diff --git a/libs/libuecc/Makefile b/libs/libuecc/Makefile index ad34f26..a67765b 100644 --- a/libs/libuecc/Makefile +++ b/libs/libuecc/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libuecc -PKG_VERSION:=3 +PKG_VERSION:=4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://projects.universe-factory.net/attachments/download/42 -PKG_MD5SUM:=3c45ffecc7709ea929892993808e218e +PKG_SOURCE_URL:=https://projects.universe-factory.net/attachments/download/71 +PKG_MD5SUM:=7f44df5dc69cb8686947562e2a11eea9 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -25,9 +25,12 @@ define Package/libuecc URL:=http://git.universe-factory.net/libuecc/ endef +TARGET_CFLAGS += -ffunction-sections -fdata-sections + CMAKE_OPTIONS += \ -DCMAKE_BUILD_TYPE:String="MINSIZEREL" + define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/libuecc-$(PKG_VERSION) $(1)/usr/include/ diff --git a/net/fastd/Config.in b/net/fastd/Config.in index 7e7ed08..7d7c80c 100644 --- a/net/fastd/Config.in +++ b/net/fastd/Config.in @@ -1,36 +1,64 @@ menu "Configuration" depends on PACKAGE_fastd +config FASTD_ENABLE_METHOD_CIPHER_TEST + bool "Enable cipher-test method provider" + depends on PACKAGE_fastd + default n + +config FASTD_ENABLE_METHOD_COMPOSED_GMAC + bool "Enable composed-gmac method provider" + depends on PACKAGE_fastd + default y + +config FASTD_ENABLE_METHOD_GENERIC_GMAC + bool "Enable generic-gmac method provider" + depends on PACKAGE_fastd + default y + +config FASTD_ENABLE_METHOD_GENERIC_POLY1305 + bool "Enable generic-poly1305 method provider" + depends on PACKAGE_fastd + default n + +config FASTD_ENABLE_METHOD_NULL + bool "Enable null method" + depends on PACKAGE_fastd + default y + config FASTD_ENABLE_METHOD_XSALSA20_POLY1305 bool "Enable xsalsa20-poly1305 method" depends on PACKAGE_fastd - default y - -config FASTD_ENABLE_METHOD_AES128_GCM - bool "Enable aes128-gcm method" - depends on PACKAGE_fastd && (FASTD_ENABLE_CRYPTO_AES128CTR_NACL || FASTD_ENABLE_CRYPTO_AES128CTR_LINUX) && (FASTD_ENABLE_CRYPTO_GHASH_BUILTIN || FASTD_ENABLE_CRYPTO_GHASH_LINUX) default n -config FASTD_ENABLE_CRYPTO_AES128CTR_NACL - bool "Include the AES128-CTR implementation from the NaCl library" - depends on PACKAGE_fastd - default y -config FASTD_ENABLE_CRYPTO_AES128CTR_LINUX - bool "Support using the AES128-CTR implementation in the Linux kernel" +config FASTD_ENABLE_CIPHER_AES128_CTR + bool "Enable the AES128-CTR cipher" depends on PACKAGE_fastd default n -config FASTD_ENABLE_CRYPTO_GHASH_BUILTIN - bool "Include the built-in GHASH implementation" +config FASTD_ENABLE_CIPHER_NULL + bool "Enable the null cipher" depends on PACKAGE_fastd default y -config FASTD_ENABLE_CRYPTO_GHASH_LINUX - bool "Support using the GHASH implementation in the Linux kernel" +config FASTD_ENABLE_CIPHER_SALSA20 + bool "Enable the Salsa20 cipher" depends on PACKAGE_fastd default n +config FASTD_ENABLE_CIPHER_SALSA2012 + bool "Enable the Salsa20/12 cipher" + depends on PACKAGE_fastd + default y + + +config FASTD_ENABLE_MAC_GHASH + bool "Enable the GHASH message authentication code" + depends on PACKAGE_fastd + default y + + config FASTD_WITH_CMDLINE_USER bool "Include support for setting user/group related options on the command line" depends on PACKAGE_fastd