an acknowledgement of its origin in the code or
++// the product that results and I would also appreciate knowing a little
++// about the use to which it is being put. I am grateful to Frank Yellin
++// for some ideas that are used in this implementation.
++//
++// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
++//
++// This is an implementation of the AES encryption algorithm (Rijndael)
++// designed by Joan Daemen and Vincent Rijmen. This version is designed
++// to provide both fixed and dynamic block and key lengths and can also
++// run with either big or little endian internal byte order (see aes.h).
++// It inputs block and key lengths in bytes with the legal values being
++// 16, 24 and 32.
++*
++*/
++
++#ifdef __KERNEL__
++#include <linux/types.h>
++#else
++#include <sys/types.h>
++#endif
++#include "crypto/aes_cbc.h"
++#include "crypto/cbc_generic.h"
++
++/* returns bool success */
++int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) {
++ aes_set_key(aes_ctx, key, keysize, 0);
++ return 1;
++}
++CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
++
++
++/*
++ * $Log: aes_cbc.c,v $
++ * Revision 1.2 2004/07/10 07:48:40 mcr
++ * Moved from linux/crypto/ciphers/aes/aes_cbc.c,v
++ *
++ * Revision 1.1 2004/04/06 02:48:12 mcr
++ * pullup of AES cipher from alg-branch.
++ *
++ *
++ */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/aes_xcbc_mac.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,67 @@
++#ifdef __KERNEL__
++#include <linux/types.h>
++#include <linux/kernel.h>
++#define DEBUG(x)
++#else
++#include <stdio.h>
++#include <sys/types.h>
++#define DEBUG(x) x
++#endif
++
++#include "crypto/aes.h"
++#include "crypto/aes_xcbc_mac.h"
++
++int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen)
++{
++ int ret=1;
++ aes_block kn[3] = {
++ { 0x01010101, 0x01010101, 0x01010101, 0x01010101 },
++ { 0x02020202, 0x02020202, 0x02020202, 0x02020202 },
++ { 0x03030303, 0x03030303, 0x03030303, 0x03030303 },
++ };
++ aes_set_key(&ctxm->ctx_k1, key, keylen, 0);
++ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[0], (u_int8_t *) kn[0]);
++ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[1], (u_int8_t *) ctxm->k2);
++ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[2], (u_int8_t *) ctxm->k3);
++ aes_set_key(&ctxm->ctx_k1, (u_int8_t *) kn[0], 16, 0);
++ return ret;
++}
++static void do_pad_xor(u_int8_t *out, const u_int8_t *in, int len) {
++ int pos=0;
++ for (pos=1; pos <= 16; pos++, in++, out++) {
++ if (pos <= len)
++ *out ^= *in;
++ if (pos > len) {
++ DEBUG(printf("put 0x80 at pos=%d\n", pos));
++ *out ^= 0x80;
++ break;
++ }
++ }
++}
++static void xor_block(aes_block res, const aes_block op) {
++ res[0] ^= op[0];
++ res[1] ^= op[1];
++ res[2] ^= op[2];
++ res[3] ^= op[3];
++}
++int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]) {
++ int ret=ilen;
++ u_int32_t out[4] = { 0, 0, 0, 0 };
++ for (; ilen > 16 ; ilen-=16) {
++ xor_block(out, (const u_int32_t*) &in[0]);
++ aes_encrypt(&ctxm->ctx_k1, in, (u_int8_t *)&out[0]);
++ in+=16;
++ }
++ do_pad_xor((u_int8_t *)&out, in, ilen);
++ if (ilen==16) {
++ DEBUG(printf("using k3\n"));
++ xor_block(out, ctxm->k3);
++ }
++ else
++ {
++ DEBUG(printf("using k2\n"));
++ xor_block(out, ctxm->k2);
++ }
++ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *)out, hash);
++ return ret;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/aes/ipsec_alg_aes.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,296 @@
++/*
++ * ipsec_alg AES cipher stubs
++ *
++ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
++ *
++ * ipsec_alg_aes.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * Fixes by:
++ * PK: Pawel Krawczyk <kravietz@aba.krakow.pl>
++ * Fixes list:
++ * PK: make XCBC comply with latest draft (keylength)
++ *
++ */
++#ifndef AUTOCONF_INCLUDED
++#include <linux/config.h>
++#endif
++#include <linux/version.h>
++
++/*
++ * special case: ipsec core modular with this static algo inside:
++ * must avoid MODULE magic for this file
++ */
++#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_AES)
++#undef MODULE
++#endif
++
++#include <linux/module.h>
++#include <linux/init.h>
++
++#include <linux/kernel.h> /* printk() */
++#include <linux/errno.h> /* error codes */
++#include <linux/types.h> /* size_t */
++#include <linux/string.h>
++
++/* Check if __exit is defined, if not null it */
++#ifndef __exit
++#define __exit
++#endif
++
++/* Low freeswan header coupling */
++#include "openswan/ipsec_alg.h"
++#include "crypto/aes_cbc.h"
++
++#define CONFIG_KLIPS_ENC_AES_MAC 1
++
++#define AES_CONTEXT_T aes_context
++static int debug_aes=0;
++static int test_aes=0;
++static int excl_aes=0;
++static int keyminbits=0;
++static int keymaxbits=0;
++#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
++MODULE_AUTHOR("JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>");
++#ifdef module_param
++module_param(debug_aes,int,0600)
++module_param(test_aes,int,0600)
++module_param(excl_aes,int,0600)
++module_param(keyminbits,int,0600)
++module_param(keymaxbits,int,0600)
++#else
++MODULE_PARM(debug_aes, "i");
++MODULE_PARM(test_aes, "i");
++MODULE_PARM(excl_aes, "i");
++MODULE_PARM(keyminbits, "i");
++MODULE_PARM(keymaxbits, "i");
++#endif
++#endif
++
++#if CONFIG_KLIPS_ENC_AES_MAC
++#include "crypto/aes_xcbc_mac.h"
++
++/*
++ * Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt).
++ * We use 9 for non-modular algorithm and none for modular, thus
++ * forcing user to specify one on module load. -kravietz
++ */
++#ifdef MODULE
++static int auth_id=0;
++#else
++static int auth_id=9;
++#endif
++#ifdef module_param
++module_param(auth_id, int, 0600);
++#else
++MODULE_PARM(auth_id, "i");
++#endif
++#endif
++
++#define ESP_AES 12 /* truely _constant_ :) */
++
++/* 128, 192 or 256 */
++#define ESP_AES_KEY_SZ_MIN 16 /* 128 bit secret key */
++#define ESP_AES_KEY_SZ_MAX 32 /* 256 bit secret key */
++#define ESP_AES_CBC_BLK_LEN 16 /* AES-CBC block size */
++
++/* Values according to draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt
++ * -kravietz
++ */
++#define ESP_AES_MAC_KEY_SZ 16 /* 128 bit MAC key */
++#define ESP_AES_MAC_BLK_LEN 16 /* 128 bit block */
++
++static int _aes_set_key(struct ipsec_alg_enc *alg,
++ __u8 * key_e, const __u8 * key,
++ size_t keysize)
++{
++ int ret;
++ AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
++ ret=AES_set_key(ctx, key, keysize)!=0? 0: -EINVAL;
++ if (debug_aes > 0)
++ printk(KERN_DEBUG "klips_debug:_aes_set_key:"
++ "ret=%d key_e=%p key=%p keysize=%ld\n",
++ ret, key_e, key, (unsigned long int) keysize);
++ return ret;
++}
++
++static int _aes_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e,
++ __u8 * in, int ilen, const __u8 * iv,
++ int encrypt)
++{
++ AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
++ if (debug_aes > 0)
++ printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:"
++ "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n",
++ key_e, in, ilen, iv, encrypt);
++ return AES_cbc_encrypt(ctx, in, in, ilen, iv, encrypt);
++}
++#if CONFIG_KLIPS_ENC_AES_MAC
++static int _aes_mac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) {
++ aes_context_mac *ctxm=(aes_context_mac *)key_a;
++ return AES_xcbc_mac_set_key(ctxm, key, keylen)? 0 : -EINVAL;
++}
++static int _aes_mac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) {
++ int ret;
++ char hash_buf[16];
++ aes_context_mac *ctxm=(aes_context_mac *)key_a;
++ ret=AES_xcbc_mac_hash(ctxm, dat, len, hash_buf);
++ memcpy(hash, hash_buf, hashlen);
++ return ret;
++}
++static struct ipsec_alg_auth ipsec_alg_AES_MAC = {
++ ixt_common: { ixt_version: IPSEC_ALG_VERSION,
++ ixt_refcnt: ATOMIC_INIT(0),
++ ixt_name: "aes_mac",
++ ixt_blocksize: ESP_AES_MAC_BLK_LEN,
++ ixt_support: {
++ ias_exttype: IPSEC_ALG_TYPE_AUTH,
++ ias_id: 0,
++ ias_keyminbits: ESP_AES_MAC_KEY_SZ*8,
++ ias_keymaxbits: ESP_AES_MAC_KEY_SZ*8,
++ },
++ },
++#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
++ ixt_module: THIS_MODULE,
++#endif
++ ixt_a_keylen: ESP_AES_MAC_KEY_SZ,
++ ixt_a_ctx_size: sizeof(aes_context_mac),
++ ixt_a_hmac_set_key: _aes_mac_set_key,
++ ixt_a_hmac_hash:_aes_mac_hash,
++};
++#endif /* CONFIG_KLIPS_ENC_AES_MAC */
++static struct ipsec_alg_enc ipsec_alg_AES = {
++ ixt_common: { ixt_version: IPSEC_ALG_VERSION,
++ ixt_refcnt: ATOMIC_INIT(0),
++ ixt_name: "aes",
++ ixt_blocksize: ESP_AES_CBC_BLK_LEN,
++ ixt_support: {
++ ias_exttype: IPSEC_ALG_TYPE_ENCRYPT,
++ ias_id: ESP_AES,
++ ias_keyminbits: ESP_AES_KEY_SZ_MIN*8,
++ ias_keymaxbits: ESP_AES_KEY_SZ_MAX*8,
++ },
++ },
++#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
++ ixt_module: THIS_MODULE,
++#endif
++ ixt_e_keylen: ESP_AES_KEY_SZ_MAX,
++ ixt_e_ctx_size: sizeof(AES_CONTEXT_T),
++ ixt_e_set_key: _aes_set_key,
++ ixt_e_cbc_encrypt:_aes_cbc_encrypt,
++};
++
++#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
++IPSEC_ALG_MODULE_INIT_MOD( ipsec_aes_init )
++#else
++IPSEC_ALG_MODULE_INIT_STATIC( ipsec_aes_init )
++#endif
++{
++ int ret, test_ret;
++
++ if (keyminbits)
++ ipsec_alg_AES.ixt_common.ixt_support.ias_keyminbits=keyminbits;
++ if (keymaxbits) {
++ ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits=keymaxbits;
++ if (keymaxbits*8>ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits)
++ ipsec_alg_AES.ixt_e_keylen=keymaxbits*8;
++ }
++ if (excl_aes) ipsec_alg_AES.ixt_common.ixt_state |= IPSEC_ALG_ST_EXCL;
++ ret=register_ipsec_alg_enc(&ipsec_alg_AES);
++ printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n",
++ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype,
++ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
++ ipsec_alg_AES.ixt_common.ixt_name,
++ ret);
++ if (ret==0 && test_aes) {
++ test_ret=ipsec_alg_test(
++ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype ,
++ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
++ test_aes);
++ printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n",
++ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype ,
++ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
++ test_ret);
++ }
++#if CONFIG_KLIPS_ENC_AES_MAC
++ if (auth_id!=0){
++ int ret;
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id=auth_id;
++ ret=register_ipsec_alg_auth(&ipsec_alg_AES_MAC);
++ printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n",
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
++ ipsec_alg_AES_MAC.ixt_common.ixt_name,
++ ret);
++ if (ret==0 && test_aes) {
++ test_ret=ipsec_alg_test(
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
++ test_aes);
++ printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n",
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
++ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
++ test_ret);
++ }
++ } else {
++ printk(KERN_DEBUG "klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=%d)\n", auth_id);
++ }
++#endif /* CONFIG_KLIPS_ENC_AES_MAC */
++ return ret;
++}
++
++#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
++IPSEC_ALG_MODULE_EXIT_MOD( ipsec_aes_fini )
++#else
++IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_aes_fini )
++#endif
++{
++#if CONFIG_KLIPS_ENC_AES_MAC
++ if (auth_id) unregister_ipsec_alg_auth(&ipsec_alg_AES_MAC);
++#endif /* CONFIG_KLIPS_ENC_AES_MAC */
++ unregister_ipsec_alg_enc(&ipsec_alg_AES);
++ return;
++}
++#ifdef MODULE_LICENSE
++MODULE_LICENSE("GPL");
++#endif
++
++#if 0 /* +NOT_YET */
++#ifndef MODULE
++/*
++ * This is intended for static module setups, currently
++ * doesn't work for modular ipsec.o with static algos inside
++ */
++static int setup_keybits(const char *str)
++{
++ unsigned aux;
++ char *end;
++
++ aux = simple_strtoul(str,&end,0);
++ if (aux != 128 && aux != 192 && aux != 256)
++ return 0;
++ keyminbits = aux;
++
++ if (*end == 0 || *end != ',')
++ return 1;
++ str=end+1;
++ aux = simple_strtoul(str, NULL, 0);
++ if (aux != 128 && aux != 192 && aux != 256)
++ return 0;
++ if (aux >= keyminbits)
++ keymaxbits = aux;
++ return 1;
++}
++__setup("ipsec_aes_keybits=", setup_keybits);
++#endif
++#endif
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Config.alg_aes.in Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,3 @@
++if [ "$CONFIG_IPSEC_ALG" = "y" ]; then
++ tristate ' AES encryption algorithm' CONFIG_IPSEC_ENC_AES
++fi
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Config.alg_cryptoapi.in Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,6 @@
++if [ "$CONFIG_IPSEC_ALG" = "y" ]; then
++ dep_tristate ' CRYPTOAPI ciphers support (needs cryptoapi patch)' CONFIG_IPSEC_ALG_CRYPTOAPI $CONFIG_CRYPTO
++ if [ "$CONFIG_IPSEC_ALG_CRYPTOAPI" != "n" ]; then
++ bool ' CRYPTOAPI proprietary ciphers ' CONFIG_IPSEC_ALG_NON_LIBRE
++ fi
++fi
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Config.in Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,3 @@
++#Placeholder
++source net/ipsec/alg/Config.alg_aes.in
++source net/ipsec/alg/Config.alg_cryptoapi.in
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Makefile Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,112 @@
++# Makefile,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
++ifeq ($(strip $(KLIPSMODULE)),)
++FREESWANSRCDIR=.
++else
++FREESWANSRCDIR=../../../..
++endif
++ifeq ($(strip $(KLIPS_TOP)),)
++KLIPS_TOP=../../..
++override EXTRA_CFLAGS += -I$(KLIPS_TOP)/include
++endif
++
++ifeq ($(CONFIG_IPSEC_DEBUG),y)
++override EXTRA_CFLAGS += -g
++endif
++
++# LIBCRYPTO normally comes as an argument from "parent" Makefile
++# (this applies both to FS' "make module" and eg. Linux' "make modules"
++# But make dep doest follow same evaluations, so we need this default:
++LIBCRYPTO=$(TOPDIR)/lib/libcrypto
++
++override EXTRA_CFLAGS += -I$(LIBCRYPTO)/include
++override EXTRA_CFLAGS += -Wall -Wpointer-arith -Wstrict-prototypes
++
++MOD_LIST_NAME := NET_MISC_MODULES
++
++#O_TARGET := static_init.o
++
++subdir- :=
++subdir-n :=
++subdir-y :=
++subdir-m :=
++
++obj-y := static_init.o
++
++ARCH_ASM-y :=
++ARCH_ASM-$(CONFIG_M586) := i586
++ARCH_ASM-$(CONFIG_M586TSC) := i586
++ARCH_ASM-$(CONFIG_M586MMX) := i586
++ARCH_ASM-$(CONFIG_MK6) := i586
++ARCH_ASM-$(CONFIG_M686) := i686
++ARCH_ASM-$(CONFIG_MPENTIUMIII) := i686
++ARCH_ASM-$(CONFIG_MPENTIUM4) := i686
++ARCH_ASM-$(CONFIG_MK7) := i686
++ARCH_ASM-$(CONFIG_MCRUSOE) := i586
++ARCH_ASM-$(CONFIG_MWINCHIPC6) := i586
++ARCH_ASM-$(CONFIG_MWINCHIP2) := i586
++ARCH_ASM-$(CONFIG_MWINCHIP3D) := i586
++ARCH_ASM-$(CONFIG_USERMODE) := i586
++
++ARCH_ASM :=$(ARCH_ASM-y)
++ifdef NO_ASM
++ARCH_ASM :=
++endif
++
++# The algorithm makefiles may put dependences, short-circuit them
++null:
++
++makefiles=$(filter-out %.preipsec, $(wildcard Makefile.alg_*))
++ifneq ($(makefiles),)
++#include Makefile.alg_aes
++#include Makefile.alg_aes-opt
++include $(makefiles)
++endif
++
++# These rules translate from new to old makefile rules
++# Translate to Rules.make lists.
