fix strongswan package, ESP now works.

mk/modules.mk

@@ -777,6 +777,10 @@ $(eval $(call KMOD_template,CRYPTO_MANAGER,crypto-manager,\
     $(MODULES_DIR)/kernel/crypto/chainiv \
 ,07))
 
+$(eval $(call KMOD_template,CRYPTO_AUTHENC,crypto-authenc,\
+    $(MODULES_DIR)/kernel/crypto/authenc \
+,11))
+
 $(eval $(call KMOD_template,CRYPTO_HMAC,crypto-hmac,\
     $(MODULES_DIR)/kernel/crypto/hmac \
 ,11))
@@ -813,6 +817,18 @@ $(eval $(call KMOD_template,CRYPTO_TGR192,crypto-tgr192,\
     $(MODULES_DIR)/kernel/crypto/tgr192 \
 ,11))
 
+$(eval $(call KMOD_template,CRYPTO_SEQIV,crypto-seqiv,\
+    $(MODULES_DIR)/kernel/crypto/seqiv \
+,5))
+
+$(eval $(call KMOD_template,CRYPTO_CTR,crypto-ctr,\
+    $(MODULES_DIR)/kernel/crypto/ctr \
+,10))
+
+$(eval $(call KMOD_template,CRYPTO_CCM,crypto-ccm,\
+    $(MODULES_DIR)/kernel/crypto/ccm \
+,10))
+
 $(eval $(call KMOD_template,CRYPTO_ECB,crypto-ecb,\
     $(MODULES_DIR)/kernel/crypto/ecb \
 ,10))
@@ -884,6 +900,7 @@ $(eval $(call KMOD_template,CRYPTO_FCRYPT,crypto-fcrypt,\
 
 $(eval $(call KMOD_template,CRYPTO_DEFLATE,crypto-deflate,\
     $(MODULES_DIR)/kernel/lib/zlib_deflate/zlib_deflate \
+    $(MODULES_DIR)/kernel/lib/zlib_inflate/zlib_inflate \
     $(MODULES_DIR)/kernel/crypto/deflate \
 ,10))
 

package/pkgmaker

@@ -336,9 +336,6 @@ done <package_sections >package_section_list
 # create the Config.in.auto from the sorted list from above
 cursec=""
 sort -k 3 -k 1 -f package_section_list | while read name file section; do
-	pbar="Pass 4: $name ..."
-	print -nu2 "$pbar\r"
-
 	if [[ $cursec != $section ]]; then
 		[[ -n $cursec ]] && print "endmenu\n"
 

package/strongswan/Makefile

@@ -12,9 +12,10 @@ PKG_SECTION:=		net/security
 PKG_DEPENDS:=		libgmp ip libpthread kmod-net-key kmod-xfrm-user
 PKG_DEPENDS+=		kmod-inet-ah kmod-inet-esp kmod-inet-ipcomp
 PKG_DEPENDS+=		kmod-inet-xfrm-mode-tunnel kmod-inet-xfrm-mode-transport
-PKG_DEPENDS+=		kmod-crypto-sha1 kmod-crypto-aes kmod-crypto-md5
-PKG_DEPENDS+=		kmod-crypto-des kmod-crypto-hmac
-PKG_DEPENDS+=		kmod-crypto-null kmod-crypto-cbc
+PKG_DEPENDS+=		kmod-crypto-sha1 kmod-crypto-sha256 kmod-crypto-md5
+PKG_DEPENDS+=		kmod-crypto-null kmod-crypto-des kmod-crypto-aes
+PKG_DEPENDS+=		kmod-crypto-hmac kmod-crypto-cbc kmod-crypto-authenc
+PKG_DEPENDS+=		kmod-crypto-deflate
 PKG_BUILDDEP+=		gmp
 PKG_URL:=		http://strongswan.org/index.htm
 PKG_SITES:=		http://download.strongswan.org/
@@ -24,13 +25,16 @@ include $(TOPDIR)/mk/package.mk
 $(eval $(call PKG_template,STRONGSWAN,$(PKG_NAME),$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 CONFIGURE_ARGS+=	--disable-tools \
-			--disable-sha2
+			--disable-fips-prf \
+			--enable-kernel-pfkey \
+			--disable-xcbc
 
 post-install:
 	$(INSTALL_DIR) $(IDIR_STRONGSWAN)/etc
 	$(INSTALL_DIR) $(IDIR_STRONGSWAN)/usr/sbin
 	$(INSTALL_DIR) $(IDIR_STRONGSWAN)/usr/lib
 	$(INSTALL_DIR) $(IDIR_STRONGSWAN)/usr/libexec/ipsec/plugins
+	touch $(IDIR_STRONGSWAN)/etc/ipsec.secrets
 	$(CP) $(WRKINST)/usr/libexec/ipsec/plugins/*.so \
 		$(IDIR_STRONGSWAN)/usr/libexec/ipsec/plugins
 	$(CP) $(WRKINST)/etc/* $(IDIR_STRONGSWAN)/etc

target/Config.in

@@ -161,6 +161,9 @@ config ADK_wag54g
 config ADK_shuttle
 	tristate
 
+config ADK_x86
+	tristate
+
 config ADK_TARGET
 	string
 	default "alix1c"  if ADK_alix1c
@@ -636,6 +639,7 @@ depends on ADK_LINUX_ALIX
 