diff --git a/net/fastd/Makefile b/net/fastd/Makefile index e30094e..9727b82 100644 --- a/net/fastd/Makefile +++ b/net/fastd/Makefile @@ -8,20 +8,25 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fastd -PKG_VERSION:=10 +PKG_VERSION:=11 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://projects.universe-factory.net/attachments/download/70 -PKG_MD5SUM:=fe7f06392d64e2813574e9a4eef729ff +PKG_SOURCE_URL:=https://projects.universe-factory.net/attachments/download/72 +PKG_MD5SUM:=bdd89fc171c4d961169ff231c1198f12 PKG_CONFIG_DEPENDS:=\ - CONFIG_FASTD_ENABLE_METHOD_XSALSA20_POLY1305 \ - CONFIG_FASTD_ENABLE_METHOD_AES128_GCM \ - CONFIG_FASTD_ENABLE_CRYPTO_AES128CTR_NACL \ - CONFIG_FASTD_ENABLE_CRYPTO_AES128CTR_LINUX \ - CONFIG_FASTD_ENABLE_CRYPTO_GHASH_BUILTIN \ - CONFIG_FASTD_ENABLE_CRYPTO_GHASH_LINUX \ + FASTD_ENABLE_METHOD_CIPHER_TEST \ + FASTD_ENABLE_METHOD_COMPOSED_GMAC \ + FASTD_ENABLE_METHOD_GENERIC_GMAC \ + FASTD_ENABLE_METHOD_GENERIC_POLY1305 \ + FASTD_ENABLE_METHOD_NULL \ + FASTD_ENABLE_METHOD_XSALSA20_POLY1305 \ + FASTD_ENABLE_CIPHER_AES128_CTR \ + FASTD_ENABLE_CIPHER_NULL \ + FASTD_ENABLE_CIPHER_SALSA20 \ + FASTD_ENABLE_CIPHER_SALSA2012 \ + FASTD_ENABLE_MAC_GHASH \ CONFIG_FASTD_WITH_CMDLINE_USER \ CONFIG_FASTD_WITH_CMDLINE_LOGGING \ CONFIG_FASTD_WITH_CMDLINE_OPERATION \ @@ -46,88 +51,90 @@ define Package/fastd/config source "$(SOURCE)/Config.in" endef +TARGET_CFLAGS += -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections + CMAKE_OPTIONS += \ - -DCMAKE_BUILD_TYPE:String="MINSIZEREL" \ - -DWITH_CAPABILITIES=FALSE + -DCMAKE_BUILD_TYPE:STRING=MINSIZEREL \ + -DWITH_METHOD_CIPHER_TEST:BOOL=FALSE \ + -DWITH_METHOD_COMPOSED_GMAC:BOOL=FALSE \ + -DWITH_METHOD_GENERIC_GMAC:BOOL=FALSE \ + -DWITH_METHOD_GENERIC_POLY1305:BOOL=FALSE \ + -DWITH_METHOD_NULL:BOOL=FALSE \ + -DWITH_METHOD_XSALSA20_POLY1305:BOOL=FALSE \ + -DWITH_CIPHER_AES128_CTR:BOOL=FALSE \ + -DWITH_CIPHER_NULL:BOOL=FALSE \ + -DWITH_CIPHER_SALSA20:BOOL=FALSE \ + -DWITH_CIPHER_SALSA2012:BOOL=FALSE \ + -DWITH_MAC_GHASH:BOOL=FALSE \ + -DWITH_CMDLINE_USER:BOOL=FALSE \ + -DWITH_CMDLINE_LOGGING:BOOL=FALSE \ + -DWITH_CMDLINE_OPERATION:BOOL=FALSE \ + -DWITH_CMDLINE_COMMANDS:BOOL=FALSE \ + -DWITH_CAPABILITIES:BOOL=FALSE + + +ifeq ($(CONFIG_FASTD_ENABLE_METHOD_CIPHER_TEST),y) +CMAKE_OPTIONS += -DWITH_METHOD_CIPHER_TEST:BOOL=TRUE +endif + +ifeq ($(CONFIG_FASTD_ENABLE_METHOD_COMPOSED_GMAC),y) +CMAKE_OPTIONS += -DWITH_METHOD_COMPOSED_GMAC:BOOL=TRUE +endif + +ifeq ($(CONFIG_FASTD_ENABLE_METHOD_GENERIC_GMAC),y) +CMAKE_OPTIONS += -DWITH_METHOD_GENERIC_GMAC:BOOL=TRUE +endif + +ifeq ($(CONFIG_FASTD_ENABLE_METHOD_GENERIC_POLY1305),y) +CMAKE_OPTIONS += -DWITH_METHOD_GENERIC_POLY1305:BOOL=TRUE +endif + +ifeq ($(CONFIG_FASTD_ENABLE_METHOD_NULL),y) +CMAKE_OPTIONS += -DWITH_METHOD_NULL:BOOL=TRUE +endif ifeq ($(CONFIG_FASTD_ENABLE_METHOD_XSALSA20_POLY1305),y) -CMAKE_OPTIONS += \ - -DWITH_METHOD_XSALSA20_POLY1305:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_METHOD_XSALSA20_POLY1305:BOOL=FALSE +CMAKE_OPTIONS += -DWITH_METHOD_XSALSA20_POLY1305:BOOL=TRUE endif -ifeq ($(CONFIG_FASTD_ENABLE_METHOD_AES128_GCM),y) -CMAKE_OPTIONS += \ - -DWITH_METHOD_AES128_GCM:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_METHOD_AES128_GCM:BOOL=FALSE + +ifeq ($(CONFIG_FASTD_ENABLE_CIPHER_AES128_CTR),y) +CMAKE_OPTIONS += -DWITH_CIPHER_AES128_CTR:BOOL=TRUE endif -ifeq ($(CONFIG_FASTD_ENABLE_CRYPTO_AES128CTR_NACL),y) -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_AES128CTR_NACL:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_AES128CTR_NACL:BOOL=FALSE +ifeq ($(CONFIG_FASTD_ENABLE_CIPHER_NULL),y) +CMAKE_OPTIONS += -DWITH_CIPHER_NULL:BOOL=TRUE endif -ifeq ($(CONFIG_FASTD_ENABLE_CRYPTO_AES128CTR_LINUX),y) -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_AES128CTR_LINUX:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_AES128CTR_LINUX:BOOL=FALSE +ifeq ($(CONFIG_FASTD_ENABLE_CIPHER_SALSA20),y) +CMAKE_OPTIONS += -DWITH_CIPHER_SALSA20:BOOL=TRUE endif -ifeq ($(CONFIG_FASTD_ENABLE_CRYPTO_GHASH_BUILTIN),y) -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_GHASH_BUILTIN:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_GHASH_BUILTIN:BOOL=FALSE +ifeq ($(CONFIG_FASTD_ENABLE_CIPHER_SALSA2012),y) +CMAKE_OPTIONS += -DWITH_CIPHER_SALSA2012:BOOL=TRUE endif -ifeq ($(CONFIG_FASTD_ENABLE_CRYPTO_GHASH_LINUX),y) -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_GHASH_LINUX:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CRYPTO_GHASH_LINUX:BOOL=FALSE + +ifeq ($(CONFIG_FASTD_ENABLE_MAC_GHASH),y) +CMAKE_OPTIONS += -DWITH_MAC_GHASH:BOOL=TRUE endif + ifeq ($(CONFIG_FASTD_WITH_CMDLINE_USER),y) -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_USER:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_USER:BOOL=FALSE +CMAKE_OPTIONS += -DWITH_CMDLINE_USER:BOOL=TRUE endif ifeq ($(CONFIG_FASTD_WITH_CMDLINE_LOGGING),y) -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_LOGGING:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_LOGGING:BOOL=FALSE +CMAKE_OPTIONS += -DWITH_CMDLINE_LOGGING:BOOL=TRUE endif ifeq ($(CONFIG_FASTD_WITH_CMDLINE_OPERATION),y) -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_OPERATION:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_OPERATION:BOOL=FALSE +CMAKE_OPTIONS += -DWITH_CMDLINE_OPERATION:BOOL=TRUE endif ifeq ($(CONFIG_FASTD_WITH_CMDLINE_COMMANDS),y) -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_COMMANDS:BOOL=TRUE -else -CMAKE_OPTIONS += \ - -DWITH_CMDLINE_COMMANDS:BOOL=FALSE +CMAKE_OPTIONS += -DWITH_CMDLINE_COMMANDS:BOOL=TRUE endif diff --git a/net/fastd/files/fastd.init b/net/fastd/files/fastd.init index 10c7789..a722e9f 100644 --- a/net/fastd/files/fastd.init +++ b/net/fastd/files/fastd.init @@ -74,6 +74,7 @@ config_string_pmtu='pmtu $(yes_no "$value");' config_string_forward='forward $(yes_no "$value");' config_string_hide_ip_addresses='hide ip addresses $(yes_no "$value");' config_string_hide_mac_addresses='hide mac addresses $(yes_no "$value");' +config_string_secure_handshakes='secure handshakes $(yes_no "$value");' config_string_peer='peer $(escape_string "$value") {' config_string_peer_group='peer group $(escape_string "$value") {' @@ -229,7 +230,7 @@ generate_config() { append_options "$s" config \ config config_peer config_peer_dir bind method syslog_level mode interface mtu peer_limit \ - user group pmtu forward hide_ip_addresses hide_mac_addresses + user group pmtu forward hide_ip_addresses hide_mac_addresses secure_handshakes config_get mode "$s" mode