++multi-used := $(filter $(list-multi), $(obj-y) $(obj-m))
++multi-objs := $(foreach m, $(multi-used), $($(basename $(m))-objs))
++active-objs := $(sort $(multi-objs) $(obj-y) $(obj-m))
++O_OBJS := $(obj-y)
++M_OBJS := $(obj-m)
++MIX_OBJS := $(filter $(export-objs), $(active-objs))
++#OX_OBJS := $(export-objs)
++SUB_DIRS := $(subdir-y)
++ALL_SUB_DIRS := $(subdir-y) $(subdir-m)
++MOD_SUB_DIRS := $(subdir-m)
++
++
++static_init_mod.o: $(obj-y)
++ rm -f $@
++ $(LD) $(LD_EXTRAFLAGS) $(obj-y) -r -o $@
++
++perlasm: ../../../crypto/ciphers/des/asm/perlasm
++ ln -sf $? $@
++
++$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h
++$(alg_obj-y) $(alg_obj-m): perlasm $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h
++
++
++all_alg_modules: perlasm $(ALG_MODULES)
++ @echo "ALG_MODULES=$(ALG_MODULES)"
++
++
++#
++# Construct alg. init. function: call ipsec_ALGO_init() for every static algo
++# Needed when there are static algos (with static or modular ipsec.o)
++#
++static_init.c: $(TOPDIR)/include/linux/autoconf.h Makefile $(makefiles) scripts/mk-static_init.c.sh
++ @echo "Re-creating $@"
++ $(SHELL) scripts/mk-static_init.c.sh $(static_init-func-y) > $@
++
++clean:
++ @for i in $(ALG_SUBDIRS);do test -d $$i && make -C $$i clean;done;exit 0
++ @find . -type l -exec rm -f {} \;
++ -rm -f perlasm
++ -rm -rf $(ALG_SUBDIRS)
++ -rm -f *.o static_init.c
++
++ifdef TOPDIR
++include $(TOPDIR)/Rules.make
++endif
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Makefile.alg_aes Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,18 @@
++MOD_AES := ipsec_aes.o
++
++ALG_MODULES += $(MOD_AES)
++ALG_SUBDIRS += libaes
++
++obj-$(CONFIG_IPSEC_ALG_AES) += $(MOD_AES)
++static_init-func-$(CONFIG_IPSEC_ALG_AES)+= ipsec_aes_init
++alg_obj-$(CONFIG_IPSEC_ALG_AES) += ipsec_alg_aes.o
++
++AES_OBJS := ipsec_alg_aes.o $(LIBCRYPTO)/libaes/libaes.a
++
++
++$(MOD_AES): $(AES_OBJS)
++ $(LD) $(EXTRA_LDFLAGS) -r $(AES_OBJS) -o $@
++
++$(LIBCRYPTO)/libaes/libaes.a:
++ $(MAKE) -C $(LIBCRYPTO)/libaes CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' libaes.a
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/Makefile.alg_cryptoapi Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,14 @@
++MOD_CRYPTOAPI := ipsec_cryptoapi.o
++
++ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
++ALG_MODULES += $(MOD_CRYPTOAPI)
++obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
++static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
++alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
++else
++$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
++endif
++
++CRYPTOAPI_OBJS := ipsec_alg_cryptoapi.o
++$(MOD_CRYPTOAPI): $(CRYPTOAPI_OBJS)
++ $(LD) -r $(CRYPTOAPI_OBJS) -o $@
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/ipsec_alg_cryptoapi.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,442 @@
++/*
++ * ipsec_alg to linux cryptoapi GLUE
++ *
++ * Authors: CODE.ar TEAM
++ * Harpo MAxx <harpo@linuxmendoza.org.ar>
++ * JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
++ * Luciano Ruete <docemeses@softhome.net>
++ *
++ * ipsec_alg_cryptoapi.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by the
++ * Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * for more details.
++ *
++ * Example usage:
++ * modinfo -p ipsec_cryptoapi (quite useful info, including supported algos)
++ * modprobe ipsec_cryptoapi
++ * modprobe ipsec_cryptoapi test=1
++ * modprobe ipsec_cryptoapi excl=1 (exclusive cipher/algo)
++ * modprobe ipsec_cryptoapi noauto=1 aes=1 twofish=1 (only these ciphers)
++ * modprobe ipsec_cryptoapi aes=128,128 (force these keylens)
++ * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES)
++ */
++#ifndef AUTOCONF_INCLUDED
++#include <linux/config.h>
++#endif
++#include <linux/version.h>
++
++/*
++ * special case: ipsec core modular with this static algo inside:
++ * must avoid MODULE magic for this file
++ */
++#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_CRYPTOAPI
++#undef MODULE
++#endif
++
++#include <linux/module.h>
++#include <linux/init.h>
++
++#include <linux/kernel.h> /* printk() */
++#include <linux/errno.h> /* error codes */
++#include <linux/types.h> /* size_t */
++#include <linux/string.h>
++
++/* Check if __exit is defined, if not null it */
++#ifndef __exit
++#define __exit
++#endif
++
++/* warn the innocent */
++#if !defined (CONFIG_CRYPTO) && !defined (CONFIG_CRYPTO_MODULE)
++#warning "No linux CryptoAPI found, install 2.4.22+ or 2.6.x"
++#define NO_CRYPTOAPI_SUPPORT
++#endif
++/* Low freeswan header coupling */
++#include "openswan/ipsec_alg.h"
++
++#include <linux/crypto.h>
++#ifdef CRYPTO_API_VERSION_CODE
++#warning "Old CryptoAPI is not supported. Only linux-2.4.22+ or linux-2.6.x are supported"
++#define NO_CRYPTOAPI_SUPPORT
++#endif
++
++#ifdef NO_CRYPTOAPI_SUPPORT
++#warning "Building an unusable module :P"
++/* Catch old CryptoAPI by not allowing module to load */
++IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
++{
++ printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n");
++ return -EINVAL;
++}
++#else
++#include <asm/scatterlist.h>
++#include <asm/pgtable.h>
++#include <linux/mm.h>
++
++#define CIPHERNAME_AES "aes"
++#define CIPHERNAME_3DES "des3_ede"
++#define CIPHERNAME_BLOWFISH "blowfish"
++#define CIPHERNAME_CAST "cast5"
++#define CIPHERNAME_SERPENT "serpent"
++#define CIPHERNAME_TWOFISH "twofish"
++
++#define ESP_3DES 3
++#define ESP_AES 12
++#define ESP_BLOWFISH 7 /* truely _constant_ :) */
++#define ESP_CAST 6 /* quite constant :) */
++#define ESP_SERPENT 252 /* from ipsec drafts */
++#define ESP_TWOFISH 253 /* from ipsec drafts */
++
++#define AH_MD5 2
++#define AH_SHA 3
++#define DIGESTNAME_MD5 "md5"
++#define DIGESTNAME_SHA1 "sha1"
++
++MODULE_AUTHOR("Juanjo Ciarlante, Harpo MAxx, Luciano Ruete");
++static int debug=0;
++static int test=0;
++static int excl=0;
++static int noauto = 0;
++
++static int des_ede3[] = {-1, -1};
++static int aes[] = {-1, -1};
++static int blowfish[] = {-1, -1};
++static int cast[] = {-1, -1};
++static int serpent[] = {-1, -1};
++static int twofish[] = {-1, -1};
++
++#ifdef module_param
++module_param(debug,int,0600);
++module_param(test,int,0600);
++module_param(ebug,int,0600);
++
++module_param(noauto,int,0600);
++module_param(ebug,int,0600);
++
++module_param_array(des_ede3,int,NULL,0);
++module_param(aes,int,NULL,0);
++module_param(blowfish,int,NULL,0);
++module_param(cast,int,NULL,0);
++module_param(serpent,int,NULL,0);
++module_param(twofish,int,NULL,0);
++#else
++MODULE_PARM(debug, "i");
++MODULE_PARM(test, "i");
++MODULE_PARM(excl, "i");
++
++MODULE_PARM(noauto,"i");
++
++MODULE_PARM(des_ede3,"1-2i");
++MODULE_PARM(aes,"1-2i");
++MODULE_PARM(blowfish,"1-2i");
++MODULE_PARM(cast,"1-2i");
++MODULE_PARM(serpent,"1-2i");
++MODULE_PARM(twofish,"1-2i");
++#endif
++
++MODULE_PARM_DESC(noauto, "Dont try all known algos, just setup enabled ones");
++
++MODULE_PARM_DESC(des_ede3, "0: disable | 1: force_enable | min,max: dontuse");
++MODULE_PARM_DESC(aes, "0: disable | 1: force_enable | min,max: keybitlens");
++MODULE_PARM_DESC(blowfish, "0: disable | 1: force_enable | min,max: keybitlens");
++MODULE_PARM_DESC(cast, "0: disable | 1: force_enable | min,max: keybitlens");
++MODULE_PARM_DESC(serpent, "0: disable | 1: force_enable | min,max: keybitlens");
++MODULE_PARM_DESC(twofish, "0: disable | 1: force_enable | min,max: keybitlens");
++
++struct ipsec_alg_capi_cipher {
++ const char *ciphername; /* cryptoapi's ciphername */
++ unsigned blocksize;
++ unsigned short minbits;
++ unsigned short maxbits;
++ int *parm; /* lkm param for this cipher */
++ struct ipsec_alg_enc alg; /* note it's not a pointer */
++};
++static struct ipsec_alg_capi_cipher alg_capi_carray[] = {
++ { CIPHERNAME_AES , 16, 128, 256, aes , { ixt_alg_id: ESP_AES, }},
++ { CIPHERNAME_TWOFISH , 16, 128, 256, twofish, { ixt_alg_id: ESP_TWOFISH, }},
++ { CIPHERNAME_SERPENT , 16, 128, 256, serpent, { ixt_alg_id: ESP_SERPENT, }},
++ { CIPHERNAME_CAST , 8, 128, 128, cast , { ixt_alg_id: ESP_CAST, }},
++ { CIPHERNAME_BLOWFISH , 8, 96, 448, blowfish,{ ixt_alg_id: ESP_BLOWFISH, }},
++ { CIPHERNAME_3DES , 8, 192, 192, des_ede3,{ ixt_alg_id: ESP_3DES, }},
++ { NULL, 0, 0, 0, NULL, {} }
++};
++#ifdef NOT_YET
++struct ipsec_alg_capi_digest {
++ const char *digestname; /* cryptoapi's digestname */
++ struct digest_implementation *di;
++ struct ipsec_alg_auth alg; /* note it's not a pointer */
++};
++static struct ipsec_alg_capi_cipher alg_capi_darray[] = {
++ { DIGESTNAME_MD5, NULL, { ixt_alg_id: AH_MD5, }},
++ { DIGESTNAME_SHA1, NULL, { ixt_alg_id: AH_SHA, }},
++ { NULL, NULL, {} }
++};
++#endif
++/*
++ * "generic" linux cryptoapi setup_cipher() function
++ */
++int setup_cipher(const char *ciphername)
++{
++ return crypto_alg_available(ciphername, 0);
++}
++
++/*
++ * setups ipsec_alg_capi_cipher "hyper" struct components, calling
++ * register_ipsec_alg for cointaned ipsec_alg object
++ */
++static void _capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e);
++static __u8 * _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen);
++static int _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt);
++
++static int
++setup_ipsec_alg_capi_cipher(struct ipsec_alg_capi_cipher *cptr)
++{
++ int ret;
++ cptr->alg.ixt_version = IPSEC_ALG_VERSION;
++ cptr->alg.ixt_module = THIS_MODULE;
++ atomic_set (& cptr->alg.ixt_refcnt, 0);
++ strncpy (cptr->alg.ixt_name , cptr->ciphername, sizeof (cptr->alg.ixt_name));
++
++ cptr->alg.ixt_blocksize=cptr->blocksize;
++ cptr->alg.ixt_keyminbits=cptr->minbits;
++ cptr->alg.ixt_keymaxbits=cptr->maxbits;
++ cptr->alg.ixt_state = 0;
++ if (excl) cptr->alg.ixt_state |= IPSEC_ALG_ST_EXCL;
++ cptr->alg.ixt_e_keylen=cptr->alg.ixt_keymaxbits/8;
++ cptr->alg.ixt_e_ctx_size = 0;
++ cptr->alg.ixt_alg_type = IPSEC_ALG_TYPE_ENCRYPT;
++ cptr->alg.ixt_e_new_key = _capi_new_key;
++ cptr->alg.ixt_e_destroy_key = _capi_destroy_key;
++ cptr->alg.ixt_e_cbc_encrypt = _capi_cbc_encrypt;
++ cptr->alg.ixt_data = cptr;
++
++ ret=register_ipsec_alg_enc(&cptr->alg);
++ printk("setup_ipsec_alg_capi_cipher(): "
++ "alg_type=%d alg_id=%d name=%s "
++ "keyminbits=%d keymaxbits=%d, ret=%d\n",
++ cptr->alg.ixt_alg_type,
++ cptr->alg.ixt_alg_id,
++ cptr->alg.ixt_name,
++ cptr->alg.ixt_keyminbits,
++ cptr->alg.ixt_keymaxbits,
++ ret);
++ return ret;
++}
++/*
++ * called in ipsec_sa_wipe() time, will destroy key contexts
++ * and do 1 unbind()
++ */
++static void
++_capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e)
++{
++ struct crypto_tfm *tfm=(struct crypto_tfm*)key_e;
++
++ if (debug > 0)
++ printk(KERN_DEBUG "klips_debug: _capi_destroy_key:"
++ "name=%s key_e=%p \n",
++ alg->ixt_name, key_e);
++ if (!key_e) {
++ printk(KERN_ERR "klips_debug: _capi_destroy_key:"
++ "name=%s NULL key_e!\n",
++ alg->ixt_name);
++ return;
++ }
++ crypto_free_tfm(tfm);
++}
++
++/*
++ * create new key context, need alg->ixt_data to know which
++ * (of many) cipher inside this module is the target
++ */
++static __u8 *
++_capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen)
++{
++ struct ipsec_alg_capi_cipher *cptr;
++ struct crypto_tfm *tfm=NULL;
++
++ cptr = alg->ixt_data;
++ if (!cptr) {
++ printk(KERN_ERR "_capi_new_key(): "
++ "NULL ixt_data (?!) for \"%s\" algo\n"
++ , alg->ixt_name);
++ goto err;
++ }
++ if (debug > 0)
++ printk(KERN_DEBUG "klips_debug:_capi_new_key:"
++ "name=%s cptr=%p key=%p keysize=%d\n",
++ alg->ixt_name, cptr, key, keylen);
++
++ /*
++ * alloc tfm
++ */
++ tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC);
++ if (!tfm) {
++ printk(KERN_ERR "_capi_new_key(): "
++ "NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n"
++ , alg->ixt_name, cptr->ciphername);
++ goto err;
++ }
++ if (crypto_cipher_setkey(tfm, key, keylen) < 0) {
++ printk(KERN_ERR "_capi_new_key(): "
++ "failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n"
++ , alg->ixt_name, keylen);
++ crypto_free_tfm(tfm);
++ tfm=NULL;
++ }
++err:
++ if (debug > 0)
++ printk(KERN_DEBUG "klips_debug:_capi_new_key:"
++ "name=%s key=%p keylen=%d tfm=%p\n",
++ alg->ixt_name, key, keylen, tfm);
++ return (__u8 *) tfm;
++}
++/*
++ * core encryption function: will use cx->ci to call actual cipher's
++ * cbc function
++ */
++static int
++_capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) {
++ int error =0;
++ struct crypto_tfm *tfm=(struct crypto_tfm *)key_e;
++ struct scatterlist sg = {
++ .page = virt_to_page(in),
++ .offset = (unsigned long)(in) % PAGE_SIZE,
++ .length=ilen,
++ };
++ if (debug > 1)
++ printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
++ "key_e=%p "
++ "in=%p out=%p ilen=%d iv=%p encrypt=%d\n"
++ , key_e
++ , in, in, ilen, iv, encrypt);
++ crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm));
++ if (encrypt)
++ error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen);
++ else
++ error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen);
++ if (debug > 1)
++ printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
++ "error=%d\n"
++ , error);
++ return (error<0)? error : ilen;
++}
++/*
++ * main initialization loop: for each cipher in list, do
++ * 1) setup cryptoapi cipher else continue
++ * 2) register ipsec_alg object
++ */
++static int
++setup_cipher_list (struct ipsec_alg_capi_cipher* clist)
++{
++ struct ipsec_alg_capi_cipher *cptr;
++ /* foreach cipher in list ... */
++ for (cptr=clist;cptr->ciphername;cptr++) {
++ /*
++ * see if cipher has been disabled (0) or
++ * if noauto set and not enabled (1)
++ */
++ if (cptr->parm[0] == 0 || (noauto && cptr->parm[0] < 0)) {
++ if (debug>0)
++ printk(KERN_INFO "setup_cipher_list(): "
++ "ciphername=%s skipped at user request: "
++ "noauto=%d parm[0]=%d parm[1]=%d\n"
++ , cptr->ciphername
++ , noauto
++ , cptr->parm[0]
++ , cptr->parm[1]);
++ continue;
++ }
++ /*
++ * use a local ci to avoid touching cptr->ci,
++ * if register ipsec_alg success then bind cipher
++ */
++ if( setup_cipher(cptr->ciphername) ) {
++ if (debug > 0)
++ printk(KERN_DEBUG "klips_debug:"
++ "setup_cipher_list():"
++ "ciphername=%s found\n"
++ , cptr->ciphername);
++ if (setup_ipsec_alg_capi_cipher(cptr) == 0) {
++
++
++ } else {
++ printk(KERN_ERR "klips_debug:"
++ "setup_cipher_list():"
++ "ciphername=%s failed ipsec_alg_register\n"
++ , cptr->ciphername);
++ }
++ } else {
++ if (debug>0)
++ printk(KERN_INFO "setup_cipher_list(): lookup for ciphername=%s: not found \n",
++ cptr->ciphername);
++ }
++ }
++ return 0;
++}
++/*
++ * deregister ipsec_alg objects and unbind ciphers
++ */
++static int
++unsetup_cipher_list (struct ipsec_alg_capi_cipher* clist)
++{
++ struct ipsec_alg_capi_cipher *cptr;
++ /* foreach cipher in list ... */
++ for (cptr=clist;cptr->ciphername;cptr++) {
++ if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) {
++ unregister_ipsec_alg_enc(&cptr->alg);
++ }
++ }
++ return 0;
++}
++/*
++ * test loop for registered algos
++ */
++static int
++test_cipher_list (struct ipsec_alg_capi_cipher* clist)
++{
++ int test_ret;
++ struct ipsec_alg_capi_cipher *cptr;
++ /* foreach cipher in list ... */
++ for (cptr=clist;cptr->ciphername;cptr++) {
++ if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) {
++ test_ret=ipsec_alg_test(
++ cptr->alg.ixt_alg_type,
++ cptr->alg.ixt_alg_id,
++ test);
++ printk("test_cipher_list(alg_type=%d alg_id=%d): test_ret=%d\n",
++ cptr->alg.ixt_alg_type,
++ cptr->alg.ixt_alg_id,
++ test_ret);
++ }
++ }
++ return 0;
++}
++
++IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
++{
++ int ret, test_ret;
++ if ((ret=setup_cipher_list(alg_capi_carray)) < 0)
++ return -EPROTONOSUPPORT;
++ if (ret==0 && test) {
++ test_ret=test_cipher_list(alg_capi_carray);
++ }
++ return ret;
++}
++IPSEC_ALG_MODULE_EXIT( ipsec_cryptoapi_fini )
++{
++ unsetup_cipher_list(alg_capi_carray);
++ return;
++}
++#ifdef MODULE_LICENSE
++MODULE_LICENSE("GPL");
++#endif
++
++EXPORT_NO_SYMBOLS;
++#endif /* NO_CRYPTOAPI_SUPPORT */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/alg/scripts/mk-static_init.c.sh Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,18 @@
++#!/bin/sh
++cat << EOF
++#include <linux/kernel.h>
++#include <linux/list.h>
++#include "freeswan/ipsec_alg.h"
++$(for i in $*; do
++ test -z "$i" && continue
++ echo "extern int $i(void);"
++done)
++void ipsec_alg_static_init(void){
++ int __attribute__ ((unused)) err=0;
++$(for i in $*; do
++ test -z "$i" && continue
++ echo " if ((err=$i()) < 0)"
++ echo " printk(KERN_WARNING \"$i() returned %d\", err);"
++done)
++}
++EOF
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/anyaddr.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,148 @@
++/*
++ * special addresses
++ * Copyright (C) 2000 Henry Spencer.