 config ADK_LINUX_X86_ALIX1C
 	bool "PC Engines Alix1C"
+	select ADK_x86
 	select ADK_alix1c
 	select ADK_KERNEL_NLS
 	select ADK_KERNEL_SCSI
@@ -659,6 +663,7 @@ config ADK_LINUX_X86_ALIX1C
 
 config ADK_LINUX_X86_ALIX2D
 	bool "PC Engines Alix2D"
+	select ADK_x86
 	select ADK_alix2d
 	select ADK_KERNEL_NLS
 	select ADK_KERNEL_SCSI
@@ -682,6 +687,7 @@ config ADK_LINUX_X86_ALIX2D
 
 config ADK_LINUX_X86_ALIX2D13
 	bool "PC Engines Alix2D13"
+	select ADK_x86
 	select ADK_alix2d13
 	select ADK_KERNEL_NLS
 	select ADK_KERNEL_SCSI

target/alix2d/kernel.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.34
-# Mon Jul  5 23:07:16 2010
+# Fri Jul 16 05:47:44 2010
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -1177,10 +1177,19 @@ CONFIG_CRYPTO=y
 #
 # Crypto core or helper
 #
-# CONFIG_CRYPTO_MANAGER is not set
-# CONFIG_CRYPTO_MANAGER2 is not set
+CONFIG_CRYPTO_ALGAPI=m
+CONFIG_CRYPTO_ALGAPI2=m
+CONFIG_CRYPTO_AEAD2=m
+CONFIG_CRYPTO_BLKCIPHER2=m
+CONFIG_CRYPTO_HASH=m
+CONFIG_CRYPTO_HASH2=m
+CONFIG_CRYPTO_RNG2=m
+CONFIG_CRYPTO_PCOMP=m
+CONFIG_CRYPTO_MANAGER=m
+CONFIG_CRYPTO_MANAGER2=m
 # CONFIG_CRYPTO_GF128MUL is not set
 # CONFIG_CRYPTO_NULL is not set
+CONFIG_CRYPTO_WORKQUEUE=m
 # CONFIG_CRYPTO_CRYPTD is not set
 # CONFIG_CRYPTO_AUTHENC is not set
 # CONFIG_CRYPTO_TEST is not set
@@ -1207,7 +1216,7 @@ CONFIG_CRYPTO=y
 # Hash modes
 #
 # CONFIG_CRYPTO_HMAC is not set
-# CONFIG_CRYPTO_XCBC is not set
+CONFIG_CRYPTO_XCBC=m
 # CONFIG_CRYPTO_VMAC is not set
 
 #

target/linux/config/Config.in.crypto

@@ -150,6 +150,22 @@ config ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER
 	select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
 	help
 
+config ADK_KPACKAGE_KMOD_CRYPTO_AUTHENC
+	prompt "kmod-crypto-authenc.................. AuthENC (IPsec)"
+	tristate
+	select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER
+	default n
+	help
+
+config ADK_KPACKAGE_KMOD_CRYPTO_SEQIV
+	prompt "kmod-crypto-seqiv.................... Sequence Number IV Generator"
+	select ADK_KPACKAGE_KMOD_CRYPTO_RNG2
+	select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
+	tristate
+	help
+	  This IV generator generates an IV based on a sequence number by
+	  xoring it with a salt.  This algorithm is mainly useful for CTR
+
 config ADK_KPACKAGE_KMOD_CRYPTO_CBC
 	prompt "kmod-crypto-cbc...................... CBC support"
 	tristate
@@ -161,6 +177,25 @@ config ADK_KPACKAGE_KMOD_CRYPTO_CBC
 	  CBC: Cipher Block Chaining mode
 	  This block cipher algorithm is required for IPSec.
 
+config ADK_KPACKAGE_KMOD_CRYPTO_CCM
+	prompt "kmod-crypto-ccm...................... CCM support"
+	tristate
+	select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER
+	select ADK_KPACKAGE_KMOD_CRYPTO_CTR
+	default n
+	help
+	  Support for Counter with CBC MAC. Required for IPsec.
+
+config ADK_KPACKAGE_KMOD_CRYPTO_CTR
+	prompt "kmod-crypto-ctr...................... CTR support"
+	tristate
+	select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER
+	select ADK_KPACKAGE_KMOD_CRYPTO_SEQIV
+	default n
+	help
+	  CTR: Counter mode
+	  This block cipher algorithm is required for IPSec.
+
 config ADK_KPACKAGE_KMOD_CRYPTO_ECB
 	prompt "kmod-crypto-ecb...................... ECB support"
 	tristate

target/linux/config/Config.in.ipsec

@@ -1,7 +1,7 @@
 menu "IPSec support"
 
 config ADK_KPACKAGE_KMOD_NET_KEY
-	prompt "kmod-net-ipsec-netkey............. PF_KEYv2 socket family"
+	prompt "kmod-net-key..................... PF_KEYv2 socket family"
 	tristate
 	default n
 	help
@@ -32,6 +32,7 @@ config ADK_KPACKAGE_KMOD_INET_ESP
 config ADK_KPACKAGE_KMOD_INET_IPCOMP
 	prompt "kmod-inet-ipcomp.................. IP Payload Compression"
 	tristate
+	select ADK_KPACKAGE_KMOD_CRYPTO_DEFLATE
 	default n
 	help
 	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),