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: anyaddr.c,v 1.10.10.1 2006/11/24 05:55:46 paul Exp $
++ */
++#include "openswan.h"
++
++/* these are mostly fallbacks for the no-IPv6-support-in-library case */
++#ifndef IN6ADDR_ANY_INIT
++#define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}}
++#endif
++#ifndef IN6ADDR_LOOPBACK_INIT
++#define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}}
++#endif
++
++static struct in6_addr v6any = IN6ADDR_ANY_INIT;
++static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT;
++
++/*
++ - anyaddr - initialize to the any-address value
++ */
++err_t /* NULL for success, else string literal */
++anyaddr(af, dst)
++int af; /* address family */
++ip_address *dst;
++{
++ uint32_t v4any = htonl(INADDR_ANY);
++
++ switch (af) {
++ case AF_INET:
++ return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst);
++ break;
++ case AF_INET6:
++ return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst);
++ break;
++ default:
++ return "unknown address family in anyaddr/unspecaddr";
++ break;
++ }
++}
++
++/*
++ - unspecaddr - initialize to the unspecified-address value
++ */
++err_t /* NULL for success, else string literal */
++unspecaddr(af, dst)
++int af; /* address family */
++ip_address *dst;
++{
++ return anyaddr(af, dst);
++}
++
++/*
++ - loopbackaddr - initialize to the loopback-address value
++ */
++err_t /* NULL for success, else string literal */
++loopbackaddr(af, dst)
++int af; /* address family */
++ip_address *dst;
++{
++ uint32_t v4loop = htonl(INADDR_LOOPBACK);
++
++ switch (af) {
++ case AF_INET:
++ return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst);
++ break;
++ case AF_INET6:
++ return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst);
++ break;
++ default:
++ return "unknown address family in loopbackaddr";
++ break;
++ }
++}
++
++/*
++ - isanyaddr - test for the any-address value
++ */
++int
++isanyaddr(src)
++const ip_address *src;
++{
++ uint32_t v4any = htonl(INADDR_ANY);
++ int cmp;
++
++ switch (src->u.v4.sin_family) {
++ case AF_INET:
++ cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any));
++ break;
++ case AF_INET6:
++ cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any));
++ break;
++ case 0:
++ /* a zeroed structure is considered any address */
++ return 1;
++ default:
++ return 0;
++ break;
++ }
++
++ return (cmp == 0) ? 1 : 0;
++}
++
++/*
++ - isunspecaddr - test for the unspecified-address value
++ */
++int
++isunspecaddr(src)
++const ip_address *src;
++{
++ return isanyaddr(src);
++}
++
++/*
++ - isloopbackaddr - test for the loopback-address value
++ */
++int
++isloopbackaddr(src)
++const ip_address *src;
++{
++ uint32_t v4loop = htonl(INADDR_LOOPBACK);
++ int cmp;
++
++ switch (src->u.v4.sin_family) {
++ case AF_INET:
++ cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop));
++ break;
++ case AF_INET6:
++ cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop));
++ break;
++ default:
++ return 0;
++ break;
++ }
++
++ return (cmp == 0) ? 1 : 0;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/datatot.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,234 @@
++/*
++ * convert from binary data (e.g. key) to text form
++ * Copyright (C) 2000 Henry Spencer.
++ *
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU Library General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at your
++ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
++ * License for more details.
++ *
++ * RCSID $Id: datatot.c,v 1.7 2005/04/14 20:48:43 mcr Exp $
++ */
++#include "openswan.h"
++
++static void convert(const char *src, size_t nreal, int format, char *out);
++
++/*
++ - datatot - convert data bytes to text
++ */
++size_t /* true length (with NUL) for success */
++datatot(src, srclen, format, dst, dstlen)
++const char *src;
++size_t srclen;
++int format; /* character indicating what format */
++char *dst; /* need not be valid if dstlen is 0 */
++size_t dstlen;
++{
++ size_t inblocksize; /* process this many bytes at a time */
++ size_t outblocksize; /* producing this many */
++ size_t breakevery; /* add a _ every this many (0 means don't) */
++ size_t sincebreak; /* output bytes since last _ */
++ char breakchar; /* character used to break between groups */
++ char inblock[10]; /* enough for any format */
++ char outblock[10]; /* enough for any format */
++ char fake[1]; /* fake output area for dstlen == 0 */
++ size_t needed; /* return value */
++ char *stop; /* where the terminating NUL will go */
++ size_t ntodo; /* remaining input */
++ size_t nreal;
++ char *out;
++ char *prefix;
++
++ breakevery = 0;
++ breakchar = '_';
++
++ switch (format) {
++ case 0:
++ case 'h':
++ format = 'x';
++ breakevery = 8;
++ /* FALLTHROUGH */
++ case 'x':
++ inblocksize = 1;
++ outblocksize = 2;
++ prefix = "0x";
++ break;
++ case ':':
++ format = 'x';
++ breakevery = 2;
++ breakchar = ':';
++ /* FALLTHROUGH */
++ case 16:
++ inblocksize = 1;
++ outblocksize = 2;
++ prefix = "";
++ format = 'x';
++ break;
++ case 's':
++ inblocksize = 3;
++ outblocksize = 4;
++ prefix = "0s";
++ break;
++ case 64: /* beware, equals ' ' */
++ inblocksize = 3;
++ outblocksize = 4;
++ prefix = "";
++ format = 's';
++ break;
++ default:
++ return 0;
++ break;
++ }
++
++ user_assert(inblocksize < sizeof(inblock));
++ user_assert(outblocksize < sizeof(outblock));
++ user_assert(breakevery % outblocksize == 0);
++
++ if (srclen == 0)
++ return 0;
++ ntodo = srclen;
++
++ if (dstlen == 0) { /* dispose of awkward special case */
++ dst = fake;
++ dstlen = 1;
++ }
++ stop = dst + dstlen - 1;
++
++ nreal = strlen(prefix);
++ needed = nreal; /* for starters */
++ if (dstlen <= nreal) { /* prefix won't fit */
++ strncpy(dst, prefix, dstlen - 1);
++ dst += dstlen - 1;
++ } else {
++ strcpy(dst, prefix);
++ dst += nreal;
++ }
++
++ user_assert(dst <= stop);
++ sincebreak = 0;
++
++ while (ntodo > 0) {
++ if (ntodo < inblocksize) { /* incomplete input */
++ memset(inblock, 0, sizeof(inblock));
++ memcpy(inblock, src, ntodo);
++ src = inblock;
++ nreal = ntodo;
++ ntodo = inblocksize;
++ } else
++ nreal = inblocksize;
++ out = (outblocksize > stop - dst) ? outblock : dst;
++
++ convert(src, nreal, format, out);
++ needed += outblocksize;
++ sincebreak += outblocksize;
++ if (dst < stop) {
++ if (out != dst) {
++ user_assert(outblocksize > stop - dst);
++ memcpy(dst, out, stop - dst);
++ dst = stop;
++ } else
++ dst += outblocksize;
++ }
++
++ src += inblocksize;
++ ntodo -= inblocksize;
++ if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) {
++ if (dst < stop)
++ *dst++ = breakchar;
++ needed++;
++ sincebreak = 0;
++ }
++ }
++
++ user_assert(dst <= stop);
++ *dst++ = '\0';
++ needed++;
++
++ return needed;
++}
++
++/*
++ - convert - convert one input block to one output block
++ */
++static void
++convert(src, nreal, format, out)
++const char *src;
++size_t nreal; /* how much of the input block is real */
++int format;
++char *out;
++{
++ static char hex[] = "0123456789abcdef";
++ static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
++ "abcdefghijklmnopqrstuvwxyz"
++ "0123456789+/";
++ unsigned char c;
++ unsigned char c1, c2, c3;
++
++ user_assert(nreal > 0);
++ switch (format) {
++ case 'x':
++ user_assert(nreal == 1);
++ c = (unsigned char)*src;
++ *out++ = hex[c >> 4];
++ *out++ = hex[c & 0xf];
++ break;
++ case 's':
++ c1 = (unsigned char)*src++;
++ c2 = (unsigned char)*src++;
++ c3 = (unsigned char)*src++;
++ *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */
++ c = (c1 & 0x3) << 4; /* bottom 2 of c1... */
++ c |= c2 >> 4; /* ...top 4 of c2 */
++ *out++ = base64[c];
++ if (nreal == 1)
++ *out++ = '=';
++ else {
++ c = (c2 & 0xf) << 2; /* bottom 4 of c2... */
++ c |= c3 >> 6; /* ...top 2 of c3 */
++ *out++ = base64[c];
++ }
++ if (nreal <= 2)
++ *out++ = '=';
++ else
++ *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */
++ break;
++ default:
++ user_assert(nreal == 0); /* unknown format */
++ break;
++ }
++}
++
++/*
++ - datatoa - convert data to ASCII
++ * backward-compatibility synonym for datatot
++ */
++size_t /* true length (with NUL) for success */
++datatoa(src, srclen, format, dst, dstlen)
++const char *src;
++size_t srclen;
++int format; /* character indicating what format */
++char *dst; /* need not be valid if dstlen is 0 */
++size_t dstlen;
++{
++ return datatot(src, srclen, format, dst, dstlen);
++}
++
++/*
++ - bytestoa - convert data bytes to ASCII
++ * backward-compatibility synonym for datatot
++ */
++size_t /* true length (with NUL) for success */
++bytestoa(src, srclen, format, dst, dstlen)
++const char *src;
++size_t srclen;
++int format; /* character indicating what format */
++char *dst; /* need not be valid if dstlen is 0 */
++size_t dstlen;
++{
++ return datatot(src, srclen, format, dst, dstlen);
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/defconfig Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,148 @@
++
++#
++# RCSID $Id: defconfig,v 1.28.2.1 2006/10/11 18:14:33 paul Exp $
++#
++
++#
++# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
++#
++
++#
++# First, lets override stuff already set or not in the kernel config.
++#
++# We can't even think about leaving this off...
++CONFIG_INET=y
++
++#
++# This must be on for subnet protection.
++CONFIG_IP_FORWARD=y
++
++# Shut off IPSEC masquerading if it has been enabled, since it will
++# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
++# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
++CONFIG_IP_MASQUERADE_IPSEC=n
++
++#
++# Next, lets set the recommended FreeS/WAN configuration.
++#
++
++# To config as static (preferred), 'y'. To config as module, 'm'.
++CONFIG_KLIPS=m
++
++# To do tunnel mode IPSec, this must be enabled.
++CONFIG_KLIPS_IPIP=y
++
++# To enable authentication, say 'y'. (Highly recommended)
++CONFIG_KLIPS_AH=y
++
++# Authentication algorithm(s):
++CONFIG_KLIPS_AUTH_HMAC_MD5=y
++CONFIG_KLIPS_AUTH_HMAC_SHA1=y
++
++# To enable encryption, say 'y'. (Highly recommended)
++CONFIG_KLIPS_ESP=y
++
++# modular algo extensions (and new ALGOs)
++CONFIG_KLIPS_ALG=y
++
++# Encryption algorithm(s):
++CONFIG_KLIPS_ENC_3DES=y
++CONFIG_KLIPS_ENC_AES=y
++# CONFIG_KLIPS_ENC_NULL=y
++
++# Use CryptoAPI for ALG? - by default, no.
++CONFIG_KLIPS_ENC_CRYPTOAPI=n
++
++# IP Compression: new, probably still has minor bugs.
++CONFIG_KLIPS_IPCOMP=y
++
++# To enable userspace-switchable KLIPS debugging, say 'y'.
++CONFIG_KLIPS_DEBUG=y
++
++# NAT Traversal
++CONFIG_IPSEC_NAT_TRAVERSAL=y
++
++#
++#
++# $Log: defconfig,v $
++# Revision 1.28.2.1 2006/10/11 18:14:33 paul
++# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
++# per default.
++#
++# Revision 1.28 2005/05/11 03:15:42 mcr
++# adjusted makefiles to sanely build modules properly.
++#
++# Revision 1.27 2005/03/20 03:00:05 mcr
++# default configuration should enable NAT_TRAVERSAL.
++#
++# Revision 1.26 2004/07/10 19:11:18 mcr
++# CONFIG_IPSEC -> CONFIG_KLIPS.
++#
++# Revision 1.25 2004/07/05 01:03:53 mcr
++# fix for adding cryptoapi code.
++# keep it off for now, since UMLs do not have it yet.
++#
++# Revision 1.24 2004/04/06 02:49:25 mcr
++# pullup of algo code from alg-branch.
++#
++# Revision 1.23.2.2 2004/04/05 04:30:46 mcr
++# patches for alg-branch to compile/work with 2.x openswan
++#
++# Revision 1.23.2.1 2003/12/22 15:25:52 jjo
++# . Merged algo-0.8.1-rc11-test1 into alg-branch
++#
++# Revision 1.23 2003/12/10 01:14:27 mcr
++# NAT-traversal patches to KLIPS.
++#
++# Revision 1.22 2003/02/24 19:37:27 mcr
++# changed default compilation mode to static.
++#
++# Revision 1.21 2002/04/24 07:36:27 mcr
++# Moved from ./klips/net/ipsec/defconfig,v
++#
++# Revision 1.20 2002/04/02 04:07:40 mcr
++# default build is now 'm'odule for KLIPS
++#
++# Revision 1.19 2002/03/08 18:57:17 rgb
++# Added a blank line at the beginning of the file to make it easier for
++# other projects to patch ./arch/i386/defconfig, for example
++# LIDS+grSecurity requested by Jason Pattie.
++#
++# Revision 1.18 2000/11/30 17:26:56 rgb
++# Cleaned out unused options and enabled ipcomp by default.
++#
++# Revision 1.17 2000/09/15 11:37:01 rgb
++# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
++# IPCOMP zlib deflate code.
++#
++# Revision 1.16 2000/09/08 19:12:55 rgb
++# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
++#
++# Revision 1.15 2000/05/24 19:37:13 rgb
++# *** empty log message ***
++#
++# Revision 1.14 2000/05/11 21:14:57 henry
++# just commenting the FOOBAR=y lines out is not enough
++#
++# Revision 1.13 2000/05/10 20:17:58 rgb
++# Comment out netlink defaults, which are no longer needed.
++#
++# Revision 1.12 2000/05/10 19:13:38 rgb
++# Added configure option to shut off no eroute passthrough.
++#
++# Revision 1.11 2000/03/16 07:09:46 rgb
++# Hardcode PF_KEYv2 support.
++# Disable IPSEC_ICMP by default.
++# Remove DES config option from defaults file.
++#
++# Revision 1.10 2000/01/11 03:09:42 rgb
++# Added a default of 'y' to PF_KEYv2 keying I/F.
++#
++# Revision 1.9 1999/05/08 21:23:12 rgb
++# Added support for 2.2.x kernels.
++#
++# Revision 1.8 1999/04/06 04:54:25 rgb
++# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
++# patch shell fixes.
++#
++#
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/deflate.c Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,1351 @@
++/* deflate.c -- compress data using the deflation algorithm
++ * Copyright (C) 1995-2002 Jean-loup Gailly.
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/*
++ * ALGORITHM
++ *
++ * The "deflation" process depends on being able to identify portions
++ * of the input text which are identical to earlier input (within a
++ * sliding window trailing behind the input currently being processed).
++ *
++ * The most straightforward technique turns out to be the fastest for
++ * most input files: try all possible matches and select the longest.
++ * The key feature of this algorithm is that insertions into the string
++ * dictionary are very simple and thus fast, and deletions are avoided
++ * completely. Insertions are performed at each input character, whereas
++ * string matches are performed only when the previous match ends. So it
++ * is preferable to spend more time in matches to allow very fast string
++ * insertions and avoid deletions. The matching algorithm for small
++ * strings is inspired from that of Rabin & Karp. A brute force approach
++ * is used to find longer strings when a small match has been found.
++ * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
++ * (by Leonid Broukhis).
++ * A previous version of this file used a more sophisticated algorithm
++ * (by Fiala and Greene) which is guaranteed to run in linear amortized
++ * time, but has a larger average cost, uses more memory and is patented.
++ * However the F&G algorithm may be faster for some highly redundant
++ * files if the parameter max_chain_length (described below) is too large.
++ *
++ * ACKNOWLEDGEMENTS
++ *
++ * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
++ * I found it in 'freeze' written by Leonid Broukhis.
++ * Thanks to many people for bug reports and testing.
++ *
++ * REFERENCES
++ *
++ * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
++ * Available in ftp://ds.internic.net/rfc/rfc1951.txt
++ *
++ * A description of the Rabin and Karp algorithm is given in the book
++ * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
++ *
++ * Fiala,E.R., and Greene,D.H.
++ * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
++ *
++ */
++
++/* @(#) $Id: deflate.c,v 1.4 2004/07/10 07:48:37 mcr Exp $ */
++
++#include "deflate.h"
++
++local const char deflate_copyright[] =
++ " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly ";
++/*
++ If you use the zlib library in a product, an acknowledgment is welcome
++ in the documentation of your product. If for some reason you cannot
++ include such an acknowledgment, I would appreciate that you keep this
++ copyright string in the executable of your product.
++ */
++
++/* ===========================================================================
++ * Function prototypes.
++ */
++typedef enum {
++ need_more, /* block not completed, need more input or more output */
++ block_done, /* block flush performed */
++ finish_started, /* finish started, need only more output at next deflate */
++ finish_done /* finish done, accept no more input or output */
++} block_state;
++
++typedef block_state (*compress_func) OF((deflate_state *s, int flush));
++/* Compression function. Returns the block state after the call. */
++
++local void fill_window OF((deflate_state *s));
++local block_state deflate_stored OF((deflate_state *s, int flush));
++local block_state deflate_fast OF((deflate_state *s, int flush));
++local block_state deflate_slow OF((deflate_state *s, int flush));
++local void lm_init OF((deflate_state *s));
++local void putShortMSB OF((deflate_state *s, uInt b));
++local void flush_pending OF((z_streamp strm));
++local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size));
++#ifdef ASMV
++ void match_init OF((void)); /* asm code initialization */
++ uInt longest_match OF((deflate_state *s, IPos cur_match));
++#else
++local uInt longest_match OF((deflate_state *s, IPos cur_match));
++#endif
++
++#ifdef DEBUG
++local void check_match OF((deflate_state *s, IPos start, IPos match,
++ int length));
++#endif
++
++/* ===========================================================================
++ * Local data
++ */
++
++#define NIL 0
++/* Tail of hash chains */
++
++#ifndef TOO_FAR
++# define TOO_FAR 4096
++#endif
++/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
++
++#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
++/* Minimum amount of lookahead, except at the end of the input file.
++ * See deflate.c for comments about the MIN_MATCH+1.
++ */
++
++/* Values for max_lazy_match, good_match and max_chain_length, depending on
++ * the desired pack level (0..9). The values given below have been tuned to
++ * exclude worst case performance for pathological files. Better values may be
++ * found for specific files.
++ */
++typedef struct config_s {
++ ush good_length; /* reduce lazy search above this match length */
++ ush max_lazy; /* do not perform lazy search above this match length */
++ ush nice_length; /* quit search above this match length */
++ ush max_chain;
++ compress_func func;
++} config;
++
++local const config configuration_table[10] = {
++/* good lazy nice chain */
++/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */
++/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */
++/* 2 */ {4, 5, 16, 8, deflate_fast},
++/* 3 */ {4, 6, 32, 32, deflate_fast},
++
++/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */
++/* 5 */ {8, 16, 32, 32, deflate_slow},
++/* 6 */ {8, 16, 128, 128, deflate_slow},
++/* 7 */ {8, 32, 128, 256, deflate_slow},
++/* 8 */ {32, 128, 258, 1024, deflate_slow},
++/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */
++
++/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
++ * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
++ * meaning.
++ */
++
++#define EQUAL 0
++/* result of memcmp for equal strings */
++
++struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
++
++/* ===========================================================================
++ * Update a hash value with the given input byte
++ * IN assertion: all calls to to UPDATE_HASH are made with consecutive
++ * input characters, so that a running hash key can be computed from the
++ * previous key instead of complete recalculation each time.
++ */
++#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
++
++
++/* ===========================================================================
++ * Insert string str in the dictionary and set match_head to the previous head
++ * of the hash chain (the most recent string with same hash key). Return
++ * the previous length of the hash chain.
++ * If this file is compiled with -DFASTEST, the compression level is forced
++ * to 1, and no hash chains are maintained.
++ * IN assertion: all calls to to INSERT_STRING are made with consecutive
++ * input characters and the first MIN_MATCH bytes of str are valid
++ * (except for the last MIN_MATCH-1 bytes of the input file).
++ */
++#ifdef FASTEST
++#define INSERT_STRING(s, str, match_head) \
++ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
++ match_head = s->head[s->ins_h], \
++ s->head[s->ins_h] = (Pos)(str))
++#else
++#define INSERT_STRING(s, str, match_head) \
++ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
++ s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
++ s->head[s->ins_h] = (Pos)(str))
++#endif
++
++/* ===========================================================================
++ * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
++ * prev[] will be initialized on the fly.
++ */
++#define CLEAR_HASH(s) \
++ s->head[s->hash_size-1] = NIL; \
++ zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
++
++/* ========================================================================= */
++int ZEXPORT deflateInit_(strm, level, version, stream_size)
++ z_streamp strm;
++ int level;
++ const char *version;
++ int stream_size;
++{
++ return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
++ Z_DEFAULT_STRATEGY, version, stream_size);
++ /* To do: ignore strm->next_in if we use it as window */
++}
++
++/* ========================================================================= */
++int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
++ version, stream_size)
++ z_streamp strm;
++ int level;
++ int method;
++ int windowBits;
++ int memLevel;
++ int strategy;
++ const char *version;
++ int stream_size;
++{
++ deflate_state *s;
++ int noheader = 0;
++ static const char* my_version = ZLIB_VERSION;
++
++ ushf *overlay;
++ /* We overlay pending_buf and d_buf+l_buf. This works since the average
++ * output size for (length,distance) codes is <= 24 bits.
++ */
++
++ if (version == Z_NULL || version[0] != my_version[0] ||
++ stream_size != sizeof(z_stream)) {
++ return Z_VERSION_ERROR;
++ }
++ if (strm == Z_NULL) return Z_STREAM_ERROR;
++
++ strm->msg = Z_NULL;
++ if (strm->zalloc == Z_NULL) {
++ return Z_STREAM_ERROR;
++/* strm->zalloc = zcalloc;
++ strm->opaque = (voidpf)0;*/
++ }
++ if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */
++
++ if (level == Z_DEFAULT_COMPRESSION) level = 6;
++#ifdef FASTEST
++ level = 1;
++#endif
++
++ if (windowBits < 0) { /* undocumented feature: suppress zlib header */
++ noheader = 1;
++ windowBits = -windowBits;
++ }
++ if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
++ windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
++ strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
++ return Z_STREAM_ERROR;
++ }
++ s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
++ if (s == Z_NULL) return Z_MEM_ERROR;
++ strm->state = (struct internal_state FAR *)s;
++ s->strm = strm;
++
++ s->noheader = noheader;
++ s->w_bits = windowBits;
++ s->w_size = 1 << s->w_bits;
++ s->w_mask = s->w_size - 1;
++
++ s->hash_bits = memLevel + 7;
++ s->hash_size = 1 << s->hash_bits;
++ s->hash_mask = s->hash_size - 1;
++ s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
++
++ s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
++ s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
++ s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
++
++ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
++
++ overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
++ s->pending_buf = (uchf *) overlay;
++ s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
++
++ if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
++ s->pending_buf == Z_NULL) {
++ strm->msg = ERR_MSG(Z_MEM_ERROR);
++ deflateEnd (strm);
++ return Z_MEM_ERROR;
++ }
++ s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
++ s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
++
++ s->level = level;
++ s->strategy = strategy;
++ s->method = (Byte)method;
++
++ return deflateReset(strm);
++}
++
++/* ========================================================================= */
++int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength)
++ z_streamp strm;
++ const Bytef *dictionary;
++ uInt dictLength;
++{
++ deflate_state *s;
++ uInt length = dictLength;
++ uInt n;
++ IPos hash_head = 0;
++
++ if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
++ strm->state->status != INIT_STATE) return Z_STREAM_ERROR;
++
++ s = strm->state;
++ strm->adler = adler32(strm->adler, dictionary, dictLength);
++
++ if (length < MIN_MATCH) return Z_OK;
++ if (length > MAX_DIST(s)) {
++ length = MAX_DIST(s);
++#ifndef USE_DICT_HEAD
++ dictionary += dictLength - length; /* use the tail of the dictionary */
++#endif
++ }
++ zmemcpy(s->window, dictionary, length);
++ s->strstart = length;
++ s->block_start = (long)length;
++
++ /* Insert all strings in the hash table (except for the last two bytes).
++ * s->lookahead stays null, so s->ins_h will be recomputed at the next
++ * call of fill_window.
++ */
++ s->ins_h = s->window[0];
++ UPDATE_HASH(s, s->ins_h, s->window[1]);
++ for (n = 0; n <= length - MIN_MATCH; n++) {
++ INSERT_STRING(s, n, hash_head);
++ }
++ if (hash_head) hash_head = 0; /* to make compiler happy */
++ return Z_OK;
++}
++
++/* ========================================================================= */
++int ZEXPORT deflateReset (strm)
++ z_streamp strm;
++{
++ deflate_state *s;
++
++ if (strm == Z_NULL || strm->state == Z_NULL ||
++ strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
++
++ strm->total_in = strm->total_out = 0;
++ strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
++ strm->data_type = Z_UNKNOWN;
++
++ s = (deflate_state *)strm->state;
++ s->pending = 0;
++ s->pending_out = s->pending_buf;
++
++ if (s->noheader < 0) {
++ s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
++ }
++ s->status = s->noheader ? BUSY_STATE : INIT_STATE;
++ strm->adler = 1;
++ s->last_flush = Z_NO_FLUSH;
++
++ _tr_init(s);
++ lm_init(s);
++
++ return Z_OK;
++}
++
++/* ========================================================================= */
++int ZEXPORT deflateParams(strm, level, strategy)
++ z_streamp strm;
++ int level;
++ int strategy;
++{
++ deflate_state *s;
++ compress_func func;
++ int err = Z_OK;
++
++ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
++ s = strm->state;
++
++ if (level == Z_DEFAULT_COMPRESSION) {
++ level = 6;
++ }
++ if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
++ return Z_STREAM_ERROR;
++ }
++ func = configuration_table[s->level].func;
++
++ if (func != configuration_table[level].func && strm->total_in != 0) {
++ /* Flush the last buffer: */
++ err = deflate(strm, Z_PARTIAL_FLUSH);
++ }
++ if (s->level != level) {
++ s->level = level;
++ s->max_lazy_match = configuration_table[level].max_lazy;
++ s->good_match = configuration_table[level].good_length;
++ s->nice_match = configuration_table[level].nice_length;
++ s->max_chain_length = configuration_table[level].max_chain;
++ }
++ s->strategy = strategy;
++ return err;
++}
++
++/* =========================================================================
++ * Put a short in the pending buffer. The 16-bit value is put in MSB order.
++ * IN assertion: the stream state is correct and there is enough room in
++ * pending_buf.
++ */
++local void putShortMSB (s, b)
++ deflate_state *s;
++ uInt b;
++{
++ put_byte(s, (Byte)(b >> 8));
++ put_byte(s, (Byte)(b & 0xff));
++}
++
++/* =========================================================================
++ * Flush as much pending output as possible. All deflate() output goes
++ * through this function so some applications may wish to modify it
++ * to avoid allocating a large strm->next_out buffer and copying into it.
++ * (See also read_buf()).
++ */
++local void flush_pending(strm)
++ z_streamp strm;
++{
++ unsigned len = strm->state->pending;
++
++ if (len > strm->avail_out) len = strm->avail_out;
++ if (len == 0) return;
++
++ zmemcpy(strm->next_out, strm->state->pending_out, len);
++ strm->next_out += len;
++ strm->state->pending_out += len;
++ strm->total_out += len;
++ strm->avail_out -= len;
++ strm->state->pending -= len;
++ if (strm->state->pending == 0) {
++ strm->state->pending_out = strm->state->pending_buf;
++ }
++}
++
++/* ========================================================================= */
++int ZEXPORT deflate (strm, flush)
++ z_streamp strm;
++ int flush;
++{
++ int old_flush; /* value of flush param for previous deflate call */
++ deflate_state *s;
++
++ if (strm == Z_NULL || strm->state == Z_NULL ||
++ flush > Z_FINISH || flush < 0) {
++ return Z_STREAM_ERROR;
++ }
++ s = strm->state;
++
++ if (strm->next_out == Z_NULL ||
++ (strm->next_in == Z_NULL && strm->avail_in != 0) ||
++ (s->status == FINISH_STATE && flush != Z_FINISH)) {
++ ERR_RETURN(strm, Z_STREAM_ERROR);
++ }
++ if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
++
++ s->strm = strm; /* just in case */
++ old_flush = s->last_flush;
++ s->last_flush = flush;
++
++ /* Write the zlib header */
++ if (s->status == INIT_STATE) {
++
++ uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
++ uInt level_flags = (s->level-1) >> 1;
++
++ if (level_flags > 3) level_flags = 3;
++ header |= (level_flags << 6);
++ if (s->strstart != 0) header |= PRESET_DICT;
++ header += 31 - (header % 31);
++
++ s->status = BUSY_STATE;
++ putShortMSB(s, header);
++
++ /* Save the adler32 of the preset dictionary: */
++ if (s->strstart != 0) {
++ putShortMSB(s, (uInt)(strm->adler >> 16));
++ putShortMSB(s, (uInt)(strm->adler & 0xffff));
++ }
++ strm->adler = 1L;
++ }
++
++ /* Flush as much pending output as possible */
++ if (s->pending != 0) {
++ flush_pending(strm);
++ if (strm->avail_out == 0) {
++ /* Since avail_out is 0, deflate will be called again with
++ * more output space, but possibly with both pending and
++ * avail_in equal to zero. There won't be anything to do,
++ * but this is not an error situation so make sure we
++ * return OK instead of BUF_ERROR at next call of deflate:
++ */
++ s->last_flush = -1;
++ return Z_OK;
++ }
++
++ /* Make sure there is something to do and avoid duplicate consecutive
++ * flushes. For repeated and useless calls with Z_FINISH, we keep
++ * returning Z_STREAM_END instead of Z_BUFF_ERROR.
++ */
++ } else if (strm->avail_in == 0 && flush <= old_flush &&
++ flush != Z_FINISH) {
++ ERR_RETURN(strm, Z_BUF_ERROR);
++ }
++
++ /* User must not provide more input after the first FINISH: */
++ if (s->status == FINISH_STATE && strm->avail_in != 0) {
++ ERR_RETURN(strm, Z_BUF_ERROR);
++ }
++
++ /* Start a new block or continue the current one.
++ */
++ if (strm->avail_in != 0 || s->lookahead != 0 ||
++ (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
++ block_state bstate;
++
++ bstate = (*(configuration_table[s->level].func))(s, flush);
++
++ if (bstate == finish_started || bstate == finish_done) {
++ s->status = FINISH_STATE;
++ }
++ if (bstate == need_more || bstate == finish_started) {
++ if (strm->avail_out == 0) {
++ s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
++ }
++ return Z_OK;
++ /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
++ * of deflate should use the same flush parameter to make sure
++ * that the flush is complete. So we don't have to output an
++ * empty block here, this will be done at next call. This also
++ * ensures that for a very small output buffer, we emit at most
++ * one empty block.
++ */
++ }
++ if (bstate == block_done) {
++ if (flush == Z_PARTIAL_FLUSH) {
++ _tr_align(s);
++ } else { /* FULL_FLUSH or SYNC_FLUSH */
++ _tr_stored_block(s, (char*)0, 0L, 0);
++ /* For a full flush, this empty block will be recognized
++ * as a special marker by inflate_sync().
++ */
++ if (flush == Z_FULL_FLUSH) {
++ CLEAR_HASH(s); /* forget history */
++ }
++ }
++ flush_pending(strm);
++ if (strm->avail_out == 0) {
++ s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
++ return Z_OK;
++ }
++ }
++ }
++ Assert(strm->avail_out > 0, "bug2");
++
++ if (flush != Z_FINISH) return Z_OK;
++ if (s->noheader) return Z_STREAM_END;
++
++ /* Write the zlib trailer (adler32) */
++ putShortMSB(s, (uInt)(strm->adler >> 16));
++ putShortMSB(s, (uInt)(strm->adler & 0xffff));
++ flush_pending(strm);
++ /* If avail_out is zero, the application will call deflate again
++ * to flush the rest.
++ */
++ s->noheader = -1; /* write the trailer only once! */
++ return s->pending != 0 ? Z_OK : Z_STREAM_END;
++}
++
++/* ========================================================================= */
++int ZEXPORT deflateEnd (strm)
++ z_streamp strm;
++{
++ int status;
++
++ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
++
++ status = strm->state->status;
++ if (status != INIT_STATE && status != BUSY_STATE &&
++ status != FINISH_STATE) {
++ return Z_STREAM_ERROR;
++ }
++
++ /* Deallocate in reverse order of allocations: */
++ TRY_FREE(strm, strm->state->pending_buf);
++ TRY_FREE(strm, strm->state->head);
++ TRY_FREE(strm, strm->state->prev);
++ TRY_FREE(strm, strm->state->window);
++
++ ZFREE(strm, strm->state);
++ strm->state = Z_NULL;
++
++ return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
++}
++
++/* =========================================================================
++ * Copy the source state to the destination state.
++ * To simplify the source, this is not supported for 16-bit MSDOS (which
++ * doesn't have enough memory anyway to duplicate compression states).
++ */
++int ZEXPORT deflateCopy (dest, source)
++ z_streamp dest;
++ z_streamp source;
++{
++#ifdef MAXSEG_64K
++ return Z_STREAM_ERROR;
++#else
++ deflate_state *ds;
++ deflate_state *ss;
++ ushf *overlay;
++
++
++ if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
++ return Z_STREAM_ERROR;
++ }
++
++ ss = source->state;
++
++ *dest = *source;
++
++ ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
++ if (ds == Z_NULL) return Z_MEM_ERROR;
++ dest->state = (struct internal_state FAR *) ds;
++ *ds = *ss;
++ ds->strm = dest;
++
++ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
++ ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
++ ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
++ overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
++ ds->pending_buf = (uchf *) overlay;
++
++ if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
++ ds->pending_buf == Z_NULL) {
++ deflateEnd (dest);
++ return Z_MEM_ERROR;
++ }
++ /* following zmemcpy do not work for 16-bit MSDOS */
++ zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
++ zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos));
++ zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos));
++ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
++
++ ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
++ ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
++ ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
++
++ ds->l_desc.dyn_tree = ds->dyn_ltree;
++ ds->d_desc.dyn_tree = ds->dyn_dtree;
++ ds->bl_desc.dyn_tree = ds->bl_tree;
++
++ return Z_OK;
++#endif
++}
++
++/* ===========================================================================
++ * Read a new buffer from the current input stream, update the adler32
++ * and total number of bytes read. All deflate() input goes through
++ * this function so some applications may wish to modify it to avoid
++ * allocating a large strm->next_in buffer and copying from it.
++ * (See also flush_pending()).
++ */
++local int read_buf(strm, buf, size)
++ z_streamp strm;
++ Bytef *buf;
++ unsigned size;
++{
++ unsigned len = strm->avail_in;
++
++ if (len > size) len = size;
++ if (len == 0) return 0;
++
++ strm->avail_in -= len;
++
++ if (!strm->state->noheader) {
++ strm->adler = adler32(strm->adler, strm->next_in, len);
++ }
++ zmemcpy(buf, strm->next_in, len);
++ strm->next_in += len;
++ strm->total_in += len;
++
++ return (int)len;
++}
++
++/* ===========================================================================
++ * Initialize the "longest match" routines for a new zlib stream
++ */
++local void lm_init (s)
++ deflate_state *s;
++{
++ s->window_size = (ulg)2L*s->w_size;
++
++ CLEAR_HASH(s);
++
++ /* Set the default configuration parameters:
++ */
++ s->max_lazy_match = configuration_table[s->level].max_lazy;
++ s->good_match = configuration_table[s->level].good_length;
++ s->nice_match = configuration_table[s->level].nice_length;
++ s->max_chain_length = configuration_table[s->level].max_chain;
++
++ s->strstart = 0;
++ s->block_start = 0L;
++ s->lookahead = 0;
++ s->match_length = s->prev_length = MIN_MATCH-1;
++ s->match_available = 0;
++ s->ins_h = 0;
++#ifdef ASMV
++ match_init(); /* initialize the asm code */
++#endif
++}
++
++/* ===========================================================================
++ * Set match_start to the longest match starting at the given string and
++ * return its length. Matches shorter or equal to prev_length are discarded,
++ * in which case the result is equal to prev_length and match_start is
++ * garbage.
++ * IN assertions: cur_match is the head of the hash chain for the current
++ * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
++ * OUT assertion: the match length is not greater than s->lookahead.
++ */
++#ifndef ASMV
++/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
++ * match.S. The code will be functionally equivalent.
++ */
++#ifndef FASTEST
++local uInt longest_match(s, cur_match)
++ deflate_state *s;
++ IPos cur_match; /* current match */
++{
++ unsigned chain_length = s->max_chain_length;/* max hash chain length */
++ register Bytef *scan = s->window + s->strstart; /* current string */
++ register Bytef *match; /* matched string */
++ register int len; /* length of current match */
++ int best_len = s->prev_length; /* best match length so far */
++ int nice_match = s->nice_match; /* stop if match long enough */
++ IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
++ s->strstart - (IPos)MAX_DIST(s) : NIL;
++ /* Stop when cur_match becomes <= limit. To simplify the code,
++ * we prevent matches with the string of window index 0.
++ */
++ Posf *prev = s->prev;
++ uInt wmask = s->w_mask;
++
++#ifdef UNALIGNED_OK
++ /* Compare two bytes at a time. Note: this is not always beneficial.
++ * Try with and without -DUNALIGNED_OK to check.
++ */
++ register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
++ register ush scan_start = *(ushf*)scan;
++ register ush scan_end = *(ushf*)(scan+best_len-1);
++#else
++ register Bytef *strend = s->window + s->strstart + MAX_MATCH;
++ register Byte scan_end1 = scan[best_len-1];
++ register Byte scan_end = scan[best_len];
++#endif
++
++ /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
++ * It is easy to get rid of this optimization if necessary.
++ */
++ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
++
++ /* Do not waste too much time if we already have a good match: */
++ if (s->prev_length >= s->good_match) {
++ chain_length >>= 2;
++ }
++ /* Do not look for matches beyond the end of the input. This is necessary
++ * to make deflate deterministic.
++ */
++ if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
++
++ Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
++
++ do {
++ Assert(cur_match < s->strstart, "no future");
++ match = s->window + cur_match;
++
++ /* Skip to next match if the match length cannot increase
++ * or if the match length is less than 2:
++ */
++#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
++ /* This code assumes sizeof(unsigned short) == 2. Do not use
++ * UNALIGNED_OK if your compiler uses a different size.
++ */
++ if (*(ushf*)(match+best_len-1) != scan_end ||
++ *(ushf*)match != scan_start) continue;
++
++ /* It is not necessary to compare scan[2] and match[2] since they are
++ * always equal when the other bytes match, given that the hash keys
++ * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
++ * strstart+3, +5, ... up to strstart+257. We check for insufficient
++ * lookahead only every 4th comparison; the 128th check will be made
++ * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
++ * necessary to put more guard bytes at the end of the window, or
++ * to check more often for insufficient lookahead.
++ */
++ Assert(scan[2] == match[2], "scan[2]?");
++ scan++, match++;
++ do {
++ } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
++ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
++ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
++ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
++ scan < strend);
++ /* The funny "do {}" generates better code on most compilers */
++
++ /* Here, scan <= window+strstart+257 */
++ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
++ if (*scan == *match) scan++;
++
++ len = (MAX_MATCH - 1) - (int)(strend-scan);
++ scan = strend - (MAX_MATCH-1);
++
++#else /* UNALIGNED_OK */
++
++ if (match[best_len] != scan_end ||
++ match[best_len-1] != scan_end1 ||
++ *match != *scan ||
++ *++match != scan[1]) continue;
++
++ /* The check at best_len-1 can be removed because it will be made
++ * again later. (This heuristic is not always a win.)
++ * It is not necessary to compare scan[2] and match[2] since they
++ * are always equal when the other bytes match, given that
++ * the hash keys are equal and that HASH_BITS >= 8.
++ */
++ scan += 2, match++;
++ Assert(*scan == *match, "match[2]?");
++
++ /* We check for insufficient lookahead only every 8th comparison;
++ * the 256th check will be made at strstart+258.
++ */
++ do {
++ } while (*++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ scan < strend);
++
++ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
++
++ len = MAX_MATCH - (int)(strend - scan);
++ scan = strend - MAX_MATCH;
++
++#endif /* UNALIGNED_OK */
++
++ if (len > best_len) {
++ s->match_start = cur_match;
++ best_len = len;
++ if (len >= nice_match) break;
++#ifdef UNALIGNED_OK
++ scan_end = *(ushf*)(scan+best_len-1);
++#else
++ scan_end1 = scan[best_len-1];
++ scan_end = scan[best_len];
++#endif
++ }
++ } while ((cur_match = prev[cur_match & wmask]) > limit
++ && --chain_length != 0);
++
++ if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
++ return s->lookahead;
++}
++
++#else /* FASTEST */
++/* ---------------------------------------------------------------------------
++ * Optimized version for level == 1 only
++ */
++local uInt longest_match(s, cur_match)
++ deflate_state *s;
++ IPos cur_match; /* current match */
++{
++ register Bytef *scan = s->window + s->strstart; /* current string */
++ register Bytef *match; /* matched string */
++ register int len; /* length of current match */
++ register Bytef *strend = s->window + s->strstart + MAX_MATCH;
++
++ /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
++ * It is easy to get rid of this optimization if necessary.
++ */
++ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
++
++ Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
++
++ Assert(cur_match < s->strstart, "no future");
++
++ match = s->window + cur_match;
++
++ /* Return failure if the match length is less than 2:
++ */
++ if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
++
++ /* The check at best_len-1 can be removed because it will be made
++ * again later. (This heuristic is not always a win.)
++ * It is not necessary to compare scan[2] and match[2] since they
++ * are always equal when the other bytes match, given that
++ * the hash keys are equal and that HASH_BITS >= 8.
++ */
++ scan += 2, match += 2;
++ Assert(*scan == *match, "match[2]?");
++
++ /* We check for insufficient lookahead only every 8th comparison;
++ * the 256th check will be made at strstart+258.
++ */
++ do {
++ } while (*++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ *++scan == *++match && *++scan == *++match &&
++ scan < strend);
++
++ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
++
++ len = MAX_MATCH - (int)(strend - scan);
++
++ if (len < MIN_MATCH) return MIN_MATCH - 1;
++
++ s->match_start = cur_match;
++ return len <= s->lookahead ? len : s->lookahead;
++}
++#endif /* FASTEST */
++#endif /* ASMV */
++
++#ifdef DEBUG
++/* ===========================================================================
++ * Check that the match at match_start is indeed a match.
++ */
++local void check_match(s, start, match, length)
++ deflate_state *s;
++ IPos start, match;
++ int length;
++{
++ /* check that the match is indeed a match */
++ if (zmemcmp(s->window + match,
++ s->window + start, length) != EQUAL) {
++ fprintf(stderr, " start %u, match %u, length %d\n",
++ start, match, length);
++ do {
++ fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
++ } while (--length != 0);
++ z_error("invalid match");
++ }
++ if (z_verbose > 1) {
++ fprintf(stderr,"\\[%d,%d]", start-match, length);
++ do { putc(s->window[start++], stderr); } while (--length != 0);
++ }
++}
++#else
++# define check_match(s, start, match, length)
++#endif
++
++/* ===========================================================================
++ * Fill the window when the lookahead becomes insufficient.
++ * Updates strstart and lookahead.
++ *
++ * IN assertion: lookahead < MIN_LOOKAHEAD
++ * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
++ * At least one byte has been read, or avail_in == 0; reads are
++ * performed for at least two bytes (required for the zip translate_eol
++ * option -- not supported here).
++ */
++local void fill_window(s)
++ deflate_state *s;
++{
++ register unsigned n, m;
++ register Posf *p;
++ unsigned more; /* Amount of free space at the end of the window. */
++ uInt wsize = s->w_size;
++
++ do {
++ more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
++
++ /* Deal with !@#$% 64K limit: */
++ if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
++ more = wsize;
++
++ } else if (more == (unsigned)(-1)) {
++ /* Very unlikely, but possible on 16 bit machine if strstart == 0
++ * and lookahead == 1 (input done one byte at time)
++ */
++ more--;
++
++ /* If the window is almost full and there is insufficient lookahead,
++ * move the upper half to the lower one to make room in the upper half.
++ */
++ } else if (s->strstart >= wsize+MAX_DIST(s)) {
++
++ zmemcpy(s->window, s->window+wsize, (unsigned)wsize);
++ s->match_start -= wsize;
++ s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
++ s->block_start -= (long) wsize;
++
++ /* Slide the hash table (could be avoided with 32 bit values
++ at the expense of memory usage). We slide even when level == 0
++ to keep the hash table consistent if we switch back to level > 0
++ later. (Using level 0 permanently is not an optimal usage of
++ zlib, so we don't care about this pathological case.)
++ */
++ n = s->hash_size;
++ p = &s->head[n];
++ do {
++ m = *--p;
++ *p = (Pos)(m >= wsize ? m-wsize : NIL);
++ } while (--n);
++
++ n = wsize;
++#ifndef FASTEST
++ p = &s->prev[n];
++ do {
++ m = *--p;
++ *p = (Pos)(m >= wsize ? m-wsize : NIL);
++ /* If n is not on any hash chain, prev[n] is garbage but
++ * its value will never be used.
++ */
++ } while (--n);
++#endif
++ more += wsize;
++ }
++ if (s->strm->avail_in == 0) return;
++
++ /* If there was no sliding:
++ * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
++ * more == window_size - lookahead - strstart
++ * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
++ * => more >= window_size - 2*WSIZE + 2
++ * In the BIG_MEM or MMAP case (not yet supported),
++ * window_size == input_size + MIN_LOOKAHEAD &&
++ * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
++ * Otherwise, window_size == 2*WSIZE so more >= 2.
++ * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
++ */
++ Assert(more >= 2, "more < 2");
++
++ n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
++ s->lookahead += n;
++
++ /* Initialize the hash value now that we have some input: */
++ if (s->lookahead >= MIN_MATCH) {
++ s->ins_h = s->window[s->strstart];
++ UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
++#if MIN_MATCH != 3
++ Call UPDATE_HASH() MIN_MATCH-3 more times
++#endif
++ }
++ /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
++ * but this is not important since only literal bytes will be emitted.
++ */
++
++ } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
++}
++
++/* ===========================================================================
++ * Flush the current block, with given end-of-file flag.
++ * IN assertion: strstart is set to the end of the current match.
++ */
++#define FLUSH_BLOCK_ONLY(s, eof) { \
++ _tr_flush_block(s, (s->block_start >= 0L ? \
++ (charf *)&s->window[(unsigned)s->block_start] : \
++ (charf *)Z_NULL), \
++ (ulg)((long)s->strstart - s->block_start), \
++ (eof)); \
++ s->block_start = s->strstart; \
++ flush_pending(s->strm); \
++ Tracev((stderr,"[FLUSH]")); \
++}
++
++/* Same but force premature exit if necessary. */
++#define FLUSH_BLOCK(s, eof) { \
++ FLUSH_BLOCK_ONLY(s, eof); \
++ if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \
++}
++
++/* ===========================================================================
++ * Copy without compression as much as possible from the input stream, return
++ * the current block state.
++ * This function does not insert new strings in the dictionary since
++ * uncompressible data is probably not useful. This function is used
++ * only for the level=0 compression option.
++ * NOTE: this function should be optimized to avoid extra copying from
++ * window to pending_buf.
++ */
++local block_state deflate_stored(s, flush)
++ deflate_state *s;
++ int flush;
++{
++ /* Stored blocks are limited to 0xffff bytes, pending_buf is limited
++ * to pending_buf_size, and each stored block has a 5 byte header:
++ */
++ ulg max_block_size = 0xffff;
++ ulg max_start;
++
++ if (max_block_size > s->pending_buf_size - 5) {
++ max_block_size = s->pending_buf_size - 5;
++ }
++
++ /* Copy as much as possible from input to output: */
++ for (;;) {
++ /* Fill the window as much as possible: */
++ if (s->lookahead <= 1) {
++
++ Assert(s->strstart < s->w_size+MAX_DIST(s) ||
++ s->block_start >= (long)s->w_size, "slide too late");
++
++ fill_window(s);
++ if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
++
++ if (s->lookahead == 0) break; /* flush the current block */
++ }
++ Assert(s->block_start >= 0L, "block gone");
++
++ s->strstart += s->lookahead;
++ s->lookahead = 0;
++
++ /* Emit a stored block if pending_buf will be full: */
++ max_start = s->block_start + max_block_size;
++ if (s->strstart == 0 || (ulg)s->strstart >= max_start) {
++ /* strstart == 0 is possible when wraparound on 16-bit machine */
++ s->lookahead = (uInt)(s->strstart - max_start);
++ s->strstart = (uInt)max_start;
++ FLUSH_BLOCK(s, 0);
++ }
++ /* Flush if we may have to slide, otherwise block_start may become
++ * negative and the data will be gone:
++ */
++ if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
++ FLUSH_BLOCK(s, 0);
++ }
++ }
++ FLUSH_BLOCK(s, flush == Z_FINISH);
++ return flush == Z_FINISH ? finish_done : block_done;
++}
++
++/* ===========================================================================
++ * Compress as much as possible from the input stream, return the current
++ * block state.
++ * This function does not perform lazy evaluation of matches and inserts
++ * new strings in the dictionary only for unmatched strings or for short
++ * matches. It is used only for the fast compression options.
++ */
++local block_state deflate_fast(s, flush)
++ deflate_state *s;
++ int flush;
++{
++ IPos hash_head = NIL; /* head of the hash chain */
++ int bflush; /* set if current block must be flushed */
++
++ for (;;) {
++ /* Make sure that we always have enough lookahead, except
++ * at the end of the input file. We need MAX_MATCH bytes
++ * for the next match, plus MIN_MATCH bytes to insert the
++ * string following the next match.
++ */
++ if (s->lookahead < MIN_LOOKAHEAD) {
++ fill_window(s);
++ if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
++ return need_more;
++ }
++ if (s->lookahead == 0) break; /* flush the current block */
++ }
++
++ /* Insert the string window[strstart .. strstart+2] in the
++ * dictionary, and set hash_head to the head of the hash chain:
++ */
++ if (s->lookahead >= MIN_MATCH) {
++ INSERT_STRING(s, s->strstart, hash_head);
++ }
++
++ /* Find the longest match, discarding those <= prev_length.
++ * At this point we have always match_length < MIN_MATCH
++ */
++ if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
++ /* To simplify the code, we prevent matches with the string
++ * of window index 0 (in particular we have to avoid a match
++ * of the string with itself at the start of the input file).
++ */
++ if (s->strategy != Z_HUFFMAN_ONLY) {
++ s->match_length = longest_match (s, hash_head);
++ }
++ /* longest_match() sets match_start */
++ }
++ if (s->match_length >= MIN_MATCH) {
++ check_match(s, s->strstart, s->match_start, s->match_length);
++
++ _tr_tally_dist(s, s->strstart - s->match_start,
++ s->match_length - MIN_MATCH, bflush);
++
++ s->lookahead -= s->match_length;
++
++ /* Insert new strings in the hash table only if the match length
++ * is not too large. This saves time but degrades compression.
++ */
++#ifndef FASTEST
++ if (s->match_length <= s->max_insert_length &&
++ s->lookahead >= MIN_MATCH) {
++ s->match_length--; /* string at strstart already in hash table */
++ do {
++ s->strstart++;
++ INSERT_STRING(s, s->strstart, hash_head);
++ /* strstart never exceeds WSIZE-MAX_MATCH, so there are
++ * always MIN_MATCH bytes ahead.
++ */
++ } while (--s->match_length != 0);
++ s->strstart++;
++ } else
++#endif
++ {
++ s->strstart += s->match_length;
++ s->match_length = 0;
++ s->ins_h = s->window[s->strstart];
++ UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
++#if MIN_MATCH != 3
++ Call UPDATE_HASH() MIN_MATCH-3 more times
++#endif
++ /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
++ * matter since it will be recomputed at next deflate call.
++ */
++ }
++ } else {
++ /* No match, output a literal byte */
++ Tracevv((stderr,"%c", s->window[s->strstart]));
++ _tr_tally_lit (s, s->window[s->strstart], bflush);
++ s->lookahead--;
++ s->strstart++;
++ }
++ if (bflush) FLUSH_BLOCK(s, 0);
++ }
++ FLUSH_BLOCK(s, flush == Z_FINISH);
++ return flush == Z_FINISH ? finish_done : block_done;
++}
++
++/* ===========================================================================
++ * Same as above, but achieves better compression. We use a lazy
++ * evaluation for matches: a match is finally adopted only if there is
++ * no better match at the next window position.
++ */
++local block_state deflate_slow(s, flush)
++ deflate_state *s;
++ int flush;
++{
++ IPos hash_head = NIL; /* head of hash chain */
++ int bflush; /* set if current block must be flushed */
++
++ /* Process the input block. */
++ for (;;) {
++ /* Make sure that we always have enough lookahead, except
++ * at the end of the input file. We need MAX_MATCH bytes
++ * for the next match, plus MIN_MATCH bytes to insert the
++ * string following the next match.
++ */
++ if (s->lookahead < MIN_LOOKAHEAD) {
++ fill_window(s);
++ if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
++ return need_more;
++ }
++ if (s->lookahead == 0) break; /* flush the current block */
++ }
++
++ /* Insert the string window[strstart .. strstart+2] in the
++ * dictionary, and set hash_head to the head of the hash chain:
++ */
++ if (s->lookahead >= MIN_MATCH) {
++ INSERT_STRING(s, s->strstart, hash_head);
++ }
++
++ /* Find the longest match, discarding those <= prev_length.
++ */
++ s->prev_length = s->match_length, s->prev_match = s->match_start;
++ s->match_length = MIN_MATCH-1;
++
++ if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
++ s->strstart - hash_head <= MAX_DIST(s)) {
++ /* To simplify the code, we prevent matches with the string
++ * of window index 0 (in particular we have to avoid a match
++ * of the string with itself at the start of the input file).
++ */
++ if (s->strategy != Z_HUFFMAN_ONLY) {
++ s->match_length = longest_match (s, hash_head);
++ }
++ /* longest_match() sets match_start */
++
++ if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
++ (s->match_length == MIN_MATCH &&
++ s->strstart - s->match_start > TOO_FAR))) {
++
++ /* If prev_match is also MIN_MATCH, match_start is garbage
++ * but we will ignore the current match anyway.
++ */
++ s->match_length = MIN_MATCH-1;
++ }
++ }
++ /* If there was a match at the previous step and the current
++ * match is not better, output the previous match:
++ */
++ if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
++ uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
++ /* Do not insert strings in hash table beyond this. */
++
++ check_match(s, s->strstart-1, s->prev_match, s->prev_length);
++
++ _tr_tally_dist(s, s->strstart -1 - s->prev_match,
++ s->prev_length - MIN_MATCH, bflush);
++
++ /* Insert in hash table all strings up to the end of the match.
++ * strstart-1 and strstart are already inserted. If there is not
++ * enough lookahead, the last two strings are not inserted in
++ * the hash table.
++ */
++ s->lookahead -= s->prev_length-1;
++ s->prev_length -= 2;
++ do {
++ if (++s->strstart <= max_insert) {
++ INSERT_STRING(s, s->strstart, hash_head);
++ }
++ } while (--s->prev_length != 0);
++ s->match_available = 0;
++ s->match_length = MIN_MATCH-1;
++ s->strstart++;
++
++ if (bflush) FLUSH_BLOCK(s, 0);
++
++ } else if (s->match_available) {
++ /* If there was no match at the previous position, output a
++ * single literal. If there was a match but the current match
++ * is longer, truncate the previous match to a single literal.
++ */
++ Tracevv((stderr,"%c", s->window[s->strstart-1]));
++ _tr_tally_lit(s, s->window[s->strstart-1], bflush);
++ if (bflush) {
++ FLUSH_BLOCK_ONLY(s, 0);
++ }
++ s->strstart++;
++ s->lookahead--;
++ if (s->strm->avail_out == 0) return need_more;
++ } else {
++ /* There is no previous match to compare with, wait for
++ * the next step to decide.
++ */
++ s->match_available = 1;
++ s->strstart++;
++ s->lookahead--;
++ }
++ }
++ Assert (flush != Z_NO_FLUSH, "no flush?");
++ if (s->match_available) {
++ Tracevv((stderr,"%c", s->window[s->strstart-1]));
++ _tr_tally_lit(s, s->window[s->strstart-1], bflush);
++ s->match_available = 0;
++ }
++ FLUSH_BLOCK(s, flush == Z_FINISH);
++ return flush == Z_FINISH ? finish_done : block_done;
++}
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/deflate.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,318 @@
++/* deflate.h -- internal compression state
++ * Copyright (C) 1995-2002 Jean-loup Gailly
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/* WARNING: this file should *not* be used by applications. It is
++ part of the implementation of the compression library and is
++ subject to change. Applications should only use zlib.h.
++ */
++
++/* @(#) $Id: deflate.h,v 1.5 2004/07/10 07:48:38 mcr Exp $ */
++
++#ifndef _DEFLATE_H
++#define _DEFLATE_H
++
++#include "zlib/zutil.h"
++
++/* ===========================================================================
++ * Internal compression state.
++ */
++
++#define LENGTH_CODES 29
++/* number of length codes, not counting the special END_BLOCK code */
++
++#define LITERALS 256
++/* number of literal bytes 0..255 */
++
++#define L_CODES (LITERALS+1+LENGTH_CODES)
++/* number of Literal or Length codes, including the END_BLOCK code */
++
++#define D_CODES 30
++/* number of distance codes */
++
++#define BL_CODES 19
++/* number of codes used to transfer the bit lengths */
++
++#define HEAP_SIZE (2*L_CODES+1)
++/* maximum heap size */
++
++#define MAX_BITS 15
++/* All codes must not exceed MAX_BITS bits */
++
++#define INIT_STATE 42
++#define BUSY_STATE 113
++#define FINISH_STATE 666
++/* Stream status */
++
++
++/* Data structure describing a single value and its code string. */
++typedef struct ct_data_s {
++ union {
++ ush freq; /* frequency count */
++ ush code; /* bit string */
++ } fc;
++ union {
++ ush dad; /* father node in Huffman tree */
++ ush len; /* length of bit string */
++ } dl;
++} FAR ct_data;
++
++#define Freq fc.freq
++#define Code fc.code
++#define Dad dl.dad
++#define Len dl.len
++
++typedef struct static_tree_desc_s static_tree_desc;
++
++typedef struct tree_desc_s {
++ ct_data *dyn_tree; /* the dynamic tree */
++ int max_code; /* largest code with non zero frequency */
++ static_tree_desc *stat_desc; /* the corresponding static tree */
++} FAR tree_desc;
++
++typedef ush Pos;
++typedef Pos FAR Posf;
++typedef unsigned IPos;
++
++/* A Pos is an index in the character window. We use short instead of int to
++ * save space in the various tables. IPos is used only for parameter passing.
++ */
++
++typedef struct internal_state {
++ z_streamp strm; /* pointer back to this zlib stream */
++ int status; /* as the name implies */
++ Bytef *pending_buf; /* output still pending */
++ ulg pending_buf_size; /* size of pending_buf */
++ Bytef *pending_out; /* next pending byte to output to the stream */
++ int pending; /* nb of bytes in the pending buffer */
++ int noheader; /* suppress zlib header and adler32 */
++ Byte data_type; /* UNKNOWN, BINARY or ASCII */
++ Byte method; /* STORED (for zip only) or DEFLATED */
++ int last_flush; /* value of flush param for previous deflate call */
++
++ /* used by deflate.c: */
++
++ uInt w_size; /* LZ77 window size (32K by default) */
++ uInt w_bits; /* log2(w_size) (8..16) */
++ uInt w_mask; /* w_size - 1 */
++
++ Bytef *window;
++ /* Sliding window. Input bytes are read into the second half of the window,
++ * and move to the first half later to keep a dictionary of at least wSize
++ * bytes. With this organization, matches are limited to a distance of
++ * wSize-MAX_MATCH bytes, but this ensures that IO is always
++ * performed with a length multiple of the block size. Also, it limits
++ * the window size to 64K, which is quite useful on MSDOS.
++ * To do: use the user input buffer as sliding window.
++ */
++
++ ulg window_size;
++ /* Actual size of window: 2*wSize, except when the user input buffer
++ * is directly used as sliding window.
++ */
++
++ Posf *prev;
++ /* Link to older string with same hash index. To limit the size of this
++ * array to 64K, this link is maintained only for the last 32K strings.
++ * An index in this array is thus a window index modulo 32K.
++ */
++
++ Posf *head; /* Heads of the hash chains or NIL. */
++
++ uInt ins_h; /* hash index of string to be inserted */
++ uInt hash_size; /* number of elements in hash table */
++ uInt hash_bits; /* log2(hash_size) */
++ uInt hash_mask; /* hash_size-1 */
++
++ uInt hash_shift;
++ /* Number of bits by which ins_h must be shifted at each input
++ * step. It must be such that after MIN_MATCH steps, the oldest
++ * byte no longer takes part in the hash key, that is:
++ * hash_shift * MIN_MATCH >= hash_bits
++ */
++
++ long block_start;
++ /* Window position at the beginning of the current output block. Gets
++ * negative when the window is moved backwards.
++ */
++
++ uInt match_length; /* length of best match */
++ IPos prev_match; /* previous match */
++ int match_available; /* set if previous match exists */
++ uInt strstart; /* start of string to insert */
++ uInt match_start; /* start of matching string */
++ uInt lookahead; /* number of valid bytes ahead in window */
++
++ uInt prev_length;
++ /* Length of the best match at previous step. Matches not greater than this
++ * are discarded. This is used in the lazy match evaluation.
++ */
++
++ uInt max_chain_length;
++ /* To speed up deflation, hash chains are never searched beyond this
++ * length. A higher limit improves compression ratio but degrades the
++ * speed.
++ */
++
++ uInt max_lazy_match;
++ /* Attempt to find a better match only when the current match is strictly
++ * smaller than this value. This mechanism is used only for compression
++ * levels >= 4.
++ */
++# define max_insert_length max_lazy_match
++ /* Insert new strings in the hash table only if the match length is not
++ * greater than this length. This saves time but degrades compression.
++ * max_insert_length is used only for compression levels <= 3.
++ */
++
++ int level; /* compression level (1..9) */
++ int strategy; /* favor or force Huffman coding*/
++
++ uInt good_match;
++ /* Use a faster search when the previous match is longer than this */
++
++ int nice_match; /* Stop searching when current match exceeds this */
++
++ /* used by trees.c: */
++ /* Didn't use ct_data typedef below to supress compiler warning */
++ struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
++ struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
++ struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
++
++ struct tree_desc_s l_desc; /* desc. for literal tree */
++ struct tree_desc_s d_desc; /* desc. for distance tree */
++ struct tree_desc_s bl_desc; /* desc. for bit length tree */
++
++ ush bl_count[MAX_BITS+1];
++ /* number of codes at each bit length for an optimal tree */
++
++ int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
++ int heap_len; /* number of elements in the heap */
++ int heap_max; /* element of largest frequency */
++ /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
++ * The same heap array is used to build all trees.
++ */
++
++ uch depth[2*L_CODES+1];
++ /* Depth of each subtree used as tie breaker for trees of equal frequency
++ */
++
++ uchf *l_buf; /* buffer for literals or lengths */
++
++ uInt lit_bufsize;
++ /* Size of match buffer for literals/lengths. There are 4 reasons for
++ * limiting lit_bufsize to 64K:
++ * - frequencies can be kept in 16 bit counters
++ * - if compression is not successful for the first block, all input
++ * data is still in the window so we can still emit a stored block even
++ * when input comes from standard input. (This can also be done for
++ * all blocks if lit_bufsize is not greater than 32K.)
++ * - if compression is not successful for a file smaller than 64K, we can
++ * even emit a stored file instead of a stored block (saving 5 bytes).
++ * This is applicable only for zip (not gzip or zlib).
++ * - creating new Huffman trees less frequently may not provide fast
++ * adaptation to changes in the input data statistics. (Take for
++ * example a binary file with poorly compressible code followed by
++ * a highly compressible string table.) Smaller buffer sizes give
++ * fast adaptation but have of course the overhead of transmitting
++ * trees more frequently.
++ * - I can't count above 4
++ */
++
++ uInt last_lit; /* running index in l_buf */
++
++ ushf *d_buf;
++ /* Buffer for distances. To simplify the code, d_buf and l_buf have
++ * the same number of elements. To use different lengths, an extra flag
++ * array would be necessary.
++ */
++
++ ulg opt_len; /* bit length of current block with optimal trees */
++ ulg static_len; /* bit length of current block with static trees */
++ uInt matches; /* number of string matches in current block */
++ int last_eob_len; /* bit length of EOB code for last block */
++
++#ifdef DEBUG
++ ulg compressed_len; /* total bit length of compressed file mod 2^32 */
++ ulg bits_sent; /* bit length of compressed data sent mod 2^32 */
++#endif
++
++ ush bi_buf;
++ /* Output buffer. bits are inserted starting at the bottom (least
++ * significant bits).
++ */
++ int bi_valid;
++ /* Number of valid bits in bi_buf. All bits above the last valid bit
++ * are always zero.
++ */
++
++} FAR deflate_state;
++
++/* Output a byte on the stream.
++ * IN assertion: there is enough room in pending_buf.
++ */
++#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
++
++
++#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
++/* Minimum amount of lookahead, except at the end of the input file.
++ * See deflate.c for comments about the MIN_MATCH+1.
++ */
++
++#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
++/* In order to simplify the code, particularly on 16 bit machines, match
++ * distances are limited to MAX_DIST instead of WSIZE.
++ */
++
++ /* in trees.c */
++void _tr_init OF((deflate_state *s));
++int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
++void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
++ int eof));
++void _tr_align OF((deflate_state *s));
++void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
++ int eof));
++
++#define d_code(dist) \
++ ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
++/* Mapping from a distance to a distance code. dist is the distance - 1 and
++ * must not have side effects. _dist_code[256] and _dist_code[257] are never
++ * used.
++ */
++
++#ifndef DEBUG
++/* Inline versions of _tr_tally for speed: */
++
++#if defined(GEN_TREES_H) || !defined(STDC)
++ extern uch _length_code[];
++ extern uch _dist_code[];
++#else
++ extern const uch _length_code[];
++ extern const uch _dist_code[];
++#endif
++
++# define _tr_tally_lit(s, c, flush) \
++ { uch cc = (c); \
++ s->d_buf[s->last_lit] = 0; \
++ s->l_buf[s->last_lit++] = cc; \
++ s->dyn_ltree[cc].Freq++; \
++ flush = (s->last_lit == s->lit_bufsize-1); \
++ }
++# define _tr_tally_dist(s, distance, length, flush) \
++ { uch len = (length); \
++ ush dist = (distance); \
++ s->d_buf[s->last_lit] = dist; \
++ s->l_buf[s->last_lit++] = len; \
++ dist--; \
++ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
++ s->dyn_dtree[d_code(dist)].Freq++; \
++ flush = (s->last_lit == s->lit_bufsize-1); \
++ }
++#else
++# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
++# define _tr_tally_dist(s, distance, length, flush) \
++ flush = _tr_tally(s, distance, length)
++#endif
++
++#endif /* _DEFLATE_H */
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/COPYRIGHT Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,50 @@
++Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
++All rights reserved.
++
++This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
++The implementation was written so as to conform with MIT's libdes.
++
++This library is free for commercial and non-commercial use as long as
++the following conditions are aheared to. The following conditions
++apply to all code found in this distribution.
++
++Copyright remains Eric Young's, and as such any Copyright notices in
++the code are not to be removed.
++If this package is used in a product, Eric Young should be given attribution
++as the author of that the SSL library. This can be in the form of a textual
++message at program startup or in documentation (online or textual) provided
++with the package.
++
++Redistribution and use in source and binary forms, with or without
++modification, are permitted provided that the following conditions
++are met:
++1. Redistributions of source code must retain the copyright
++ notice, this list of conditions and the following disclaimer.
++2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++3. All advertising materials mentioning features or use of this software
++ must display the following acknowledgement:
++ This product includes software developed by Eric Young (eay@cryptsoft.com)
++
++THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++SUCH DAMAGE.
++
++The license and distribution terms for any publically available version or
++derivative of this code cannot be changed. i.e. this code cannot simply be
++copied and put under another distrubution license
++[including the GNU Public License.]
++
++The reason behind this being stated in this direct manner is past
++experience in code simply being copied and the attribution removed
++from it and then being distributed as part of other packages. This
++implementation was a non-trivial and unpaid effort.
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/INSTALL Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,69 @@
++Check the CC and CFLAGS lines in the makefile
++
++If your C library does not support the times(3) function, change the
++#define TIMES to
++#undef TIMES in speed.c
++If it does, check the HZ value for the times(3) function.
++If your system does not define CLK_TCK it will be assumed to
++be 100.0.
++
++If possible use gcc v 2.7.?
++Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
++In recent times, some system compilers give better performace.
++
++type 'make'
++
++run './destest' to check things are ok.
++run './rpw' to check the tty code for reading passwords works.
++run './speed' to see how fast those optimisations make the library run :-)
++run './des_opts' to determin the best compile time options.
++
++The output from des_opts should be put in the makefile options and des_enc.c
++should be rebuilt. For 64 bit computers, do not use the DES_PTR option.
++For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
++and then you can use the 'DES_PTR' option.
++
++The file options.txt has the options listed for best speed on quite a
++few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then
++turn on the relevent option in the Makefile
++
++There are some special Makefile targets that make life easier.
++make cc - standard cc build
++make gcc - standard gcc build
++make x86-elf - x86 assembler (elf), linux-elf.
++make x86-out - x86 assembler (a.out), FreeBSD
++make x86-solaris- x86 assembler
++make x86-bsdi - x86 assembler (a.out with primative assembler).
++
++If at all possible use the assembler (for Windows NT/95, use
++asm/win32.obj to link with). The x86 assembler is very very fast.
++
++A make install will by default install
++libdes.a in /usr/local/lib/libdes.a
++des in /usr/local/bin/des
++des_crypt.man in /usr/local/man/man3/des_crypt.3
++des.man in /usr/local/man/man1/des.1
++des.h in /usr/include/des.h
++
++des(1) should be compatible with sunOS's but I have been unable to
++test it.
++
++These routines should compile on MSDOS, most 32bit and 64bit version
++of Unix (BSD and SYSV) and VMS, without modification.
++The only problems should be #include files that are in the wrong places.
++
++These routines can be compiled under MSDOS.
++I have successfully encrypted files using des(1) under MSDOS and then
++decrypted the files on a SparcStation.
++I have been able to compile and test the routines with
++Microsoft C v 5.1 and Turbo C v 2.0.
++The code in this library is in no way optimised for the 16bit
++operation of MSDOS.
++
++When building for glibc, ignore all of the above and just unpack into
++glibc-1.??/des and then gmake as per normal.
++
++As a final note on performace. Certain CPUs like sparcs and Alpha often give
++a %10 speed difference depending on the link order. It is rather anoying
++when one program reports 'x' DES encrypts a second and another reports
++'x*0.9' the speed.
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/Makefile Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,63 @@
++# Makefile for KLIPS kernel code as a module for 2.6 kernels
++#
++# Makefile for KLIPS kernel code as a module
++# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs.
++# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile.fs2_6,v 1.2.2.1 2005/08/12 16:10:57 ken Exp $
++#
++# Note! Dependencies are done automagically by 'make dep', which also
++# removes any old dependencies. DON'T put your own dependencies here
++# unless it's something special (ie not a .c file).
++#
++
++obj-$(CONFIG_KLIPS_ENC_3DES) += ipsec_alg_3des.o
++obj-$(CONFIG_KLIPS_ENC_3DES) += cbc_enc.o
++obj-$(CONFIG_KLIPS_ENC_3DES) += ecb_enc.o
++obj-$(CONFIG_KLIPS_ENC_3DES) += set_key.o
++
++ifeq ($(strip ${SUBARCH}),)
++SUBARCH:=${ARCH}
++endif
++
++# the assembly version expects frame pointers, which are
++# optional in many kernel builds. If you want speed, you should
++# probably use cryptoapi code instead.
++USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
++ifeq (${USEASSEMBLY},i386y)
++obj-$(CONFIG_KLIPS_ENC_3DES) += dx86unix.o
++else
++obj-$(CONFIG_KLIPS_ENC_3DES) += des_enc.o
++endif
++
++#
++# $Log: Makefile.fs2_6,v $
++# Revision 1.2.2.1 2005/08/12 16:10:57 ken
++# do not use assembly code with there are no frame pointers
++#
++# Revision 1.3 2005/08/12 14:13:59 mcr
++# do not use assembly code with there are no frame pointers,
++# as it does not have the right linkages.
++#
++# Revision 1.2 2005/04/29 05:13:07 mcr
++# 3DES algorithm code.
++#
++# Revision 1.1 2004/08/17 03:27:30 mcr
++# klips 2.6 edits.
++#
++#
++# Local Variables:
++# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
++# End Variables:
++#
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/README Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,54 @@
++
++ libdes, Version 4.01 10-Jan-97
++
++ Copyright (c) 1997, Eric Young
++ All rights reserved.
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms specified in COPYRIGHT.
++
++--
++The primary ftp site for this library is
++ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
++libdes is now also shipped with SSLeay. Primary ftp site of
++ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
++
++The best way to build this library is to build it as part of SSLeay.
++
++This kit builds a DES encryption library and a DES encryption program.
++It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
++triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
++implementation of crypt(3).
++It contains support routines to read keys from a terminal,
++generate a random key, generate a key from an arbitrary length string,
++read/write encrypted data from/to a file descriptor.
++
++The implementation was written so as to conform with the manual entry
++for the des_crypt(3) library routines from MIT's project Athena.
++
++destest should be run after compilation to test the des routines.
++rpw should be run after compilation to test the read password routines.
++The des program is a replacement for the sun des command. I believe it
++conforms to the sun version.
++
++The Imakefile is setup for use in the kerberos distribution.
++
++These routines are best compiled with gcc or any other good
++optimising compiler.
++Just turn you optimiser up to the highest settings and run destest
++after the build to make sure everything works.
++
++I believe these routines are close to the fastest and most portable DES
++routines that use small lookup tables (4.5k) that are publicly available.
++The fcrypt routine is faster than ufc's fcrypt (when compiling with
++gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
++(on a sun3/260 168 vs 336). It is a function of CPU on chip cache size.
++[ 10-Jan-97 and a function of an incorrect speed testing program in
++ ufc which gave much better test figures that reality ].
++
++It is worth noting that on sparc and Alpha CPUs, performance of the DES
++library can vary by upto %10 due to the positioning of files after application
++linkage.
++
++Eric Young (eay@cryptsoft.com)
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/README.freeswan Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,33 @@
++The only changes the FreeS/WAN project has made to libdes-lite 4.04b are:
++
++We #ifdef-ed the declaration of DES_LONG in des.h, so it's more efficient
++on the Alpha, instead of just noting the issue in a comment.
++
++We #ifdef-ed out the des_options() function in ecb_enc.c, because we don't
++use it, and its call to sprintf() can cause subtle difficulties when KLIPS
++is built as a module (depending on details of Linux configuration options).
++
++We changed some instances of CC=$(CC) in the Makefile to CC='$(CC)' to make
++it cope better with Linux kernel Makefile stupidities, and took out an
++explicit CC=gcc (unwise on systems with strange compilers).
++
++We deleted some references to <stdio.h> and <stdlib.h>, and a declaration
++of one function found only in the full libdes (not in libdes-lite), to
++avoid dragging in bits of stdio/stdlib unnecessarily. (Our thanks to Hans
++Schultz for spotting this and pointing out the fixes.)
++
++We deleted a couple of .obj files in the asm subdirectory, which appear to
++have been included in the original library by accident.
++
++We have added an include of our Makefile.inc file, to permit overriding
++things like choice of compiler (although the libdes Makefile would
++probably need some work to make this effective).
++
++
++
++Note that Eric Young is no longer at the email address listed in these
++files, and is (alas) no longer working on free crypto software.
++
++
++
++This file is RCSID $Id: README.freeswan,v 1.12 2004/07/10 08:06:51 mcr Exp $
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/VERSION Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,406 @@
++Version 4.04
++ Fixed a few tests in destest. Also added x86 assember for
++ des_ncbc_encrypt() which is the standard cbc mode function.
++ This makes a very very large performace difference.
++ Ariel Glenn ariel@columbia.edu reports that the terminal
++ 'turn echo off' can return (errno == EINVAL) under solaris
++ when redirection is used. So I now catch that as well as ENOTTY.
++
++
++Version 4.03
++ Left a static out of enc_write.c, which caused to buffer to be
++ continiously malloc()ed. Does anyone use these functions? I keep
++ on feeling like removing them since I only had these in there
++ for a version of kerberised login. Anyway, this was pointed out
++ by Theo de Raadt <deraadt@cvs.openbsd.org>
++ The 'n' bit ofb code was wrong, it was not shifting the shift
++ register. It worked correctly for n == 64. Thanks to
++ Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
++
++Version 4.02
++ I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
++ when checking for weak keys which is wrong :-(, pointed out by
++ Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
++
++Version 4.01
++ Even faster inner loop in the DES assembler for x86 and a modification
++ for IP/FP which is faster on x86. Both of these changes are
++ from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. His
++ changes make the assembler run %40 faster on a pentium. This is just
++ a case of getting the instruction sequence 'just right'.
++ All credit to 'Svend' :-)
++ Quite a few special x86 'make' targets.
++ A libdes-l (lite) distribution.
++
++Version 4.00
++ After a bit of a pause, I'll up the major version number since this
++ is mostly a performace release. I've added x86 assembler and
++ added more options for performance. A %28 speedup for gcc
++ on a pentium and the assembler is a %50 speedup.
++ MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
++ Run des_opts to work out which options should be used.
++ DES_RISC1/DES_RISC2 use alternative inner loops which use
++ more registers but should give speedups on any CPU that does
++ dual issue (pentium). DES_UNROLL unrolls the inner loop,
++ which costs in code size.
++
++Version 3.26
++ I've finally removed one of the shifts in D_ENCRYPT. This
++ meant I've changed the des_SPtrans table (spr.h), the set_key()
++ function and some things in des_enc.c. This has definitly
++ made things faster :-). I've known about this one for some
++ time but I've been too lazy to follow it up :-).
++ Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
++ instead of L^=((..)|(..)|(..).. This should save a register at
++ least.
++ Assember for x86. The file to replace is des_enc.c, which is replaced
++ by one of the assembler files found in asm. Look at des/asm/readme
++ for more info.
++
++ /* Modification to fcrypt so it can be compiled to support
++ HPUX 10.x's long password format, define -DLONGCRYPT to use this.
++ Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
++
++ SIGWINCH case put in des_read_passwd() so the function does not
++ 'exit' if this function is recieved.
++
++Version 3.25 17/07/96
++ Modified read_pwd.c so that stdin can be read if not a tty.
++ Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
++ des_init_random_number_generator() shortened due to VMS linker
++ limits.
++ Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2
++ 8 byte quantites xored before and after encryption.
++ des_xcbc_encryption() - the name is funny to preserve the des_
++ prefix on all functions.
++
++Version 3.24 20/04/96
++ The DES_PTR macro option checked and used by SSLeay configuration
++
++Version 3.23 11/04/96
++ Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha,
++ it gives a %20 speedup :-)
++ Fixed the problem with des.pl under perl5. The patches were
++ sent by Ed Kubaitis (ejk@uiuc.edu).
++ if fcrypt.c, changed values to handle illegal salt values the way
++ normal crypt() implementations do. Some programs apparently use
++ them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
++
++Version 3.22 29/11/95
++ Bug in des(1), an error with the uuencoding stuff when the
++ 'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
++ for the patch.
++
++Version 3.21 22/11/95
++ After some emailing back and forth with
++ Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
++ and in a future version I will probably put in some of the
++ optimisation he suggested for use with the DES_USE_PTR option.
++ Extra routines from Mark Murray <mark@grondar.za> for use in
++ freeBSD. They mostly involve random number generation for use
++ with kerberos. They involve evil machine specific system calls
++ etc so I would normally suggest pushing this stuff into the
++ application and/or using RAND_seed()/RAND_bytes() if you are
++ using this DES library as part of SSLeay.
++ Redone the read_pw() function so that it is cleaner and
++ supports termios, thanks to Sameer Parekh <sameer@c2.org>
++ for the initial patches for this.
++ Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been
++ done just to make things more consistent.
++ I have also now added triple DES versions of cfb and ofb.
++
++Version 3.20
++ Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
++ my des_random_seed() function was only copying 4 bytes of the
++ passed seed into the init structure. It is now fixed to copy 8.
++ My own suggestion is to used something like MD5 :-)
++
++Version 3.19
++ While looking at my code one day, I though, why do I keep on
++ calling des_encrypt(in,out,ks,enc) when every function that
++ calls it has in and out the same. So I dropped the 'out'
++ parameter, people should not be using this function.
++
++Version 3.18 30/08/95
++ Fixed a few bit with the distribution and the filenames.
++ 3.17 had been munged via a move to DOS and back again.
++ NO CODE CHANGES
++
++Version 3.17 14/07/95
++ Fixed ede3 cbc which I had broken in 3.16. I have also
++ removed some unneeded variables in 7-8 of the routines.
++
++Version 3.16 26/06/95
++ Added des_encrypt2() which does not use IP/FP, used by triple
++ des routines. Tweaked things a bit elsewhere. %13 speedup on
++ sparc and %6 on a R4400 for ede3 cbc mode.
++
++Version 3.15 06/06/95
++ Added des_ncbc_encrypt(), it is des_cbc mode except that it is
++ 'normal' and copies the new iv value back over the top of the
++ passed parameter.
++ CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
++ the iv. THIS WILL BREAK EXISTING CODE, but since this function
++ only new, I feel I can change it, not so with des_cbc_encrypt :-(.
++ I need to update the documentation.
++
++Version 3.14 31/05/95
++ New release upon the world, as part of my SSL implementation.
++ New copyright and usage stuff. Basically free for all to use
++ as long as you say it came from me :-)
++
++Version 3.13 31/05/95
++ A fix in speed.c, if HZ is not defined, I set it to 100.0
++ which is reasonable for most unixes except SunOS 4.x.
++ I now have a #ifdef sun but timing for SunOS 4.x looked very
++ good :-(. At my last job where I used SunOS 4.x, it was
++ defined to be 60.0 (look at the old INSTALL documentation), at
++ the last release had it changed to 100.0 since I now work with
++ Solaris2 and SVR4 boxes.
++ Thanks to Rory Chisholm <rchishol@math.ethz.ch> for pointing this
++ one out.
++
++Version 3.12 08/05/95
++ As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
++ my D_ENCRYPT macro in crypt() had an un-necessary variable.
++ It has been removed.
++
++Version 3.11 03/05/95
++ Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
++ and one iv. It is a standard and I needed it for my SSL code.
++ It makes more sense to use this for triple DES than
++ 3cbc_encrypt(). I have also added (or should I say tested :-)
++ cfb64_encrypt() which is cfb64 but it will encrypt a partial
++ number of bytes - 3 bytes in 3 bytes out. Again this is for
++ my SSL library, as a form of encryption to use with SSL
++ telnet.
++
++Version 3.10 22/03/95
++ Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls
++ to cbc3_encrypt, the 2 iv values that were being returned to
++ be used in the next call were reversed :-(.
++ Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
++ this error.
++
++Version 3.09 01/02/95
++ Fixed des_random_key to far more random, it was rather feeble
++ with regards to picking the initial seed. The problem was
++ pointed out by Olaf Kirch <okir@monad.swb.de>.
++
++Version 3.08 14/12/94
++ Added Makefile.PL so libdes can be built into perl5.
++ Changed des_locl.h so RAND is always defined.
++
++Version 3.07 05/12/94
++ Added GNUmake and stuff so the library can be build with
++ glibc.
++
++Version 3.06 30/08/94
++ Added rpc_enc.c which contains _des_crypt. This is for use in
++ secure_rpc v 4.0
++ Finally fixed the cfb_enc problems.
++ Fixed a few parameter parsing bugs in des (-3 and -b), thanks
++ to Rob McMillan <R.McMillan@its.gu.edu.au>
++
++Version 3.05 21/04/94
++ for unsigned long l; gcc does not produce ((l>>34) == 0)
++ This causes bugs in cfb_enc.
++ Thanks to Hadmut Danisch <danisch@ira.uka.de>
++
++Version 3.04 20/04/94
++ Added a version number to des.c and libdes.a
++
++Version 3.03 12/01/94
++ Fixed a bug in non zero iv in 3cbc_enc.
++
++Version 3.02 29/10/93
++ I now work in a place where there are 6+ architectures and 14+
++ OS versions :-).
++ Fixed TERMIO definition so the most sys V boxes will work :-)
++
++Release upon comp.sources.misc
++Version 3.01 08/10/93
++ Added des_3cbc_encrypt()
++
++Version 3.00 07/10/93
++ Fixed up documentation.
++ quad_cksum definitely compatible with MIT's now.
++
++Version 2.30 24/08/93
++ Triple DES now defaults to triple cbc but can do triple ecb
++ with the -b flag.
++ Fixed some MSDOS uuen/uudecoding problems, thanks to
++ Added prototypes.
++
++Version 2.22 29/06/93
++ Fixed a bug in des_is_weak_key() which stopped it working :-(
++ thanks to engineering@MorningStar.Com.
++
++Version 2.21 03/06/93
++ des(1) with no arguments gives quite a bit of help.
++ Added -c (generate ckecksum) flag to des(1).
++ Added -3 (triple DES) flag to des(1).
++ Added cfb and ofb routines to the library.
++
++Version 2.20 11/03/93
++ Added -u (uuencode) flag to des(1).
++ I have been playing with byte order in quad_cksum to make it
++ compatible with MIT's version. All I can say is avid this
++ function if possible since MIT's output is endian dependent.
++
++Version 2.12 14/10/92
++ Added MSDOS specific macro in ecb_encrypt which gives a %70
++ speed up when the code is compiled with turbo C.
++
++Version 2.11 12/10/92
++ Speedup in set_key (recoding of PC-1)
++ I now do it in 47 simple operations, down from 60.
++ Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
++ for motivating me to look for a faster system :-)
++ The speedup is probably less that 1% but it is still 13
++ instructions less :-).
++
++Version 2.10 06/10/92
++ The code now works on the 64bit ETA10 and CRAY without modifications or
++ #defines. I believe the code should work on any machine that
++ defines long, int or short to be 8 bytes long.
++ Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
++ for helping me fix the code to run on 64bit machines (he had
++ access to an ETA10).
++ Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
++ for testing the routines on a CRAY.
++ read_password.c has been renamed to read_passwd.c
++ string_to_key.c has been renamed to string2key.c
++
++Version 2.00 14/09/92
++ Made mods so that the library should work on 64bit CPU's.
++ Removed all my uchar and ulong defs. To many different
++ versions of unix define them in their header files in too many
++ different combinations :-)
++ IRIX - Sillicon Graphics mods (mostly in read_password.c).
++ Thanks to Andrew Daviel (advax@erich.triumf.ca)
++
++Version 1.99 26/08/92
++ Fixed a bug or 2 in enc_read.c
++ Fixed a bug in enc_write.c
++ Fixed a pseudo bug in fcrypt.c (very obscure).
++
++Version 1.98 31/07/92
++ Support for the ETA10. This is a strange machine that defines
++ longs and ints as 8 bytes and shorts as 4 bytes.
++ Since I do evil things with long * that assume that they are 4
++ bytes. Look in the Makefile for the option to compile for
++ this machine. quad_cksum appears to have problems but I
++ will don't have the time to fix it right now, and this is not
++ a function that uses DES and so will not effect the main uses
++ of the library.
++
++Version 1.97 20/05/92 eay
++ Fixed the Imakefile and made some changes to des.h to fix some
++ problems when building this package with Kerberos v 4.
++
++Version 1.96 18/05/92 eay
++ Fixed a small bug in string_to_key() where problems could
++ occur if des_check_key was set to true and the string
++ generated a weak key.
++
++Patch2 posted to comp.sources.misc
++Version 1.95 13/05/92 eay
++ Added an alternative version of the D_ENCRYPT macro in
++ ecb_encrypt and fcrypt. Depending on the compiler, one version or the
++ other will be faster. This was inspired by
++ Dana How <how@isl.stanford.edu>, and her pointers about doing the
++ *(ulong *)((uchar *)ptr+(value&0xfc))
++ vs
++ ptr[value&0x3f]
++ to stop the C compiler doing a <<2 to convert the long array index.
++
++Version 1.94 05/05/92 eay
++ Fixed an incompatibility between my string_to_key and the MIT
++ version. When the key is longer than 8 chars, I was wrapping
++ with a different method. To use the old version, define
++ OLD_STR_TO_KEY in the makefile. Thanks to
++ viktor@newsu.shearson.com (Viktor Dukhovni).
++
++Version 1.93 28/04/92 eay
++ Fixed the VMS mods so that echo is now turned off in
++ read_password. Thanks again to brennan@coco.cchs.su.oz.AU.
++ MSDOS support added. The routines can be compiled with
++ Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined.
++
++Patch1 posted to comp.sources.misc
++Version 1.92 13/04/92 eay
++ Changed D_ENCRYPT so that the rotation of R occurs outside of
++ the loop. This required rotating all the longs in sp.h (now
++ called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
++ speed.c has been changed so it will work without SIGALRM. If
++ times(3) is not present it will try to use ftime() instead.
++
++Version 1.91 08/04/92 eay
++ Added -E/-D options to des(1) so it can use string_to_key.
++ Added SVR4 mods suggested by witr@rwwa.COM
++ Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If
++ anyone knows how to turn of tty echo in VMS please tell me or
++ implement it yourself :-).
++ Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
++ does not like IN/OUT being used.
++
++Libdes posted to comp.sources.misc
++Version 1.9 24/03/92 eay
++ Now contains a fast small crypt replacement.
++ Added des(1) command.
++ Added des_rw_mode so people can use cbc encryption with
++ enc_read and enc_write.
++
++Version 1.8 15/10/91 eay
++ Bug in cbc_cksum.
++ Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
++ one out.
++
++Version 1.7 24/09/91 eay
++ Fixed set_key :-)
++ set_key is 4 times faster and takes less space.
++ There are a few minor changes that could be made.
++
++Version 1.6 19/09/1991 eay
++ Finally go IP and FP finished.
++ Now I need to fix set_key.
++ This version is quite a bit faster that 1.51
++
++Version 1.52 15/06/1991 eay
++ 20% speedup in ecb_encrypt by changing the E bit selection
++ to use 2 32bit words. This also required modification of the
++ sp table. There is still a way to speedup the IP and IP-1
++ (hints from outer@sq.com) still working on this one :-(.
++
++Version 1.51 07/06/1991 eay
++ Faster des_encrypt by loop unrolling
++ Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
++
++Version 1.50 28/05/1991 eay
++ Optimised the code a bit more for the sparc. I have improved the
++ speed of the inner des_encrypt by speeding up the initial and
++ final permutations.
++
++Version 1.40 23/10/1990 eay
++ Fixed des_random_key, it did not produce a random key :-(
++
++Version 1.30 2/10/1990 eay
++ Have made des_quad_cksum the same as MIT's, the full package
++ should be compatible with MIT's
++ Have tested on a DECstation 3100
++ Still need to fix des_set_key (make it faster).
++ Does des_cbc_encrypts at 70.5k/sec on a 3100.
++
++Version 1.20 18/09/1990 eay
++ Fixed byte order dependencies.
++ Fixed (I hope) all the word alignment problems.
++ Speedup in des_ecb_encrypt.
++
++Version 1.10 11/09/1990 eay
++ Added des_enc_read and des_enc_write.
++ Still need to fix des_quad_cksum.
++ Still need to document des_enc_read and des_enc_write.
++
++Version 1.00 27/08/1990 eay
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/asm/des-586.pl Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,251 @@
++#!/usr/local/bin/perl
++#
++# The inner loop instruction sequence and the IP/FP modifications are from
++# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
++#
++
++push(@INC,"perlasm","../../perlasm");
++require "x86asm.pl";
++require "cbc.pl";
++require "desboth.pl";
++
++# base code is in microsft
++# op dest, source
++# format.
++#
++
++&asm_init($ARGV[0],"des-586.pl");
++
++$L="edi";
++$R="esi";
++
++&external_label("des_SPtrans");
++&des_encrypt("des_encrypt",1);
++&des_encrypt("des_encrypt2",0);
++&des_encrypt3("des_encrypt3",1);
++&des_encrypt3("des_decrypt3",0);
++&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
++&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
++
++&asm_finish();
++
++sub des_encrypt
++ {
++ local($name,$do_ip)=@_;
++
++ &function_begin_B($name,"EXTRN _des_SPtrans:DWORD");
++
++ &push("esi");
++ &push("edi");
++
++ &comment("");
++ &comment("Load the 2 words");
++ $ks="ebp";
++
++ if ($do_ip)
++ {
++ &mov($R,&wparam(0));
++ &xor( "ecx", "ecx" );
++
++ &push("ebx");
++ &push("ebp");
++
++ &mov("eax",&DWP(0,$R,"",0));
++ &mov("ebx",&wparam(2)); # get encrypt flag
++ &mov($L,&DWP(4,$R,"",0));
++ &comment("");
++ &comment("IP");
++ &IP_new("eax",$L,$R,3);
++ }
++ else
++ {
++ &mov("eax",&wparam(0));
++ &xor( "ecx", "ecx" );
++
++ &push("ebx");
++ &push("ebp");
++
++ &mov($R,&DWP(0,"eax","",0));
++ &mov("ebx",&wparam(2)); # get encrypt flag
++ &rotl($R,3);
++ &mov($L,&DWP(4,"eax","",0));
++ &rotl($L,3);
++ }
++
++ &mov( $ks, &wparam(1) );
++ &cmp("ebx","0");
++ &je(&label("start_decrypt"));
++
++ for ($i=0; $i<16; $i+=2)
++ {
++ &comment("");
++ &comment("Round $i");
++ &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
++
++ &comment("");
++ &comment("Round ".sprintf("%d",$i+1));
++ &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
++ }
++ &jmp(&label("end"));
++
++ &set_label("start_decrypt");
++
++ for ($i=15; $i>0; $i-=2)
++ {
++ &comment("");
++ &comment("Round $i");
++ &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
++ &comment("");
++ &comment("Round ".sprintf("%d",$i-1));
++ &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
++ }
++
++ &set_label("end");
++
++ if ($do_ip)
++ {
++ &comment("");
++ &comment("FP");
++ &mov("edx",&wparam(0));
++ &FP_new($L,$R,"eax",3);
++
++ &mov(&DWP(0,"edx","",0),"eax");
++ &mov(&DWP(4,"edx","",0),$R);
++ }
++ else
++ {
++ &comment("");
++ &comment("Fixup");
++ &rotr($L,3); # r
++ &mov("eax",&wparam(0));
++ &rotr($R,3); # l
++ &mov(&DWP(0,"eax","",0),$L);
++ &mov(&DWP(4,"eax","",0),$R);
++ }
++
++ &pop("ebp");
++ &pop("ebx");
++ &pop("edi");
++ &pop("esi");
++ &ret();
++
++ &function_end_B($name);
++ }
++
++sub D_ENCRYPT
++ {
++ local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
++
++ &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
++ &xor( $tmp1, $tmp1);
++ &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
++ &xor( $u, $R);
++ &xor( $t, $R);
++ &and( $u, "0xfcfcfcfc" );
++ &and( $t, "0xcfcfcfcf" );
++ &movb( &LB($tmp1), &LB($u) );
++ &movb( &LB($tmp2), &HB($u) );
++ &rotr( $t, 4 );
++ &mov( $ks, &DWP(" $desSP",$tmp1,"",0));
++ &movb( &LB($tmp1), &LB($t) );
++ &xor( $L, $ks);
++ &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0));
++ &xor( $L, $ks); ######
++ &movb( &LB($tmp2), &HB($t) );
++ &shr( $u, 16);
++ &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0));
++ &xor( $L, $ks); ######
++ &movb( &LB($tmp1), &HB($u) );
++ &shr( $t, 16);
++ &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0));
++ &xor( $L, $ks);
++ &mov( $ks, &wparam(1) );
++ &movb( &LB($tmp2), &HB($t) );
++ &and( $u, "0xff" );
++ &and( $t, "0xff" );
++ &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0));
++ &xor( $L, $tmp1);
++ &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0));
++ &xor( $L, $tmp1);
++ &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0));
++ &xor( $L, $tmp1);
++ &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0));
++ &xor( $L, $tmp1);
++ }
++
++sub n2a
++ {
++ sprintf("%d",$_[0]);
++ }
++
++# now has a side affect of rotating $a by $shift
++sub R_PERM_OP
++ {
++ local($a,$b,$tt,$shift,$mask,$last)=@_;
++
++ &rotl( $a, $shift ) if ($shift != 0);
++ &mov( $tt, $a );
++ &xor( $a, $b );
++ &and( $a, $mask );
++ if (!$last eq $b)
++ {
++ &xor( $b, $a );
++ &xor( $tt, $a );
++ }
++ else
++ {
++ &xor( $tt, $a );
++ &xor( $b, $a );
++ }
++ &comment("");
++ }
++
++sub IP_new
++ {
++ local($l,$r,$tt,$lr)=@_;
++
++ &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
++ &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
++ &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
++ &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
++ &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
++
++ if ($lr != 3)
++ {
++ if (($lr-3) < 0)
++ { &rotr($tt, 3-$lr); }
++ else { &rotl($tt, $lr-3); }
++ }
++ if ($lr != 2)
++ {
++ if (($lr-2) < 0)
++ { &rotr($r, 2-$lr); }
++ else { &rotl($r, $lr-2); }
++ }
++ }
++
++sub FP_new
++ {
++ local($l,$r,$tt,$lr)=@_;
++
++ if ($lr != 2)
++ {
++ if (($lr-2) < 0)
++ { &rotl($r, 2-$lr); }
++ else { &rotr($r, $lr-2); }
++ }
++ if ($lr != 3)
++ {
++ if (($lr-3) < 0)
++ { &rotl($l, 3-$lr); }
++ else { &rotr($l, $lr-3); }
++ }
++
++ &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
++ &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
++ &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
++ &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
++ &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
++ &rotr($tt , 4);
++ }
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/asm/des686.pl Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,230 @@
++#!/usr/local/bin/perl
++
++$prog="des686.pl";
++
++# base code is in microsft
++# op dest, source
++# format.
++#
++
++# WILL NOT WORK ANYMORE WITH desboth.pl
++require "desboth.pl";
++
++if ( ($ARGV[0] eq "elf"))
++ { require "x86unix.pl"; }
++elsif ( ($ARGV[0] eq "a.out"))
++ { $aout=1; require "x86unix.pl"; }
++elsif ( ($ARGV[0] eq "sol"))
++ { $sol=1; require "x86unix.pl"; }
++elsif ( ($ARGV[0] eq "cpp"))
++ { $cpp=1; require "x86unix.pl"; }
++elsif ( ($ARGV[0] eq "win32"))
++ { require "x86ms.pl"; }
++else
++ {
++ print STDERR <<"EOF";
++Pick one target type from
++ elf - linux, FreeBSD etc
++ a.out - old linux
++ sol - x86 solaris
++ cpp - format so x86unix.cpp can be used
++ win32 - Windows 95/Windows NT
++EOF
++ exit(1);
++ }
++
++&comment("Don't even think of reading this code");
++&comment("It was automatically generated by $prog");
++&comment("Which is a perl program used to generate the x86 assember for");
++&comment("any of elf, a.out, Win32, or Solaris");
++&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
++&comment("eric <eay\@cryptsoft.com>");
++&comment("");
++
++&file("dx86xxxx");
++
++$L="edi";
++$R="esi";
++
++&des_encrypt("des_encrypt",1);
++&des_encrypt("des_encrypt2",0);
++
++&des_encrypt3("des_encrypt3",1);
++&des_encrypt3("des_decrypt3",0);
++
++&file_end();
++
++sub des_encrypt
++ {
++ local($name,$do_ip)=@_;
++
++ &function_begin($name,"EXTRN _des_SPtrans:DWORD");
++
++ &comment("");
++ &comment("Load the 2 words");
++ &mov("eax",&wparam(0));
++ &mov($L,&DWP(0,"eax","",0));
++ &mov($R,&DWP(4,"eax","",0));
++
++ $ksp=&wparam(1);
++
++ if ($do_ip)
++ {
++ &comment("");
++ &comment("IP");
++ &IP_new($L,$R,"eax");
++ }
++
++ &comment("");
++ &comment("fixup rotate");
++ &rotl($R,3);
++ &rotl($L,3);
++ &exch($L,$R);
++
++ &comment("");
++ &comment("load counter, key_schedule and enc flag");
++ &mov("eax",&wparam(2)); # get encrypt flag
++ &mov("ebp",&wparam(1)); # get ks
++ &cmp("eax","0");
++ &je(&label("start_decrypt"));
++
++ # encrypting part
++
++ for ($i=0; $i<16; $i+=2)
++ {
++ &comment("");
++ &comment("Round $i");
++ &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
++
++ &comment("");
++ &comment("Round ".sprintf("%d",$i+1));
++ &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
++ }
++ &jmp(&label("end"));
++
++ &set_label("start_decrypt");
++
++ for ($i=15; $i>0; $i-=2)
++ {
++ &comment("");
++ &comment("Round $i");
++ &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
++ &comment("");
++ &comment("Round ".sprintf("%d",$i-1));
++ &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
++ }
++
++ &set_label("end");
++
++ &comment("");
++ &comment("Fixup");
++ &rotr($L,3); # r
++ &rotr($R,3); # l
++
++ if ($do_ip)
++ {
++ &comment("");
++ &comment("FP");
++ &FP_new($R,$L,"eax");
++ }
++
++ &mov("eax",&wparam(0));
++ &mov(&DWP(0,"eax","",0),$L);
++ &mov(&DWP(4,"eax","",0),$R);
++
++ &function_end($name);
++ }
++
++
++# The logic is to load R into 2 registers and operate on both at the same time.
++# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
++# while also masking the other copy and doing a lookup. We then also accumulate the
++# L value in 2 registers then combine them at the end.
++sub D_ENCRYPT
++ {
++ local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
++
++ &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
++ &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
++ &xor( $u, $R );
++ &xor( $t, $R );
++ &rotr( $t, 4 );
++
++ # the numbers at the end of the line are origional instruction order
++ &mov( $tmp2, $u ); # 1 2
++ &mov( $tmp1, $t ); # 1 1
++ &and( $tmp2, "0xfc" ); # 1 4
++ &and( $tmp1, "0xfc" ); # 1 3
++ &shr( $t, 8 ); # 1 5
++ &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7
++ &shr( $u, 8 ); # 1 6
++ &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8
++
++ &mov( $tmp2, $u ); # 2 2
++ &xor( $L, $tmp1 ); # 1 9
++ &and( $tmp2, "0xfc" ); # 2 4
++ &mov( $tmp1, $t ); # 2 1
++ &and( $tmp1, "0xfc" ); # 2 3
++ &shr( $t, 8 ); # 2 5
++ &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7
++ &shr( $u, 8 ); # 2 6
++ &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8
++ &mov( $tmp2, $u ); # 3 2
++
++ &xor( $L, $tmp1 ); # 2 9
++ &and( $tmp2, "0xfc" ); # 3 4
++
++ &mov( $tmp1, $t ); # 3 1
++ &shr( $u, 8 ); # 3 6
++ &and( $tmp1, "0xfc" ); # 3 3
++ &shr( $t, 8 ); # 3 5
++ &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7
++ &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8
++
++ &and( $t, "0xfc" ); # 4 1
++ &xor( $L, $tmp1 ); # 3 9
++
++ &and( $u, "0xfc" ); # 4 2
++ &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3
++ &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4
++ }
++
++sub PERM_OP
++ {
++ local($a,$b,$tt,$shift,$mask)=@_;
++
++ &mov( $tt, $a );
++ &shr( $tt, $shift );
++ &xor( $tt, $b );
++ &and( $tt, $mask );
++ &xor( $b, $tt );
++ &shl( $tt, $shift );
++ &xor( $a, $tt );
++ }
++
++sub IP_new
++ {
++ local($l,$r,$tt)=@_;
++
++ &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
++ &PERM_OP($l,$r,$tt,16,"0x0000ffff");
++ &PERM_OP($r,$l,$tt, 2,"0x33333333");
++ &PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
++ &PERM_OP($r,$l,$tt, 1,"0x55555555");
++ }
++
++sub FP_new
++ {
++ local($l,$r,$tt)=@_;
++
++ &PERM_OP($l,$r,$tt, 1,"0x55555555");
++ &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
++ &PERM_OP($l,$r,$tt, 2,"0x33333333");
++ &PERM_OP($r,$l,$tt,16,"0x0000ffff");
++ &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
++ }
++
++sub n2a
++ {
++ sprintf("%d",$_[0]);
++ }
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/asm/desboth.pl Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,79 @@
++#!/usr/local/bin/perl
++
++$L="edi";
++$R="esi";
++
++sub des_encrypt3
++ {
++ local($name,$enc)=@_;
++
++ &function_begin_B($name,"");
++ &push("ebx");
++ &mov("ebx",&wparam(0));
++
++ &push("ebp");
++ &push("esi");
++
++ &push("edi");
++
++ &comment("");
++ &comment("Load the data words");
++ &mov($L,&DWP(0,"ebx","",0));
++ &mov($R,&DWP(4,"ebx","",0));
++ &stack_push(3);
++
++ &comment("");
++ &comment("IP");
++ &IP_new($L,$R,"edx",0);
++
++ # put them back
++
++ if ($enc)
++ {
++ &mov(&DWP(4,"ebx","",0),$R);
++ &mov("eax",&wparam(1));
++ &mov(&DWP(0,"ebx","",0),"edx");
++ &mov("edi",&wparam(2));
++ &mov("esi",&wparam(3));
++ }
++ else
++ {
++ &mov(&DWP(4,"ebx","",0),$R);
++ &mov("esi",&wparam(1));
++ &mov(&DWP(0,"ebx","",0),"edx");
++ &mov("edi",&wparam(2));
++ &mov("eax",&wparam(3));
++ }
++ &mov(&swtmp(2), (($enc)?"1":"0"));
++ &mov(&swtmp(1), "eax");
++ &mov(&swtmp(0), "ebx");
++ &call("des_encrypt2");
++ &mov(&swtmp(2), (($enc)?"0":"1"));
++ &mov(&swtmp(1), "edi");
++ &mov(&swtmp(0), "ebx");
++ &call("des_encrypt2");
++ &mov(&swtmp(2), (($enc)?"1":"0"));
++ &mov(&swtmp(1), "esi");
++ &mov(&swtmp(0), "ebx");
++ &call("des_encrypt2");
++
++ &stack_pop(3);
++ &mov($L,&DWP(0,"ebx","",0));
++ &mov($R,&DWP(4,"ebx","",0));
++
++ &comment("");
++ &comment("FP");
++ &FP_new($L,$R,"eax",0);
++
++ &mov(&DWP(0,"ebx","",0),"eax");
++ &mov(&DWP(4,"ebx","",0),$R);
++
++ &pop("edi");
++ &pop("esi");
++ &pop("ebp");
++ &pop("ebx");
++ &ret();
++ &function_end_B($name);
++ }
++
++
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ linux/net/ipsec/des/asm/readme Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,131 @@
++First up, let me say I don't like writing in assembler. It is not portable,
++dependant on the particular CPU architecture release and is generally a pig
++to debug and get right. Having said that, the x86 architecture is probably
++the most important for speed due to number of boxes and since
++it appears to be the worst architecture to to get
++good C compilers for. So due to this, I have lowered myself to do
++assembler for the inner DES routines in libdes :-).
++
++The file to implement in assembler is des_enc.c. Replace the following
++4 functions
++des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
++des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
++des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
++des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
++
++They encrypt/decrypt the 64 bits held in 'data' using
++the 'ks' key schedules. The only difference between the 4 functions is that
++des_encrypt2() does not perform IP() or FP() on the data (this is an
++optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
++perform triple des. The triple DES routines are in here because it does
++make a big difference to have them located near the des_encrypt2 function
++at link time..
++
++Now as we all know, there are lots of different operating systems running on
++x86 boxes, and unfortunately they normally try to make sure their assembler
++formating is not the same as the other peoples.
++The 4 main formats I know of are
++Microsoft Windows 95/Windows NT
++Elf